Software Version: 9.00 Online Help Document Release Date: October 2010 Software Release Date: September 2010 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. Restricted Rights Legend Confidential computer software. Valid license fromHP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Copyright Notices Copyright 1999-2010 Hewlett-Packard Development Company, L.P. Trademark Notices Adobe, Acrobat, and PostScript are trademarks of Adobe Systems Incorporated. AMD is a trademark of Advanced Micro Devices, Inc. HP-UX Release 10.20 and later and HP-UX Release 11.00 and later (in both 32 and 64-bit configurations) on all HP 9000 computers are Open Group UNIX 95 branded products. Intel, Itanium, and Pentium are trademarks of Intel Corporation in the U.S. and other countries. Javais a US trademark of Sun Microsystems, Inc. Microsoft, Windows, Windows NT, Windows XP, and Windows Vista are U.S. registered trademarks of Microsoft Corporation. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. UNIX is a registered trademark of The Open Group. Acknowledgements Acknowledgements This product includes software developed by the JDOMProject (http://www.jdom.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). Thisproduct includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes software written by TimHudson (tjh@cryptsoft.com). This product includes software developed by the Apache Software Foundation (http://www.apache.org/). This product includes an interface of the 'zlib' general purpose compression library, which is Copyright 1995-2002 Jean-loup Gailly and Mark Adler. HP Operations Manager (9.00) Page 2 of 1297 Online Help Support Visit the HP Software Support Online web site at: http://www.hp.com/go/hpsoftwaresupport This web site provides contact information and details about the products, services, and support that HP Software offers. HP Software online support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business. As a valued support customer, you can benefit by using the support web site to: l Search for knowledge documents of interest l Submit and track support cases and enhancement requests l Download software patches l Manage support contracts l Look up HP support contacts l Review information about available services l Enter into discussions with other software customers l Research and register for software training Most of the support areas require that you register as an HP Passport user and sign in. Many also require a support contract. To register for an HP Passport ID, go to: http://h20229.www2.hp.com/passport-registration.html To find more information about access levels, go to: http://h20230.www2.hp.com/new_access_levels.jsp HP Operations Manager (9.00) Page 3 of 1297 Online Help Disclaimer for PDF Version of Online Help This document is a PDF version of the online help. This PDF file is provided so you can easily print multiple topics fromthe help information or read the online help in PDF format. Note: Some topics do not convert properly to PDF format. You may encounter formatting problems or unreadable text in certain document locations. In addition, some sections of the online help are omitted fromthis PDF (for example, the HPOMServer Application IntegrationGuide).The missing or problemtopics can be successfully printed fromwithin the online help. HP Operations Manager (9.00) Page 4 of 1297 Online Help Contents Online Help 1 Acknowledgements 2 Contents 5 HP Operations Manager for Windows 28 Getting Started 29 Configuration overview 29 Introduction to the HPOMConsole 29 Console tree 30 Details pane 31 License HPOM 31 Obtain a license 31 View a license report 33 Configure licensing options 34 Support and Further Information 35 How to use help 35 For more information... 36 Software Support Online 37 Configuring HPOM 38 Configuring nodes 40 Adding nodes to HPOM 41 Select discovered nodes 41 Create new nodes 42 Create new node groups 44 Check prerequisites 44 Configure domains for DNS discovery 47 Configure IP ranges for DNS discovery 49 Filter DNS domains 49 Systemtype discovery 50 HP Operations Manager (9.00) Page 5 of 1297 Configuring node properties 52 To configure properties of an individual node 52 To configure properties of multiple nodes 53 Configure general properties 53 Configure network properties 54 Configure message identification properties 57 Configure systemproperties 57 Configure tools properties 59 View node group properties 60 View outage properties 60 Configure virtualization for managed nodes 61 Systemtype, OS type, and OS version information 62 Maintaining nodes 62 Delete, copy, and move managed nodes 62 Change names and IP addresses 64 View policy and package inventory 65 Put nodes into unplanned outage mode 66 Schedule an outage for a node 66 Agent ID on server and node mismatch 69 Resolve the IP address of the management server 71 Upgrade or change the node operating system 72 Configuring external nodes 74 Configure external nodes using the wizard 74 Configure an external node manually 76 Configure general information for external nodes 76 Configure details information for external nodes 77 Configure order information for external nodes 77 Configure outage information for external nodes 78 Configuring agents 79 Remote agent installation 79 Agent migration 94 Manual agent installation 101 HP Operations Manager (9.00) Page 6 of 1297 Online Help Contents Manual agent deinstallation 114 Configuring HTTPS communication through firewalls 116 Agent users 131 Deploy HTTPS agent hotfixes 138 Troubleshoot HTTPS agents 140 Configuring certificates 143 Certificate request states 144 Request certificates automatically 144 Request certificates with an installation key 145 Deploy certificates manually 146 Map certificate requests to nodes 149 Grant certificate requests automatically 150 Grant or deny certificate requests manually 152 Configure trusted certificates for multiple management servers 153 Back up and restore certificates 154 Monitoring agentless nodes 156 Agentless monitoring with integrated products 157 Deployment models 158 Identify the originating node 160 Monitor SNMP devices 162 Monitor WMI information 166 Monitoring cluster-aware applications 167 Virtual nodes 169 Create virtual nodes 171 Receive messages for virtual nodes 172 Integrate customcommands 183 Customize resource group state mappings 185 Configure HTTPS agents running under non-administrative accounts 188 Configure DCE agents to monitor cluster-aware applications 189 Monitor DCE TruCluster systems 194 Configuring management servers 199 Generic server configuration 200 HP Operations Manager (9.00) Page 7 of 1297 Online Help Contents Change server configuration values 200 Find help on server configuration values 200 Duplicate message suppression 202 Configure duplicate message suppression 202 Specify duplicate message criteria 204 Configure maximumsuppression thresholds 204 Configure automatic actions for duplicate messages 205 Generate message keys automatically 206 Security 207 HPOMgroup accounts 207 HPOMuser accounts 209 Update HPOMuser accounts 210 Access requirements for NTFS partitions 211 Trust relationships between Active Directory domains 212 Auditing 214 Log files and event sources 215 Audit policy management and deployment 216 Audit the security server 217 Audit the message and action server 218 Audit message changes 220 Enable and disable security audits 225 Security audits in a high-availability environment 227 Auditing security 230 Configuration data exchange 231 Exchange node configurations 233 Exchange node inventories 235 Exchange instruction texts 236 Configuration interoperability 237 Exchange node and service configurations automatically 238 Switch the primary management server 240 Management server status 243 vpstat command syntax 243 HP Operations Manager (9.00) Page 8 of 1297 Online Help Contents Get system, memory, disk, network, and security information 244 Check file version 246 Start and stop services 247 List registry entries 249 List DCOMservers 249 List RPC servers 249 Check managed node requirements 250 List processes 251 Get management server/console version 252 List patch history 253 Run all options 253 vpstat return codes 254 Backup and restore 257 Full systembackup (offline backup) 257 HPOMmanagement server backup (online backup) 257 Database backup (online backup) 257 Back up the HPOMmanagement server 258 Restore the HPOMmanagement server 259 Back up the HPOMdatabase 259 Restore the HPOMdatabase 260 Back up miscellaneous data and files 262 Improved availability 264 HPOMinstalled in a failover cluster 264 Server pooling 270 Configuring server pooling 275 Failover to backup server 292 Database maintenance 294 Move the database 294 Move the database files 296 Maintain acknowledged messages in the database 298 Export acknowledged messages fromthe database 299 Resize SQL Server Express virtual memory usage 301 HP Operations Manager (9.00) Page 9 of 1297 Online Help Contents Node name resolution in HPOM 302 Avoid unnecessary name resolution for agentless nodes 302 Reduce the number of Windows API calls gethostbyname() and gethostbyaddr() 304 Configure the number of retries for gethostbyname and gethostbyaddr 305 Avoid unnecessary reverse name resolution 306 Message storms 307 Detect and suppress message storms 307 Configure message stormdetection 308 Variables used in message stormdetection 312 High priority messages and actions 313 Messages generated by message stormdetection 313 Message delays 316 Detect nodes that cause a message delay 316 Configure message delay detection 318 HPOMself management 321 Synchronizing self management 321 Self-management policies 323 Message queue file self-monitoring 325 WMI resource cleanup 331 Optimize web console performance 332 Filter and modify internal messages 334 Agent health checks 338 Forward messages to external applications 343 WMI and HPOMfor Windows 343 Use WMI policies to intercept incoming messages 344 Use automatic actions to forward messages 347 Example policies and scripts 349 Send messages through email 351 Forward messages to Remedy ARS 354 Forward messages as in HPOMfor UNIX 355 Forward message changes 355 How to prevent loops 356 HP Operations Manager (9.00) Page 10 of 1297 Online Help Contents Firewall concepts and configuration 358 Naming Conventions 359 Location of Commonly Used Files 360 Example Port Settings 362 Restrictions 364 Communication Concepts 366 Configuring Server to Agent Communication 386 Configuring Server to Console Communication 434 Configuring Server to Server Communication 441 Configuring Integrated Applications 445 Port Usage 451 Configuration Parameters 456 Troubleshooting 470 Change the name or IP address of the management server 476 Change the IP Address of the management server 476 Change the name of the management server 476 Change the virtual name or IP address in a cluster 478 Change the name or IP address in a flexible management environment 480 Configuring service types 481 To configure a service type 481 Configure a new service type 481 To configure a new service type 482 To delete a service type 482 Configure general properties for service types 482 To configure general properties for service types 482 Configure reports and graphs for service types 484 To configure reports and graphs for service types 484 Configure tools for service types 485 To configure tools for service types 485 Configure deployment for service types 485 To configure deployment of policy groups for service types 485 Select report family or category for service types 486 HP Operations Manager (9.00) Page 11 of 1297 Online Help Contents To associate a report family or category with a service type 486 Select graph family or category for service types 487 To associate a graph family or category with a service type 487 Select tools for service types 487 To associate tools with a service type 487 Select policy group for service types 487 To associate policy groups with a service type 488 Select customicons for service types 488 To use a customicon 488 Configuring services 489 Configure service hierarchies 489 To configure service hierarchies 489 Service hierarchy overview 490 Plan your service hierarchy 491 Design effective service IDs 491 Service type overview 493 Add dependency 493 Add component service 494 Create or edit shared calculation rules 495 Create or edit shared propagation rules 496 Configure services 496 To configure a service 496 Configure general service properties 497 Configure reports and graphs 498 Configure the status calculation 498 Configure superordinates 500 Configure subordinates 502 Add tools 503 View outage information 504 Maintain services 505 Edit a service 505 Delete a service 506 HP Operations Manager (9.00) Page 12 of 1297 Online Help Contents View service inventory 506 Put services into unplanned outage mode 506 Schedule an outage for a service 507 Configure status calculation options 508 Change status display mode 509 Configuring tools 511 To configure a tool or tool group 511 Create a new tool or tool group 512 To add a new tool or tool group 512 To delete a tool 513 Configure general information for tools 513 To configure general information for tools 513 Configure tool details 514 To configure tool details 514 Configure target nodes for tools 517 To configure nodes for tools 517 View nodes and node groups associated with this tool 518 Add nodes or node groups 519 To add nodes or node groups 519 Variables for tools 519 Management server variables 519 Message variables 519 Examples of message variables 523 Node variables 524 Node Group variables 524 Service variables 524 Environment variables 525 Tool security 525 User accounts for tools 525 Security authentication module 526 Allow tools to run on Windows 2003 Server nodes 528 Change the password for multiple tools 528 HP Operations Manager (9.00) Page 13 of 1297 Online Help Contents Configuring user roles 530 To specify permission for: 530 Assign user roles 531 Configure a new user role 531 To configure a new user role 531 Configure general information for user roles 532 To configure general information for user roles 532 Configure services for user roles 533 To configure services for user roles 533 Configure nodes for user roles 533 To configure nodes for user roles 534 Configure tools for user roles 534 To configure tools for user roles 534 Configure messages for user roles 535 To configure messages for user roles 535 Set permitted operations for message groups 536 Configure policies for user roles 537 To configure policies for user roles 537 Set permissions for policy categories 538 Configure users and groups for user roles 539 To configure users and groups for a user role 539 Select users and groups for user roles 539 Select users fromgroups 540 Specify operator lockdown 541 To specify operator lockdown 541 User roles and levels of security 541 Managing messages 543 Browsing Messages 544 Browsing active messages 544 Browsing acknowledged messages 545 View messages for selected nodes or services 545 Mass operations on messages 546 HP Operations Manager (9.00) Page 14 of 1297 Online Help Contents Message browser headline 546 Message attributes key 547 Message severity and status levels 548 Filtering messages 550 Apply filters 550 Create filters 552 Set General filter properties 553 Set Time filter properties 554 Set Message Source filter properties 555 Set Message Properties filter properties 555 Set message CMA filter properties 556 Edit filters 557 Acting on messages 560 Own a message 560 Disown a message 561 Assign messages 561 Acknowledge a message 562 Unacknowledge a message 562 Launch commands 563 Stop a command 563 Annotate a message 564 Edit annotation text 564 Edit message text 565 Modify message attributes 566 Configure policies 566 Using map views 572 Open a map view of nodes or services 572 Show root cause 574 Show impacted services or nodes 575 Uses and contains relationships 575 Map view keyboard commands 576 Viewing properties 578 HP Operations Manager (9.00) Page 15 of 1297 Online Help Contents To view properties 578 Message properties 578 Service properties 584 Node properties 587 External node properties 595 Node group properties 599 Launching Tools 604 Select nodes, services, or messages to apply tools 604 To apply tools by selecting nodes, services, or messages 604 Select tools to apply 605 To select tools to apply 606 Edit parameters 607 To edit parameters 607 Possible scenarios 607 Edit login 608 To specify login information 608 Possible scenarios 609 Agent users and actions 610 View tool application status 610 To stop or rerun a tool 610 To save tool output 611 Tool properties 611 To view properties for a tool 611 To view properties for a tool group 611 View tool general properties 611 View tool details properties 612 View tool target properties 613 View tool nodes properties 613 View tool group general properties 614 Managing Policies and Deployment 615 Deploying policies 616 Deploy a policy or policy group 616 HP Operations Manager (9.00) Page 16 of 1297 Online Help Contents Manually install policies 618 Remove policy fromnode 619 Delete policies manually froma node 620 View installed policies 622 Create a policy inventory report 623 Synchronize policies and packages 623 Reinstall policies 624 Update policy on node 625 Enable and disable policies 627 Disable policy autodeployment 627 Managing policy groups 629 View policies by group 629 Find policies in policy groups 629 Create new policy group 630 Delete policy group 630 Add a policy to a policy group 630 Remove policy frompolicy group 631 Assign the latest policy version to a group 631 Update to latest 631 Maintaining policies 633 Policy type 633 Policy group 633 To modify a policy 633 View policy properties 634 Set a policy filter 635 Save a policy 636 Save policy as 636 Change policy version 637 Change a policy description 637 Add categories to a policy 638 Delete a policy fromthe management server 638 Mass operations on policies 639 HP Operations Manager (9.00) Page 17 of 1297 Online Help Contents Import OVOfor UNIX templates 639 Managing deployment packages 642 Deploy deployment package 642 View details of available packages 643 View installed packages and subpackages 643 Synchronize packages 643 Reinstall packages 644 Reinstall all 644 Update packages 645 Update all 646 Remove package fromnode 647 Uninstall all 649 Managing deployment jobs 651 View job 651 Suspend job 651 Restart job 652 Restart job with new options 653 Cancel job 654 Change maximumparallel jobs 655 Send message when job completes successfully 655 Deployment troubleshooting 656 Configuring instrumentation 660 Associate instrumentation with policies 660 Migrate existing instrumentation 663 Deploy instrumentation 664 Instrumentation with multiple management servers 666 Developing agent policies 667 Config File Policies 669 Config File policy General tab 669 Config File policy Data tab 669 Flexible Management Policies 671 Create an agent-based flexible management policy 674 HP Operations Manager (9.00) Page 18 of 1297 Online Help Contents Syntax of agent-based flexible management policies 674 Keywords for flexible management policies 677 Time templates 679 Time template examples and keywords 680 Message target rules 682 Configure action-allowed and secondary managers 683 Configure DCE agents to communicate with HP Operations Manager for UNIX 685 Communicate with DCE agents installed by HP Operations Manager for UNIX 688 Logfile Entry Policies 691 Configure log file source properties 691 Configure message defaults in log file entry policies 696 Configure conditions in log file entry policies 703 Configure actions in log file entry policies 704 Configure log file policy options 716 Measurement Threshold Policies 718 Configure measurement threshold sources 718 Specify instance filters 724 Configure message defaults in measurement threshold policies 724 Set threshold level general properties 728 Configure script parameters in measurement threshold policies 731 Configure start actions in measurement threshold policies 734 Configure continue actions in measurement threshold policies 747 Configure end actions in measurement threshold policies 757 Configure measurement threshold policy options 767 Node info policies 770 Specifying parameters in node info policies 770 nodeinfo files on DCE agents 771 Node info policy parameters 771 Open Message Interface Policies 780 Configure message defaults in open message interface policies 780 Configure conditions in open message interface policies 787 Configure actions in open message interface policies 788 HP Operations Manager (9.00) Page 19 of 1297 Online Help Contents Configure open message interface policy options 800 Scheduled Task Policies 802 To create a scheduled task policy 802 Configure tasks in scheduled task policies 802 Configure schedules in scheduled task policies 813 Service Auto-Discovery Policies 814 To configure service auto-discovery 814 Management modules 814 Service auto-discovery policies 815 Configure predefined service auto-discovery 816 Configure customservice auto-discovery 816 Configure schedules in service auto-discovery policies 825 Service/Process Monitoring Policies 827 Configure service monitors 827 Configure process monitors 829 Configure start actions in service/process monitoring policies 832 Configure continue actions in service/process monitoring policies 845 Configure end actions 858 SNMP Interceptor Policies 871 To manage SNMP devices 871 Configure message defaults in SNMP interceptor policies 871 Configure SNMP conditions 878 Configure actions in SNMPinterceptor policies 881 Configure SNMP interceptor policy options 895 Windows Event Log Policies 897 Configure event log source properties 897 Configure message defaults in Windows event log policies 898 Configure event log conditions 905 Configure actions in Windows event log policies 906 Configure event log policy options 919 Windows Management Interface Policies 921 Configure WMI sources 921 HP Operations Manager (9.00) Page 20 of 1297 Online Help Contents Configure message defaults in WMI policies 923 Configure WMI conditions 930 Configure actions in Windows Management Interfacepolicies 931 Configure WMI policy options 943 Pattern matching 946 Pattern-matching details 946 User-defined variables in patterns 950 Pattern matching for variables 951 Examples of pattern matching in rule conditions 952 Test pattern matching 954 Environment variables 954 Policy objects for scripts 956 Policy object 956 Source object 961 Session object 967 Rule object 968 ConsoleMessage object 968 ExecuteCommand object 972 Developing server policies 976 Remote Action Security Policies 977 Create a remote action security policy 978 Set exceptions for a remote action security policy 978 Reconfigure registry keys for remote action security 980 Server-based Flexible Management Policies 981 Configure prerequisites for server-based flexible management 983 Create a server-based flexible management policy 984 Configure action-allowed and secondary managers 985 Configure forwarding options for server-based flexible management 987 Configure duplicate suppression for server-based flexible management 989 Security for server-based flexible management 992 Forward internal messages fromagents 993 Migrate fromForwardToVP-based forwarding 994 HP Operations Manager (9.00) Page 21 of 1297 Online Help Contents Syntax of server-based flexible management policies 995 Example server-based flexible management policies 997 Backup server 999 Competence center 1001 Configure communication protocols for server-based flexible management 1004 Configure the character set for server-based flexible management 1004 Configure HPOMfor UNIX compatibility mode 1005 Configure firewall and NAT for DCE-based server communication 1006 Server-based MSI Policies 1011 To create a server-based MSI policy: 1011 Developing event correlation policies 1013 Deciding where to correlate 1014 Related topics 1014 Create an event correlation policy 1014 To create an event correlation policy 1014 Create a circuit with HP ECS Designer 1017 To create a circuit with HP ECS Designer 1017 Create correlators with HP Correlation Composer 1018 To create correlators with HP Correlation Composer 1018 Data and fact stores 1020 Annotate nodes 1021 HPOperations agent annotation server 1022 Annotate Spec parameter 1022 Configure the ECS engine 1022 Customizing the Console 1024 Connect to a management server 1024 To connect to a different management server 1024 To connect to a partially unavailable management server 1025 Save customized console views 1026 To save changes to your console view 1026 Find objects in the console tree 1027 To find objects in the console tree 1027 HP Operations Manager (9.00) Page 22 of 1297 Online Help Contents Customizing console properties 1027 To customize console properties 1027 Specify console general properties 1028 Specify console data presentation properties 1029 Specify console message browser properties 1031 Specify console notifications properties 1032 Specify console miscellaneous properties 1033 Customizing the message browser 1034 Sort message information 1034 Change the message browser column display 1034 Change the default message browser limit 1035 Web Console for HPOM 1037 To log on to the web console 1037 Web Console Overview 1038 Status 1038 Messages 1038 Tools 1038 Reports 1038 Graphs 1038 Policy Management and Deployment 1038 User Roles 1039 Multiple Sessions 1039 Management Server in a Cluster 1039 Analyzing Status 1039 View Status 1039 Status Analysis 1040 Status Options 1041 Browsing Messages 1041 To browse messages 1042 Filter messages 1043 Read the Browser Headline 1045 Message Attributes Key 1046 HP Operations Manager (9.00) Page 23 of 1297 Online Help Contents Operating on Messages 1046 Edit View Settings 1048 View Message Properties 1049 Add Annotations 1050 View duplicates 1051 View Message Instructions 1051 View Message Forwarding Information 1051 Launch Commands 1051 Display a Graph 1052 Refresh the Browser 1052 Applying Tools 1053 Launch a Tool 1053 View Tool Status 1055 Managing Policies and Deployment 1055 To view the job queue, nodes, policies, and deployment packages 1055 Policy Management: Job Queue 1056 Policy Management: Nodes 1056 Policy Management: Policies 1057 Policy Management: Deployment Packages 1059 Customize and Manage the Web Console 1060 To customize the web console 1060 Security Settings 1060 Customize launch 1063 Software Support Online 1064 Web Console Supported Platforms 1064 Reports Viewer 1064 HPOM Agent Application Integration Guide 1065 HPOMfor Windows Agent Application Integration Guide 1065 Agent Command-Line Utilities 1066 bbc.ini 1066 bbcutil 1069 opcagt 1072 HP Operations Manager (9.00) Page 24 of 1297 Online Help Contents opcmon 1074 opcmsg 1075 opcntprocs 1076 opctemplate 1077 ovagtrep 1078 ovappinstance 1080 ovbbccb 1081 ovbbcrcp 1085 ovc 1090 ovcert 1094 ovclusterinfo 1097 ovcm 1099 ovconfchg 1102 ovconfget 1104 ovconfpar 1106 ovcoreid 1107 ovcreg 1109 ovdeploy 1111 ovlogdump 1119 ovoreqcheckagt 1120 ovpolicy 1122 ovrc 1127 ovswitchuser 1129 ovtrccfg 1132 ovtrcmon 1134 Agent Command-Line API 1137 Automation Wrapper: opcmsg 1137 Automation Wrapper: opcmon 1139 Automation Wrapper: opcmack 1140 Agent C APIs 1141 Libraries on the Managed Nodes 1141 Compiler versions and options for agent APIs 1145 HP Operations Manager (9.00) Page 25 of 1297 Online Help Contents Using APIs in Internationalized Environments 1152 Data API 1153 Interface API 1167 Agent Message API 1181 Agent Monitor API 1185 Data Structures 1187 Agent Java API 1196 JAR files 1196 Examples 1196 com.hp.openview.ib.api.jopc Class JOpcAgentMessage 1197 com.hp.openview.ib.api.jopcClass JOpcMonValue 1200 com.hp.openview.ib.api.jopcClass JOpcException 1202 com.hp.openview.ib.api.jopcClass JOpcMessage 1204 com.hp.openview.ib.api.jopcClass JOpcObject 1209 com.hp.openview.ib.api.jopc Interface JOpcApiDefinition 1216 Agent Message StreamInterface (MSI) 1236 Enable the Agent Message StreamInterface 1236 Order of access to the MSI 1237 Adapters and Integrations 1239 HP Performance Manager Integration 1239 Configure HP Performance Manager integration 1239 Show graphs 1240 HP Reporter Integration 1242 Configure HP Reporter integration 1244 Show reports 1245 Configure service logging 1247 HP NNMi Adapter 1247 HP NNMi Web Tools 1248 CustomMessage Attributes 1248 Agent implementation of the NNMi Adapter 1250 Web service implementation of the NNMi Adapter 1252 NNMi web tools 1255 HP Operations Manager (9.00) Page 26 of 1297 Online Help Contents HP BAC Adapter 1260 Installing the HP BAC Adapter 1260 Configuring the HP BAC Adapter 1261 Tuning the HP BAC Adapter 1261 Starting and stopping the HP BAC Adapter 1263 Uninstalling the HP BAC Adapter 1263 HP SiteScope Adapter 1264 Service Discovery 1266 Tools 1266 SiteScope Integration Policies 1267 Installing the HP SiteScope Adapter 1269 Deploying the HP SiteScope Adapter 1273 Implementing HP SiteScope Adapter Alerts 1277 Troubleshooting the HP SiteScope Adapter 1288 Reference Information for the HP SiteScope Adapter 1291 HP SiteScope Administrator Integration 1294 SiteScope Adminstrator Functionality 1294 To start SiteScope Administrator 1295 Install HP SiteScope Administrator integration 1295 We appreciate your feedback 1297 HP Operations Manager (9.00) Page 27 of 1297 Online Help Contents HP Operations Manager for Windows HP Operations Manager for Windows (HPOM) is a distributed, client-server software solution designed to provide service-driven event and performance management of business-critical enterprise systems, applications, and services. HPOMenables management of distributed, heterogeneous, e-business infrastructures and includes support for a broad range of Windows and UNIX systems and applications, including e- commerce, web and application servers, conferencing and emails, databases, ERP software, and more. Using HPOM, administrators can maximize IT systemperformance, reduce downtime, delegate tasks to operators, and reduce costs. HPOMconstantly monitors thousands of events occurring on all your managed nodes and presents just the information you want to know just when you need it. To manage your enterprise environment, HPOMperforms the following functions: l Auto-discovers the managed environment and auto-deploys management policies. l Monitors and detects events or potential performance problems arising frommanaged nodes and services. l Extends your management viewpoint beyond event and performance management to include a business service perspective. l Notifies you in one view when a problemoccurs. l Displays data graphically for in-depth problemdiagnosis. l Displays map views of selected services or nodes, showing relationships and dependencies, multi-level views, and root cause and impact analysis. l Solves problems automatically or manually to prevent downtime in your service environment. l Integrates with other HP BTOSoftware components to provide breadth and perspective, as well as specialty management solutions for specific disciplines. l Manages key systems and applications with out-of-box intelligence using Smart Plug-in management modules. l Offers a web console view in addition to the MMC console for remote and mobile operational control. l Collects network, managed node, and performance metrics to help you optimize performance and prevent problems. l Creates user roles to configure an operator's view of the environment to focus on specific assigned tasks and responsibilities. l Provides an industry-standard database, including clustered database support. Related Topics: l Getting Started l Introduction to the HPOMConsole HP Operations Manager (9.00) Page 28 of 1297 Online Help HP Operations Manager for Windows Getting Started At installation, HP Operations Manager for Windows installs several default policies that can be used as-is to manage your enterprise environment. Deploying the default policies to your managed nodes provides the fastest and simplest way for you to begin receiving data and messages from your environment. For more detailed, specific information fromyour managed services and nodes, you must configure your environment by editing the existing policies or creating new policies to meet your special needs. After configuring the policies, you deploy themto managed nodes and services. In either case, you need to performseveral steps to configure your console to report and display the performance information and messages important to your enterprise operations. Configuration overview Configuring your enterprise environment requires several steps: l Configure managed nodes l Configure tools l Configure services l Manage and deploy policies l Apply tools to nodes and services l Create user roles l Create service types Introduction to the HPOM Console The following illustration shows the default console view that opens when you launch the product. Two windows appear. Each window contains a console tree on the left and a details pane on the right. HP Operations Manager (9.00) Page 29 of 1297 Online Help Getting Started Console tree The console tree displays, in a list view, folders representing the key HPOMcomponents. l Services: These are customer-based, user-oriented, or infrastructure capabilities provided by one or more hardware or software components within a computing environment (such as email, network bandwidth, and application access). Policies help assure that appropriate service levels are provided to designated consumers of the service. l Nodes: A node is a real or virtual computer systemor an intelligent device that can be managed fromthe HPOMmanagement server. HPOMcan manage Windows, UNIX, and Linux nodes. l Tools: In HPOM, tools are software programs or commands used to performtasks. For example, you can configure a URL, an executable, or a Visual Basic script to be run on a remote managed node. l Certificate requests: Certificates enable nodes to communicate securely with the management server and other nodes. Unless you install the certificates manually, the node requests them fromthe management server. You can view a table of the certificate requests that the management server has received, and manually grant or deny requests that are pending. l Policies: Policies (shown in the console tree under Policy Management) are specifications or rules that help automate network and service administration. HPOMadministrators deploy policies to managed nodes to provide consistent, automated administration across the enterprise. Policies can be thought of as templates that indicate which information is monitored and logged on managed nodes and which events and messages the management server passes to the console. HP Operations Manager (9.00) Page 30 of 1297 Online Help Getting Started Details pane The details pane hosts the list, message browser, and map views. The map view presents a graphical view of your entire service or node hierarchy, including any subsystems or subservices. Nodes, services, and their components are represented as icons, color-coded to indicate the current state of the node or service. HPOMfor Windows provides message browsers in which you can view messages that result from events occurring on managed nodes. The message browser interface displays currently active messages or acknowledged messages, depending on the browser you have selected. Within the selected browser, the headline displays a number of message details in one view. You can also view message attributes, severity, and status levels at a glance. Related Topics: l HP Operations Manager for Windows Overview License HPOM You must have a license password to use HPOMfor Windows. At installation, you are given a 60- day trial license. Within this 60 day period, you must obtain a permanent license password to continue to use HPOM. Upon reaching the 61st day, the product is disabled until you obtain a permanent license. To obtain your license password, launch the Obtain License tool fromthe console tree. HPOMcounts the number of available and used licenses at the following times: l Each time the console starts l Each time a policy or package is deployed l Each time a node is added l At least every 24 hours Note: For an overview of and links to Additional License Authorizations (previously called Additional License Restrictions) that apply to HP Software's Business Technology Optimization and Information Management software products, see Additional License Authorizations at HP Software Support Online. Related Topics: l ovolicense Obtain a license To obtain a license, you must provide the number of the HP Purchase Order that you received from your HP Software authorized reseller when you bought the product that you want to license. If you have not yet purchased the product, call 1-877-686-9637 (in the United States and Canada) or visit hp.comto locate an HP Software authorized reseller. Note: Management servers running a 32 bit version of HPOM. You must install your license keys using both the Obtain License and the Obtain License (Legacy License Model) tools to ensure compatibility with the HP Operations Smart Plug-in licensing implementation. HP Operations Manager (9.00) Page 31 of 1297 Online Help Getting Started To obtain a license for HP Operations Manager for Windows 1. Open an HPOMconsole on the management server. (You cannot request a license password froma remote console. You must log on to the management server to obtain a license password.) 2. In the console tree, select Tools HP Operations Manager Tools Licensing. 3. Right-click Obtain License and select All Tasks Launch Tool.... The Edit Parameters dialog box opens. 4. Click Launch.... 5. When the HP AutoPass window appears, use the wizard to enter the required information and to receive your license number. 6. 32-bit management servers only. In the HPOMconsole, right-click the tool Obtain License (Legacy License Model) and select All Tasks Launch Tool.... 7. 32-bit management servers only. Select the product for which you want to purchase licenses fromthe window that appears. 8. 32-bit management servers only. When the HP AutoPass window appears, use the wizard to enter the required information and to receive your license number. To obtain a license for other HP Software products 1. Open a command prompt and type: ovolicense -m The output lists all valid product categories. 2. Copy the name of the product category for which you want to obtain licenses. 3. Open an HPOMconsole on the management server. (You cannot request a license password froma remote console. You must log on to the management server to obtain a license password.) 4. In the console tree, select Tools HP Operations Manager Tools Licensing. 5. Right-click Obtain License and select All Tasks Launch Tool.... The Edit Parameters dialog box opens. 6. In the Parameters field, replace HPOMwith the product category and click Launch.... 7. When the HP AutoPass window appears, use the wizard to enter the required information and to receive your license number. 8. 32-bit management servers only. In the HPOMconsole, right-click the tool Obtain License (Legacy License Model) and select All Tasks Launch Tool.... 9. 32-bit management servers only. Select the product for which you want to purchase licenses fromthe window that appears. 10. 32-bit management servers only. When the HP AutoPass window appears, use the wizard to enter the required information and to receive your license number. HP Operations Manager (9.00) Page 32 of 1297 Online Help Getting Started For complete details about licensing HP Operations Manager for Windows, see the help files provided with the HP AutoPass licensing program. Related Topics: l Launching Tools l ovolicense View a license report To verify that you have purchased enough licenses for the HP Operations agents, target connectors, Smart Plug-ins, and other HP Operations Manager for Windows components that you have installed, use the License Report tool. This report shows what components you have installed, how many copies are installed, and how many licenses you have purchased for these products. To create and viewa license report 1. Open an HPOMconsole on the management server. (You cannot generate and view license reports froma remote console except for text-based license reports.) 2. In the console tree, select Tools HP Operations Manager Tools Licensing. 3. Right-click License Report and select All Tasks Launch Tool.... 4. Wait for the report to be generated. This takes about two minutes, or longer, depending on the speed of your computer and the size of your managed environment. The generated report includes the following main sections: n Feature License Report Shows the status of all HPOMfeatures and licenses. This report indicates how many licenses are installed and how many licenses are already in use. The status indicates the overall license status of a feature. The heading of the report displays information about the installed version of HP Operations Manager as well as the current patch level. The body of the report shows the number of installed, used, and available licenses for each HPOMcomponent, as well as a list of unregistered features. The report lists unregistered features when a configuration fromone management server is uploaded onto a different management server that does not have the same components or SPIs installed. The report indicates that the first management server has license requirements that are different to the requirements on the second management server. To solve this problem, the components or SPIs listed as unregistered must either be installed on all HPOMmanagement servers that share a configuration or removed fromthe HPOMnodes whose configuration is shared by the management servers. n License Password Report Shows a detailed list of all installed HPOMlicense passwords. This list enables you to check which license passwords are installed and which features are enabled by each license password. 5. Optional. View a licence report for individual nodes: HP Operations Manager (9.00) Page 33 of 1297 Online Help Getting Started a. In the console tree, select Tools HP Operations Manager Tools Licensing. b. Right-click Text-Based License Report and select All Tasks Launch Tool.... The Tool Status dialog box opens and displays the tool output, which includes the node license information. c. Click Close to close the Tool Status dialog box. Note: For target connector licenses, the report calculates an average value for all used licenses, based on the license usage of the last 30 days. For HP Operations agent licenses, the report gives the number of licenses used at the time the report is generated. Related Topics: l ovolicense Configure licensing options The management server automatically checks the validity of installed licenses once a day at 23:30. It sends a notification message to the message browser and, if configured, to a designated email recipient if it discovers any problems related to licensing. To configure licensing options 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box appears. 2. Click Namespace and then click Licensing. A list of values appears. 3. Optional. Configure options to send email messages: a. Change the value of Email address of HPOM license administrator to the email address of the license administrator. b. Change the value of SMTP mail server to the fully qualified domain name of the SMTP server you want to use to send the emails. c. Optional. Change the value of SMTP mail server port. 4. Optional. Change the value of Time for daily license check to a time more suited to your environment. 5. Optional. Change the value of Content of license report to specify the level of detail for license reports: n Summarized (default): Generates a license report in summarized form. n Detailed: Detailed license reports can be very long if there is a large number of configured nodes. 6. Click OK. Related Topics: l ovolicense l Change server configuration values HP Operations Manager (9.00) Page 34 of 1297 Online Help Getting Started Support and Further Information HPOMfor Windows comes with an extensive help systemthat guides you through the tasks you want to perform. See How to use help. Additional information is available in the formof manuals and white papers. See For More Information. Should you require support information visit the HP Software Support Online web site. See Software Support Online. How to use help HP Operations Manager for Windows provides help files to guide you through the tasks you want to perform. Help is available fromseveral locations: l Help drop-down menu l Any shortcut menu l Help buttons in dialog boxes Help files consist of overview, conceptual, and procedural topics and interactive demonstrations. l Overview topics are associated with the book level icon in the table of contents. Procedural topics may also contain some overview information, to explain concepts related to a particular task. l Conceptual topics provide a high-level view of a task or a series of related tasks and are identified in the table of contents with an icon that resembles a document page. l Procedures are step-by-step instructions that describe a particular user task. These are identified in the table of contents with an icon that illustrates numbered steps. l Interactive demos illustrate complex concepts such as the flow of a process or the interrelationship of rules and parameters. In some cases you can change information in a help demonstration to test the results of an action before you implement the task. See the Basic Training for HP Operations interactive tutorial in the help systemtable of contents for an example of an interactive demonstration. Links to more information Blue underlined text is linked to related topics that appear in various ways, depending on the content of the linked information: l Popup windows display acronymand glossary information. l Links to other topics replace the existing text in the help window. Use the Back button to return to your starting place. l Links to hidden text expand to provide additional information without requiring you to leave your current location. A small blue arrow indicates expandable information. When printing fromhelp files, expand the hidden text to print it. HP Operations Manager (9.00) Page 35 of 1297 Online Help Getting Started Cautions and notes l Cautions show important information that may significantly affect your work. l Notes present helpful information. Printing help files Print topics of interest by printing one topic page at a time or groups of topics by right-clicking the topic in the contents pane and selecting Print. If you want to print the entire help, start fromthe top- level topic (HP Operations Manager for Windows). Note that, depending on the number of SPIs installed, the help may contain more than 2500 printed pages. You can also download the core help (which excludes help for SPIs) in PDF format fromthe HP Software Product Manuals web site. Copying help files You may want to copy the help files fromyour management server to your local computer. This enables to you to read HPOMdocumentation when you cannot access the management server. The help files are .chmfiles, and are located on your management server at %OvInstallDir%\help\en\. Copy all the .chmfiles into one directory on your local computer. Double-click console.chm to start the online help. For more information... Additional information about HP Operations Manager for Windows is available in manual format as .pdf files. Unless you specified a different directory, manuals are installed in the default installation directory: C:\Program Files\HP\HP BTO Software\paperdocs\en. Manuals are also available on the Documentation directory on the installation media in this location: Documentation\HPOM Guides Additional technical information is provided in the formof white papers, available on the installation media in this location: Documentation\White Papers Basic Training for HP Operations Manager Basic Training is an interactive tutorial that opens automatically after the first installation of HP Operations Manager for Windows. To open the tutorial at any time after installation, go to the help systemtable of contents and click the Basic Training for HP Operations contents entry. Look for the light bulb icon, the symbol for an interactive demo. HPOM for Windows Manuals l HP Operations Manager for Windows Upgrade Guide The interactive upgrade guide lets you choose options to indicate the type of upgrade that you want to perform. The procedure changes according to your selection, creating an upgrade HP Operations Manager (9.00) Page 36 of 1297 Online Help Getting Started procedure that is tailored to your individual situation. You can view the file fromthe Documentation directory on the installation media. l HP Operations Manager for Windows Installation Guide The installation guide contains detailed installation information and an overview of how to use other HP BTOSoftware products with HP Operations Manager. A printed guide comes with each set of installation media. You can view the file fromthe Documentation directory on the installation media. l HP Operations Manager for Windows Release Notes The release notes file (HPOM_Release_Notes.htm) is also available in the Documentation directory on the installation media. To open and view or print a file, navigate to the directory where you have installed the manuals and double-click the name of the file you want to view or print. Software Support Online The HP Software Support Online web site offers in-depth information on a variety of topics: l Troubleshooting, knowledge base search, known problems l Problemreporting and support information l User manuals, software updates and patches, demos l Training and education l Discussion forum Click Software Support Online to open the Support web site in a separate browser window. HP Operations Manager (9.00) Page 37 of 1297 Online Help Getting Started Configuring HPOM As administrator, you performa number of configuration and deployment tasks to create a view of the managed nodes and services in your environment, the status messages that apply to them, and the corrective actions available to resolve problems. l Configure the management server After installing the management server, you may want to install Smart Plug-ins to help you discover and manage particular aspects of your IT environment. As you continue to use HPOM in your IT environment, you may need to further configure the management server, for example to create a backup installation, to communicate through firewalls, to operate in cluster environments, to work with multiple management servers, and so on. For more information, see Configuring management servers. l Configure nodes The management server automatically discovers nodes. You bring themunder management by adding themto HPOM. You then deploy policies to themwhich installs the HP Operations agent on them. After the agent is installed and policies are deployed, you will receive messages from your nodes and you can start monitoring and managing them. For more information, see Configuring nodes. l Configure services Configure services by defining the service hierarchy and specifying the way status is calculated and propagated for display in the message browser and map views. For more information, see Configuring service types. l Configure tools Configure tools that users use to resolve problemsituations. For more information, see Configuring tools. l Configure user roles By creating user roles and assigning users to these various roles, you configure an operator's view of the environment to focus on specific assigned tasks and responsibilities. By defining roles for specified operators and administrators, you control the users view of your enterprise and the range of activities which that user has permission to perform. By assigning users to well- defined, specific roles, you can distribute monitoring and maintenance tasks across a group of individuals with their own particular areas of expertise and experience and customize each users console view. n Create user roles that focus the attention of operators or administrators on their primary tasks without the distraction of information that is not relevant to their assigned responsibilities. n Specify which users can view, create, modify, delete, deploy, and undeploy policies and packages. n Specify which services, nodes, and tools will be available to specific user roles. n Specify which Message Groups will be available to operators. For more information, see Configuring user roles. HP Operations Manager (9.00) Page 38 of 1297 Online Help Configuring HPOM l Manage and deploy policies HPOMprovides predefined policies that you can use as-is or modify to meet your requirements. You can also create your own new policies for messages or the collection of metrics and deploy themto managed nodes. n Specify the messages that result fromevents that occur in the environment. n Customize the automatic actions (scripts that are configured to run automatically when a specific event occurs) and operator-initiated actions (the set of commands/executable scripts that are available to an operator when a specific event occurs) required to complete a task. n Configure measurement collections. Specify the data to be collected, the nodes fromwhich it is collected, and the thresholds, which when exceeded, trigger events that produce messages in the console for operators to act upon. n Provide specific message instructions to help with problemresolution. For more information, see Managing policies and deployment. HP Operations Manager (9.00) Page 39 of 1297 Online Help Configuring HPOM Configuring nodes The node configuration editor allows you to specify the managed nodes that you can monitor with HP Operations Manager for Windows. Operators monitor nodes and services and use the available tools to performroutine maintenance and also resolve problems that have critical business impact. Bringing nodes under management involves the following multiple tasks: 1. Adding nodes to HPOM You can specify the nodes in your environment that you want to manage by selecting fromthe list of discovered nodes or by creating new nodes manually. When you add a discovered node, the required fields for the node are filled in automatically for you. When you create a node manually, you must specify various required and optional properties. 2. Optional.Running a prerequisite check on the nodes Prerequisite checking tests a node's manageability. If a node does not meet any of the prerequisites, the agent installation fails for that node. By default, the agent installation automatically runs a prerequisite check before deploying the HP Operations agent package, but you can also run a prerequisite check manually. 3. Installing agents onto the nodes You can install agents remotely or manually. Alternatively, when you deploy a policy to a node, the management server checks that the correct agent packages exist on the node. If the agent packages are not already installed, or this policy requires a later version of the agent, the management server automatically deploys the latest agent packages on the node. 4. Granting the certificates Nodes that you manage with HTTPS agents require certificates. Certificates enable nodes to communicate securely with the management server and other nodes. Unless you install the certificates manually, a node requests the certificates fromthe management server. Before you can start to manage the node, you need to grant this certificate request. 5. Deploying policies to nodes Policies are collections of configuration information used to control the agent on a managed node. You can deploy policies on various computers to provide consistent, automated administration across a network. If you are running HP Operations Manager for Windows in a clustered environment and a failure occurs while you are bringing nodes under management, you may not be able to complete your operations. l The OK and Apply buttons in the node configuration editor are disabled. l You cannot expand folders in the discovered nodes list. l Operating systemdiscovery will not take place in the managed nodes list. Prerequisite checking cannot take place because it requires the discovery of a systemand OS type. You can manually set the systemand OS type and then manually run the prerequisite check. l If the problemis a cluster offline event, you cannot add reports and graphs to a node group. You can continue to work in the console to performthe following tasks: HP Operations Manager (9.00) Page 40 of 1297 Online Help Configuring nodes l Bring nodes under management. l Change node locations in the managed nodes list. l Use the node and node group property sheets. However, you cannot apply your changes and close the node configuration editor until WMI or the server are available again. Related Topics: l Configuring node properties l Maintaining nodes l Configuring external nodes l Monitoring cluster-aware applications l Monitoring agentless nodes Adding nodes to HPOM To add a managed node to HPOM, you can select fromthe list of discovered nodes or create and configure a new node manually. When you bring a discovered node under management, required fields for these nodes (or node groups) are filled in automatically for you. When you create a node manually, you must specify various required and optional properties. You can do so by directly editing the node's properties or letting the node configuration wizard help you. The managed nodes that you specify are listed in the Nodes folder of the console tree. Related Topics: l Select discovered nodes l Create new nodes l Create new node groups l Configuring external nodes Select discovered nodes HP Operations Manager for Windows automatically discovers nodes in your enterprise environment (providing the nodes are up and running) and displays their names in a list of discovered domains in the node configuration editor. Click the plus sign (+) beside any domain name in the DNS folder to expand the list and see the nodes it contains. Discovery is dynamic. When a domain is discovered, new nodes are automatically included in the discovered nodes list. When you first expand the domain, the new nodes appear in the list. The list is updated each time the node configuration editor is reopened. To quickly locate a specific node in long lists, expand the domain (for example, DNS) in the console tree and type the name of the node you want to find. As you type, the systemlocates the node for you. You can drag and drop or cut and paste selected discovered nodes to the list of managed nodes. HP Operations Manager (9.00) Page 41 of 1297 Online Help Configuring nodes To select nodes from the discovered nodes list 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Fromthe Discovered Nodes list, select the node or node group you want to manage and drag it or copy and paste it to the Nodes list. Required fields for these nodes or node groups are filled in automatically for you. Discovered node groups can be Domain Name System(DNS) nodes, Microsoft Windows Network nodes, or Unmanaged Nodes with Agents. Unmanaged Nodes with Agents are nodes where the agent software has been manually installed. Note: HPOMfor Windows uses the management server's domain suffix as the default DNS domain. The domain suffix must be set properly for the default domain to display. a. Click Start Server Manager. b. Expand Server Summary Computer Information, and then click Change System Properties. The System Properties dialog box opens. c. In the Computer Name tab, click Change.... The Computer Name/Domain Changes dialog box opens. d. Click More.... The DNS Suffix and NetBIOS Computer Name dialog box opens. e. Type the domain suffix for the management server. f. Click OK to close the dialog boxes and confirmyour changes 3. To configure the node, select it fromthe Nodes list and double-click to open the Node Properties dialog box. Note: When you bring new nodes under management, a prerequisite check runs automatically when you click Apply or OK in the Configure Managed Nodes dialog box. This opens the Prerequisite Check dialog box, which displays the status of the process, the names of the nodes being checked, and the results of the check, including details and recommended actions. Related Topics: l Configuring node properties Create new nodes You can create a new node, rather than select fromthe Discovered Nodes list. Perhaps the node you want to add is not included in the Discovered Nodes list and so is not available for selection. In that case, you can add a new node manually. To quickly configure a new node, use the node configuration wizard. This will provide the minimum amount of information you need to bring the node under management. Note: Special configuration may be required if you want to manage nodes over a firewall. For more details, see the HP Operations Manager for Windows Firewall Configuration Guide, which is available fromthe product manuals search page at HP Software Support Online. HP Operations Manager (9.00) Page 42 of 1297 Online Help Configuring nodes To create a newnode using the wizard 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. In the Nodes tree, right-click Nodes and select New Node to open the wizard. 3. In the Base Settings page, type the fully-qualified domain name in the box provided. You must supply this information to proceed. The systemwill discover information about this node and display it in the following screen. 4. In the OS Setup page, supply the systemtype, operating system, bit length, and version number if this information is not available yet. Click Next. 5. In the Advanced Settings page, type an optional description, choose settings for autodeployment, DHCP, and granting of certificates, then click Finish to complete the configuration. Note: At any time you can exit the wizard by clicking Expert Mode. This opens the node properties dialog box, where you can more completely specify the characteristics of this node. You cannot return to the wizard fromthe node properties dialog box. When you add another node, the wizard opens again. To create a newnode manually 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. In the Nodes list, right-click the node that you want to configure to open the Node Properties dialog box. Use the tabs to display information about the selected node and to configure it: n General n Network n Message Identification n System n Tools n Node Groups n Outage n Virtualization 3. Click OK to confirmyour changes and close the dialog box. Note: When you bring new nodes under management, a prerequisite check runs automatically when you click Apply or OK. This opens the Prerequisite Check Component dialog box, which displays the status of the process, the names of the nodes being checked, and the results of the check, including details and recommended actions. Related Topics: HP Operations Manager (9.00) Page 43 of 1297 Online Help Configuring nodes l Systemtype, OS type, and OS version information l Check prerequisites for managed nodes l Delete, copy, and move managed nodes Create new node groups A node group is a logical group of internal and external nodes managed by operators. The administrator can apply a consistent set of tools, reports and graphs, and policies to this logical group. A single node can belong to many groups. To add a node group 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Fromwithin the Configure Managed Nodes dialog box, select the Nodes folder in the managed nodes list. 3. Right-click to open the shortcut menu. 4. Select New Node Group to open the Node Group Properties dialog box which you use to configure the new node group. The General tab displays by default. 5. Configure the new node group as necessary using the tabs in the Node Group Properties dialog box: n General n Tools n Reports and Graphs n Deployment 6. Click Apply as you finish with a tab to apply your changes. 7. Click OK to confirmyour changes and close this dialog box. To delete a node group 1. Select the node group you want to delete in the Configure Managed Nodes dialog list. 2. Right-click to open the shortcut menu. Select Delete. Related Topics: l Create new nodes l Delete, copy, and move managed nodes Check prerequisites Prerequisite checking tests a node's manageability before it is brought under management. You can run a prerequisite check in the following ways: HP Operations Manager (9.00) Page 44 of 1297 Online Help Configuring nodes l Automatically When you install an agent, the installation process automatically performs a prerequisite check, unless you clear the Run prerequisites check automatically during job execution check box in the Agent Installation dialog box. l Manually You can start a prerequisite manually by selecting Run Prerequisite Check in the shortcut menu in the Configure Managed Nodes dialog box, or by running the command line tool ovowreqcheck. To launch the prerequisite check manually 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Optional. If you have changed any node properties, click Apply to save them. 3. Select a node or nodes in the nodes list. 4. Right-click the node or nodes, click Run Prerequisite Check. 5. Optional. If you select nodes that have a UNIX or Linux operating system, the Installation Credentials dialog box open. Type the credentials of a user who has permission to connect to the node, and then click OK. Note: For nodes that have a UNIX or Linux operating system, the prerequisite check attempts to connect to the node using SSH. If the SSHconnection attempt fails, the prerequisite check attempts to connect using rexec. If you want to use SSH to connect to nodes, you must configure a suitable secure shell client on the management server. (See "Configure HTTPS agent deployment to UNIX and Linux nodes" (on page 82).) To viewthe results of the prerequisite check 1. When the prerequisite check begins, the Prerequisite Check dialog box opens and displays the following information: n Status: The Status column indicates the status for each listed node. View status options o Active: Prerequisite check is currently running on the node. o Failed: Check failed to run on the node. Failure could be caused by network problems, unavailable node, unresolved node name, or similar situations. o Completed: The prerequisite check ran on the node. It does not mean that all nodes are problem-free. o Pending: Prerequisite check has not yet run on the node. o Cancelled: User stopped the prerequisite check. HP Operations Manager (9.00) Page 45 of 1297 Online Help Configuring nodes n Node: The Node column displays the fully-qualified domain name or IP address of the node to be checked. n Credentials: The Credentials column displays the credentials that the management server uses to check the prerequisites on the node. The management server uses the credentials selected in the Agent Installation dialog box. n Result: The Result column gives a brief description of the results of the check. You can see further details by clicking on the individual node name to display information in the Description box, which displays both requirements and recommendations. View typical results messages o Active: Prerequisite check in progress. o Failed: Checked node is not available; either there is no network connection or firewall ports are not opened. Node (name) cannot be resolved. Platform not supported. Cannot identify platform. o Completed: All checked prerequisites are okay. All requirements are okay; at least one recommendation has failed. At least one requirement could not be checked (it is not known whether the requirement is okay or not); all other successfully checked requirements are okay. At least one requirement has failed. Client does not have administrative privileges on this node. o Pending: Prereq check pending. o Cancelled: Prerequisite check cancelled. 2. When the prerequisite check completes, click OK to close the dialog box. To see if the check passed or failed 1. Fromthe console tree, select the node on which the check was run. 2. Right-click to open the shortcut menu and select Properties to open the Properties dialog box. 3. Select the System tab and view the Prerequisite Check Passed check box for the status of the prerequisite check. You can get the same information in the Configure Managed Nodes dialog box by selecting a node in the list of nodes and right-clicking the name. Select Properties fromthe shortcut menu and then the System tab in the Node Properties dialog box. The results of the prerequisite check appear in this dialog. HP Operations Manager (9.00) Page 46 of 1297 Online Help Configuring nodes To restart the prerequisite check If no check is currently running, you can restart the check after you have corrected any problems encountered by the original prerequisite check. 1. In the Prerequisite Check dialog box, select the nodes on which you want to run the check again. You can select more than one node. 2. Right-click to open the shortcut menu. 3. Select Restart. The prerequisite check will run again on the selected nodes. 4. To cancel the check, right-click to open the context menu and select Cancel. 5. To copy the contents of the node list, right-click to open the context menu and select Copy. To sort the columns If no prerequisite check is in progress, you can sort by status, node, credentials, and result columns by clicking on the column. For example, clicking the Status column arranges the nodes according to status such as passed or failed. Requirements not checked The following requirements must be checked manually on DCE agents: l On Tru64 systems: Required patches on TruCluster DCE on TruCluster l On Linux systems: Kernel features l On HP-UX systems: All kernel parameters except for nfile and nflocks Tip: To run the prerequisite check on Windows Vista nodes, you must first enable the Remote Registry service on the node. (On Windows Vista nodes, this service is by default disabled.) Related Topics: l ovowreqcheck l Install agents remotely l Configure systeminformation for managed nodes Configure domains for DNS discovery To set up HPOMto select discovered DNS nodes through the node configuration editor, you configure the DNS domains you want to view along with the appropriate DNS server for each domain. HP Operations Manager (9.00) Page 47 of 1297 Online Help Configuring nodes To configure DNS discovery 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Click the DNS folder in the Discovered Nodes list and right-click to open the shortcut menu. 3. Select New Domain to open the DNS Domain Properties dialog box. 4. In the Domain Name box, enter the name of the domain as you want it to appear in the Discovered Nodes list. 5. In the Domain Server box, enter the DNS server name for the domain you are adding. 6. Click OK to confirmyour changes and close this dialog box. Note: In an Active Directory environment, the domain controller may register DNS records of type A (address records) in the DNS server. A records are aliases that map hostnames to IP addresses. Although A records may appear as discovered nodes in the Configure Managed Nodes dialog box, it is not recommended that you bring these under management. To manage an Active Directory environment, use Active Directory Discovery where these aliases are not visible. To edit an existing domain 1. In the Discovered Nodes List, click the name of the domain you want to edit. 2. Right-click to open the shortcut menu. 3. Select Properties to open the DNS Domain Properties dialog box. 4. Edit the displayed information. 5. Click OK to save your changes and close this dialog box. Troubleshooting If, after adding a new DNS domain, you are having trouble expanding your view of the domain in the interface, follow these steps to make sure your configuration is correct: 1. Verify that you have specified the correct DNS server. 2. Verify that the DNS server is set to Allow Zone Transfers. If you receive "Discovery failed" errors, the DNS server may not be configured to Allow Zone Transfers. 3. Run the tool nslookup as follows to verify that you can see the nodes: nslookup server <IP address of DNS server> ls <domain name> 4. If you are unable to see the nodes through nslookup (that is, you receive "Query Refused" or "Non-existent domain"), then verify your basic DNS configuration or Active Directory configuration by following the procedures in your Windows Server documentation. The HP Operations Manager (9.00) Page 48 of 1297 Online Help Configuring nodes Microsoft Windows documentation provides examples of configurations that could affect your ability to view new nodes. Related topics l "Systemtype discovery" (on page 50) Configure IP ranges for DNS discovery HPOMprovides dynamic discovery of nodes in your enterprise environment and displays their names in a list of discovered domains in the node configuration editor. Click the plus (+) sign beside any domain name in the DNS folder to expand the list and see the nodes it contains. You can create a new list of nodes by specifying a range of IP addresses to be included in the list. To include a range of IP addresses 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Click the DNS folder and right-click to open the shortcut menu. 3. Select New IP Range to open the IP Range Properties dialog box. 4. In the Name box, enter a name to identify the range of IP addresses you are creating, as you want it to appear in the Discovered Nodes list. 5. In the Enter the Range of IP Addresses to Include boxes, enter a range of IP addresses. Only nodes with the specified IP addresses will appear in the Discovered Nodes list when the itemis expanded. 6. Click OK to confirmyour changes and close this dialog box. To edit the IP range 1. In the Discovered Nodes List, right-click the IP range you want to edit and select Properties to edit the IP range. 2. Click OK to save your changes and close this dialog box. Filter DNS domains You can filter the view of a large domain by specifying criteria for nodes that you want to group into a logical display. Nodes that fit the criteria are grouped into a folder under the selected domain in the node configuration editor, making it easy to see which nodes belong to a particular systemtype, OS type, and version. Note: Filtering nodes by systemtype, OS type, and version is only possible when the HP NNM Adapter is installed on the management server. Without the HP NNMAdapter being installed, the Platformtab in the Discovered Node Folder dialog box is not available. The HP NNMAdapter is only supported on management servers running a 32 bit version of HPOM. HP Operations Manager (9.00) Page 49 of 1297 Online Help Configuring nodes To specify filter criteria 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Click the plus (+) sign beside a network folder to expand it and display a list of domains. 3. Right-click a domain name to open the shortcut menu. 4. Select New Discovery Folder to open the Discovered Node Folder dialog box. The General tab displays by default. 5. In the Display Name box, type a name for the domain filter folder. 6. Optional. In the Node name contains box, type any text that the names of the nodes you want to filter for have in common. For example, if several of your node names contained the text "murr", nodes named "murr59544", "testmurr59544", and "murr" would all be listed in the filter folder. 7. Optional. In the IP Address box, choose Include Range, Exclude Range, or Any. This IP range is different fromthe IP range set in the IP Range Properties dialog box and is created and modified only within this property page. 8. Optional. In the Platform tab, select the System Type you want to filter for. 9. Optional. Select the Operating System and Bit Length. 10. Optional. Select the Version. 11. Optional. Select one of the options for version selection. The default when an OS version other than "Any" or "Unknown" is selected, is Include only the selected version of the operating system. 12. Click Apply to see the results of your changes. 13. Click OK to confirmyour selections and close this dialog box. You will see a message box saying that the systemis retrieving nodes in the selected domain. A counter tallies nodes that meet the filter criteria as they are discovered. A folder with the filter name you specified appears in the Discovered Nodes pane under the selected node. To cancel the discovery operation, right-click in the Discovered Nodes pane and select Cancel Discovery. To delete a selected group of filtered nodes, right-click to open the shortcut menu and select Delete. Related Topics: l "Configure domains for DNS discovery" (on page 47) l "Configure IP ranges for DNS discovery" (on page 49) System type discovery When you add a new node, HPOMattempts to automatically determine the systemtype and operating systemdetails using various methods. HP Operations Manager (9.00) Page 50 of 1297 Online Help Configuring nodes SNMP-baseddiscovery HPOMcan discover systemtype and operating systemdetails using SNMP, if the managed node meets following requirements: l All managed nodes n An SNMP service/daemon must be running on the managed node. n At least the management server must have access permissions to the SNMP object "system" on the managed node. Some operating systems (for example, Sun Solaris) allow limiting access to the "system" SNMP object (for example, localhost only), which can prevent the management server from determining the information. Consult the SNMP manuals for information about a specific operating system. l Windows managed nodes n Must have at least READ ONLY access to the community name "public". n The option "Accept SNMP packets fromany host" must be enabled. l Linux managed nodes Because the SNMP daemon does not give you the exact distribution version of the Linux OS, HPOMperforms an additional check using a telnet protocol. After HPOMdetermines (through the SNMP daemon) that the systemis a Linux OS, it performs a telnet emulation to obtain information fromthe telnet welcome string. You can easily change the telnet welcome string on a Linux systemso that if the Configure Nodes dialog box reports that the OS version of a Linux systemcould not be determined, you do not need to supply it manually. If the systemtype, OS type, and OS version cannot be determined automatically, you can specify it manually. Note: It is important to correctly supply the systemtype, OS type, and OS version information. If you do not, you may see attempts to deploy the agent packages of the wrong architecture or errors related to auto-deployment of policies of the wrong architecture. Change the SNMP community name By default, the management server uses the "public" community name to connect to SNMP on a target node and get the systemtype, OS type, and OS version information. If this community name is changed to something other than "public" on nodes that are to be managed, the management server needs to be informed about this community name in the following way: 1. Start Notepad. 2. Write this line to the empty Notepad document: SNMPCommunityName=<your_community_name> Replace <your_community_name> with the community name that you are using. For example, to use "private" as the community name, specify SNMPCommunityName=Private. HP Operations Manager (9.00) Page 51 of 1297 Online Help Configuring nodes 4. Choose File Save As. In the Save As dialog box, navigate to the %OvShareDir%\conf\DNSDisc directory and save the file as follows: File name: dnsdscr.ini Save as types: Text documents (*.txt) Encoding: ANSI To revert to using the "public" community name, do one of the following: l Change the above line in the dnsdscr.ini file to: SNMPCommunityName=public l Delete the file dnsdscr.ini fromthe %OvShareDir%\conf\DNSDisc directory SSH-based discovery HPOMcan discover systemtype and operating systemdetails using SSH, if the managed node runs an SSH server and has a Perl interpreter available. The Perl interpreter must be in a folder that is listed in the PATH environment variable (so that HPOMcan run Perl commands without specifying the path to the Perl interpreter). Note: To use SSH-based discovery you must configure a suitable secure shell client on the management server. You must also configure private key authentication for the root user on the managed nodes. (See "Configure HTTPS agent deployment to UNIX and Linux nodes" (on page 82).) SSH-based node discovery returns more detailed results than the SNMP discovery. Therefore, SSH-based discovery can avoid the need to obtain the telnet welcome string fromnodes that have a Linux operating system. Related Topics: l Discover managed nodes l Monitor SNMP devices Configuring node properties When you bring a node under management, as part of the process you must specify detailed information about the node in the node properties dialog box. You can modify a single node at a time or multiple nodes at once. When you modify multiple nodes, you can change only those properties that must not be unique for a node. To configure properties of an individual node 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. Alternatively, click the name of a node in the console tree. 1. Right-click the node to open the shortcut menu. 2. Select Properties to open the Nodes Properties dialog box. The General tab displays by HP Operations Manager (9.00) Page 52 of 1297 Online Help Configuring nodes default. 3. Make the changes you want to make in any of the tabs. 4. After making the changes, click OK. To configure properties of multiple nodes 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. In the Nodes tree, press SHIFT or CTRL and select the nodes for which you want to configure properties. 3. Right-click the nodes to open the shortcut menu. 4. Select Properties to open the Properties of Multiple Nodes dialog box. This dialog box displays only those tabs that enable you to change shared node properties, for example, the description, owner name, or heartbeat polling options. Options that are unique for each node are unavailable for editing and appear dimmed in the tabs. 5. Make the changes you want to make in any of the tabs. 6. After making the changes, click OK. Related topics: l Managing Policies and Deployment Configure general properties Each managed node must be uniquely identified by specifying properties for that node. Use the General tab in the Node Properties dialog box to specify details that identify each managed node. 1. In the list of managed nodes, select the node you want to configure. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Nodes Properties dialog box, which displays the General tab by default. The automatically generated unique ID (GUID Global Unique Identifier) for the selected node appears at the top of the dialog box. 4. In the Display Name box, enter the label (display name) for the managed node. The caption appears in the Managed Nodes list. This information is required and is automatically entered if you selected the node to be managed by dragging and dropping the node name fromthe Discovered Nodes list to the Nodes list in the Configure Managed Nodes dialog box. 5. Optional. Enter any comments or additional information in the Description box. 6. Optional. Enter the name of the node owner or administrator in the Owner Name box. For example, enter the name of the critical person to contact. 7. Optional. In the Contact Details box, enter the owner's phone number, pager number, or email address for the person you specified in the Owner Name box. 8. Optional. In the Manufacturer box, enter the hardware maker's name. For example, you might HP Operations Manager (9.00) Page 53 of 1297 Online Help Configuring nodes enter HP. 9. Optional. In the Model box, enter the model name or number of the selected system. For example, you might enter Kayak XA for an HP system. 10. Click Advanced Configuration to open the Advanced Configuration dialog box, which displays the following information: n Modify Agent ID: The GUID of the agent that resides on this node. If you change this ID, you will see a message warning you that you may no longer receive messages if the agent ID is incorrect. n Modify Certificate State: Shows whether the HTTPS node has the certificates it requires to communicate securely with the management server. You only need to update the certificate state manually to troubleshoot certificate problems (for example, if you deploy certificates to this node manually, but network problems prevent the agent fromnotifying the management server of this). View certificate states Installed The certificate is installed on this node. Denied The management server received a certificate request and has informed the node that it is not going to grant it. Failed The management server tried to grant or deny the request, but was not able to do it (because the node could not be reached, for example). Pending A certificate request has been received for this node, but not yet granted, denied, or discarded. Granted The certificate request has been granted on the management server, but the node does not have the certificate yet. You may see this state if you are granting many certificate requests at once. Undefined No certificate request has been received for the node. 11. Click Apply to apply your changes. 12. Click OK to apply your changes and close this dialog box. 13. Click the Network tab to continue configuring this node. Configure network properties Use the Network tab of the Node Properties dialog box to specify the primary node name, communication path, and domain name. 1. Fromthe list of managed nodes in the Configure Managed Nodes dialog box, select the node you want to configure. 2. Right-click to open the shortcut menu. HP Operations Manager (9.00) Page 54 of 1297 Online Help Configuring nodes 3. Select Properties to open the Node Properties dialog box. 4. Click the Network tab. 5. In the Primary Node Name box, enter a unique node name. This information is required and is automatically entered if you selected the node to be managed by dragging and dropping the node name fromthe Discovered Nodes list to the Nodes list in the Configure Managed Nodes dialog box. When this information is entered or changed, the System Type, OS Type, and OS Version are automatically modified in the System tab. Note: A problemmay arise when the primary node name entered here (for example, rednode.example.com) does not match the network settings on the agent node, which may not have a primary domain name set. In this case, a short node name (for example, rednode) may be filled in by the HPOMmessage infrastructure in the node field of operator-initiated actions. If this occurs, the operator-initiated action fails because HPOMcannot match the short name fromthe message to the fully-qualified name that is in the node database. HPOMreports that it does not know the node mentioned in the message. 6. Specify your preferences in the Server To Node Communications box. Select Node IP address obtained automatically (DHCP) if you do not want to use a static IP address. The server will not cache an IP address it once received for a system, but will do a name resolution every time a systemis contacted. This means that if you specify the name of a systemas the communication path value, and you have selected this box, the given name is always resolved (using an external name resolution service like DNS) if the node is contacted. Note: If you do not select this box, the server caches the first IP address it received for a node froma name resolution service. On subsequent contacts, the server uses the cached IP address instead of doing another external name resolution. This increases performance for nodes using a static IP address. Select Notify management server if node communication address changes if you want the server to be aware of IP address changes. The agent checks each time you start the systemto see if the IP address of the systemyou are running on has changed. If the answer is yes, this information is sent to the management server, where the communication path of the corresponding node is updated with the new IP address. Note: If the address space of the managed node is different fromthe address space of the management server (because they are located in different subnets), it is possible that the management server cannot use the new IP address it received froman agent. In this case, to prevent errors, do not check the Notify management server if node communication address changes check box. If you check this box, selections below it in the dialog box appear dimmed and are unavailable. 7. If you did not make a selection in the Server to Node Communications box, click either the IP Address or Domain Name (FQDN) button to specify a communications path. If you select IP Address, you must enter the IP address manually. By default, the Domain Name (FQDN) box displays the primary node name. If you change the primary node name, the change is reflected in the Domain Name (FQDN) box. You can also HP Operations Manager (9.00) Page 55 of 1297 Online Help Configuring nodes enter the domain name for the node you are configuring in the space provided. The domain can be either a Windows or IP domain. This information is optional. If you have multiple IP addresses for a particular node and the communications path would differ fromthe Primary Node Name, specify the particular IP address or DNS name that you want. 8. Heartbeat Polling sends a signal to the managed node or contacts the agent on the node to check whether the node is offline. System Default means that the management server uses the heartbeat polling setting from the Server Configuration dialog box. This setting is valid for all managed nodes and is by default "ICMP & Agent". To override the systemdefault for a managed node, set Polling to Custom, then specify the Ping Protocol you want to use: n ICMP & Agent With this option, the server first attempts to contact the node using ICMP Internet Control Message Protocol packages to find out if the node is reachable. If this succeeds, it will contact the agent on the node to find out if the agent processes are running. When this fails, it will use ICMP packages again to find out if, at least, the systemis alive. As soon as this succeeds, the agent is contacted again. This option is not recommended for nodes outside of a firewall because ICMP calls are usually blocked by firewalls. n Agent Only The management server does not actively contact the node with ICMP pings, but still contacts the agent on the node. This is the recommended setting for nodes outside of a firewall. The disadvantage is that in the event of a systemoutage, the network load is higher than with normal heartbeat monitoring because the agent connection is still being tried. n ICMP Only The management server sends ping packages (using ICMP) to verify the availability of the agent. This option is not recommended for nodes outside a firewall because ICMP calls are usually blocked by firewalls. 9. Set the polling Interval in seconds. This is the interval at which the management server checks whether the managed node is offline. The minimumis polling interval is 60 seconds, and the maximumis 28800 (8 hours). 10. Clear Enable Auto Deployment if you do not want HPOMto automatically deploy policies to the node. HPOMautomatically deploys policies to a node when the agent is correctly installed. For HTTPS agents, a correctly installed certificate is also required; otherwise the deployment job fails. By default, HPOMautomatically deploys certain core policies to nodes. The core policies include autodiscovery policies that gather service information on nodes. This information is sent back to the management server to generate a service tree. (You can also automatically deploy additional groups of policies by associating policy groups with node groups and service types.) 11. Click Apply to apply your changes. 12. Click OK to apply your changes and close this dialog box. 13. Click the Messages tab to continue configuring this node. Related Topics: HP Operations Manager (9.00) Page 56 of 1297 Online Help Configuring nodes l Adding nodes to HPOM l Agent health checks l Disable policy autodeployment Configure message identification properties In some environments, a node can be known by several names in addition to the primary node name. The Message Identification tab of the Node Properties dialog box displays any other names (aliases) that apply to the selected node. To create an alias for a node 1. Fromthe list of managed nodes in the Configure Managed Nodes dialog box, select the node you want to configure. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Node Properties dialog box. 4. Click the Message Identification tab. 5. Fromthe Message Identification tab, click Add to open the Add New Alias dialog box. 6. In the New Alias box, enter any other names for the node that apply to it. This allows messages to be generated using any of these names. Any aliases are listed in the Other names for node in browser messages: group box. Optional. If a node has multiple IP addresses, the IP addresses can also be entered in the New Alias box. 7. To remove an alias, select it fromthe list and click Remove. 8. Click Apply to apply your changes without closing this dialog box. 9. Click OK to confirmyour choices and close this dialog box. 10. Select the Systemtab to continue configuring this node. Configure system properties Use the System tab of the Managed Nodes Properties dialog box to record information about the selected node's hardware, software, and environment. You need to separately configure details for each managed node. Required information includes System Type, OS Type, and OS Version, which HPOMfills in for you, if possible. Note: Information for SystemType, OS Type, and OS Version is automatically entered if the node was selected by dragging or copying it fromthe Discovered Nodes list or if the primary node name is entered in the Network tab. This information appears when you open the node's property sheet or click Close or Apply in the Configure Managed Nodes dialog. For manually created nodes, systemand OS type discovery is attempted. There is no systemor OS information associated with node groups. 1. Fromthe list of managed nodes in the Configure Managed Nodes dialog box, select the node you want to configure. 2. Right-click to open the shortcut menu. HP Operations Manager (9.00) Page 57 of 1297 Online Help Configuring nodes 3. Select Properties to open the Node Properties dialog box. 4. Click the System tab. 5. In the System Type box, the systemtype for the selected node has been automatically entered. If the value cannot be determined, the field will display "Other" and you must enter the correct information. If the node is of a type that is not supported by HPOMfor Windows, this box will display a systemtype of Other. 6. The Agent Comm Type box displays one of two communication types (DCE or HTTPS), depending on the systemtype. The communication type DCE is deprecated on management servers running a 64 bit version of HPOM. To add DCE nodes to HPOM, you must first manually install a DCE agent on the node. You can then drag and drop the node fromthe All Unmanaged Agents list to the Nodes list in the Configure Managed Nodes dialog box. 7. In the Operating System box, the operating systemtype has been automatically entered. If the value cannot be determined or is unsupported, this box displays an Operating System of Unknown. 8. In the Bit Length box, the bit length has been automatically entered. There are two choices: 32 and 64 bit. 9. The Agent Binary Format box is automatically filled depending on the systemtype. 10. In the Version box, the information has been automatically entered. If the value cannot be determined or is unsupported, this box remains blank. The list box shows the available versions for the selected operating system. You can select fromthe list or type in a version not available fromthe list (for example, a newly released version). 11. Check the Allow automatic granting of certificate: box if you want the management server to automatically grant certificate requests for this node. The HTTPS agent requires certificates, which enable it to communicate securely with the management server. The node can request these certificates fromthe management server. For this property to take effect, you must also configure the management server to grant certificate requests automatically. 12. Certificate State: Shows whether the HTTPS node has the certificates it requires to communicate securely with the management server. View certificate states Installed The certificate is installed on this node. Denied The management server received a certificate request and has informed the node that it is not going to grant it. Failed The management server tried to grant or deny the request, but was not able to do it (because the node could not be reached, for example). Pending HP Operations Manager (9.00) Page 58 of 1297 Online Help Configuring nodes A certificate request has been received for this node, but not yet granted, denied, or discarded. Granted The certificate request has been granted on the management server, but the node does not have the certificate yet. You may see this state if you are granting many certificate requests at once. Undefined No certificate request has been received for the node. 13. Prerequisite check: Shows whether the node has passed the prerequisite check. If Passed is not selected, the prerequisite check has not yet run or has failed. 14. Click Apply to apply your changes. 15. Click Close to save your changes and close this dialog box. 16. Click Cancel to close the dialog box without saving your changes. 17. Click the Tools< tab to continue configuring this node. Configure tools properties As administrator, you can specify which tools are available for each managed node. Tools include applications, scripts, and commands that performnecessary tasks in your environment to resolve problems and performroutine tasks and maintenance. Available tools are contained in tool groups in the Tools folder in the HP Operations Manager for Windows console tree. To view tools, select a tools folder to display the tools it contains in the details pane. When you first open the Tools folder in the console tree, you see the default tool groups supplied with HP Operations Manager for Windows. These might be tools provided by SPIs, applications such as Excel, or scripts that performsuch tasks as generating a report or checking TCP/IP status. As administrator, you can create additional scripts and add any other tools you might need to this list to help operators take corrective actions or get additional information. Using the Tools tab of the Node Properties dialog box, you select the tools you want to associate with this node and make available for selection fromthe Tools folder in the console tree. To configure tools for managed nodes 1. Fromthe list of managed nodes in the Configure Managed Nodes dialog box, select the node you want to configure. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Node Properties dialog box. 4. Click the Tools tab. The Tools inherited from node groups box displays a list of tools that are automatically associated with this node because this node is part of one or more node groups. The list shows the name of the tool, the node group the tool is associated with, and a description of the tool. 5. In the Tools associated with this node list, select the check box for each tool and tool group you want to associate with the node. 6. If you want to remove a tool, clear the check box in the Tools associated with this node list. HP Operations Manager (9.00) Page 59 of 1297 Online Help Configuring nodes The tool is removed fromthe Tools folder in the console tree and is no longer associated with the selected managed node. 7. Click Apply to apply your changes. 8. Click Close to save your changes and close this dialog box. 9. Select the Node Groups tab to continue configuring this node. Related Topics: l Configuring tools View node group properties The Node Groups tab of the Node Properties dialog box lists the parents of this selected node. Items in the list appear dimmed; this is a read-only list for your information. To viewnode group properties 1. Right-click the name of the managed node for which you want to display properties; this opens the context menu. 2. Click Properties to open the Properties dialog box for the selected managed node, which displays the General tab by default. 3. Click the Node Groups tab to view the parents of the selected node. 4. Click the Outage tab to continue configuring this node. View outage properties Use the Outage tab of the Managed Node Properties dialog box to view outage information for a managed node. This read-only tab displays the settings established for both unplanned and scheduled outages. A scheduled outage meets these criteria: l Planned to happen l Recurs at regular intervals for maintenance l Configured by a policy An unplanned outage is unexpected and can occur randomly. Only administrators and privileged users can put a managed node into maintenance mode. Managed nodes in maintenance mode by default do not affect the status of their parent node groups. To viewoutage properties 1. Right-click the name of the managed node for which you want to display properties; this opens the context menu. 2. Click Properties to open the Properties dialog box for the selected managed node, which displays the General tab by default. 3. Click the Outage tab to view the following information: HP Operations Manager (9.00) Page 60 of 1297 Online Help Configuring nodes n Current Outage State: Displays the outage status of the selected managed node. This status will be "UNPLANNED", "SCHEDULED", or "OFF". n Unplanned Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage and Heartbeat Polling During Outage. Messages can be either deleted or acknowledged. Heartbeat polling can be set to either "ON " or "OFF". n Scheduled Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage and Heartbeat Polling During Outage. Messages can be either deleted or acknowledged. Heartbeat polling can be set to either "ON " or "OFF". 4. Click the Virtualization tab to continue configuring this node. Configure virtualization for managed nodes HPOMfor Windows uses the concept of virtual nodes to represent cluster resource groups. A virtual node can be regarded as a group of physical nodes linked by a common resource group name. The agents on these physical nodes can automatically enable and disable policies on a physical node when the state of the resource group changes. To configure virtualization for managed nodes 1. Fromthe list of managed nodes in the Configure Managed Nodes dialog box, select the node you want to configure. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Node Properties dialog box. 4. Click the Virtualization tab. 5. Select Virtual Node to make the node a virtual node. The list of hosted virtual nodes becomes unavailable. 6. Click Add next to Hosted on Physical Nodes to select the managed nodes that host the virtual node. The list of managed nodes shows only nodes with the same operating systemas the virtual node. 7. In the Resource Group box, type the name of the cluster resource group. 8. Click Apply to apply your changes. 9. Click OK to apply your changes and close this dialog box. Related Topics: l Create virtual nodes l Receive messages for virtual nodes l Configure DCE agents to monitor cluster-aware applications HP Operations Manager (9.00) Page 61 of 1297 Online Help Configuring nodes System type, OS type, and OS version information When you configure a managed node, the systemtype, OS type, and OS version for the node are automatically entered when: l You configure a managed node by dragging or copying it fromthe Discovered Nodes list. This is only auto-discovered when you open the node property sheet or close or apply the Configure Managed Nodes dialog box. l The primary node name is entered in the Network tab. If the value cannot be determined, the fields display "n/a" and you must specify the correct information. If the node is a type that is not supported by HPOM, the System Type field displays a value of "Other". Supported operating systems are shown on the Software Support Online web site support matrix. Note: It is important to correctly supply the systemtype, OS type, and OS version information. If you do not, you may see attempts to deploy the agent packages of the wrong architecture or errors related to auto-deployment of policies of the wrong architecture. Related Topics: l "Systemtype discovery" (on page 50) Maintaining nodes Node maintenance tasks include moving or deleting nodes, changing node names or IP addresses, or viewing the policy and package inventory. Related Topics: l Delete, copy, and move managed nodes l Change names and IP addresses l View policy and package inventory l Put nodes into unplanned outage mode l Schedule an outage for a node l Agent ID on server and node mismatch l Resolve the IP address of the management server l Upgrade or change the node operating system Delete, copy, and move managed nodes You can easily delete nodes fromthe managed nodes list. You can also move one or more nodes to another node group or copy one or more nodes to more than one node group. Note: Node groups with identical names that exist more than once at different locations in the console tree are stored on the server as a single data unit. HP Operations Manager (9.00) Page 62 of 1297 Online Help Configuring nodes To delete one or more nodes 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. In the Nodes list, select the nodes or node groups you want to delete and press the Delete key or right-click to open the shortcut menu and select Delete. If you are deleting the only instance of the node, a dialog opens to explain what happens when nodes are deleted and how to handle policies and packages on the deleted nodes. If you are deleting a copy (shortcut to the node), the following dialog appears. 3. Click Yes to continue the delete operation. The selected nodes are removed fromthe list of managed nodes. 4. To cancel the delete operation, click No. To move one or more nodes 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Right-click the nodes you want to move to another node group to open the shortcut menu. 3. Click Cut to remove the nodes fromthe selected group. 4. Select the node group you want to move the nodes to. 5. Click Paste Shortcut to place the nodes in the selected group. If you decide to delete the nodes, you will see the same dialog as shown in Step 2 of To delete one or more nodes. HP Operations Manager (9.00) Page 63 of 1297 Online Help Configuring nodes To copy nodes into one or more additional node groups 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Right-click the nodes you want to copy to another node group to open the shortcut menu. 3. Click Copy. 4. Select the node group to which you want to copy the nodes. 5. Right-click to open the shortcut menu. 6. Click Paste Shortcut. The nodes appear in the second node group. If you decide to delete the nodes, you will not receive a message. You are deleting shortcuts to the nodes, not the nodes themselves, which still exist in the original node group. Change names and IP addresses You may find it necessary to change the names and IP addresses of the managed nodes. You can: l Change the IP address of a node l Change the name of a node Change the IP address of a node The following procedure describes how to change the IP address of a managed node. 1. DCE agents only. Check to see if the OPC_IP_ADDRESS setting is set in the opcinfo or nodeinfo file. The location of this file will be different, depending on your operating system. Note: HPOMdoes not set the OPC_IP_ADDRESS setting per default. If the OPC_IP_ ADDRESS is manually created, be sure to update it. 2. Change the IP address, and reboot if required by your OS. 3. DCE agents only. If a reboot is not required by the OS, stop and restart the agent using opcagt -kill and opcagt -start so that the DCE agent uses the new IP address. 4. Check the Network tab of the Node Properties dialog box for the node: If Notify management server if node communication address changes is selected, then no further action should be required. Check to see if the new IP address is shown in the IP address field. If not, correct the IP address. If Notify management server if node communication address changes is not selected, but IP address is selected, then you need to correct the IP address manually. If Domain Name (FQDN) is selected, verify that the old name resolves to the new address and leave the setting unchanged. Note: By default, after the management server resolves a node's domain name to an IP address, it stores this IP address in its node cache to increase performance. If Domain Name (FQDN) is selected, but Notify management server if node communication HP Operations Manager (9.00) Page 64 of 1297 Online Help Configuring nodes address changes is not selected, and you then change the node's IP address, the management server might continue to use the old IP address fromits cache. To rebuild the management server's node cache, restart the OvEpMessageActionServer service. (For more details, see Node name resolution in HPOM.) Change the name of a managed node Follow these steps on the managed node to change the Fully-Qualified Domain Name (FQDN). During this process you may see several error messages stating that the agent cannot read the encrypted policies. After you have changed the name, reinstall the agent packages on the node to resolve the problem. 1. Change the name of the node and reboot if required by your OS. 2. On Windows nodes with DCE agents only. Change the name of the node in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\OpenView\ITO\Hostname 3. Check the Network tab of the Node Properties dialog box for the node: If the old name of the node was specified in the Primary node name field, correct it. If Notify management server if node communication address changes is selected, then no further action should be required. Check to see if the new node name is shown in the Domain Name (FQDN) field. If not, correct the name. If Notify management server if node communication address changes is not selected, but Domain Name (FQDN) is selected, then you need to correct the name manually. Make sure that the new name resolves to the IP address of the node. 4. Check also the Message Identification tab to see if the old name of the node was specified there. If yes, correct it. 5. Optional. Change the display name of the node in the General tab. 6. DCE agents only. The agent encrypts several files using its short node name. If this changes, then the agent cannot read the encrypted files (policies, agent registration) anymore. Therefore the agent must be reinstalled. n On Unix nodes: reinstall the agent manually. n On all nodes: run All Tasks Reinstall/Update.... In the Reinstall / Update Options dialog box, select Reinstall and Scope: All to update the policies. This also reinstalls the agent on Windows nodes. Related Topics: l Change the name or IP address of the management server View policy and package inventory The console shows an inventory of all policies and packages deployed to managed nodes. The inventory is kept on the management server. HP Operations Manager (9.00) Page 65 of 1297 Online Help Configuring nodes To see the policies or packages for a particular node 1. Fromthe console tree, right-click a node name to open the context menu. 2. Select View Policy Inventory to display a list of deployed policies for that node in the details pane. Click a policy name to open a read-only version of the policy in the policy editor. 3. Select View Packages Inventory fromthe context menu to display a list of deployed packages for the selected node in the details pane. Put nodes into unplanned outage mode Use the Unplanned Node Outage dialog box to specify how you want to handle incoming messages and heartbeat polling in the event that a node experiences a failure. As the name suggests, an unplanned outage is unexpected and might occur due to power failure, hardware failure, network problems, and similar situations. To put a node into unplanned outage mode 1. In the console tree, right-click the managed node, external node, or node group that you want to put into outage mode. This opens the context menu. 2. Select All Tasks Set unplanned outage On. The Unplanned Node Outage dialog box opens. 3. Select one of the following options: n Select Delete to remove any incoming messages during the outage. n Select Acknowledge to place the messages in the acknowledged messages browser for later consideration. 4. Click the check box to disable heartbeat polling during the outage. Note: This setting is not available for external nodes. 5. Click OK to confirmyour choices and close this dialog box. Related Topics: l Schedule an outage for a managed node l Configure outage information for managed nodes l Configure outage information for external nodes Schedule an outage for a node A scheduled outage is planned to happen and recurs at regular intervals for maintenance. You can define a scheduled node outage using two scheduled task policies: l The first scheduled task policy defines the following: n Start date and time n Managed node, external node, or node group to put into scheduled outage HP Operations Manager (9.00) Page 66 of 1297 Online Help Configuring nodes n Whether to delete or acknowledge messages during outage n Whether to enable or disable heartbeat polling during outage l The second scheduled task policy defines the following: n End date and time n Managed node, external node, or node group to move out of scheduled outage Both policies use the ovownodeutil command line tool. To schedule an outage for a managed node, external node, or node group 1. Create a scheduled task policy. 2. In the Task tab, choose Command as task type. 3. Select the %OvBinDir%\ovownodeutil.cmd command line tool with the following options: n Managed nodes or node groups: -outage_node Sets the outage state for the node. -node_name <node_name> or -node_id <node id> The primary name or the ID of the node to move into scheduled outage mode. -group_path <hierarchy path> or -group_id <group id> The hierarchical path or the ID of the node group to move into scheduled outage mode. -scheduled Sets the scheduled outage state. -on Enables the outage state for the node or node group. -delete_msgs Specifies that messages fromthe node are deleted during the scheduled outage. -disable_heartbeat Specifies heartbeat polling to be switched off during the scheduled outage. n External nodes or node groups: -outage_exnode Sets the outage state for the external node or node group. -exnode_path <external node hierarchical path> or -exnode_id <node id> The hierarchical path or the ID of the external node to move into scheduled outage. -group_path <hierarchy path> or -group_id <group id> The hierarchical path or the ID of the node group to move into scheduled outage mode. -scheduled Sets the scheduled outage state. -on Enables the outage state for the external node or node group. -delete_msgs HP Operations Manager (9.00) Page 67 of 1297 Online Help Configuring nodes Specifies that messages fromthe external node are deleted during the scheduled outage. 4. In the Schedule tab, specify the start date and time for the outage. 5. Save the policy. 6. Create a second scheduled task policy. 7. In the Task tab, choose Command as task type. 8. Select the %OvBinDir%\ovownodeutil.cmd command line tool with the following options: n Managed nodes or node groups: -outage_node Sets the outage state for the node or node group. -node_name <node_name> or -node_id <node id> The primary name or the ID of the node to move out of scheduled outage mode. -group_path <hierarchy path> or -group_id <group id> The hierarchical path or the ID of the node group to move out of scheduled outage mode. -scheduled Sets the scheduled outage state. -off Disables the outage state for the node or node group. n External nodes or node groups: -outage_exnode Sets the outage state for the external node or node group. -exnode_path <external node hierarchical path> or -exnode_id <node id> The hierarchical path or the ID of the external node to move out of scheduled outage mode. -group_path <hierarchy path> or -group_id <group id> The hierarchical path or the ID of the node group to move out of scheduled outage mode. -scheduled Sets the scheduled outage state. -off Disables the outage state for the external node or node group. 9. In the Schedule tab, specify the end date and time for the outage. 10. Save the policy. 11. Deploy both policies to the management server node. Related Topics: l Put nodes or node groups into unplanned outage mode l Configure outage information for managed nodes l Configure outage information for external nodes l ovownodeutil HP Operations Manager (9.00) Page 68 of 1297 Online Help Configuring nodes Agent ID on server and node mismatch The agent ID is the globally unique identifier (GUID) of the agent that resides on this node. On HTTPS agents, the agent ID is known as core ID. A node's agent ID (or core ID) should exactly match the agent ID that is known on the management server. In the event that the agent ID on the server and the node do not match, you may see error messages that refer to "agent ID mismatch", and you will notice communication problems between the managed node and the management server. This can occur if you delete a node and then add it back again. To check and correct an agent ID 1. Get the correct agent ID on the node: n HTTPS agents Open a command prompt and type the command ovcoreid. n DCE agents Locate the string OPC_AGENT_ID <agentGUID> in the %ovagentdir%\conf\opc\nodeinfo file. 2. Right-click the node in the console tree, and then click Properties.... The node properties dialog appears. 3. In the General tab, click Advanced Configuration. The Advanced Configuration dialog box appears. 4. In the Advanced Configuration dialog box, check that the ID displayed in the Modify Agent ID field matches the ID returned by the ovcoreid command or listed in the nodeinfo file. 5. If necessary, select Modify Agent ID and type the correct agent ID into the field. 6. Click OK to save your settings and close the Advanced Configuration dialog box. To correct an agent ID mismatch on DCE agents If you do not know the agent ID of a DCE agent, you can correct an agent ID mismatch with this procedure: 1. As a user with administrative privileges, stop the agent using this command: opcagt -kill 3. On the managed node, delete the files: n On AIX:/var/lpp/OV/conf/OpC/agentid and if present: /var/lpp/OV/conf/OpC/managedNodeId.txt n On HP-UX, Linux, Sun Solaris, and Tru64 UNIX:/var/opt/OV/conf/OpC/agentid and if present: /var/opt/OV/conf/OpC/managedNodeId.txt HP Operations Manager (9.00) Page 69 of 1297 Online Help Configuring nodes n On Windows:%OvAgentDir%\conf\OpC\agentid and if present: %OvAgentDir%\conf\OpC\managedNodeId.txt 4. On the managed node, delete OPC_AGENT_ID <agentGUID> fromthe %ovagentdir%\conf\opc\nodeinfo file using a text editor. For example, you would delete the text OPC_AGENT_ID 617a0010g90f-71d7-0666- 0f0899d4000 up to the carriage return symbol. Do not delete the OPC_NODE_TYPE that appears after the carriage return symbol or any text that follows the OPC_NODE_TYPE. 2. As a user with administrative privileges, restart the agent using this command: opcagt -start 3. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 4. Select the node with the mismatched agent ID. Right-click the node and select Properties General Advanced Configuration. In the dialog box, select Modify Agent ID, then remove the agent ID. 5. Deploy any policy to the managed node. A new agent ID will be created. Handling of messages with no or an empty agent ID If the node name or IP address of the node matches a node that is known to the management server, messages are accepted even if they have no agent ID or if the agent ID is set to null. This may be the case if older versions of the agent are attempting to send messages to the management server. This behavior can be changed by modifying values in the Server Configuration dialog box. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. In the namespace Message Action Server Message Filter, you can change the following values: l Discard messages with empty agent ID If this value is set to TRUE, all messages that come froman agent that does not yet have an agent ID assigned are discarded. The default value is FALSE. l Discard messages with no agent ID If this value is set to TRUE, all messages that come froman old agent (for example VPO5.x, VPO6.x, VPW 6.x) that has no agent ID functionality are discarded. The default value is FALSE. l Allow actions in messages with no agent ID If this value is set to TRUE, all messages coming froman old agent (for example VPO5.x, VPO 6.x, VPW 6.x) are not preprocessed. That means, the operator-initiated and the automatic commands being part of the message will not be removed. The default value is FALSE. Related Topics: l Change server configuration values HP Operations Manager (9.00) Page 70 of 1297 Online Help Configuring nodes Resolve the IP address of the management server The information reported on the management server and on the managed node must match. If you are using DNS in your environment, you must modify your DNS server configuration to ensure that the information matches. Follow this procedure on the management server and the managed node to find out if name resolution is properly configured. 1. On the management server, determine the DNS domain and IP of the management server by typing the following command: ipconfig /all Note the following information: Host Name :kurbis Primary DNS Suffix :veg.com ... IP Address :204.174.18.152 ... 2. On Windows 2003 managed nodes, resolve hostname with DNS by typing these commands: a. Purge the DNS cache by typing: ipconfig /flushdns ping kurbis b. Display the DNS resolution cache by typing this command: ipconfig /displaydns Note the following information: ... scavenger Record Name: kurbis.veg.com Record Type: 1 Time To Live: 42560 Data Length: 4 Section: Answer A (Host) Record: 204.174.18.152 ... 3. If you are using WINS, check the following: a. Purge the WINS cache by typing this command: nbtstat -R Successful purge and preload of the NBT Remote Cache Name Table. b. ping "kurbis " The quotes and space behind the name are required to force resolution through WINS. c. Display the WINS name resolution cache by typing this command: nbtstat -c HP Operations Manager (9.00) Page 71 of 1297 Online Help Configuring nodes Note the following information: Node IpAddress: [15.136.3.33] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life (sec) kurbis <00> UNIQUE 204.174.18.152 567 If the NetBIOS name is found and IP equals management server, then the node can resolve the IP address through WINS. If not, you must modify the configuration of your WINS server to ensure that it matches. Upgrade or change the node operating system After you upgrade the operating systemof a node, you must manually update the node's properties and rediscover the node so that the node appears in the correct node group and correct location in the service hierarchy. You can also change the operating systemof a node, for example froma Windows to a Linux operating system. The steps for changing the operating systemdiffer depending on whether you need to redeploy any previously deployed policies or not. To upgrade the operating system of a node 1. Remove all service discovery policies fromthe node. When you remove a service discovery policy froma node, any previously discovered services for that node are automatically deleted on the management server. 2. Upgrade the operating systemon the node. 3. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 4. Locate the node in the old node group under HP Defined Groups. 5. Right-click the node and select Properties to open the Node Properties dialog box. 6. In the System tab, select the new Version of the operating system. 7. Optional. In the Network tab, select IP Address and type the IP address of the node. You only need to specify an IP address if the node cannot be resolved by DNS (for example, when a firewall separates the node and the management server). 8. Click OK to save your changes. The node now appears in the new node group. 9. Remove all policies fromthe node. 10. Deploy the required service discovery policies to the node to rediscover the services. HP Operations Manager (9.00) Page 72 of 1297 Online Help Configuring nodes To change the operating system of a node The following steps enable you to redeploy any previously deployed policies to the node after the operating systemhas changed: 1. Install the new operating systemon the node. 2. Install the HP Operations agent manually on the node. 3. If necessary, map the certificate request to the node and grant it manually (if automatic granting of certificates is not enabled). After the certificate has been granted, the management server starts a policy deployment job for the node. Because the node's policy inventory on the management server still contains a list of the previously installed policies, the server deploys the policies for the old operating systemto the node. 4. Informthe management server about the new operating systemby restarting the agent on the node: ovc -kill ovc -start Wait for a few minutes for the management server to be updated. You can check the operating systemin the System tab of the Node Properties dialog box. 5. Remove any old policies that are no longer required fromthe node. 6. Reinstall the policies to the node. 7. Deploy the required service discovery policies to the node to rediscover the services. If you do not need to redeploy any previously deployed policies, use the following procedure to change the operating systemof a node: 1. Install the new operating systemon the node. 2. Delete the node fromthe managed nodes list. 3. Add the node to HPOMagain. Related Topics: l Configure systemproperties l Configure network properties l Manual agent installation l Configuring certificates l Reinstall policies l Deploy a policy or policy group l Remove policy fromnode l Delete, copy, and move managed nodes l Adding nodes to HPOM HP Operations Manager (9.00) Page 73 of 1297 Online Help Configuring nodes Configuring external nodes An external node represents a range of nodes fromwhich external events are integrated into HPOM. External nodes allow HPOMto receive messages fromsuch objects as gateways, connectors, networks, hubs, and other IP devices. External nodes handle messages fromsystems without the need to configure themas nodes. Consider the following examples: l You can receive messages fromsystems without the need to configure each systemin HPOM as a separate managed node. This is useful for management servers that get messages forwarded fromlower level management servers, fromanother network, or fromnetwork management products such as HP Network Node Manager. l By setting up an external node, you can immediately receive messages fromnew systems in a certain IP subnet, and then decide later whether it is necessary to set up the systems as managed nodes. l You can receive messages fromsystems without an HP Operations agent installed (SNMP devices, for example) for agentless monitoring. When you set up an external node, you define a pattern and select a match option. The pattern acts as a filter that defines which systems belong to the external node. Available match options include Fully Qualified Domain Name and IP Address. Match options clarify any possible ambiguity in the pattern. For example, a pattern like *15* could refer to an IP address like 15.1.2.2, or to an FQDN like ROS15test.example.com. By selecting IP Address or Fully Qualified Domain Name, you avoid any confusion about the meaning of the pattern. When a message arrives, HPOMfirst tries to resolve the name of the node that generated the message by querying the Domain Name System(DNS). If the DNS query is successful, the match option Fully Qualified Domain Name is selected, and the FQDN returned by the DNS matches the pattern of the external node, then the message appears in the browser for that external node. Similarly, if the match option IP Address is selected, the DNS query is successful, and the IP address returned by the DNS matches the pattern, then the message is associated with the external node. If the DNS query is not successful, HPOMapplies the pattern to the node name only; the IP address is ignored. The first match found determines to which external node the message belongs. When an incoming message matches a node pattern, the evaluation stops and the message appears in the browser for that external node. If HPOMcannot identify the node generating that message, it discards the message. Tip: To track discarded messages, you can temporarily set the server configuration variable Send warning message for each discarded message in the Message Action Server Message Filter namespace. If set to true, the management server sends a warning message that contains the name of the originating node in the message text. You can use this variable to detect systems that do not match the external node pattern but that send many messages and hence slow down message processing. Configure external nodes using the wizard To quickly configure a new external node, use the external node configuration wizard. This will provide the minimumamount of information you need to bring the external node under management. HP Operations Manager (9.00) Page 74 of 1297 Online Help Configuring nodes Note: At any time you can exit the wizard by clicking Expert Mode. This returns you to the External Node Configuration editor, where you can more completely specify the characteristics of this node. You cannot return to the wizard fromthe External Node Configuration editor. When you add another external node, the wizard opens again. 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. Fromwithin the Configure Managed Nodes dialog box, select the Nodes folder in the managed nodes list. 3. Right-click to open the shortcut menu. 4. Select New External Node to open the wizard. 5. In the General page, type the Display name in the box provided. You must supply this information to proceed. The caption appears in the External Nodes list. Enter any comments or additional information in the Description box. This information is optional. 6. Click Next to proceed to the Pattern page. 7. In the Pattern page, type the pattern that you want the incoming message to match. The pattern you create here will be checked against the option you specify in Check pattern against. Examples: n To include all IP names in the domain, example.com, use the following pattern: <*>.example.com n To set up an IP address range to match all addresses between 15.136.123.5 (including) and 15.136.123.72 (excluding), use the following pattern: 15.136.123.<5 -le [<#>] -lt 72> n To match a specific string, remember to enclose the string with the (^) and ($) characters in the following manner: ^STRING$. This pattern matches only STRING and excludes similar strings such as STRING1 or FIRSTSTRING. Note: Click the button to the right of the Pattern box to help you enter variables and operators for numeric comparison. Click Test Pattern to open the Test Pattern dialog box where you can create a pattern and enter strings to immediately compare your pattern. 8. Specify what the pattern should match in the Check pattern against group box. Select Fully Qualified Domain Name (default) or IP Address. 9. Click Next to proceed to the wizard's Order page. 10. Select Check Before Managed Nodes to have external nodes evaluated before managed nodes. This can be faster, because it avoids some of the checking that occurs with configured node names. If selected, messages with node names that match the pattern you specified in the previous page are associated with the external node. If this box is not selected, managed nodes take precedence. 11. The node lists display all external nodes that have been created. The list order shows the order of evaluation set for incoming messages. The node being edited can be moved fromone list to HP Operations Manager (9.00) Page 75 of 1297 Online Help Configuring nodes the other by using the Check Before Managed Nodes check box. Use the Move Up and Move Down buttons to change this order. The node at the top of the list will be evaluated first. After the first node has matched, the message is assigned to that node and no further evaluation takes place. 12. Click Finish to complete the configuration and close the wizard. Configure an external node manually 1. Open the Configure Managed Nodes dialog box, if it is not already open. a. Select the Nodes folder in the console tree. b. Click on the configuration toolbar. The Configure Managed Nodes dialog box opens. 2. In the Nodes list, right-click the external node you want to configure to open the External Node Properties dialog box. Use the tabs to display information about the selected node and to configure it: n General n Details n Order n Outage 3. Click OK to confirmyour changes and close this dialog box. Configure general information for external nodes Use the General tab in the External Node Properties dialog box to specify details that identify each external node. To configure general information for external nodes 1. In the list of external nodes, select the node you want to configure. 2. Right-click to open the shortcut menu. 3. Select Properties to open the External Nodes Properties dialog box, which displays the General tab by default. The automatically generated unique ID (GUID Global Unique Identifier) for the selected node appears at the top of the dialog box. 4. In the Display Name box, enter the label (display name) for the external node. The caption appears in the External Nodes list. 5. Optional. Enter any comments or additional information in the Description box. Related Topics: l Configuring external nodes l Configure details information for external nodes l Configure outage information for external nodes l Configure order information for external nodes HP Operations Manager (9.00) Page 76 of 1297 Online Help Configuring nodes Configure details information for external nodes Use the Details tab to provide contact information and pattern-matching options for the selected external node. To configure details for external nodes 1. Optional. Type the owner's name and contact details in the boxes provided. 2. Type the pattern that you want the incoming message to match in the Pattern box. The pattern you create here will be checked against the option you specify in Check pattern against. Examples: n To include all IP names in the domain, deu.hp.com, use the following pattern: <*>.deu.hp.com n To set up an IP address range to match all addresses between 15.136.123.5 (including) and 15.136.123.72 (excluding), use the following pattern: 15.136.123.<5 -le [<#>] -lt 72> n To match a specific string, remember to enclose the string with the (^) and ($) characters in the following manner: ^STRING$. This pattern matches only STRING and excludes similar strings such as STRING1 or FIRSTSTRING. Tip: Click the button to the right of the Pattern box to help you enter variables and operators for numeric comparison. Click Test Pattern to open the Test Pattern dialog box where you can create a pattern and enter strings to immediately compare your pattern. 3. Specify what the pattern should match in the Check pattern against group box. Select Fully Qualified Domain Name (default) or IP Address. Related Topics: l Configuring external nodes l Configure order information for external nodes l Configure general information for external nodes l Configure outage information for external nodes Configure order information for external nodes Use the Order tab to specify the order of evaluation of external nodes and managed nodes. The order of evaluation is partly determined by the pattern settings you make in the Details tab. To specify the order of evaluation 1. Select Check Before Managed Nodes to have external nodes evaluated before managed nodes. This can be faster, because it avoids some of the checking that occurs with configured node names. If selected, messages with node names that match the pattern you specified in the previous tab are associated with the external node. If this box is not selected, managed nodes take precedence. 2. The node lists display all external nodes that have been created. The list order shows the order of evaluation set for incoming messages. The node being edited can be moved fromone list to HP Operations Manager (9.00) Page 77 of 1297 Online Help Configuring nodes the other by using the Check Before Managed Nodes check box. Use the Move Up and Move Down buttons to change this order. The node at the top of the list will be evaluated first. After the first node has matched, the message is assigned to that node and no further evaluation takes place. Related Topics: l Configuring external nodes l Configure outage information for external nodes l Configure general information for external nodes l Configure details information for external nodes Configure outage information for external nodes Use the Outage tab of the External Node Properties dialog box to view outage information for an external node. This read-only tab displays the settings established for both unplanned and scheduled outages. Only administrators and privileged users can schedule outages for external nodes. A scheduled outage meets these criteria: l Planned to happen l Recurs at regular intervals for maintenance l Configured by a policy An unplanned outage is unexpected and can occur randomly. To viewoutage information for an external node The Outage tab displays the following information: l Current Outage State: Displays the outage status of the selected external node. This status will be "UNPLANNED", "SCHEDULED", or "OFF". l Unplanned Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage. Messages can be either deleted or acknowledged. l Scheduled Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage. Messages can be either deleted or acknowledged. Related Topics: l Configuring external nodes l Configure general information for external nodes l Configure details information for external nodes l Configure order information for external nodes HP Operations Manager (9.00) Page 78 of 1297 Online Help Configuring nodes Configuring agents An agent is a deployment package that enables you to manage nodes. After you deploy an agent to a node, it enables you to collect data, discover services, monitor events, and run actions and commands that control the node. Management servers and agents communicate using DCE/RPC or HTTPS. Although the DCE agent is currently still supported, you are encouraged to use the HTTPS agent for new nodes. If nodes already exist in your environment that have DCE agents, consider migrating to the HTTPS agent. Note: Management servers running a 64 bit version of HPOMprovide HTTPS agent installation packages only. The HTTPS agent offers the following benefits: l Secure communication based on the HTTPS protocol. All communications between management servers nodes are strongly encrypted. l Policy, message, and action security. Policies, messages, and actions all contain signatures, which management servers and nodes create and check using certificates. If a malicious user attempts to tamper with a signed policy, message, or action, the signature becomes invalid. l Simplified firewall configuration. Nodes and management servers accept all inbound communications to a single port, so it is simpler to configure firewalls and proxies. l Multiple management servers can deploy policies to the same node. l It is possible to update a manually installed agent fromthe console. Remote agent installation You can install agents remotely when you create a new node. Alternatively, when you deploy a policy to a node, the management server checks that the correct agent packages exist on the node. If the agent packages are not already installed, or this policy requires a later version of the agent, the management server automatically deploys the latest agent packages on the node. The management server can automatically deploy HTTPS and DCE agents to nodes that have a supported Windows operating system. In addition, if you configure a suitable secure shell client on the management server, it can also automatically deploy HTTPS agents to nodes that have a supported UNIX or Linux operating system. Note: Management servers running a 64 bit version of HPOMprovide HTTPS agent installation packages only. If you are using HTTPS agents, you can specify default settings that you want the management server to apply when it automatically installs the agent on specific nodes. If you do not want the management server to install agents automatically, you can disable this feature. To automatically deploy agent packages, the management server creates a deployment job. Before the job starts, the management server requests the credentials of a user who has administrative access to the node. Note: You can also start agent deployment by dragging the Operations-agent deployment package to a node or node group. HP Operations Manager (9.00) Page 79 of 1297 Online Help Configuring nodes Related Topics: l Install agents remotely l Configure HTTPS agent deployment to UNIX and Linux nodes l Configure HTTPS agent installation defaults l Disable automatic agent installation l Deploy deployment package Install agents remotely If you have the correct permissions and network access to remote nodes, you can install agents onto the nodes fromthe console. To remotely install agents, the management server requires the credentials of a user who has administrative access to the node. The following table shows the specific permissions required, according to the node's operating system, and the type of agent. HTTPS agent DCE agent Windows operating systems l Write access to the admin$ share (the user must be part of the local administrators group) l Read access to the registry l Permission to log on as a service (this is only required if you select User/Password in the Set Credentials list) l Write access to the registry l Write access to the admin$ share (the user must be part of the local administrators group) l Write access to the Program Files folder l Permission to create DCOM (Distributed Component Object Model) connections UNIX or Linux operating systems 1. Permission to log in to SSH on the node for file transfers and to execute installation commands 1. Not applicable. Only manual installation is possible. Remote agent installation is supported frommanagement servers that belong to an Active Directory domain. If your management server is in a Windows workgroup environment, install agents manually instead. Note: Management servers running a 64 bit version of HPOMprovide HTTPS agent installation packages only. To install agents remotely 1. Optional. For up-to-date information on supported agent platforms, see the support matrix at HP Software Support Online. 2. Optional. For information not included in the online help, see the HP Operations Agent Release Notes available on the product manuals search page at HP Software Support Online. 3. Open the Agent installation dialog box if it is not already open. HP Operations Manager (9.00) Page 80 of 1297 Online Help Configuring nodes You can open the Agent installation dialog box in the following ways: n Create new nodes in the Configure managed nodes dialog box. The Agent installation dialog box opens after you click OK. (See Create new nodes.) n Right-click a node in the Configure managed nodes dialog box, and then click Run agent installation. (See Configure managed nodes.) n Deploy policies to nodes on which no agent is current installed. (See Policy deployment.) n Deploy the agent package to nodes on which no agent is currently installed. (See Deploy deployment package.) 4. Optional. In the list of nodes, select or clear the Deploy check box to indicate the nodes that you want to install the agent on. If you select the Deploy check box for nodes that have a UNIX or Linux operating system, the Credentials dialog box appears. Type the Username of a user who has permission to install software on the node. Type the password in Password and Repeat Password. 5. Optional. Specify the credentials that the management server uses to deploy the agent. Right- click a node in the list, and then click Set Credentials. Click one of the following commands: n PMAD user. The management server attempts to deploy the agent as the user under which the policy management and deployment (PMAD) service runs (called HP-OVE-Deleg-User by default). You can only use this for nodes with a Windows operating system. The nodes can belong to the same domain as the management server, a trusted domain, or a workgroup. If you are installing a DCE agent to a Windows node, this is the only command available. Note: The PMAD user does not by default have administrative access to the node. For more information, see Start Windows node security setup. n Impersonate user. The management server attempts to deploy the agent using the credentials that you are currently logged in to Windows with. You cannot use impersonation for nodes in untrusted domains or workgroups. You can use impersonation only if the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server. For more details on delegation, refer to the Active Directory documentation that Microsoft provides. n User/Password. The Credentials dialog box appears. Type the Username of a user who has permission to install software on the node and their Password. Click OK. This automatically selects the Deploy check box. For nodes with a UNIX or Linux operating system, this is the only command available. You can also use this command to install the HTTPS agent to Windows nodes that belong to the same domain as the management server, a trusted domain, or a workgroup. The user must have permission to log on as a service. (You can assign this permission in the local Windows security settings on the node, or a group policy object in Active Directory.) For Windows nodes specify the username in one of the following formats: HP Operations Manager (9.00) Page 81 of 1297 Online Help Configuring nodes o domain\user (for an Active Directory user) o computer_name\user (for a local user on the node) 6. Optional. Select or clear the Run prerequisites check automatically during job execution check box. If a node does not meet any of the prerequisites, the agent installation fails for that node. If you are sure that the nodes meet all prerequisites, you can clear this check box so that the agent installation jobs complete more quickly. (This check box is dimmed if an administrator disables all prerequisite checking using the Server Configuration dialog.) 7. Click OK. The management server creates an agent installation job for each of the nodes that you selected. To view the progress of these jobs, click Deployment jobs in the console tree. If an agent installation job fails, right-click the job, and then click Error description. Note: The management server does not create a deployment job if the agent package is already in the node's package inventory. If a node's package inventory contains the agent package, but you are sure that the agent is not actually installed on a node, you can force the management server to remove the agent package fromthe inventory in the Uninstall package from... dialog. For more information, see Remove package fromnode. Related Topics: l Install agents in trusted domains l Check prerequisites for managed nodes l Deployment jobs l Generic server configuration Configure HTTPS agent deployment to UNIX and Linux nodes If you want to deploy HTTPS agents to nodes that have a supported UNIX or Linux operating system, you must configure a suitable secure shell client on the management server. If you configure a secure shell client, it also enables you to start prerequisite checks using SSH connections. The secure shell client must provide secure file transfer and remote command execution functionality. By default, HPOMdoes not configure a secure shell client as part of the management server. You must configure your own. For convenience, third-party software (PuTTY) is available in the following folder: <install_dir>\contrib\OVOW\PuTTY If you choose to use this third-party software, copy the following files to any folder that is included in your PATH environment variable: l PLINK.EXE l PSCP.EXE l runplink.cmd l runpscp.cmd For example, if you installed a 64-bit version of the HPOMmanagement server into c:\Program Files\HP\HP BTO Software, you could copy the files into the following folder: c:\Program Files\HP\HP BTO Software\bin\win64 HP Operations Manager (9.00) Page 82 of 1297 Online Help Configuring nodes DISCLAIMER: PuTTY is not HP software. It is provided "as is" for your convenience. You assume the entire risk relating to the use or performance of PuTTY. After you install a suitable secure shell client, you must configure the management server to use the client. You must configure the following attributes in the namespace depl.mechanisms.ssh: l COPY This attribute defines a command that the management server can use to copy files to remote UNIX and Linux nodes. l EXEC This attribute defines a command that the management server can use to execute commands on remote UNIX and Linux nodes. You can view and change these attributes using the commands ovconfget -ovrg server and ovconfchg -ovrg server froma command prompt. You must configure appropriate values for whichever secure shell client you install. By default, the attributes have the following values: [depl.mechanisms.ssh] COPY=runpscp.cmd <host> <sourcefile> <targetfile> <user> <passwd> EXEC=runplink.cmd <host> <command> <user> <passwd> The management server substitutes variables in angle brackets (<>) with actual values when it calls the command. The default value for the COPY attribute configures the management server to call runpscp.cmd, which is a command that calls PSCP.EXE to copy files to nodes. The default value for the EXEC attribute configures the management server to call runplink.cmd, which is a command that calls PLINK.EXE to execute commands on nodes. When any of the PuTTY commands connects to a remote node for the first time, it requests verification of the node's SSH host key. The command runplink.cmd approves this request silently. PuTTY stores the node's key automatically in the Windows registry to use for future connections. If it is not appropriate in your environment to silently verify SSH host keys in this way, you can either configure manual versification of SSH host keys, or you can configure private key authentication. To configure manual verification of SSH host keys: 1. Log in to the management server as a user with administrative rights. 2. In a text editor, open the copy of runplink.cmd that you copied to a folder that is included in your PATH environment variable. 3. Comment out the line that follows the label [:runplink]. The line should then be as follows: REM echo y | plink -ssh -2 %options% %user%@%host% ls 2>NUL 1>NUL 4. Save the file, and then close the text editor. The new configuration becomes active immediately. HP Operations Manager (9.00) Page 83 of 1297 Online Help Configuring nodes After you do this configuration, you must verify each node's SSH host key before you can deploy the HTTPS agent. You can do this by, for example, using the following plink command, which prompts you to verify the SSH host key: plink -ssh <user name>@<node name> hostname To configure private key authentication: 1. Generate a private and public key pair. You can do this, for example, using the program <install_dir>\contrib\OVOW\PuTTY\puttygen.exe n Save the private key in a file on the management server, without encrypting it. Caution: It is insecure to store an unencrypted private key in the management server's file system. You may prefer to keep the private key in a secure location, and copy it to the management server only when you need to install agents. n If you intend to deploy the HTTPS agent using the root user's credentials, append the public key to the following file on the nodes: /root/.ssh/authorized_keys Alternatively, if you intend to deploy the agent using the credentials of a different user who has appropriate privileges, append the public key to the corresponding file in that user's home directory. 2. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 3. In Namespace, select Policy Management and Deployment. A list of values appears. 4. In Path to the SSH private key, type the path of the private key that you saved on the management server. 5. Click OK. After you do this configuration, you can deploy agents using private key authentication by omitting the password in the Installation Credentials dialog box. Related Topics: l Install agents remotely l "Check prerequisites" (on page 44) l ovconfget l ovconfchg Configure HTTPS agent installation defaults If you are using HTTPS agents, you can specify default settings that you want the management server to apply when it automatically installs the agent on specific nodes. You can specify default values for any attributes that you would otherwise set using ovconfchg on the node. Note: You can also use these settings for manual HTTPS agent installations by creating an agent profile. HP Operations Manager (9.00) Page 84 of 1297 Online Help Configuring nodes To configure HTTPS agent installation defaults 1. Copy the file: <share_dir>\conf\PMAD\agent_install_defaults.cfg.sample to: <share_dir>\conf\PMAD\agent_install_defaults.cfg 2. Open the new file in a text editor. 3. On a new line, type the namespace that the parameter you want to set belongs to. Enclose the namespace in brackets []. For example, to specify a default value for a parameter in the sec.cm.client namespace, add the following line to the file: [sec.cm.client] 4. Optional. After the namespace and on a new line, specify the node or nodes to which the management server should apply the default setting. Type a pattern that matches one or more node names or IP addresses. Use standard HPOMpattern syntax. For example: n node1.example.com matches any node with a name that contains the string node1.example.com n example.com$ matches any node with a name that ends with example.com n ^192.168.<<#> -lt 10> matches any node with an IP address in the range 192.168.0.0 to 192.168.9.255 Type a colon (:) at the end of the pattern. Note: To specify a default setting for all nodes, omit the pattern and colon. 5. Type the attribute and default value separated by an equal sign (=). If you specified a node pattern, continue on the same line, after the colon (:). Otherwise, if the setting applies to all nodes, create a new line after the namespace. For example, to set the CERTIFICATE_ DEPLOYMENT_TYPE attribute to MANUAL, type the following: CERTIFICATE_DEPLOYMENT_TYPE = MANUAL 6. Optional. You add further lines under the namespace, and also add other namespaces. Example HTTPS agent installation defaults The follow example shows a file that configures different proxies depending on a node's IP address. It also sets the certificate deployment to manual if a node's name does not contain example.com. [bbc.http] ^192.168.<*>.<*> : PROXY = proxyA.example.com:8088 ^10.<*>.<*>.<*> : PROXY = proxyB.example.com:8088 [sec.cm.client] ![example.com] : CERTIFICATE_DEPLOYMENT_TYPE = MANUAL Related Topics: l Pattern-matching details HP Operations Manager (9.00) Page 85 of 1297 Online Help Configuring nodes Configure DCE agent installation defaults During the management server installation the default settings for DCE agents (for example the name of the management server) are automatically stored in the DCE agent package. The management server applies these defaults when it remotely installs the DCE agent on a node. Note: DCE agent installation packages are only available on management servers running a 32 bit version of HPOM. You can use the SetMgmtServer command to configure the following default settings in the DCE agent package: l Management server. To change the name of the management server in the DCE agent package, use the following command: SetMgmtServer /servername <name> l Agent account. In previous releases, two local user accounts (HP ITOAccount and opc_op account) were created on the node during agent installation and randompasswords were generated. Since the OVOfor Windows 7.20 release, the DCE agent installation does not create accounts on the node. The default settings now configure the agent to run under the Local Systemaccount. You can change the default setting in the DCE agent package, so that agents run under a specific user account. To do this, use the following command: SetMgmtServer /user <user> /password <encrypted password> You create the encrypted password with the tool opcpwcrpt. Alternatively, you can change the default setting in the DCE agent package to use the HP ITO Account instead. This may be useful if you are upgrading a DCE agent that already runs under the HP ITOAccount. To change this default settings to use the HP ITOAccount, use the following command: SetMgmtServer /system /off If you then install the DCE agent on Windows nodes, the agent installation creates the HP ITO account on the node and adds it to the Administrators group. The installation also assign additional user rights directly to the HP ITOaccount. HPOMalso provides tools for managing the default DCE agent account. The tools are available in the console under Tools HP Operations Manager Tools Agent Account. Agent account tools Tool Name Purpose Disable default systemagent account Disables the systemaccount within the agent package. If you distribute an agent after running this tool, the agent will be installed to run under the HP ITOaccount. Enable default systemagent account Enables the systemaccount within the agent package. If you distribute an agent after running this tool, the agent will be installed to run under the Local Systemaccount. HP Operations Manager (9.00) Page 86 of 1297 Online Help Configuring nodes Show agent account This tool shows you the user that the DCE agent is running under on a node. You can execute this tool on many nodes at the same time. Show default agent account settings Shows the state of the agent package. After you start this tool, you could use the disable or enable tool to change the settings of the agent package. l Force agent account change. By default, when the management server reinstalls or upgrades the DCE agent on a node, the existing user account settings remain unchanged for that node. To force the agent installation to use account settings fromthe agent package, use the following command: SetMgmtServer /force /on l Authentication: By default, the DCE agent does not require a password when running actions and tools under a different user account. To require passwords for actions and tools run under a different user account, use the following command: SetMgmtServer /auth /on l Rename Perl. The Perl interpreter that is included with the agent package is installed with the name perl.exe by default. You can change this default to ovperl.exe to avoid collisions with existing Perl installations. To change this default setting in the DCE agent package, use the following command: SetMgmtServer /renperl /on The full usage of SetMgmtServer is shown below: Usage: SetMgmtServer.exe [] [/servername <name>] [-d] [-s|/system [/on|/off|/default]] [/forced [/on|/off|/default]] [/auth [/on|/off|/default]] [/renperl [/on|/off|/default]] [/current] [/user <user>] [/password <encrypted password>] Updates the name of the management server in the agent installation <pkg>. /servername <name> Sets management server name. By default current management server name is set. -d Removes the NetBIOS domain name from the fully qualified hostname (if included). -s Installs agents under the Local System account. /system /on Turns on Local System account installation. /system /off Turns off Local System account installation. /system /default Sets the System account installation to HP Operations Manager (9.00) Page 87 of 1297 Online Help Configuring nodes default (on). /forced /on Turns on forced switch of the user account. /forced /off Turns off forced switch of the user account. /forced /default Sets forced switch of the user account back to default (off). /auth /on Turns on authentication. /auth /off Turns off authentication. /auth /default Sets the authentication to default (off). /renperl /on Enforces the agent installation to rename to ovperl.exe. /renperl /off Sets the agent installation to use perl.exe. /renperl /default Sets the name of the Perl interpreter to default (off). /current Shows the settings in the given package or on the system. /user <user> Sets the user name the agent should be installed under. /password <pwd> Sets an encrypted password that should be used for the user. NOTE: Encrypt the password with the command opcpwcrpt.exe (in %OvBinDir%\OpC\install) The specified password is ignored when installing the agent under the Local System account. You can combine several options at the same time. For example: l To set the user to the Local Systemaccount for all DCE agent installations and upgrades, use: SetMgmtServer /system /on /forced /on l To set the user to the HP ITOAccount for all DCE agent installations, use: SetMgmtServer /system /off /forced /on l To set the user to the Local Systemaccount for new DCE agent installations, but keep the existing user for upgrades, use: SetMgmtServer /system /on /forced /off Note: When you start SetMgmtServer the command writes the settings of the /system , /auth, /forced, and /renperl switches into the registry. These registry settings are used the next time you start SetMgmtServer, unless you specify other settings. For example, if you use the following command: SetMgmtServer /system ON then the existing settings for in the registry and could result in the following: HP Operations Manager (9.00) Page 88 of 1297 Online Help Configuring nodes SetMgmtServer /system ON /auth OFF /forced OFF The -s option is only valid for the current call of SetMgmtServer and is not written to the registry. The next time you call SetMgmtServer without the -s option, the registry settings are used. Note: The SetMgmtServer tool changes only the installation defaults in the DCE agent package on the management server. To apply changes to nodes where the DCE agent is already installed, you must redeploy the agent. Related Topics: l Change the default user of DCE agents on Windows nodes l Security authentication module. l Reinstall all Install DCE agents on backup domain controllers If you need to install a DCE agent to run under the HP ITOaccount on a Windows backup domain controller, you must complete several prerequisite steps. You do not have to complete these steps if you install the HTTPS agent on a domain controller, or if you install the DCE agent to run under the Local Systemaccount. HP recommends that you use the Local Systemaccount if you install the DCE agent on a domain controller. Note: DCE agent installation packages are only available on management servers running a 32 bit version of HPOM. Before you install a DCE agent to run under the HP ITOaccount on a Windows backup domain controller, you must complete the following steps: 1. Add the primary domain controller as a managed node. 2. Install the DCE agent on the primary domain controller. 3. Synchronize your backup domain controllers. Note: You must ensure that all or none of the domain controllers in the domain are managed nodes. Caution: If you add a Windows domain controller as a managed node, you allow tools and scheduled commands to run without a password. This means that any administrator who configures tools in HPOMcan configure a tool to run as any user (including domain administrator) in that domain without a password. You can address this security concern using SetMgmtServer /auth /on to configure the DCE agent installation defaults before you remotely install DCE agents. Related Topics: l Configure DCE agent installation defaults l User accounts for tools Install agents in trusted domains You can remotely install agents on nodes in other Active Directory domains if the correct trust relationships exist. You must provide the credentials of a user who has administrative access to the node. Typically, this user is a member of the Domain Admins group in the trusted domain, or a member of the Local Administrators group on the node. HP Operations Manager (9.00) Page 89 of 1297 Online Help Configuring nodes To install agents remotely, open the Agent installation dialog box. You can open the Agent installation dialog box in the following ways: l Create new nodes in the Configure managed nodes dialog box. The Agent installation dialog box opens after you click OK. (See Create new nodes.) l Right-click a node in the Configure managed nodes dialog box, and then click Run agent installation. (See Configuring nodes.) l Deploy policies to nodes on which no agent is current installed. (See Deploying policies.) l Deploy the agent package to nodes on which no agent is currently installed. (See Deploy deployment package.) The Agent installation dialog box provides the following options to set the credentials: l PMAD user. To use this option, you must give the PMAD user administrative access to the node in the trusted domain. For more information, see Start Windows node security setup. l Impersonate user. To use this option, you must log in to Windows with the credentials of user who has administrative access to the node in the trusted domain. The user must also be a member of the HPOMadministrators group (called HP-OVE-ADMINS by default). This group is created when the management server is installed, and may either be a domain group, or a local group on the management server. If the HPOMadministrators group is a domain group, you may need to change the group scope to universal before you can add a user froma trusted domain. For more details, refer to the Active Directory documentation that Microsoft provides. l User/Password. To use this option, give the credentials of the user who has administrative access to the node in the trusted domain. This option is available only if you are installing the HTTPS agent. Specify the username in one of the following formats: n domain\user (for an Active Directory user) n computer_name\user (for a local user on the node) Note: To avoid communication problems, ensure that nodes in trusted domains can resolve the name of the management server. For more details, see Resolve the IP address of the management server. Related Topics: l Trust relationships between Active Directory domains Specify folders for remote agent installation When you install an HTTPS agent, the installation creates two main folders on the node: l Installation folder This folder contains the agent software (for example, the executable files that collect data, discover services, and monitor events). l Data folder This folder contains the data that the agent receives and creates (for example, policies, instrumentation, and performance data). The following table lists the default installation and data folders for the HTTPS agent, which vary according to the node's operating system. HP Operations Manager (9.00) Page 90 of 1297 Online Help Configuring nodes Operating system Installation folder Data folder Windows Server2008 Windows Vista %ProgramFiles%\HP\HP BTOSoftware\ %AllUsersProfile%\HP\HPBTO Software Windows Server2003 Windows XP %ProgramFiles%\HP\HP BTOSoftware\ %AllUsersProfile%\Application Data\HP\HPBTOSoftware HP-UX Solaris Linux /opt/OV/ /var/opt/OV/ AIX /usr/lpp/ /var/opt/OV/ Tru64 /usr/opt/OV/ /usr/var/opt/OV/ On new nodes that run a Windows operating system, you can install the HTTPS agent into different folders. It is not possible to specify different folders in any other scenario: l Remote or manual agent installations on UNIX and Linux nodes always use the default folders. l Upgrades of existing HTTPS agents always use the same folders as the existing agent. Note: To specify a different data folder on Windows nodes you need HTTPS agent version 8.53 or higher. If necessary, download the latest agent patch fromthe HP Software Support web site. To specify folders for remote agent installation 1. Prepare the agent installation defaults file, as described in the topic Configure HTTPS agent installation defaults. 2. On a new line in the agent installation defaults file, type the following namespace: [pmad] 3. Under the pmad namespace add the following parameters on separate lines: INSTALL_DIR="<installation_folder>" DATA_DIR="<data_folder>" 4. Optional. Specify the node or nodes to which the management server should use the folder settings. Prefix each parameter with a pattern that matches one or more node names or IP addresses. Use standard HPOMpattern syntax. Type a colon (:) at the end of the pattern. Note: The management server applies the settings in the pmad namespace to remote agent installations only. You can also specify folders for manual agent installations. HP Operations Manager (9.00) Page 91 of 1297 Online Help Configuring nodes Example [pmad] ^192.168.<*>:INSTALL_DIR="C:\HP Operations Agent" ^192.168.<*>:DATA_DIR="C:\HP Operations Agent Data" The above example specifies the following folders for remote agent installation on nodes with IP addresses that begin 192.168.* l Installation folder: C:\HP Operations Agent l Data folder: C:\HP Operations Agent Data On nodes with any other IP addresses, the management server installs the agents using the default folders. Related Topics: l Pattern-matching details Disable automatic agent installation By default, the management server automatically installs or updates agents when you deploy policies. If you deploy a policy that requires a newer version of the agent than is currently installed on the node, the management server automatically creates a job to first deploy the latest agent packages to the node. You can disable this feature if, for example, you prefer to install agents manually. If you disable this feature, a policy deployment job fails if the policy requires a version of the agent that is newer than the current version on the node. In this case, you must deploy the agent packages fromthe console, or you can install the latest agent on a node manually. To disable automatic agent installation 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box appears. 2. Select the Expert Mode check box. 3. Click Namespace, and then click Policy Management and Deployment. A list of values appears. 4. Set the value of Automatic agent upgrade to False. 5. Click OK. Note: To re-enable automatic agent upgrade, set Automatic agent upgrade back to True . Related Topics: l Deploy deployment package l Change server configuration values HP Operations Manager (9.00) Page 92 of 1297 Online Help Configuring nodes Start Windows node security setup Before HPOMfor Windows 8.00, to deploy an agent to nodes with the Windows operating system, you had to add a domain group (called HP-OVE-GROUP by default) to the node's local administrators group. You could do this manually or using the Windows Node Security Setup dialog box. On the management server, the policy management and deployment (PMAD) service ran under an account that was a member of this domain group, and therefore had administrative access the nodes. HPOMnow enables you to install the HTTPS agent using the credentials that you are currently logged in to Windows with. This is called impersonation, because the PMAD service runs under its own user account (called HP-OVE-Deleg-User by default), but uses your credentials to access to the nodes. (This requires that the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server.) Alternatively, you can now also install the HTTPS agent using the credentials of a user who already has access to the node. For example, you can specify the user name and password of the node's local administrator. Therefore, it is no longer necessary to add a domain group to the node's local administrators group. Nevertheless, you can still give the PMAD user administrative access to nodes. This may be useful if you need to install DCE agents on Windows nodes, or so that console users who do not otherwise have administrative access can install agents. HPOMenables you to add the PMAD user to the nodes' local administrators group in the following ways: l Start Windows node security setup for specific nodes l Start Windows node security setup automatically for new nodes Alternatively, if you are installing DCE agents on Windows nodes, HPOMstarts the Windows node security setup automatically. Note: DCE agent installation packages are only available on management servers running a 32 bit version of HPOM. Note: Windows node security setup can add the PMAD user to nodes in the same domain as the user that you are currently logged in to Windows with. For nodes in untrusted domains or workgroups, you must manually create the PMAD user in the nodes' local administrators group. The management server uses pass-through authentication to access these nodes. Therefore, you must ensure that the name and password of user that you create are identical to those that the PMAD service runs under. To start Windows node security setup for specific nodes 1. Log in to Windows with an account that has administrative rights on the nodes, and open the console. 2. In the console tree, click Tools HP Operations Manager Tools. A list of tools appears in the details pane. 3. Right-click Windows Node Security Setup and then click All Tasks Launch Tool.... The Edit Parameters dialog box opens. HP Operations Manager (9.00) Page 93 of 1297 Online Help Configuring nodes 4. Select the check boxes for the nodes and node groups that you want to configure, and then click OK. The Windows Node Security dialog box opens. To start Windows node security setup automatically for new nodes 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Select the Expert Mode check box. 3. Click Namespaces, and then click Policy Management and Deployment. A list of values appears. 4. Set the value of Enable the old node security setup dialog for nodes to True. The Windows Node Security Setup dialog box opens automatically when you install an agent remotely on a Windows node. The Windows Node Security Setup dialog box displays the following information: l Node: lists each new or selected node. l Status: displays a status of failed, succeeded, in progress, or waiting for each node. l Note: displays a message explaining the reported status. If the attempt to add the user fails for any node, click the node, and then click Details. An error message appears, which explains the cause of the failure and suggests actions to correct the problem. Examples of the problems that can occur are as follows: l You do not have sufficient rights to add the user. Even if the user already exists on the node, you cannot detect this without administrative rights on the node. l The node may not be reachable, because of a problemwith the network or operating system. l The node may not be reachable, because the network properties are incorrectly configured in the Node Properties dialog box. Related Topics: l Install agents remotely l Install agents in trusted domains l Configure network properties Agent migration Management servers and agents communicate using DCE/RPC or HTTPS. Although the DCE agent is currently still supported, you are encouraged to migrate existing DCE agents to the HTTPS agent. Although all the functionality of the DCE agent is supported on the HTTPS agent, you can nevertheless, migrate fromthe HTTPS agent back to the DCE agent if necessary. However, this is only possible on management servers running a 32 bit version of HPOMbecause 64 bit HPOM management servers provide HTTPS agent packages only. If you have nodes with 64 bit architectures and operating systems, you can also migrate to native 64 bit agent packages if appropriate. Related Topics: HP Operations Manager (9.00) Page 94 of 1297 Online Help Configuring nodes l Migrate fromDCE to HTTPS l Migrate fromHTTPS to DCE l Migrate from32 bit to 64 bit l Manually migrate fromDCE to HTTPS Migrate from HTTPS to DCE Where possible you should deploy the HTTPS agent on your managed nodes. Nevertheless, you can migrate fromthe HTTPS agent to the DCE agent if necessary. Note: Migrating fromthe HTTPS agent to the DCE agent is only possible on management servers running a 32 bit version of HPOMbecause 64 bit HPOMmanagement servers provide HTTPS agent packages only. When you migrate fromthe HTTPS agent to the DCE agent, the management server removes all existing policies, instrumentation and packages fromthat node. After it deploys the DCE agent packages, the management server then redeploys the policies, and the packages and instrumentation that the policies require. However, if any of the policies require the HTTPS agent, the deployment jobs for those policies will fail. It is not possible to deploy the DCE agent to nodes with a UNIX or Linux operating systemusing the console. You must install the DCE agent manually on these nodes. Caution: When you migrate froman HTTPS agent to a DCE agent, you lose all data that the DCE agent stores locally, including performance data and customconfiguration settings. If appropriate, back up this data and reconfigure it after you migrate to the DCE agent. Note: The HTTPS agent enables multiple management servers to configure the same node. This is not possible with the DCE agent. If other management servers are currently managing the node, they do not receive a notification when you migrate to the DCE agent. If deployment jobs exist on other management servers for this node, they will fail. Ensure that the node is removed fromother management servers before or after migrating to the DCE agent. You can then add the node again with the communication type set to DCE. To migrate from an HTTPS agent to a DCE agent 1. In the console tree, right-click Nodes, and then click Configure Nodes.... The Configure Managed Nodes dialog appears. 2. Right-click the node and then click Change agent. The Change Agent dialog appears. 3. Click Comm Type and then select DCE. 4. Optional. Specify the credentials that the management server uses to deploy the agent. Right- click a node in the list, and then click Set Credentials. Click one of the following commands: n PMAD user. The management server attempts to deploy the agent as the user under which the policy management and deployment (PMAD) service runs (called HP-OVE-Deleg-User by default). The node can belong to the same domain as the management server, a trusted domain, or a workgroup. HP Operations Manager (9.00) Page 95 of 1297 Online Help Configuring nodes Note: The PMAD user does not by default have administrative access to the node. For more information, see Start Windows node security setup. n Impersonate user. The management server attempts to deploy the agent using the credentials that you are currently logged in to Windows with. You cannot use impersonation for nodes in untrusted domains or workgroups. You can use impersonation only if the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server. For more details on delegation, refer to the Active Directory documentation that Microsoft provides. 5. Optional. Select or clear the Run prerequisites check automatically during job execution check box. If you are sure that the nodes meet all prerequisites, you can clear this check box so that the agent installation jobs complete more quickly. (This check box is dimmed if an administrator disables all prerequisite checking using the Server Configuration dialog.) 6. Click OK. The management server creates all the necessary deployment jobs. Related Topics: l Generic server configuration l Restart job with new options Migrate from DCE to HTTPS If you have DCE agents installed on nodes in your environment, you can migrate to the HTTPS agent. For example, you may need to deploy a new policy that requires the HTTPS agent. When you migrate a node fromthe DCE agent to the HTTPS agent, the management server removes all existing policies, instrumentation and packages fromthat node. After it deploys the HTTPS agent packages, it then redeploys the policies, and the packages and instrumentation that the policies require. If the node's policy inventory contains policies that are not available on the management server, the management server cannot redeploy these policies to the HTTPS agent. This can happen, for example, if the policy exists only on a different management server, or if the policy exists on the node but has been deleted fromthe management server. When you migrate a DCE agent to an HTTPS agent, the installer migrates the following data: l If the DCE agent has an ID, it remains the same on the HTTPS agent. (On the HTTPS agent, the agent ID is also known as the core ID. Other HP BTOSoftware may also create a core ID on the node, which the HTTPS agent then also uses.) l The configuration settings in the opcinfo file. On the HTTPS agent, you can configure the settings using ovconfchg. The installer migrates the settings to the eaagt namespace on the HTTPS agent. l The service discovery configuration settings INSTANCEDELETIONTHRESHHOLD and ACTION_TIMEOUT fromOvJavaAgent.cfg. The installer migrates the settings to the agtrep namespace on the HTTPS agent. l Data collected by the embedded performance component. Caution: When you migrate froma DCE agent to an HTTPS agent, you lose the following data fromthe DCE agent: HP Operations Manager (9.00) Page 96 of 1297 Online Help Configuring nodes l Unsent messages in the message buffer. l Customsettings and data fromSmart Plug-ins. l Integrations with other HP Software products. l Customservice discovery configurations. l Other customsettings specific to your organization. l Obsolete settings fromthe opcinfo file. OPC_COMM_PORT_RANGE, OPC_RESTRICT_TO_PROCS, OPC_TRACE, OPC_ TRACE_AREA, OPC_TRC_PROCS, OPC_DBG_AREA, OPC_DBG_PROCS, OPC_ NODE_TYPE, OPC_IP_ADDRESS, OPC_NSP_TYPE, OPC_NSP_VERSION, OPC_ BUFLIMIT_SIZE, OPC_BUFLIMIT_SEVERITY, OPC_AGENT_LOG_SIZE, OPC_AGENT_ LOG_DIR, OPC_HBP_INTERVAL_ON_AGENT, OPC_COMM_TYPE, OPC_NODE_ CHARSET, OPC_MGMTSV_CHARSET, OPC_AGTMSI_ENABLE, OPC_AGTMSI_ALLOW_ OA, OPC_AGTMSI_ALLOW_AA, OPC_BUFLIMIT_ENABLE, OPC_SG, OPC_SC, OPC_VC, OPC_INSTALLED_VERSION, COMM_INSTALLED_VERSION, PERF_INSTALLED_ VERSION, OPC_MGMT_SERVER, OPC_INSTALLATION_TIME If appropriate, back up this data and reconfigure it after you migrate to the HTTPS agent. To migrate from a DCE agent to an HTTPS agent 1. In the console tree, right-click Nodes, and then click Configure Nodes.... The Configure Managed Nodes dialog appears. 2. Right-click the node and then click Change agent. The Change Agent dialog appears. 3. Click Comm Type and then select HTTPS. 4. Optional. Select the Auto Grant check box if you want the management server to automatically grant the certificate for this node. (This only happens if you also configure the management server to grant certificate requests automatically.) 5. Optional. Specify the credentials that the management server uses to deploy the agent. Right- click a node in the list, and then click Set Credentials. Click one of the following commands: n PMAD user. The management server attempts to deploy the agent as the user under which the policy management and deployment (PMAD) service runs (called HP-OVE-Deleg-User by default). You can only use this for nodes with a Windows operating system. The nodes can belong to the same domain as the management server, a trusted domain, or a workgroup. Note: The PMAD user does not by default have administrative access to the node. For more information, see Start Windows node security setup. n Impersonate user. The management server attempts to deploy the agent using the credentials that you are currently logged in to Windows with. You cannot use impersonation for nodes in untrusted domains or workgroups. HP Operations Manager (9.00) Page 97 of 1297 Online Help Configuring nodes You can use impersonation only if the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server. For more details on delegation, refer to the Active Directory documentation that Microsoft provides. n User/Password. The Credentials dialog box appears. Type the Username of a user who has permission to install software on the node and their Password. Click OK. This automatically selects the Deploy check box. For nodes with a UNIX or Linux operating system, this is the only command available. You can also use this command to install the HTTPS agent to Windows nodes that belong to the same domain as the management server, a trusted domain, or a workgroup. 6. Optional. Select or clear the Run prerequisites check automatically during job execution check box. If you are sure that the nodes meet all prerequisites, you can clear this check box so that the agent installation jobs complete more quickly. (This check box is dimmed if an administrator disables all prerequisite checking using the Server Configuration dialog.) 7. Click OK. The management server creates all the necessary deployment jobs. 8. While the change agent deployment job is in progress, the node requests a certificate. Policy and package deployment jobs start for each node only after this request is granted. If you did not configure automatic granting of certificates, you must grant the certificates manually. Otherwise, the policy and package deployment jobs fail. Related Topics: l Configuring Certificates l Generic server configuration l Restart job with new options Migrate from 32 bit to 64 bit Agent packages in 64 bit format are available, which you can deploy to nodes that have 64 bit architectures and operating systems. You can also deploy agent packages in 32 bit format to some 64 bit nodes. For more information, see the support matrix at HP Software Support Online. If you have 32 bit agent packages installed on nodes that have 64 bit architectures and operating systems, you can migrate to the 64 bit packages. When you do this, the management server removes all existing policies, instrumentation and packages fromthat node. After it deploys the 64 bit agent packages, it then redeploys the policies, and the packages and instrumentation that the policies require. To migrate from a 32 bit agent to a 64 bit agent 1. In the console tree, right-click Nodes, and then click Configure Nodes.... The Configure Managed Nodes dialog appears. 2. Right-click the node and then click Change agent. The Change Agent dialog appears. 3. Click Binary Format and then select an option. Agent packages in 64 bit format may not be available for all platforms. 4. Optional. Select the Auto Grant check box if you want the management server to automatically grant the certificate for this node. (This only happens if you also configure the HP Operations Manager (9.00) Page 98 of 1297 Online Help Configuring nodes management server to grant certificate requests automatically.) 5. Optional. Specify the credentials that the management server uses to deploy the agent. Right- click a node in the list, and then click Set Credentials. Click one of the following commands: n PMAD user. The management server attempts to deploy the agent as the user under which the policy management and deployment (PMAD) service runs (called HP-OVE-Deleg-User by default). You can only use this for nodes with a Windows operating system. The nodes can belong to the same domain as the management server, a trusted domain, or a workgroup. Note: The PMAD user does not by default have administrative access to the node. For more information, see Start Windows node security setup. n Impersonate user. The management server attempts to deploy the agent using the credentials that you are currently logged in to Windows with. You cannot use impersonation for nodes in untrusted domains or workgroups. You can use impersonation only if the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server. For more details on delegation, refer to the Active Directory documentation that Microsoft provides. n User/Password. The Credentials dialog box appears. Type the Username of a user who has permission to install software on the node and their Password. Click OK. This automatically selects the Deploy check box. For nodes with a UNIX or Linux operating system, this is the only command available. You can also use this command to install the HTTPS agent to Windows nodes that belong to the same domain as the management server, a trusted domain, or a workgroup. 6. Optional. Select or clear the Run prerequisites check automatically during job execution check box. You can clear this check box to save time if you are sure that the nodes meet all systemrequirements. (This check box is dimmed if an administrator disables all prerequisite checking using the Server Configuration dialog.) 7. Click OK. The management server creates all the necessary deployment jobs. Related Topics: l Configuring Certificates l Generic server configuration l Restart job with new options Manually migrate from DCE to HTTPS If you have DCE agents installed on nodes in your environment, you can manually migrate to the HTTPS agent. For example, you may not be able to automatically migrate software on a remote systembecause of security measures such as firewalls. When you migrate a node fromthe DCE agent to the HTTPS agent, the HTTPS agent installation removes all existing policies, instrumentation, and packages fromthat node. The HTTPS agent installation migrates the following data: HP Operations Manager (9.00) Page 99 of 1297 Online Help Configuring nodes l If the DCE agent has an ID, it remains the same on the HTTPS agent. (On the HTTPS agent, the agent ID is also known as the core ID. Other HP BTOSoftware may also create a core ID on the node, which the HTTPS agent then also uses.) l The configuration settings in the opcinfo file. On the HTTPS agent, you can configure the settings using ovconfchg. The installer migrates the settings to the eaagt namespace on the HTTPS agent. l The service discovery configuration settings INSTANCEDELETIONTHRESHHOLD and ACTION_TIMEOUT fromOvJavaAgent.cfg. The installer migrates the settings to the agtrep namespace on the HTTPS agent. l Data collected by the embedded performance component. Caution: When you migrate froma DCE agent to an HTTPS agent, you lose the following data fromthe DCE agent: l Unsent messages in the message buffer. l Customsettings and data fromSmart Plug-ins. l Integrations with other HP Software products. l Customservice discovery configurations. l Other customsettings specific to your organization. l Some settings fromthe opcinfo file. OPC_COMM_PORT_RANGE, OPC_RESTRICT_TO_PROCS, OPC_TRACE, OPC_ TRACE_AREA, OPC_TRC_PROCS, OPC_DBG_AREA, OPC_DBG_PROCS, OPC_ NODE_TYPE, OPC_IP_ADDRESS, OPC_NSP_TYPE, OPC_NSP_VERSION, OPC_ BUFLIMIT_SIZE, OPC_BUFLIMIT_SEVERITY, OPC_AGENT_LOG_SIZE, OPC_AGENT_ LOG_DIR, OPC_HBP_INTERVAL_ON_AGENT, OPC_COMM_TYPE, OPC_NODE_ CHARSET, OPC_MGMTSV_CHARSET, OPC_AGTMSI_ENABLE, OPC_AGTMSI_ALLOW_ OA, OPC_AGTMSI_ALLOW_AA, OPC_BUFLIMIT_ENABLE, OPC_SG, OPC_SC, OPC_VC, OPC_INSTALLED_VERSION, COMM_INSTALLED_VERSION, PERF_INSTALLED_ VERSION, OPC_MGMT_SERVER, OPC_INSTALLATION_TIME If appropriate, back up this data and reconfigure it after you migrate to the HTTPS agent. To manually migrate from a DCE agent to an HTTPS agent 1. Manually install the HTTPS agent on the node with the DCE agent. You can manually install an HTTPS agent with the default configuration or with an agent profile. To manually migrate froma 32 bit DCE agent to a 64 bit HTTPS agent, install the 64 bit HTTPS agent package on the node. The node must have a 64 bit architecture and operating system. 2. After the agent installation, the node requests a certificate. If you did not configure automatic granting of certificates, you must grant the certificates manually. After granting the node certificate, the management server starts a policydeployment job for the node. However, because the node's policy inventory on the management server still contains a list of the previously installed policies, the policy deployment job is cancelled immediately. 3. If you migrate a 32 bit DCE agent to a 64 bit HTTPS agent, you must manually informthe HP Operations Manager (9.00) Page 100 of 1297 Online Help Configuring nodes management server of the new agent binary format by restarting the agent: ovc -kill ovc -start Wait for a few minutes for the management server to be updated. You can check the agent binary format in the Systemtab of the Node Properties dialog box. 4. On the management server, synchronize the package inventory of the node. Caution: Do not synchronize the policy inventory of the node. If you synchronize the policy inventory, the management server clears the current inventory and thus deletes the list of policies that were installed on the node. 5. Reinstall all polices to force policy deployment to the node. If the node's policy inventory contains policies that are not available on the management server, the management server cannot reinstall these policies on the HTTPS agent. This can happen if the policy exists only on a different management server, or if the policy exists on the node but has been deleted fromthe management server. Related Topics: l Migrate from32 bit to 64 bit l Configuring certificates l Configure systemproperties l Synchronize policies and packages l Reinstall policies Manual agent installation In some situations, you may want to install an agent on a node manually, without using the management server. For example, you may not be able to install software on a remote system because of security restrictions like firewalls. In addition, it is not possible to remotely deploy DCE agents to nodes that have a UNIX or Linux operating system. Therefore, the only option is to install agents on these systems manually. The procedures for manual agent installation are different, depending on whether you want to use the HTTPS agent or the DCE agent. Although the DCE agent is currently still supported, you are encouraged to use the HTTPS agent for new nodes. Note: Management servers running a 64 bit version of HPOMprovide HTTPS agent installation packages only. Manual installation of HTTPS agents Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. In some situations, you may want to install an HTTPS agent on a systemmanually, without using the management server. HTTPS agent installation packages are available, which you can copy or transfer to a system. You can then start the agent installation locally. You must use the correct installation package for the node's architecture and operating system. The command ovpmutil HP Operations Manager (9.00) Page 101 of 1297 Online Help Configuring nodes enables you to download the correct installation package. You can also find installation packages in the following folder on the management server: %OvShareDir%Packages\HTTPS\ Subfolders below this contain different packages for each supported agent platform. (For up-to-date information on supported agent platforms, see the support matrix at HP Software Support Online.) The subfolders below %OvShareDir%Packages\HTTPS\ conformto the following structure: <os type>\<os vendor>\<os versions>\<agent binary format>\Operations- agent\<agent version>\<os bit length>\https Note: By default %OvShareDir% on the management server is: Windows 2003: \Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\ Windows 2008: \ProgramData\HP\HP BTO Software\shared\ An alternative path may have been configured during installation. The HTTPS agent packages contain subpackages for all supported locales. This means, for example, that you can download an agent package froma management server that runs in the English locale, and then install it on a node that runs in the Japanese locale. If the node does not exist in the console, or does not have any customconfiguration, you can manually install an agent using the default configuration. Otherwise, if you have already created the node in the console and configured it, you can copy its profile to the systemto use during the installation process. You can also preinstall HTTPS agents, and then configure and start themat a later time. When you install an HTTPS agent, the installation creates two main folders on the node (an installation folder, and a data folder). On new nodes that run a Windows operating system, you can manually install the HTTPS agent into folders that you specify. Every node that you manage with an HTTPS agent requires a certificate. If you are manually installing HTTPS agents, you should also plan certificate deployment before you begin. Related Topics: l Manually install policies Manually install a default HTTPS agent You can install the HTTPS agent software manually, instead of deploying it to the node using the management server. You can install an HTTPS agent with the default configuration in either of the following situations: l the node does not already exist on the management server l the node already exists on the management server, but has a default configuration Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. HP Operations Manager (9.00) Page 102 of 1297 Online Help Configuring nodes To manually install a default HTTPS agent 1. Log in to the node as a user with administrative rights. 2. Optional. Check that the node meets all prerequisites for the agent. a. For up-to-date information on supported agent platforms, see the support matrix at HP Software Support Online. b. Optional. For information not included in the online help, see the HP Operations Agent Release Notes available on the product manuals search page at HP Software Support Online. c. Copy the files for prerequisite checking into a temporary folder on the node. The files are available on the management server in the following folders: o For nodes with a Windows operating system, copy all the files fromthe folder: %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Windows o For nodes with a UNIX or Linux operating system, copy all the files fromthe folder: %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Unix Note: By default %OvShareDir% on the management server is: Windows 2003: \Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\ Windows 2008: \ProgramData\HP\HP BTO Software\shared\ An alternative path may have been configured during installation. d. Open a command prompt on the node and navigate to the temporary folder that you copied the files into. The folder contains ovoreqcheckagt, which you use to start the prerequisite checks. o On Windows operating systems type the following command: ovoreqcheckagt -sum -agt_comm_type HTTPS -agt_bin_format <agent_binary_format> o On UNIX and Linux operating systems type the following commands: chmod +x ovoreqcheckagt ./ovoreqcheckagt -sum -agt_comm_type HTTPS -agt_bin_format <agent_binary_format> Replace <agent_binary_format> with one of the following values: o Alpha o IPF32 o PA-RISC o PowerPC o SPARC o x64 o x86 HP Operations Manager (9.00) Page 103 of 1297 Online Help Configuring nodes After you start the command, details of any failed requirements and recommendations appear. 3. Copy the HTTPS agent installation packages into a temporary directory on the node. The agent packages are available on the management server. Different packages are available to support different platforms. You can obtain the correct package using the command ovpmutil on the management server. If the node already exists on the management server, and the node's systemproperties are correct, use the following parameters: ovpmutil dnl pkg Operations-agent [<package version>] [/d <target directory>] /pnn <primary node name> Otherwise, you must specify the systemproperties on the command line, using the following parameters: ovpmutil dnl pkg Operations-agent [<package version>] [/d <target directory>] /ost <OS type> /osv <OS version> /abf <agent binary format> The package version and target directory parameters are optional: <package version> Specify the version of the agent package that you want to download. /d <target directory> Specify the directory to which you want to download the agent package. If you omit this parameter, the command downloads the packages to the current directory. For example: ovpmutil dnl pkg Operations-agent /pnn node1.example.com ovpmutil dnl pkg Operations-agent 8.50.10 /d c:\temp /ost Solaris /osv 9 /abf SPARC Tip: To check which agent packages are available, and find values for the package version, OS type, OS version, and agent binary format parameters, view the deployment packages report. In the console tree, right-click Deployment packages, and then click View Package details. 4. Open a command prompt and navigate to the temporary directory that you copied the installation packages into. The directory contains opc_inst, which you use to start the installation. n On Windows operating systems: cscript opc_inst.vbs -srv <management_server_host_name> -cert_srv <certificate_server_host_name> n On UNIX and Linux operating systems: i. Add permission to execute opc_inst (for example, using the command chmodu+x opc_inst). ii. ./opc_inst -srv <management_server_host_name> -cert_srv <certificate_server_host_name> HP Operations Manager (9.00) Page 104 of 1297 Online Help Configuring nodes This installs the agent software and sends a certificate request to the certificate server that you specify. 5. Optional. If the node does not already exist, you must configure the node in the console and ensure that it receives a certificate: a. Drag and drop the node fromthe All Unmanaged Agents list to the Nodes list in the Configure Managed Nodes dialog box. b. Map the certificate request to the node manually. c. Grant the certificate request manually. Related Topics: l Select discovered nodes l Map certificate requests to nodes l Grant or deny certificate requests manually l Manually install policies l ovpmutil l ovoreqcheckagt Manually install an HTTPS agent with a profile If you need to manually install an HTTPS agent with a customconfiguration, you can create an agent profile. An agent profile contains a list of settings for an agent on a specific node. For example, you can use an agent profile to configure the communication ports and certificate handling for a node. Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. To manually install an HTTPS agent with a profile 1. Create an HTTPS node using the console, but do not deploy the agent packages to the node. 2. Open a command prompt and use the following command to generate an agent profile for the node: ovpmutil dnl prf [/d <target directory>] [/fqdn <fully qualified domain name>] | [/ip <ip address>] | [/nodeid <object id>] If you omit the /d option, the command downloads the packages to the current directory. You only need to specify one of the command line options /fqdn, /ip, or /nodeid. The command generates a file on the management server with a name in the format <node>.profile, where <node> matches the command line option you choose. For example, the following command generates the profile for a node with the host name node100.example.com and saves it in on the management server in the file c:\temp\node100.example.com.profile ovpmutil dnl prf /d c:\temp /fqdn node100.example.com 3. The profile contains a list of settings for the node. If the file HP Operations Manager (9.00) Page 105 of 1297 Online Help Configuring nodes %OvShareDir%conf\PMAD\agent_install_defaults.cfg exists, the profile includes defaults fromthis file. If necessary, edit the profile with a text editor. You can specify default values for any attributes that you would otherwise set using ovconfchg on the node. Note: By default %OvShareDir% on the management server is: Windows 2003: \Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\ Windows 2008: \ProgramData\HP\HP BTO Software\shared\ An alternative path may have been configured during installation. 4. Log in to the node as a user with administrative rights. 5. Optional. Check that the node meets all prerequisites for the agent. a. For up-to-date information on supported agent platforms, see the support matrix at HP Software Support Online. b. Optional. For information not included in the online help, see the HP Operations Agent Release Notes available on the product manuals search page at HP Software Support Online. c. Copy the files for prerequisite checking into a temporary folder on the node. The files are available on the management server in the following folders: o For nodes with a Windows operating system, copy all the files fromthe folder: %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Windows o For nodes with a UNIX or Linux operating system, copy all the files fromthe folder: %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Unix d. Open a command prompt on the node and navigate to the temporary folder that you copied the files into. The folder contains ovoreqcheckagt, which you use to start the prerequisite checks. o On Windows operating systems type the following command: ovoreqcheckagt -sum -agt_comm_type HTTPS -agt_bin_format <agent_binary_format> o On UNIX and Linux operating systems type the following commands: chmod +x ovoreqcheckagt ./ovoreqcheckagt -sum -agt_comm_type HTTPS -agt_bin_format <agent_binary_format> Replace <agent_binary_format> with one of the following values: o Alpha o IPF32 o PA-RISC o PowerPC o SPARC HP Operations Manager (9.00) Page 106 of 1297 Online Help Configuring nodes o x64 o x86 After you start the command, details of any failed requirements and recommendations appear. 6. Create a temporary folder on the node, and then copy the profile file fromthe management server to this temporary folder. 7. Copy the HTTPS agent installation packages into a temporary directory on the node. The agent packages are available on the management server. Different packages are available to support different platforms. You can obtain the correct package using the command ovpmutil on the management server. If the node already exists on the management server, and the node's systemproperties are correct, use the following parameters: ovpmutil dnl pkg Operations-agent [<package version>] [/d <target directory>] /pnn <primary node name> Otherwise, you must specify the systemproperties on the command line, using the following parameters: ovpmutil dnl pkg Operations-agent [<package version>] [/d <target directory>] /ost <OS type> /osv <OS version> /abf <agent binary format> The package version and target directory are optional: <package version> Specify the version of the agent package that you want to download. /d <target directory> Specify the directory to which you want to download the agent package. If you omit this option, the command downloads the packages to the current directory. For example: ovpmutil dnl pkg Operations-agent /pnn node1.example.com ovpmutil dnl pkg Operations-agent 8.50.10 /d c:\temp /ost Solaris /osv 9 /abf SPARC Tip: To check which agent packages are available, and find values for the package version, OS type, OS version, and agent binary format parameters, view the deployment packages report. In the console tree, right-click Deployment packages, and then click View Package details. 8. Open a command prompt and navigate to the temporary directory that contains the installation packages and agent profile. The directory contains opc_inst, which you use to start the installation as follows: n On Windows operating systems: cscript opc_inst.vbs -configure <profile_filename> n On UNIX and Linux operating systems: HP Operations Manager (9.00) Page 107 of 1297 Online Help Configuring nodes i. Add permission to execute opc_inst (for example, using the command chmodu+x opc_inst). ii. ./opc_inst -configure <profile_filename> This installs the agent and starts it with the configuration settings fromthe profile. You must ensure that the node receives a certificate. Related Topics: l Configure managed nodes l Configure HTTPS agent installation defaults l Manually install policies l Configuring Certificates l ovpmutil l ovoreqcheckagt Preinstall an HTTPS agent You can preinstall the HTTPS agent software on a systemwithout configuring or starting the agent. You then can start the agent at a later date, using either the default configuration or a custom configuration. Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. To preinstall an HTTPS agent 1. Log in to the node as a user with administrative rights. 2. Optional. Check that the node meets all prerequisites for the agent. a. For up-to-date information on supported agent platforms, see the support matrix at HP Software Support Online. b. Optional. For information not included in the online help, see the HP Operations Agent Release Notes available on the product manuals search page at HP Software Support Online. c. Copy the files for prerequisite checking into a temporary folder on the node. The files are available on the management server in the following folders: o For nodes with a Windows operating system, copy all the files fromthe folder: %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Windows o For nodes with a UNIX or Linux operating system, copy all the files fromthe folder: %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Unix Note: By default %OvShareDir% on the management server is: Windows 2003: \Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\ HP Operations Manager (9.00) Page 108 of 1297 Online Help Configuring nodes Windows 2008: \ProgramData\HP\HP BTO Software\shared\ An alternative path may have been configured during installation. d. Open a command prompt on the node and navigate to the temporary folder that you copied the files into. The folder contains ovoreqcheckagt, which you use to start the prerequisite checks. o On Windows operating systems type the following command: ovoreqcheckagt -sum -agt_comm_type HTTPS -agt_bin_format <agent_binary_format> o On UNIX and Linux operating systems type the following commands: chmod +x ovoreqcheckagt ./ovoreqcheckagt -sum -agt_comm_type HTTPS -agt_bin_format <agent_binary_format> Replace <agent_binary_format> with one of the following values: o Alpha o IPF32 o PA-RISC o PowerPC o SPARC o x64 o x86 After you start the command, details of any failed requirements and recommendations appear. 3. Copy the HTTPS agent installation packages into a temporary directory on the node. The agent packages are available on the management server. Different packages are available to support different platforms. You can obtain the correct package using the command ovpmutil on the management server. If the node already exists on the management server, and the node's systemproperties are correct, use the following parameters: ovpmutil dnl pkg Operations-agent [<package version>] [/d <target directory>] /pnn <primary node name> Otherwise, you must specify the systemproperties on the command line, using the following parameters: ovpmutil dnl pkg Operations-agent [<package version>] [/d <target directory>] /ost <OS type> /osv <OS version> /abf <agent binary format> The package version and target directory parameters are optional: <package version> Specify the version of the agent package that you want to download. /d <target directory> HP Operations Manager (9.00) Page 109 of 1297 Online Help Configuring nodes Specify the directory to which you want to download the agent package. If you omit this parameter, the command downloads the packages to the current directory. For example: ovpmutil dnl pkg Operations-agent /pnn node1.example.com ovpmutil dnl pkg Operations-agent 8.50.10 /d c:\temp /ost Solaris /osv 9 /abf SPARC Tip: To check which agent packages are available, and find values for the package version, OS type, OS version, and agent binary format parameters, view the deployment packages report. In the console tree, right-click Deployment packages, and then click View Package details. 4. Open a command prompt and navigate to the temporary directory that contains the installation packages. The directory contains opc_inst, which you use to start the installation as follows: n On Windows operating systems type cscript opc_inst.vbs -no_start and then press Enter. n On UNIX and Linux operating systems: i. Add permission to execute opc_inst (for example, using the command chmodu+x opc_inst). ii. Type ./opc_inst -no_start and then press Enter. To start a preinstalled HTTPS agent with the default configuration Open a command prompt on the node and navigate to the following directory: l On 32 bit Windows operating systems: <install_dir>\bin\OpC\install l On 64 bit Windows operating systems: <install_dir>\bin\win64\OpC\install l On UNIX and Linux operating systems: <install_dir>/bin/OpC/install The directory contains opcactivate, which you use to start the agent as follows: l On Windows operating systems: cscript opcactivate.vbs -srv <management_server_host_name> -cert_srv <certificate_server_host_name> l On UNIX and Linux operating systems: ./opcactivate -srv <management_server_host_name> -cert_srv <certificate_server_host_name> This starts the agent and sends a certificate request to the certificate server that you specify. If it does not already exist, you must create the node in the console and ensure that the node receives a certificate. HP Operations Manager (9.00) Page 110 of 1297 Online Help Configuring nodes To start a preinstalled HTTPS agent with a custom configuration 1. Create the profile on the management server and copy it to the node. a. Open a command prompt on the management server and use the following command to generate an agent profile for the node: ovpmutil dnl prf [/d <target directory>] [/fqdn <fully qualified domain name>] | [/ip <ip address>] | [/nodeid <object id>] You only need to specify one of the command line options /fqdn, /ip, or /nodeid. The command generates a file with a name in the format <node>.profile, where <node> matches the command line option you choose. For example, the following command generates the profile for a node with the host name node100.example.com and saves it in the file c:\temp\node100.example.com.profile ovpmutil dnl prf /d c:\temp /fqdn node100.example.com b. The profile contains a list of settings for the node. If the file %OvShareDir%conf\PMAD\agent_install_defaults.cfg exists, the profile includes defaults fromthis file. If necessary, edit the profile with a text editor. You can specify default values for any attributes that you would otherwise set using ovconfchg on the node. 2. Open a command prompt on the node and navigate to the following directory: n On 32 bit Windows operating systems: <install_dir>\bin\OpC\install n On 64 bit Windows operating systems: <install_dir>\bin\win64\OpC\install n On UNIX and Linux operating systems: <install_dir>/bin/OpC/install The directory contains opcactivate, which you use to start the agent as follows: n On Windows operating systems: cscript opcactivate.vbs -configure <profile_filename> n On UNIX and Linux operating systems: ./opcactivate -configure <profile_filename> This starts the agent with the configuration settings fromthe profile. You must ensure that the node receives a certificate. Related Topics: l Configure managed nodes l Manually install policies l Configuring Certificates l ovpmutil l ovoreqcheckagt HP Operations Manager (9.00) Page 111 of 1297 Online Help Configuring nodes Specify folders for manual agent installation When you install an HTTPS agent, the installation creates two main folders on the node: l Installation folder This folder contains the agent software (for example, the executable files that collect data, discover services, and monitor events). l Data folder This folder contains the data that the agent receives and creates (for example, policies, instrumentation, and performance data). The following table lists the default installation and data folders for the HTTPS agent, which vary according to the node's operating system. Operating system Installation folder Data folder Windows Server2008 Windows Vista %ProgramFiles%\HP\HP BTOSoftware\ %AllUsersProfile%\HP\HPBTO Software Windows Server2003 WindowsXP %ProgramFiles%\HP\HP BTOSoftware\ %AllUsersProfile%\Application Data\HP\HPBTOSoftware HP-UX Solaris Linux /opt/OV/ /var/opt/OV/ AIX /usr/lpp/ /var/opt/OV/ Tru64 /usr/opt/OV/ /usr/var/opt/OV/ On new nodes that run a Windows operating system, you can install the HTTPS agent into different folders. It is not possible to specify different folders in any other scenario: l Remote or manual agent installations on UNIX and Linux nodes always use the default folders. l Upgrades of existing HTTPS agents always use the same folders as the existing agent. Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. To specify agent installation and data folders 1. Prepare the manual agent installation as described in one of the following topics, but do not start the installation script: n Manually install a default HTTPS agent n Manually install an HTTPS agent with a profile HP Operations Manager (9.00) Page 112 of 1297 Online Help Configuring nodes n Preinstall an HTTPS agent 2. Open a command prompt and navigate to the temporary folder that contains the installation packages. The folder contains opc_inst.vbs, which you use to start the installation as follows: n Default HTTPS agent : cscript opc_inst.vbs -srv <management_server_host_name> -cert_srv <certificate_server_host_name> -inst_dir <installation_folder> - data_dir <data_folder> n HTTPS agent with a profile: cscript opc_inst.vbs -configure <profile_filename> -inst_dir <installation_folder> -data_dir <data_folder> n HTTPS agent preinstallation: cscript opc_inst.vbs -no_start -inst_dir <installation_folder> - data_dir <data_folder> The script installs the agent into the installation and data folders that you specify. If you preinstall an agent, you must later start the agent. In all cases, you must ensure that the node receives a certificate. Note: The command-line options are available for manual agent installations only. To specify folders for remote agent installations, see Specify folders for remote agent installation. Related Topics: l Configuring certificates l Environment variables Manual installation of DCE agents Management servers and agents communicate using DCE/RPC or HTTPS. Although the DCE agent is currently still supported, you are encouraged to use the HTTPS agent for new nodes. Note: DCE agent installation packages are only available on management servers running a 32 bit version of HPOM. You can deploy DCE agents fromthe management server, or manually, without using the management server. DCE agent installation packages are available, which you can copy or transfer to a system. You can then start the agent installation locally. The DCE agent packages are available on the management server in the folder %OvShareDir%Packages\. This folder contains subfolders for the supported operating systems and node architectures. You must copy the correct installation package for the node's operating systemand architecture. Note: By default %OvShareDir% on the management server is: Windows 2003: \Documents and Settings\All Users\Application Data\HP\HP BTO Software\shared\ Windows 2008: \ProgramData\HP\HP BTO Software\shared\ An alternative path may have been configured during installation. For up-to-date information on supported agent platforms, see the support matrix at HP Software Support Online. HP Operations Manager (9.00) Page 113 of 1297 Online Help Configuring nodes The instructions for deploying DCE agents manually are provided in read-me files with the installation packages. You can copy these along with the package to the node for reference when performing the installation. Related Topics: l Manual installation of HTTPS agents l Remote agent installation Manual agent deinstallation If you no longer need to manage a node using HPOM, you can deinstall the agent fromit. You can easily do this by removing the Operations-agent package fromthe node using the console. This also removes any policies fromthe node. You can also deinstall the agent manually if necessary, for example if the node no longer exists in the console. The procedure for manual agent installation depends on whether the node has the HTTPS agent or the DCE agent. If the node has the DCE agent, the procedure depends on whether the node has a Windows operating system, or a UNIX or Linux operating system. Related Topics: l Remove package fromnode Deinstall an HTTPS agent manually You can deinstall an HTTPS agent by removing the Operations-agent package fromnode in the console. However, you can also deinstall the agent manually if necessary. Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. To deinstall an HTTPS agent manually 1. Log in to the node as a user with administrative rights. 2. Open a command prompt and use ovc to stop the agent as follows: n On Windows operating systems: ovc -stop AGENT n On UNIX and Linux operating systems: /opt/OV/bin/ovc -stop AGENT 3. Use opc_inst to start the deinstallation as follows: n On 32 bit Windows operating systems: cscript <install_dir>\bin\OpC\install\opc_inst.vbs -r n On 64 bit Windows operating systems: cscript <install_dir>\bin\win64\OpC\install\opc_inst.vbs -r n On UNIX and Linux operating systems: /opt/OV/bin/OpC/install/opc_inst -r 4. Optional. Check the following log file for deinstallation errors: HP Operations Manager (9.00) Page 114 of 1297 Online Help Configuring nodes n On Windows operating systems: <data_dir>\log\opc_inst.log n On UNIX and Linux operating systems: /var/opt/OV/log/opc_inst.log 5. Optional. The management server does not receive notification when you deinstall the agent manually. Therefore, if the node still exists on the management server, the package and policy inventory is incorrect. You can delete the node fromthe management server using the Configure Managed Nodes dialog. Alternatively, to clear the inventory, you can force the management server to remove the agent package in the Uninstall package from... dialog. Note: The HTTPS agent includes several components, which appear in Add or Remove Programs on nodes that run a Windows operating system. Dependencies between these components make it difficult to remove the components using Add or Remove Programs. HP recommends that you remove the HTTPS agent using opc_inst.vbs, as the above procedure describes. Related Topics: l Delete, copy, and move managed nodes l Remove package fromnode Deinstall a DCE agent from a Windows node To manually deinstall an existing DCE agent on a Windows computer: 1. On the node, remove the agent using Add or Remove Programs. 2. Remove the PMAD user (which has the name HP-OVE-Deleg-User by default) fromthe node's local administrators group. Note: If the agent was originally installed froman earlier version of the management server, the PMAD user may not be part of the node's local administrator group. You may need to remove a group account (which has the name HP-OVE-GROUP by default) instead. 3. Optional. The management server does not receive notification when you deinstall the agent manually. Therefore, if the node still exists on the management server, the package and policy inventory is incorrect. You can delete the node fromthe management server using the Configure Managed Nodes dialog. Alternatively, to clear the inventory, you can force the management server to remove the agent package in the Uninstall package from... dialog. Related Topics: l Delete, copy, and move managed nodes l Remove package fromnode Deinstall a DCE agent from a UNIX or Linux node To deinstall an existing DCE agent froma UNIX or Linux node: HP Operations Manager (9.00) Page 115 of 1297 Online Help Configuring nodes 1. Run the opcagt -kill command. 2. Run the appropriate command to deinstall the agent: n Linux operating system: To find out which version of the agent is installed, check the value of the parameter OPC_ INSTALLED_VERSION in the /opt/OV/bin/OpC/install/opcinfo file on the node. If you are removing a version of the agent earlier than 7.0, use the command: rpm -e OPC dce If you are removing the agent A.07.10 on a Linux operating system, deinstall in two steps: i. rpm -e OPSCVCDISC OPCPERF OPCJRE OPC OPCCOMM ii. rpm -e dce Otherwise, use the command: rpm -e OPCSVCDISC OPCPERF OPCJRE OPC OPCCOMM dce n AIX operating system: installp -ug OPC OPCCOMM OPCPERF OPCSVCDISC n HP-UX operating system: swremove ITOAgent n Solaris operating system: /usr/sbin/pkgrm OPC OPCCOMM OPCPERF OPCSVCDIS HPlwdce n Tru64 operating system: setld -d OPCAGT000 OPCCOMMAGT000 OPCPERFAGT000 OPCSVCDISCAGT000 3. Optional. The management server does not receive notification when you deinstall the agent manually. Therefore, if the node still exists on the management server, the package and policy inventory is incorrect. You can delete the node fromthe management server using the Configure Managed Nodes dialog. Alternatively, to clear the inventory, you can force the management server to remove the agent package in the Uninstall package from... dialog. Related Topics: l Delete, copy, and move managed nodes l Remove package fromnode Configuring HTTPS communication through firewalls Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. Management servers and nodes) communicate with each other over the network. For nodes that have the HTTPS agent, this communication uses the HTTPS protocol. The figure below shows the network connections between management servers and nodes as follows: l The management server (1) opens connections to nodes (2), for example to deploy policies and instrumentation, for heartbeat polling, or to launch actions. HP Operations Manager (9.00) Page 116 of 1297 Online Help Configuring nodes l Nodes (2) open connections to the management server (1), for example to send messages, and action responses. When a management server or node opens a new connection, the operating systemallocates the local port for the connection. On the other side of the connection, management servers and nodes both have communication brokers, which listen on port 383 for incoming connections. So by default, all connections have a local port assigned by the operating systemand the destination port is 383. If you have management servers and nodes on different networks that are separated by a firewall, the firewall may block connections between them, as the figure below shows. This prevents you frommanaging the nodes, because, for example, management servers cannot deploy policies and nodes cannot send messages. If a firewall blocks HTTPS connections, you can reconfigure communication between management servers and nodes in several ways. The HPOMconfiguration you choose to implement depends mainly on the configuration of your network. l If your network allows HTTPS connections through the firewall in both directions, but with certain restrictions, the following configuration options are possible in HPOMto accommodate these restrictions: n If your network allows only certain proxy systems to open connections through the firewall, you can redirect HPOMcommunication through these proxies. n If your network allows inbound connections to only certain destination ports, but not to port 383, you can configure alternate communication broker ports. n If your network allows outbound connections fromonly certain local ports, you can configure HPOMto use specific local ports. l If your network allows only outbound HTTPS connections fromthe management server across the firewall, and blocks inbound connections fromnodes, you can configure a reverse channel proxy. Note: In an environment with multiple management servers, you can also configure the management servers to communicate with each other through firewalls. The configuration is the same as for communication between management servers and nodes. Related Topics: HP Operations Manager (9.00) Page 117 of 1297 Online Help Configuring nodes l Server-based Flexible Management Policies Configuring two-way communication If your network allows HTTPS connections through the firewall in both directions, but with certain restrictions, the following configuration options are possible in HPOMto accommodate these restrictions: l If your network allows only certain proxy systems to open connections through the firewall, you can redirect HPOMcommunication through these proxies. l If your network allows inbound connections to only certain destination ports, but not to port 383, you can configure alternate communication broker ports. l If your network allows outbound connections fromonly certain local ports, you can configure HPOMto use specific local ports. Redirect HTTPS communication through proxies Overview You can redirect connections frommanagement servers and nodes that are on different networks through a proxy. The figure below shows connections between a management server and node through a proxy as follows: l The management server (1) opens connections to the proxy (2), for example to deploy policies and instrumentation, for heartbeat polling, or to launch actions. The proxy opens connections to the node (3) on behalf of the management server, and forwards communication between them. l The node (3) opens connections to the proxy (2), for example to send messages, and action responses. The proxy opens connections to the management server (1) on behalf of the node. You can also redirect communication through proxies in more complex environments as follows: l Each management server and node can use a different proxy server to communicate with each other. l You can configure management servers and nodes to select the correct proxy according to the host they need to connect to. The figure below shows connections between a management server and nodes through multiple proxies as follows: l The management server (1) opens connections to a proxy (2). The proxy opens connections to the node (3) on behalf of the management server. l The node (3) opens connections to a different proxy (4). The proxy opens connections to the HP Operations Manager (9.00) Page 118 of 1297 Online Help Configuring nodes management server (1) on behalf of the node. l The network allows management server (1) to make outbound HTTP connections directly through the firewall (5) to another node (6). (The nodes (3, 6) are on different networks.) l The firewall (5) does not allow inbound HTTP connections. Therefore, node (6) opens connections to the management server through a proxy (7). PROXY parameter syntax You redirect outbound HTTPS communication through proxies by setting the PROXY parameter in the bbc.http name space on the management servers and nodes. You can configure this parameter in the following ways: l Configure the values in the HTTPS agent installation defaults. This is recommended if you need to configure proxies for large numbers of nodes. You must plan and configure the installation defaults before you create or migrate your nodes. l Use ovconfchg or ovconfpar at a command prompt. The value of the PROXY parameter can contain one or more proxy definitions. Specify each proxy in the following format: <proxy_hostname>:<proxy_port>+(<included hosts>)-(<excluded hosts>) Replace <included_hosts> with a comma-separated list of hostnames or IP addresses to which the proxy enables communication. Replace <excluded hosts> with a comma-separated list of hostnames or IP addresses to which the proxy cannot connect. Asterisks (*) are wild cards in hostnames and IP addresses. Both <included_hosts> and <excluded hosts> are optional. To specify multiple proxies, separate each proxy with a semicolon (;). The first suitable proxy in the list takes precedence. Example PROXY parameter values To configure a node to use proxy1.example.com port 8080 for all outbound connections, you would use the following value: proxy1.example.com:8080 To configure a management server to use proxy2.example.com:8080 to connect to any host with a hostname that matches *.example.com or *example.org except hosts with an IP address in the range 192.168.0.0 to 192.168.255.255, you would use the following value: proxy2.example.com:8080+(*.example.com,*.example.org)-(192.168.*.*) HP Operations Manager (9.00) Page 119 of 1297 Online Help Configuring nodes To extend the above example to use proxy3.example.com to connect to backup.example.com only, you would use the following value: proxy3.example.com:8080+(backup.example.com); proxy2.example.com:8080+(*.example.com,*.example.org)-(192.168.*.*) In the above example, proxy3.example.com:8080+(backup.example.com) must be first, because the include list for proxy2.example.com contains *.example.com. To redirect HTTPS communication through proxies using ovconfchg 1. Log in to the management server or node as a user with administrative rights and open a command prompt or shell. 2. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 3. Specify the proxies that the node should use. You can specify different proxies to use depending on the host that the agent wants to connect to. Type the following command: ovconfchg -ns bbc.http -set PROXY <proxy> Note: When you use the command ovconfchg on a management server that runs in a cluster, add the parameter -ovrg server. Related Topics: l Configure HTTPS agent installation defaults l ovconfchg l ovconfpar Configure communication broker ports Overview Management servers and nodes that have HTTPS agents both include communication brokers that listen for inbound connections on port 383, as the figure below shows. The communication broker on a management server (1) handles all inbound connections fromnodes that have HTTPS agents, and also fromother management servers. The communication broker on a node that has the HTTPS agent (2) handles all inbound connections frommanagement servers. HP Operations Manager (9.00) Page 120 of 1297 Online Help Configuring nodes You can configure any communication broker to listen on a port other than 383. If you do this, you must also configure the other management servers and nodes in the environment, so that their outbound connections are destined for the correct port. For example, if you configure a node'scommunication broker to listen on port 5000, you must also configure the management server so that it connects to port 5000 when it communicates with this node. PORTS parameter syntax You configure communication broker ports by setting the PORTS parameter in the bbc.cb.ports name space on all management servers and nodes that communicate with each other. You can configure this parameter in the following ways: l Configure the values in the HTTPS agent installation defaults. This is recommended if you need to configure communication broker ports for large numbers of nodes. You must plan and configure the installation defaults before you create or migrate your nodes. l Use ovconfchg or ovconfpar at a command prompt. The values must contain one or more host names or IP addresses and have the following format: <host>:<port>[,<host>:<port>] ... The <host> can be either a domain name or IP address. For example, to configure the communication broker port to 5000 on a management server with the host name manager1.emea.example.com, use the following command on the management server itself, and also any other management servers and nodes that open connections to it: ovconfchg -ns bbc.cb.ports -set PORTS manager1.emea.example.com:5000 If you need to configure communication broker ports on multiple systems, you can use wildcards and ranges, as follows: l You use a wildcard at the start of a domain name by adding an asterisk (*). For example: n *.emea.example.com:5000 n *.test.com:5001 n *:5002 l You can use wildcards at the end of an IP address by adding up to three asterisks (*). For example: n 192.168.1.*:5003 n 192.168.*.*:5004 n 10.*.*.*:5005 l You can replace one octet in an IP address with a range. The range must be before any wildcards. For example: n 192.168.1.0-127:5006 n 172.16-31.*.*:5007 If you specify multiple values for the PORTS parameter, separate each with a comma (,). For example: HP Operations Manager (9.00) Page 121 of 1297 Online Help Configuring nodes ovconfchg -ns bbc.cb.ports -set PORTS *.emea.example.com:5000,10.*.*.*:5005 When you specify multiple values using wildcards and ranges that overlap, the management server or node or selects the port to use in the following order: l Fully qualified domain names. l Domain names with wildcards. l Complete IP addresses. l IP addresses with ranges. l IP addresses with wildcards. For example, if you configure communication broker ports on all management servers and nodes and servers with the following command: ovconfchg -ns bbc.cb.ports -set PORTS *.emea.example.com:6000,10.*.*.*:6001,manager1.emea.example.com:6002,10.0- 127.*.*:6003 the following ports are used: l Host name: node1.asia.example.com IP address: 10.127.1.1 Communication broker port: 6003. l Host name: manager1.emea.example.com IP address: 10.1.1.1 Communication broker port: 6002. l Host name: node1.test.com IP address: 192.168.1.1 Communication broker port: 383. To find out which port is currently configured, type the following command: bbcutil -getcbport <host> Tip: To organize settings for many communication broker ports, you can add parameters of any name in the bbc.cb.ports name space. The value of any parameter in the name space is evaluated. The PORTS parameter is optional. To configure communication broker ports using ovconfchg 1. Log in to the management server or node as a user with administrative rights and open a command prompt or shell. 2. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. HP Operations Manager (9.00) Page 122 of 1297 Online Help Configuring nodes n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 3. Specify the communication broker ports by typing the following command: ovconfchg -ns bbc.cb.ports -set PORTS <host>:<port>[,<host>:<port>] ... Note: When you use the command ovconfchg on a management server that runs in a cluster, add the parameter -ovrg server Related Topics: l Configure HTTPS agent installation defaults l ovconfchg l ovconfpar Configure local communication ports Overview Management servers open outbound connections to nodes that have HTTPS agents, and nodes that have the HTTPS agent open outbound connections to management servers, as the figure below shows. A management server (1) opens these connections, for example, to deploy policies and instrumentation, for heartbeat polling, and to launch actions. An HTTPS agent (2) opens these connections, for example, to send messages and action responses. By default, management servers and nodesuse local port 0 for outbound connections, which means that the operating systemallocates the local port for each connection. Typically, the operating systemwill allocate local ports sequentially. For example, if the operating systemallocated local port 5055 to an Internet browser, and then the HTTPS agent opens a connection, the HTTPS agent receives local port 5056. However, if a firewall restricts the ports that you can use, you can configure management servers and nodes to use a specific range of local ports instead. CLIENT_PORT parameter syntax You configure local communication ports by setting the CLIENT_PORT parameter in the bbc.http name space on the management server and node. You can configure this parameter in the following ways: HP Operations Manager (9.00) Page 123 of 1297 Online Help Configuring nodes l Configure the values in the HTTPS agent installation defaults. This is recommended if you need to configure local communication ports for large numbers of nodes. You must plan and configure the installation defaults before you create or migrate your nodes. l Use ovconfchg or ovconfpar at a command prompt. The value must be a range of ports in the following format: <lower port number>-<higher port number> For example, if the firewall only allows outbound connections that originate fromports 5000 to 6000 you would use the following value: 5000-6000 To configure local communication ports using ovconfchg 1. Log in to the management server or node as a user with administrative rights and open a command prompt or shell. 2. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 3. Specify the range of local ports that the management server or node can use for outbound connections by typing the following command: ovconfchg -ns bbc.http -set CLIENT_PORT <lower port number>-<higher port number> Note: When you use the command ovconfchg on a management server that runs in a cluster, add the parameter -ovrg server. Related Topics: l Configure HTTPS agent installation defaults l ovconfchg l ovconfpar Configure multihomed nodes By default, when a node has several IP addresses, the agent uses themas follows: l The communication broker accepts incoming connections on all IP addresses. l The agent opens connections to the management server using the first network interface that it finds. l The embedded performance component accepts incoming connections on all IP addresses. You can configure the HTTPS agent to always use a specific IP address. You do this by configuring the parameters in the following table using ovconfchg or ovconfpar at a command prompt: HP Operations Manager (9.00) Page 124 of 1297 Online Help Configuring nodes Namespace Parameter Value bbc.cb SERVER_ BIND_ ADDR The IP address that you want the communication broker to listen on for incoming connections. bbc.http CLIENT_ BIND_ ADDR The IP address that you want the agent use on the node end of connections to the management server. coda.comm SERVER_ BIND_ ADDR The IP address that you want the embedded performance component to listen on for incoming connections. This can either be the same IP address as the SERVER_BIND_ADDR parameter in the bbc.cb namespace, or you can set this value to localhost. If you set the value to localhost, the embedded performance component accepts incoming connections only through the communication broker. You can configure the DCE agent to always use a specific IP address by setting the OPC_IP_ ADDRESS parameter in a node info policy, which you then deploy to the node. Related Topics: l ovconfchg l ovconfpar l Node info policies Configuring outbound-only communication Overview Management servers and nodes communicate with each other over the network. Normally, management servers open outbound network connections to nodes and nodes open inbound network connections to management servers. The figure below shows the network connections where there is no firewall that blocks inbound HTTPS connections to the management server as follows: l The management server (1) opens outbound connections to nodes (2), for example to deploy policies and instrumentation, for heartbeat polling, or to launch actions. l Nodes (2) open inbound connections to the management server (1), for example to send messages, and action responses. HP Operations Manager (9.00) Page 125 of 1297 Online Help Configuring nodes If a firewall blocks inbound HTTPS connections froma node to a management server, the node cannot communicate with the management server properly. To enable proper communication, you configure an HTTPS agent to act as a reverse channel proxy (RCP). An RCP handles communication between management servers and nodes, so that they do not need to communicate with each other directly. An RCP can run on the managed node that it serves, or on a separate systemthat serves multiple managed nodes. The RCP is on the same side of the firewall as the node or nodes that it serves. Outbound-only communication through one firewall The figure below shows the network connections where there is a firewall that blocks inbound HTTPS connections to the management server as follows: l The management server (1) makes an outbound connection through the firewall (2) to an RCP (3). This connection is called a reverse administration channel. The management server maintains the reverse administration channel, so that the RCP never needs to make an inbound connection to the management server. l Agents (4) open connections to the RCP, instead of the management server. The RCP (3) forwards the agents' communications to the management server using the reverse administration channel. l The management server (1) also makes outbound connections directly to agents (4). To configure outbound-only communication in this scenario, you must: 1. Configure the RCP, so that it listens for incoming connections. 2. Configure the management server, so that it opens the reverse administration channel to the RCP. 3. Configure the agents, so that they use the RCP for their outbound connections to the management server. Outbound-only communication through two firewalls The figure below shows the network connections where there are two firewalls. One firewall blocks inbound connections to the management server. The other firewall blocks inbound connections to the nodes. HP Operations Manager (9.00) Page 126 of 1297 Online Help Configuring nodes l The management server (1) opens a reverse administration channel through the firewall (2) to the RCP (3). The management server maintains the reverse administration channel, so that the RCP never needs to make an inbound connection to the management server. l Each agent(5) opens a reverse administration channel through the firewall (4) to the RCP (3). Agents maintain these connections, so that the RCP never needs to make inbound connections to the agents. l The management server (1) and agents (5) open outbound connections to the RCP, instead of directly to each other. The RCP (3) forwards the these communications using the reverse administration channel. To configure outbound-only communication in this scenario, you must: 1. Configure the RCP, so that it listens for incoming connections. 2. Configure the management server, so that it opens a reverse administration channel to the RCP. 3. Configure the management server, so that it uses the RCP as a proxy for its outbound connections to agents. 4. Configure the agents, so that they each open a reverse administration channel to the RCP. 5. Configure the agents, so that they use the RCP for their outbound connections to the management server. Configure a reverse channel proxy Before you can configure a systemas a reverse channel proxy (RCP), you must install the HTTPS agent software and add the node to the console. You can deploy the HTTPS agent software automatically fromthe console, or install it manually. You must also configure the node's certificates. To configure a reverse channel proxy 1. Log in to the node as a user with administrative rights and open a command prompt or shell. 2. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. HP Operations Manager (9.00) Page 127 of 1297 Online Help Configuring nodes n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 3. Set the port that agents and management servers can connect to. Type following command: ovconfchg -ns bbc.rcp -set SERVER_PORT <port_number> Note: Make sure that the port number you specify is not already in use by any other software on the system. 4. Register the RCP component so that ovc starts, stops and monitors it. Type the following commands: a. ovcreg -add <install_ dir>/newconfig/DataDir/conf/bbc/ovbbcrcp.xml b. ovc -kill c. ovc -start Note: After you configure the management server to establish a connection with this RCP you can check that the connection exists, by typing the following command: ovbbcrcp -status The command shows details of the reverse channel connection. Related Topics: l Remote agent installation l "Manual agent installation " (on page 101) l Configuring Certificates l ovconfchg l ovbbcrcp Configure reverse administration channels Note: When you use the command ovconfchg in the following procedure, add the parameter - ovrg server only if your management server runs in a cluster. To configure a reverse administration channel 1. Log in to the management server or node as a user with administrative rights and open a command prompt or shell. 2. Enable outbound-only communication. By default, this is disabled. To change this, type the following command: ovconfchg [-ovrg server] -ns bbc.cb -set ENABLE_REVERSE_ADMIN_ CHANNELS true 3. Specify the reverse channel proxies (RCPs) that to which you want to open reverse administration channels. You must specify RCPs in the following format: HP Operations Manager (9.00) Page 128 of 1297 Online Help Configuring nodes <host>:<port>[,<OvCoreID>] For example, if a management server must connect to port 50000 on rcp1.example.com you specify the RCP with: rcp1.example.com:50000,9fcc7062-0472-751c-1236-84372bec342d If you specify the optional OvCoreID, the server checks that the RCP has that OvCoreID. You can specify the RCPs at the command prompt or in a file: n To specify the RCPs at the command prompt, type the following command: ovconfchg [-ovrg server] -ns bbc.cb -set RC_CHANNELS <rcp>[;<rcp>] Separate each RCP with a semicolon (;). n To specify the RCPs in a file: i. Create a text file that specifies each RCP on a separate line. ii. Optional. Add comments on lines that begin with the number sign (#). iii. Save the file in the folder <data_dir>\conf\bbc. iv. Type the following command: ovconfchg [-ovrg server] -ns bbc.cb -set RC_CHANNELS_CFG_ FILES <file name> You must also type the same command if you later change the contents of the file. The server reads the file only after you use ovconfchg. 4. Optional. Configure whether the server should automatically retry failed reverse administration channel connections. By default, the server does not retry failed connections. To change the default, type the following command: ovconfchg [-ovrg server] -ns bbc.cb -set RETRY_RC_FAILED_ CONNECTION TRUE 5. Optional. Set the maximumnumber of attempts that the server should make to reconnect to a failed reverse administration channel connection. By default, this is set to -1 (infinite). To change the default, type the following command: ovconfchg [-ovrg server] -ns bbc.cb -set MAX_RECONNECT_TRIES <number of tries> 6. Optional. Configure the management server to generate a warning message about failed reverse administration channel connections. By default, the management server does not generate this message. To change the default, type the following command: ovconfchg [-ovrg server] -ns bbc.cb -set GENERATE_OVEVENT_FOR_ FAILED_RC_NODES TRUE However, if you set RETRY_RC_FAILED_CONNECTION to TRUE, the management server attempts to reconnect the failed connection without generating the message. 7. Optional. Configure the number of minimumand maximumnumber of worker threads for connections to RCPs. The communication broker can use multiple worker threads to enhance HP Operations Manager (9.00) Page 129 of 1297 Online Help Configuring nodes the performance of connections to RCPs. By default, the maximumnumber of worker threads is 1 and the minimumnumber of worker threads is 0. If the systemhas sufficient resources, you can increase the number of worker threads. To change the defaults, type the following commands: ovconfchg [-ovrg server] -ns bbc.cb -set RC_MAX_WORKER_THREADS <number> ovconfchg [-ovrg server] -ns bbc.cb -set RC_MIN_WORKER_THREADS <number> 8. Optional. To check that the reverse administration channel is open, type the following command: ovbbccb -status The output lists all open reverse administration channels. If any of the reverse administration channel connections has the state FAILED, you can attempt to restore the connections by typing the following command: ovbbccb -retryfailedrcp [-ovrg server] Related Topics: l ovconfchg l ovbbccb Forward outbound connections through a reverse channel proxy To forward outbound connections through a reverse channel proxy 1. Log in to the management server or node as a user with administrative rights and open a command prompt or shell. 2. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 3. Specify the RCP to use for outbound connections. You can specify different RCPs to use depending on the destination host. Type the following command: ovconfchg -ns bbc.http -set PROXY <rcp>[;<rcp>] Separate each RCP with a semicolon. Specify each <rcp> in the following format: <rcp_hostname>:<rcp_port>+(<included hosts>)-(<excluded hosts>) Replace <included_hosts> with a comma-separated list of valid destination hostnames or IP addresses for the RCP. Replace <excluded hosts> with a comma-separated list of HP Operations Manager (9.00) Page 130 of 1297 Online Help Configuring nodes hostnames or IP addresses that systemshould not use the RCP to connect to. Asterisks (*) are wild cards in hostnames and IP addresses. Note: <excluded_hosts> must always contain the hostname and the fully qualified domain name of the RCP. For example, to configure an agent to use rcp1.example.com:50000 to connect to any host with a hostname that matches *.example.com or *example.org except hosts with an IP address in the range 192.168.0.0 to 192.168.255.255, you would type the following command: ovconfchg -ns bbc.http -set PROXY rcp1.example.com:50000+(*.example.com,*.example.org)- (192.168.*.*,rcp1.example.com,rcp1) 4. Optional. For an agent, specify the OvCoreID of the management server that the RCP should connect this agent to. This is useful if the RCP cannot resolve the hostnames of management servers because of firewalls. When an agent attempts to open a connection to a management server, the RCP can use the OvCoreID instead of the hostname to select the correct reverse administration channel. You can either specify the management server's OvCoreID directly, or specify a command that returns the OvCoreID. n To specify the management server's OvCoreID directly, type the following command: ovconfchg -ns bbc.http -set TARGET_FOR_RC <server OvCoreID> n To specify a command that returns the management server's OvCoreID, type the following command: ovconfchg -ns bbc.http -set TARGET_FOR_RC_CMD <command> 5. To restart the message agent, type ovc -restart opcmsga and then press Enter. Agent users By default, on nodes with a Windows operating system, both HTTPS and DCE agents run under the Local Systemaccount, which is built-in to Windows. On nodes with a UNIX or Linux operating system, the HTTPS agent runs under the root account. If necessary, you can configure HTTPS agents to run under a different user account after you install the agent. For DCE agents on Windows nodes, you can change the user in the installation defaults on the management server before you install the agent. (DCE agent installation packages are only available on management servers running a 32 bit version of HPOM.) The agent starts automatic or operator-initiated commands under the user account that the agent itself is currently running under. However, you can configure an HTTPS agent to start commands under a different user account. Change the default user of DCE agents on Windows nodes By default on managed nodes with a Windows operating system, the DCE agent runs under the Local Systemaccount. However, you can configure the DCE agent installation defaults so that the agent runs under a different user account. For example, you may want the agent to run under an account with fewer permissions to the Local Systemaccount. Alternatively, you may want the agent to run under a domain account that gives the agent permission to access remote systems. HP Operations Manager (9.00) Page 131 of 1297 Online Help Configuring nodes You must test whether the user account has appropriate rights to run the agent and manage the node correctly. You assign these user rights in the local Windows security settings on the node, or a group policy object in Active Directory. The user rights that you assign depend on your requirements. You may, for example, consider assigning the following user rights: l Access this computer fromthe network. Required for installation. l Act as part of the operating system. Required to run actions as a user other than the agent user. l Log on as a service. Required to run the agent as a service. l Adjust memory quotas for a process (also called Increase quotas in some versions of Windows) Required for a full switch user with password to get network access when executing tools. l Manage auditing and security log. Required during the execution of actions. l Replace a process-level token. Required for the user switch in the action agent. l Shut down the system. Required to shutdown the managed node. l Additional rights for the management tasks that you need to perform. For example: n If you want be able to monitor a log file using a policy, the agent user must have permission to read that log file. n If you want to be able to start a programusing an automatic command, the agent user must have permission to start that program. Note: This procedure changes only the installation defaults in the DCE agent package on the management server. To apply changes to nodes where the DCE agent is already installed, you must redeploy the agent. The redeployed agent runs under the new user account. Remove the old agent user account manually if you no longer need it. DCE agent installation packages are only available on management servers running a 32 bit version of HPOM. To change the default user of DCE agents 1. Log in to the management server with an account that is a member of the HPOM administrators group. Open a command prompt. 2. Type cd "%OvBinDir%\OpC\install" and then press Enter. 3. To encrypt the DCE agent user's password type opcpwcrpt <password> and then press Enter. Copy the output. 4. Type SetMgmtServer /user <user> /password <encrypted password>and then HP Operations Manager (9.00) Page 132 of 1297 Online Help Configuring nodes press Enter. n Replace <user> with the name of the user, for example AgentUser. The name must not contain spaces. You can specify the name of a existing domain user, but do not specify the domain (for example, do not specify DOMAIN\account or account@domain). The domain user must belong to the same domain as the node, and no local user with the same name must exist on the node. If you specify a user that does not exist, the agent installation creates a local user with the specified name on each node. The new user is a member of the local Administrators group. n Replace <encrypted password> with the output fromopcpwcrpt, which you copied. Caution: If the specified account already exists on a node, but the default password in the agent package does not match, the agent installation removes the existing account and recreates it with the same name but a different internal user ID. Related Topics: l Configure DCE agent installation defaults Change the user of an HTTPS agent on a Windows node Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. By default on nodes with a Windows operating system, the HTTPS agent runs under the built-in Local Systemaccount. However, you can configure the HTTPS agent to run under a different user account. For example, you may want the agent to run under an account with fewer permissions than the Local Systemaccount. Alternatively, you may want the agent to run under an account that has permission to access remote systems over the network. You must test whether the user account has appropriate rights to run the agent and manage the node correctly. You assign these user rights in the local Windows security settings on the node, or a group policy object in Active Directory. The user rights that you assign depend on your requirements. The user account may, for example, need the following user rights: l User rights to run the agent: n Log on as a service n Manage auditing and security log l User rights to manage the node: n Shut down the system This allows the agent to shut down the system(for example, when a user starts the shutdown tool in the console). n Debug programs This allows the agent to collect information about processes, and to kill processes (for example, when a user starts the list processes or kill process tool in the console). l User rights to allow the agent to start commands and tools as a user other than the agent user: HP Operations Manager (9.00) Page 133 of 1297 Online Help Configuring nodes n Act as part of the operating system. n Adjust memory quotas for a process (also called Increase quotas in some versions of Windows). n Replace a process-level token. l Permissions for registry entries: n HKEY_LOCAL_MACHINE/Software/Hewlett-Packard/OpenView The user must have full control for this registry key and all child objects. n HKEY_LOCAL_ MACHINE/Software/Microsoft/WindowsNT/CurrentVersion/Perflib The user must have permission to read this registry key for the agent to access performance data. The following procedure assigns the above user rights to a user group that you specify. You may need to assign additional rights for the management tasks that you need to perform. For example: l If you want be able to monitor a log file using a policy, the agent user must have permission to read that log file. l If you want to be able to start a programusing an automatic command, operator-initiated command, tool, or scheduled task, the agent user must have permission to start that program. Additionally, you must set the parameter OPC_PROC_ALWAYS_INTERACTIVE=NEVER in the eaagt namespace. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. After you set this parameter, processes that the agent starts do not have access to the default desktop. This setting applies to logfile encapsulator pre-processing and scripts that the monitor agent invokes. l Some Smart Plug-ins may require additional configuration or user rights when the agent runs under a user account that does not have administrative rights. For more details, see the documentation for individual Smart Plug-ins. To change the user of an HTTPS agent 1. Optional. Create a new user for the agent to run under. 2. Optional. Create a new group, and add the user as a member of this group. 3. On the node, open a command prompt, and change to the following directory: n Nodes with a 32 bit Windows operating system: %OvInstallDir%\bin n Nodes with a 64 bit Windows operating system: %OvInstallDir%\bin\win64 4. On the node, open a command prompt, and type the following command: cscript ovswitchuser.vbs -existinguser <DOMAIN\USER> -existinggroup <GROUP> -passwd <PASSWORD> HP Operations Manager (9.00) Page 134 of 1297 Online Help Configuring nodes n Replace <DOMAIN\USER> with the domain and user name, for example EXAMPLE\AgentUser. For a local user, specify just the user name, for example AgentUser. n Replace <GROUP> with the name of a group that the user belongs to, for example AgentGroup. The command gives this group full control of all files in the agent data directory (%OvDataDir%), and also full control of all installed packages. If you previously started the command and specified a different group, the command removes control of the files for the previous group. n Replace <PASSWORD> with the user's password. Note: The command assigns the user rights required for basic agent functionality at group level, not to the individual user. Therefore, take care when you select the group to use. It is advisable to create a new group specifically for the agent user, and add the agent user as a member. 5. Type the following commands: a. ovc -kill b. ovc -start The control service and agent processes now run as the user that you specified. Related Topics: l Configure HTTPS agent installation defaults l ovconfchg l ovconfpar Change the user of an HTTPS agent on a UNIX or Linux node Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. By default on nodes with a UNIX or Linux operating system, the HTTPS agent runs under the root account. However, you can configure the HTTPS agent to run under a different user account. For example, you may want the agent to run under an account with fewer permissions than the root account. Alternatively, you may want the agent to run under an account that has permission to access remote systems over the network. You must test whether the user account has appropriate rights to run the agent and manage the node correctly. You may need to assign additional rights for the management tasks that you need to perform. For example: l If you want to be able to monitor a log file using a policy, the agent user must have permission to read that log file. l If you want to be able to start a programusing an automatic command, operator-initiated command, tool, or scheduled task, the agent user must have permission to start that program. l Some Smart Plug-ins may require additional configuration or user rights when the agent runs under an alternative user. For more details, see the documentation for individual Smart Plug-ins. HP Operations Manager (9.00) Page 135 of 1297 Online Help Configuring nodes To change the user of an HTTPS agent 1. Optional. Create a new user for the agent to run under. 2. Optional. Create a new group, and add the user as a member of this group. 3. On the node, log in as root and open a shell prompt. Ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 4. To stop the agent, type the following command: ovc -kill 5. To change the agent user, type the following command: ovswitchuser.sh -existinguser <USER> -existinggroup <GROUP> n Replace <USER> with the user name, for example AgentUser. The command modifies the system's boot scripts so that the agent runs under the user that you specify. n Replace <GROUP> with the name of a group that the user belongs to, for example AgentGroup. The command gives this group full control of all files in the agent data directory, and also full control of all installed packages. If you previously started the command and specified a different group, the command removes control of the files for the previous group. The group ID flag is set on the agent's data directories. This flag means that the group that you specify will also own any new files and subdirectories in the agent's base directories. Note: The command assigns the user rights required for basic agent functionality at group level, not to the individual user. Therefore, take care when you select the group to use. It is advisable to create a new group specifically for the agent user, and add the agent user as a member. 6. HTTPS agents include communication brokers that listen for inbound connections from management servers on port 383 by default. However, on UNIX and Linux nodes, non-root users cannot open ports in the range 0 to 1023. Therefore, you must configure the communication broker on the node to listen on a different port (above 1023). You must also configure the management servers that connect to the node, so that their outbound connections are destined for the correct port. You configure communication broker ports by setting the PORTS parameter in the bbc.cb.ports name space. You can configure this parameter in the following ways: n Configure the values in the HTTPS agent installation defaults. This is recommended if you need to configure communication broker ports for large numbers of nodes. You must plan and configure the installation defaults before you create or migrate your nodes. n Use ovconfchg or ovconfpar at a command prompt. HP Operations Manager (9.00) Page 136 of 1297 Online Help Configuring nodes The value must contain one or more host names or IP addresses and have the following format: <host>:<port>[,<host>:<port>] ... For example, to configure the communication broker port to 5000 on a node with the host name node1.emea.example.com, use the following command on the node itself, and also any management servers that open connections to it: ovconfchg -ns bbc.cb.ports -set PORTS node1.emea.example.com:5000 7. To start the agent, type the following commands: a. su <USER> b. ovc -start The control service and agent processes now run as the user that you specified. Related Topics: l Configure HTTPS agent installation defaults l ovconfchg l ovconfpar Change the default user for commands Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. By default, the agent starts automatic or operator-initiated commands under the user account that the agent itself is currently running under. However, you can configure an HTTPS agent to start commands under a different user account. You do this by setting the OVO_STD_USER parameter in the eaagt name space on the nodes. You can configure this parameter in the following ways: l Configure the values in the HTTPS agent installation defaults. This is recommended if you need to configure the user for large numbers of nodes. You must plan and configure the installation defaults before you create or migrate your nodes. l Use ovconfchg or ovconfpar at a command prompt. Specify the value of OVO_STD_USER in the format <user>/|<encrypted password> l Replace <user> with the name of the user. For a domain user, specify the domain and user name, for example EXAMPLE\AgentUser. For a local user, specify just the name, for example AgentUser. l Replace <encrypted password> with output fromthe command opcpwcrpt <password>. You can start this command froma command prompt on the management server. It is also possible to use the OVO_STD_USER when you configure or launch a tool. Specify the user name $OVO_STD_USER and leave the password blank. You must test whether the user account has appropriate rights to run commands and tools correctly. HP Operations Manager (9.00) Page 137 of 1297 Online Help Configuring nodes Caution: If the agent fails to start a command or tool as the OVO_STD_USER, the agent may start the command or tool under the same user account that the agent is currently running under. This can happen, for example, if you specify an incorrect user or password. Related Topics: l Configure HTTPS agent installation defaults l ovconfchg l ovconfpar Deploy HTTPS agent hotfixes HP Software Support may provide you with hotfixes for the HTTPS agent to address specific change requests. Agent hotfixes normally include several updated files, which you can install on affected agents immediately (without having to wait for the next version of the agent package to become available). HPOMprovides several tools that enable you to deploy and manage agent hotfixes remotely from the management server. These tools enable you to performthe following tasks: l Deploy agent hotfixes l List installed agent hotfixes l Remove agent hotfixes l Roll back agent hotfixes Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. To deploy agent hotfixes 1. Extract the hotfix files to a temporary folder on the management server called c:\temp\hotfix (or, if necessary, any other temporary folder). 2. Launch the tool Tools Hotfix Deployment - HP OvEaAgt Copy Hotfix. The tool copies the hotfix files fromthe temporary folder c:\temp\hotfix to a target folder on the management server. If you extracted the hotfix files to any other folder, specify the folder in the tool parameters before you launch the tool. a. Right-click Copy Hotfix, and then click Properties. The Copy Hotfix Properties dialog box opens. b. Click the Details tab, and then type the path to the temporary folder in Parameters. c. Click OK. Note: The Copy Hotfix tool creates a target folder based on information in the hotfix files. If previous hotfixes already exist in the target folder, the tool overwrites the files. However, hotfixes are cumulative, and contain all the fixes for a particular version of the agent. 3. Launch the tool Tools Hotfix Deployment - HP OvEaAgt Select Hotfix. In the Edit Parameters dialog box, select the nodes or node groups to which you intend to deploy the HP Operations Manager (9.00) Page 138 of 1297 Online Help Configuring nodes hotfixes, and then click Launch.... The Select Hotfix tool creates a configuration file for each combination of operating system, binary format, and agent version. If you want to deploy only a subset of available hotfixes, you can edit the configuration files. a. In Windows Explorer, open the following folder: %OvAgentDir%\conf\eaagt The name of each configuration file consists of the operating system, binary format, and agent version. For example: HP-UX_IPF32_08.52.006.conf b. Each configuration file contains a list of change request numbers for which hotfixes exist on the management server. If you want to deploy a subset of available hotfixes to nodes with a particular platformand agent version, open the corresponding configuration file in a text editor. c. Remove the change request numbers of the hotfixes that you do not want to deploy, and then save the configuration file. 4. Launch the tool Tools Hotfix Deployment - HP OvEaAgt Deploy Hotfix. In the Edit Parameters dialog box, select the nodes or node groups to which you want to deploy the hotfixes, and then click Launch.... The Deploy Hotfix tool copies the hotfixes to each node and starts an installation script on the node. The Tool Status dialog box opens, and shows the results of the hotfix deployment. The following log files also contain details of the results: n On the management server: %OvAgentDir%\log\Agt_Hotfix_Install.log n On nodes with a Windows operating system: %OvDataDir%\log\hotfix_inst.log n On nodes with a UNIX or Linux operating system: /var/opt/OV/log/hotfix_inst.log Note: If more recent hotfixes already exist on a node, the tool does not deploy the currently selected hotfixes to that node. To list installed agent hotfixes 1. Launch the tool Tools Hotfix Deployment - HP OvEaAgt List Inventory. 2. In the Edit Parameters dialog box, select the nodes or node groups for which you want a list of installed hotfixes, and then click Launch.... The Tool Status dialog box opens, and shows the inventory of each node that you selected. To remove agent hotfixes You can remove all deployed hotfixes fromnodes to restore the agent to the latest installed version. 1. Launch the tool Tools Hotfix Deployment - HP OvEaAgt Remove Hotfix. 2. In the Edit Parameters dialog box, select the nodes or node groups fromwhich you want to HP Operations Manager (9.00) Page 139 of 1297 Online Help Configuring nodes remove the hotfixes, and then click Launch.... The Tool Status dialog box opens, and shows the results of the hotfix removal. To roll back agent hotfixes You can roll back the most recently deployed hotfixes to restore previously installed hotfixes. If no previous hotfixes exist on a node, or you have already rolled back to the previous hotfixes, the tool restores the agent to the latest installed version. 1. Launch the tool Tools Hotfix Deployment - HP OvEaAgt Rollback Hotfix. 2. In the Edit Parameters dialog box, select the nodes or node groups on which you want to roll back the hotfixes, and then click Launch.... The Tool Status dialog box opens, and shows the results of the hotfix roll back. Related Topics: l Configure tool details Troubleshoot HTTPS agents Note: The information in this section of the online help is only for version 8.60 and lower of HP Operations agent. The following steps help to troubleshoot problems with nodes that use the HTTPS agent, assuming that agent is correctly installed. If this is not the case, see Deployment troubleshooting or "Manual installation of HTTPS agents " (on page 101) for more information. l If you install an HTTPS agent on a computer on which another HP BTOSoftware product already exists, the values of any existing configuration parameters remain unchanged. In some cases, you many need to complete additional steps before the agent can run. For example: n If the node's core ID is already set, you may need to check that node's core ID is correct on the management server. Right-click the node in the console tree, and then click Properties.... The node properties dialog appears. In the General tab, click Advanced Configuration. n If the certificate server is already set, you may need to change it or manually install certificates for the HPOMmanagement server (see Configuring Certificates). Alternatively, to force the agent installation to replace the values of any existing configuration parameters, preinstall the agent without starting it (see "Preinstall an HTTPS agent " (on page 108)), and then activate the agent with the -force_config_mode option as follows: n On Windows operating systems: cscript opcactivate.vbs -srv <management_server_host_name> -cert_ srv <certificate_server_host_name> -force_config_mode n On UNIX and Linux operating systems: ./opcactivate -srv <management_server_host_name> -cert_srv <certificate_server_host_name> -force_config_mode l Check the agent installation log file. After you install or upgrade an HTTPS agent, a log file is in available in: <data_dir>\log\opc_inst.log. After you deinstall an HTTPS agent, a log file is available in the following location: HP Operations Manager (9.00) Page 140 of 1297 Online Help Configuring nodes n On nodes that run a Windows operating system: %SYSTEMROOT%\temp\opc_inst.log n On nodes that run a UNIX or Linux operating system: /var/tmp/opc_inst.log l Check whether the management server can resolve the node's host name to an IP address, and whether the node can also resolve the management server's host name. The operating system normally provides a suitable command such as nslookup or dig. On nodes that run the Solaris operating system, the HPOMprovides the command ovgethostbyname for this purpose. l Check whether the management server can connect to the node, and whether the node can connect to the management server. The following command enables you to do this: bbcutil -ping [<hostname>|<ip>][:<port>]] [count] For example, to check whether a node can connect to manager1.example.comby sending 10 packets, open a command prompt on the node and type the following command: bbcutil -ping manager1.example.com 10 If the connection is successful, the command returns status=eServiceOK. To run the command on a management server that is part of a cluster, you must also specify the resource group name by adding the -ovrg option. bbcutil -ovrg <resource> -ping [<hostname>|<ip>][:<port>]] [count] l Check the status of the communication process, using the following command: ovbbccb -status Alternatively, to check the status of communication processes on a remote system, use the following command: bbcutil -status [<hostname>|<ip>][:<port>]] If the processes are not running, restart communication processes using the following command: ovc -restart ovbbccb If the communication process does not start successfully: n Check the log file <data_dir>\log\System.txt for error messages. n Type ovbbccb -nodaemon -verbose and then press Enter. This attempts to start the communication process, and displays details of any errors. l Check that the HTTP communication is possible between the node and management server. Open the following location in a web browser on a node or management server: http://<hostname>:<port>/Hewlett-Packard/OpenView/BBC/ HP Operations Manager (9.00) Page 141 of 1297 Online Help Configuring nodes By default, the communication process listens for connections on port 383. You can check which port the communication process is listening on using the following command: bbcutil -getcbport <hostname> If HTTP communication is possible, the HTTP Communication Information Modules page opens. l Check that the node communicates with the correct management server. Check the management server using the following command on the node: ovconfget sec.core.auth MANAGER The command must return the correct management server hostname. Check that the node has the correct management server core ID. Get the core ID using the following command on the management server: ovcoreid [-ovrg server] The -ovrg option is only necessary if the management server is part of a cluster. The command returns a core ID, which must match the core ID that the following command returns on the node: ovconfget sec.core.auth MANAGER_ID l Check that the node communicates with the correct certificate server using the following on the node command: ovconfget sec.cm.client CERTIFICATE_SERVER The command must return the host name of the management server that acts as the certificate authority. If the command returns an incorrect value, the command ovcert -list should confirmthat the node has no certificates. If this is the case, you can set the correct value using the following command: ovconfchg -ns sec.cm.client -set CERTIFICATE_SERVER <hostname> You can then restart the agent using the following command ovc -restart l Check that the node has received the certificates that it requires using the following command: ovcert -check If the certificates are missing, ensure that the node receives them. For more information, see Configuring Certificates. l Check that the node's core ID is correct on the management server. Get the core ID using the following command on the node: ovcoreid The core ID should exactly match the agent ID on the management server. To check this, right- click the node in the console tree, and then click Properties.... The node properties dialog appears. In the General tab, click Advanced Configuration. The Advanced Configuration HP Operations Manager (9.00) Page 142 of 1297 Online Help Configuring nodes dialog appears, which enables you to check that the IDs match, and change the agent ID on the management server if necessary. l Check that the messages that you expect to arrive fromthe node are not being suppressed. Right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. Check the settings in the Message Suppression tab. For more information, see Duplicate message suppression. l The management server does not start to automatically deploy policies until the node's package inventory contains the agent package. Normally, this happens automatically. To view the node's package inventory, right-click the node in the console tree, and then click View Package Inventory. If the agent package is missing fromthe node's package inventory, but the agent is installed on the node, synchronize the node inventory manually. Right-click the node, and then click All Tasks Synchronize inventory Packages. The management server adds the HTTPS agent package to its node inventory, and starts automatic policy deployment (if enabled). Configuring certificates Nodes that you manage with HTTPS agents require certificates. Certificates enable nodes to communicate securely with the management server and other nodes. Therefore it is essential that certificates are safely deployed to nodes to ensure that all subsequent communication is secure. A management server can issue certificates to nodes, acting as a certificate authority. Each node needs the following certificates fromthe management server: l A unique node certificate. The node can identify itself to its management server and other nodes by sending themits node certificate. l A copy of the management server's trusted certificate. A node only accepts communication froma management server if it has the trusted certificate for that management server. l In an environment with multiple management servers, a copy of the trusted certificates for all other management servers. You can ensure that a node obtains these certificates in the following ways: l Request certificates automatically l Request certificates with an installation key l Deploy certificates manually You can configure the management server to handle certificate requests in the following ways: l Map certificate requests to nodes l Grant certificate requests automatically l Grant or deny certificate requests manually You can maintain the certificate authorities on management servers in the following ways: l Configure trusted certificates for multiple management servers l Back up and restore certificates HP Operations Manager (9.00) Page 143 of 1297 Online Help Configuring nodes Certificate request states Certificate requests can have one of the following states: Node not mapped When the management server receives a certificate request, it attempts to automatically identify the node that the request comes fromusing the host name, IPaddress, and OvCoreID. This automatic mapping fails in the following situations: l There is no node with the same host name as the systemthat the request came from. l There is a node with the same host name, but the node has an OvCoreId that is different to the OvCoreId in the certificate request. If the management server fails to map a certificate request to a node, and you know that the node already exists in the database, you can map the certificate request to the node manually. If a node does not already exist in the database, you must configure it before you can map the certificate request. The node is listed under Unmanaged Nodes with Agents in the Configure Managed Nodes dialog. Needs granting The management server has received a certificate request and identified the node. Before you can start to manage the node, you need to grant this certificate request. In progress The certificate request has been granted on the management server, but the management server cannot reach the managed node at the IP address contained in the certificate request. The node will install the certificate when the connection has been established. Related Topics: l Configure HTTPS agent installation defaults Request certificates automatically Nodes that you manage with HTTPS agents require certificates. Certificates enable nodes to communicate securely with the management server and other nodes. When you deploy an HTTPS agent to a node using the console, the node requests certificates automatically fromthe management server. The node encrypts the certificate request using a key, which is embedded in the agent software. This is more secure than sending the request unencrypted, but does not provide full security. The request must then be granted on the management server. You can configure this to happen automatically or manually. After this happens, the management server sends the certificates to the node. If the management server denies the certificate request you can send another using the following command on the managed node: ovcert -certreq In a highly secure environment, you should disable automatic certificate requests. Do this by setting the certificate deployment type to manual in the HTTPS agent installation defaults. You then need to either request the certificates with installation key or deploy the certificates manually. Related Topics: l Configure HTTPS agent installation defaults l Deploy certificates manually HP Operations Manager (9.00) Page 144 of 1297 Online Help Configuring nodes l Request certificates with an installation key Request certificates with an installation key You can use installation keys to encrypt certificate requests. You generate an installation key on the management server, and then transfer it to the node manually. Requesting certificates with an installation key is more secure than using standard certificate requests. An installation key is unique, and you can use it to encrypt only one certificate request. If you use standard certificate requests, all nodes encrypt all requests using the same key, which is embedded in the agent software. Also, if you request certificates with an installation key, you ensure that the node's private key never leaves the node to which it belongs. This is not the case when you install certificates manually, because you generate the node's private key and certificate on the management server and then copy it to the node. Before you request certificates with an installation key, ensure that the HTTPS agent is running on the node. Normally, the agent sends a certificate request the first time it starts. If you then request a certificate with an installation key, the new certificate request overwrites the original certificate request on the management server. You can suppress the first certificate request by setting the parameter CERTIFICATE_DEPLOYMENT_TYPE=manual in the sec.cm.client namespace using the HTTPS agent installation defaults. To request certificates with an installation key 1. Log in to the management server with an account that is a member of the HPOM administrators group. Open a command prompt. 2. Use ovowcsacm to generate an installation key. The syntax for this command is: ovowcsacm -genInstKey [-file <file_name>] [-pass <password>] Specify the options as follows: Option Description - genInstKey Specifies that you want to generate an installation key. -file <file_ name> Optional. The name of the file into which the command generates the installation key. If you omit this option, the command creates a file in the following directory: \<data_dir>\shared\server\certificates The default file name has the following format: CertificateIK_<management_server_name>_<universally_ unique_id> -pass <password> Optional. A password that the command uses to encrypt the installation key. You need this password when you later request the certificates fromthe node. If you omit this option, the command prompts you for a password. 3. Log in to the node with the same account used to install the node. Open a command or shell HP Operations Manager (9.00) Page 145 of 1297 Online Help Configuring nodes prompt. 4. Securely transfer the generated file to the node. The installation key is valid for any node. 5. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 6. Use ovcert to request a certificate fromthe management server. The syntax for this command is: ovcert -certreq -instkey <file_name> The command prompts you for the password that you specified when you generated the installation key. The node then uses the installation key fromthe file to encrypt a certificate request, which it then sends to the management server. 7. The request must then be granted on the management server. You can configure this to happen automatically or manually. After this happens, the management server sends the certificates to the node. Related Topics: l Configure HTTPS agent installation defaults l Grant certificate requests automatically l Grant or deny certificate requests manually Deploy certificates manually You can generate certificates for nodes on the management server, and then transfer themto the nodes manually. This avoids sending certificates over the network before fully secure HTTPS communication. For example, if you do not want to transmit certificates over the network, you can export themto a file on a disk and take the disk to the node. Normally, the agent sends a certificate request to the management server the first time it starts. You can suppress this certificate request by setting the parameter CERTIFICATE_ DEPLOYMENT_TYPE=MANUAL in the sec.cm.client namespace using the HTTPS agent installation defaults. To deploy certificates manually 1. Log in to the management server with an account that is a member of the HPOM administrators group. Open a command prompt. 2. Use ovowcsacm to generate a certificate. The syntax for this command is: ovowcsacm -issue -name <node_name> [-file <file_name>] [-coreid <OvCoreId>] [-pass <password>] Specify the options as follows: HP Operations Manager (9.00) Page 146 of 1297 Online Help Configuring nodes Option Description -issue Specifies that you want a certificate for a node. -name <node_ name> The primary name of the node to generate a certificate for. The node must already exist in the console. -file <file_ name> Optional. The name of the file into which the command generates the certificates. If you omit this option, the command creates a file in the following directory: %OvShareDir%server\certificates The default file name has the following format: <node_name>-<OvCoreId>.p12. -coreid < OvCoreID > Optional. The OvCoreID, which uniquely identifies the node, is used to generate the certificates. If you omit this option, the command generates an ID for the node. You need to specify the OvCoreID if the node currently exists in the console, and the HTTPS agent is already installed on the node. To find an existing node's OvCoreID: a. In the console tree, right-click the node, and then click Properties. The node properties dialog appears. b. In the General tab, click Advanced Configuration. The Advanced Configuration dialog appears, which shows the ID that you need. -pass < password > Optional. A password that the command uses to encrypt the certificate data. You need this password when you later import the certificates on the node. If you omit this option, the command prompts you for a password. 3. If the HTTPS agent is not already installed on the node, install it. If you manually install the agent, use a profile. This ensures that the agent uses the same OvCoreID that ovowcsacm generated on the management server. 4. Log in to the node with the same account used to install the node. Open a command or shell prompt. 5. Securely transfer the generated file to the node. 6. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 7. If the agent is running on the node, type ovc -stop and then press Enter. This stops the HP Operations Manager (9.00) Page 147 of 1297 Online Help Configuring nodes agent processes on the node. 8. Use ovcert to import the certificates fromthe generated file. The syntax for this command is: ovcert -importcert -file <file_name> The command prompts you for the password that you specified when you generated the certificates. Type the password and press Enter. The command then notifies the management server that the certificates are installed and the management server updates the node's certificate state. If the management server does not receive the notification for any reason, you must update the node's certificate state manually, as follows: a. In the console-tree, right-click the node, and then click Properties. The Node properties dialog appears. b. In the General tab, click Advanced Configuration. The Advanced Configuration dialog appears. c. Select the Modify Certificate State check box, and then select Installed in the list of certificate states. d. Click OK. Note: If the node's OvCoreID does not match the OvCoreID in the certificate, you see a warning on the node that the common name field in the certificate does not match the OvCoreID of the system. If the node is new (you are not reinstalling or migrating the agent on an existing node), you can change the node's OvCoreID as follows: a. Copy the certificate's common name field fromthe warning. b. Type ovcoreid -set <common name field> -force and then press Enter. For example, for the following warning: WARNING: The common name field (CN) in the certificate '89aea662-b9e6-7527-148d-8a612e083f23' does not match the OvCoreId '8b2ae5c2-b99c-7527-0263-cf9a16f2aace' of the system. the command would be: ovcoreid -set 89aea662-b9e6-7527-148d-8a612e083f23 -force 9. On the node, type ovc -start and then press Enter. This restarts the agent processes. 10. Securely delete any copies of the file that contains the certificates. Depending on how you generate and transfer the file, you may, for example, have copies in the following locations: n on the management server n on a USB flash drive, CD, or other portable media n on the node 11. Optional. If you enabled automatic policy deployment for the node, the policy deployment jobs may have failed before you installed the certificate. To restart a failed job: HP Operations Manager (9.00) Page 148 of 1297 Online Help Configuring nodes a. In the console tree, expand Policy management Deployment jobs. b. Right-click the failed job, and then click All Tasks Restart job. Related Topics: l Create new nodes l Manually install an HTTPS agent with a profile l Configure HTTPS agent installation defaults l Configure general information for managed nodes Map certificate requests to nodes When the management server receives a certificate request, it attempts to automatically identify the node that the request comes fromusing the host name. This automatic mapping fails in the following situations: l There is no node with the same host name as the systemthat the request came from. l There is a node with the same host name, but the node has an OvCoreId that is different to the OvCoreId in the certificate request. If the management server fails to map a certificate request to a node, and you know that the node already exists in the database, you can map the certificate request to the node manually. If a node does not already exist in the database, you must configure it before you can map the certificate request. The node is listed under Unmanaged Nodes with Agents in the Configure Managed Nodes dialog. You can unmap certificate requests if you need to, and then map themto a different node. As well as mapping certificate requests in the console, you can also map and unmap themfromthe command prompt. To map certificate requests to nodes 1. In the console tree, click Certificate Requests. A table of certificate requests appears in the details pane. 2. Right-click an unmapped certificate request, and then click All Tasks Map to Node. The Map Certificate Request to Node dialog appears. 3. Navigate the node tree and click the node that you want to map the certificate request to. 4. Click Map Node. 5. Read the warning message that appears, and then click OK or Cancel. If you click OK, the management server updates the node's OvCoreID with the OvCoreID fromthe certificate request. The certificate request then becomes pending and can be granted either automatically or manually. To unmap certificate requests 1. In the console tree, click Certificate Requests. A table of certificate requests appears in the details pane. HP Operations Manager (9.00) Page 149 of 1297 Online Help Configuring nodes 2. Right-click a mapped certificate request, and then click All Tasks Unmap. You can then map the certificate request to a different node if appropriate. To map certificate requests from the command prompt 1. Log in to the management server with an account that is a member of the HPOM administrators group. Open a command prompt. 2. Use ovowcsa -listpending to get a list of certificate requests. 3. Map a certificate request by specifying the request ID or host name with the following command: ovowcsa -map <request_ID | request_host_name>[=<node_host_name | OvCoreID>] [- force] The following restrictions apply: n If you omit the node_host_name and OvCoreId, the command attempts to map the certificate request using the request_host_name. This is useful if you configured a node with that host name after the original attempt to map the certificate request failed. n If there is more than one certificate request with the same request_host_name, you must specify the request_ID. n If the host name in the certificate request is different to the node's host name, add the - force option. n If the node has an OvCoreID that does not match the OvCoreID in the certificate request, the mapping fails. Add the -force option to map the certificate request. Related Topics: l Configure managed nodes Grant certificate requests automatically Nodes that you manage with HTTPS agents require certificates. Certificates enable nodes to communicate securely with the management server and other nodes. Unless you install the certificates manually, the node requests themfromthe management server. Before you can start to manage the node, you need to grant this certificate request. You can configure the certificate server to automatically grant the following types of certificate request: l Certificate requests that are encrypted with a valid installation key. l Certificate requests fromnodes that the management server recently deployed the HTTPS agent to. l Certificate requests fromspecific nodes that you flag (by selecting Allow automatic granting of certificate in the systemproperties of the node). To grant certificate requests automatically 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. HP Operations Manager (9.00) Page 150 of 1297 Online Help Configuring nodes 2. Click Namespaces, and then click Agent Certificate Autogranting. A list of values appears. 3. Set the value of Enable autogranting to True. The management server grants all certificate requests that were made manually using an installation key. If you set this value to false, the management server does not grant any certificate requests automatically. 4. Configure one or more of the following options to automatically grant certificate requests from recently deployed or flagged nodes: n Certificate requests from nodes with a recently deployed HTTPS agent To automatically grant certificate requests fromnodes to which the management server recently deployed the HTTPS agent: i. Set the value of Enable autogranting by time interval to True. ii. Set the value of Time interval for autogranting to a number of seconds. The management server automatically grants certificate requests that arrive this number of seconds after the start of the agent deployment job or sooner. n Certificate requests from flagged nodes To automatically grant certificate requests fromspecific nodes that you flag: i. Set the value of Enable autogranting of flagged nodes to True. ii. Set the flag to automatically grant certificate requests when you create each node. Alternatively, to set the flag for an existing node: i. In the console tree, right-click a node, and then click Properties. The node properties dialog appears. ii. Click the System tab. iii. Select or clear Automatically grant certificate, and then click OK. Tip: To change the default value of this flag, set the value of Default for the 'Automatically grant certificate' flag of new nodes in the Server Configuration dialog. n Combination mode for recently deployed or flagged nodes Set the value of Combination mode of autogranting conditions to AND or OR. Use AND to automatically grant any certificate request that not only arrives in the specified time but also comes froma flagged node. Use OR if certificate requests must meet just one of these criteria. For the AND operation to function properly, set both Enable autogranting by time interval and Enable autogranting of flagged nodes to true. 5. Click OK. 6. Use the Windows service manager to restart the OvSecurityServer service. Related Topics: l Configure systeminformation for managed nodes l Request certificates with an installation key HP Operations Manager (9.00) Page 151 of 1297 Online Help Configuring nodes l Request certificates automatically Grant or deny certificate requests manually Nodes that you manage with HTTPS agents require certificates. Certificates enable nodes to communicate securely with the management server and other nodes. Unless you install the certificates manually, a node requests the certificates fromthe management server. Before you can start to manage the node, you need to grant this certificate request. You can view a table of the certificate requests that the management server has received, and manually grant or deny requests that are pending. Alternatively, you can grant or deny a pending certificate request fromthe command prompt. To grant or deny certificate requests manually 1. In the console tree, click Certificate Requests. A table of certificate requests appears in the details pane. 2. Right-click a pending certificate request, and then click one of the following: n All Tasks Grant - The management server send certificates to the node. n All Tasks Deny - The management server informs the node that its certificate request is denied. n All Tasks Discard - The management server deletes the certificate request without informing the node. 3. If a confirmation message appears, read the message and then click OK or Cancel. To grant certificate requests manually from the command prompt 1. Log in to the management server with an account that is a member of the HPOM administrators group. Open a command prompt. 2. Use ovowcsa -listpending to get a list of pending certificate requests. To obtain the list in a different format, add the -format option and any combination of the following letters: n r - request ID n h - host name n i - IP address n o - OvCoreID n m- mapped host name n p - platform n t - time received n s - show header line 3. Grant or deny a certificate request by specifying the request ID or host name with one of the following commands: HP Operations Manager (9.00) Page 152 of 1297 Online Help Configuring nodes n ovowcsa -grant <request ID | host name> - The management server send certificates to the node. n ovowcsa -deny <request ID | host name> - The management server informs the node that its certificate request is denied. n ovowcsa -discard <request ID | host name> - The management server deletes the certificate request without informing the node. Configure trusted certificates for multiple management servers Every node that has the HTTPS agent has a certificate, which it uses identify itself to management servers. Every management server also has certificates, which it uses to identify itself to nodes. Nodes receive their certificates fromthe certificate authority on their primary management server. In an environment with multiple management servers, you must configure each management server to trust certificates that the other management servers issued. This task involves exporting every management server's trusted certificate, and then importing this trusted certificate to every other management server. You must also update the nodes' trusted certificates, so that the nodes also trust the secondary management servers. To configure trusted certificates for multiple management servers 1. On every management server, export the trusted certificate to a file using the following command: ovcert -exporttrusted -ovrg server -file <file> The command generates a file with the name that you specify. 2. Copy each file to every other management server, and then import the trusted certificate using the following command: ovcert -importtrusted -ovrg server -file <file> 3. For every management server, update the trusted certificates on existing nodes: a. In the console tree, click Tools HP Operations Manager Tools Certificate Management. b. In the details pane, double-click Update trusted certificates. A dialog box opens, which lists nodes and services. c. Select the nodes on which to update the trusted certificates. To update trusted certificates on all existing nodes, select the Nodes check box, and then click Launch.... The Tool Status dialog box opens and shows progress. (The tool fails for any nodes that have the DCE agent.) Alternatively, you can select check boxes for individual nodes or node groups, but always include the management server node in your selection. Any new nodes that you create will receive all the trusted certificates when they receive their node certificate. Related Topics: l Server-based flexible management policies HP Operations Manager (9.00) Page 153 of 1297 Online Help Configuring nodes Back up and restore certificates It is important to back up the certificates for the management server on which the certificate server runs. Otherwise, if you lose or corrupt the management server's certificates, you would need to reissue every node certificate. You can back up the certificates to files, which you should remove fromthe management server and store securely. You need to back up the following certificates on management server: l Certificate authority certificate (which the management server uses to create new certificates) l Management server certificate l Optional. Management server trusted certificates (in environments with multiple management servers) l Node certificate (because the management server is also a node) l Node trusted certificate (or certificates) Note: Certificate backups do not enable you to restore a corrupt or failed management server. For details on how to backup the complete management server, see Backup the HPOM management server. The management server backup includes the management server's certificates. To back up certificates 1. Back up the certificate authority certificate using the following command: ovcm -exportcacert -file <file> [-pass <pass_phrase>] The command generates a file with the name that you specify. If you specify the -pass option and the pass phrase contains spaces, surround it with quotation marks (""). If you omit the - pass option, the command prompts you for a password. 2. Find the alias of the management server certificate using the following command: ovcert -list -ovrg server The alias of the management server certificate is the long sequence of characters, which appears under the heading "Certificates". For example: +---------------------------------------------------------+ | Keystore Content (OVRG: server) | +---------------------------------------------------------+ | Certificates: | | 3d6cb862-9fbb-753e-0600-e88eb3c82c16 (*) | +---------------------------------------------------------+ | Trusted Certificates: | | CA_3d6cb862-9fbb-753e-0600-e88eb3c82c16 (*) | | CA_67b11cf2-3171-753e-194f-d29c9c250895 | +---------------------------------------------------------+ Back up the management server certificate using the following command: HP Operations Manager (9.00) Page 154 of 1297 Online Help Configuring nodes ovcert -exportcert -ovrg server -file <file> -alias <alias> [-pass <pass_phrase>] The command generates a file with the name that you specify. If you specify the -pass option and the pass phrase contains spaces, surround it with quotation marks (""). If you omit the - pass option, the command prompts you for a password. 3. Optional. Back up the management server trusted certificates to a file using the following command: ovcert -exporttrusted -ovrg server -file <file> The command generates a file with the name that you specify. This step is only necessary if the environment consists of multiple management servers and the command ovcert -list -ovrg server lists multiple trusted certificates. 4. Find the alias of the node certificate using the following command: ovcert -list The alias of the node certificate is the long sequence of characters, which appears under the heading "Certificates". For example: +---------------------------------------------------------+ | Keystore Content | +---------------------------------------------------------+ | Certificates: | | 3d6cb862-9fbb-753e-0600-e88eb3c82c16 (*) | +---------------------------------------------------------+ | Trusted Certificates: | | CA_3d6cb862-9fbb-753e-0600-e88eb3c82c16 | | CA_67b11cf2-3171-753e-194f-d29c9c250895 | +---------------------------------------------------------+ +---------------------------------------------------------+ | Keystore Content (OVRG: server) | +---------------------------------------------------------+ | Certificates: | | 3d6cb862-9fbb-753e-0600-e88eb3c82c16 (*) | +---------------------------------------------------------+ | Trusted Certificates: | | CA_3d6cb862-9fbb-753e-0600-e88eb3c82c16 (*) | | CA_67b11cf2-3171-753e-194f-d29c9c250895 | +---------------------------------------------------------+ On a standalone management server, the server and node certificates have the same alias. On a management server in a cluster, each cluster node has a different node certificate (in contrast to the server certificate, which is shared). You must back up the node certificate on every cluster node. Use file names that identify the cluster node to which each certificate belongs. Back up the node certificate using the following command: ovcert -exportcert -file <file> -alias <alias> [-pass <pass_ phrase>] HP Operations Manager (9.00) Page 155 of 1297 Online Help Configuring nodes The command generates files with the names that you specify. If you specify the -pass option and the pass phrase contains spaces, surround it with quotation marks (""). If you omit the - pass option, the command prompts you for a password. 5. Back up the node's trusted certificates to a file using the following command: ovcert -exporttrusted -file <file> The command generates a file with the name that you specify. This step is necessary in all environments. On a management server in a cluster, you need to complete this step on only one cluster node, because the trusted certificates are the same on all cluster nodes. To restore certificates 1. Restore the certificate authority certificate using the following command: ovcm -importcacert -file <file> [-pass <pass_phrase>] The command restores the certificate froma file with the name that you specify. To restore the certificate, you need the pass phrase that was used to create the file. If you specify the -pass option and the pass phrase contains spaces, surround it with quotation marks (""). If you omit the -pass option, the command prompts you for the password. 2. Restore the management server certificate using the following command: ovcert -importcert -ovrg -file <file> [-pass <pass_phrase>] The command imports the certificate fromthe file that you specify. On a management server in a cluster, complete this step on the currently active cluster node only. 3. Optional. Restore the management server trusted certificates using the following command: ovcert -importtrusted -ovrg server -file <file> This step is only necessary if the environment consists of multiple management servers and a backup of multiple trusted certificates is available. 4. Restore the node certificate using the following command: ovcert -importcert -file <file> [-pass <pass_phrase>] The command imports the certificate fromthe file. On a management server in a cluster, repeat this step for each cluster node. You need a different file for each cluster node. Each file contains a certificate that is valid only for the cluster node on which it was created. 5. Restore the node trusted certificate (or certficates) using the following command: ovcert -importtrusted -file <file> This command restores the node's trusted certificates. On a management server in a cluster, repeat this step for each cluster node. There should be one backup file that is valid for all cluster nodes (the trusted certificates are the same on all cluster nodes). Monitoring agentless nodes Agentless monitoring is defined as monitoring an object without installing any additional software on it. A systemthat is managed in an agentless fashion with HPOMis called a monitored node. With an agentless solution, the proxy node receives data which is collected using remote calls to the HP Operations Manager (9.00) Page 156 of 1297 Online Help Configuring nodes monitored systems. See Deployment models for more information about managing proxy nodes and agentless nodes. If the full capabilities of the HP Operations agent are not needed, for example, if the depth of information, command, and control requirements are limited, agentless monitoring can provide adequate monitoring while decreasing the effort for deployment, maintenance, and upgrade tasks associated with an agent-based solution. Agentless monitoring with HPOMrequires the help of an agent (proxy agent) installed on one managed node. This managed node acts as a proxy system to remotely access monitored nodes. Even though the policies for agentless monitoring belong to the monitored node, they are installed on the proxy system. You can monitor the following event sources without an agent: l SNMP (Simple Network Management Protocol) l WMI (Windows Management Instrumentation) Note: There are further remote agentless monitoring possibilities. If you can remotely access and retrieve data fromyour systems using technologies such as SSH or remsh, you can feed this data into HPOMusing the opcmon and opcmsg utilities. Agentless monitoring with integrated products One of the benefits of the HP BTOSoftware portfolio is the ability to integrate multiple products to solve more complex IT problems and for more flexible solution implementations. Remote monitoring of the IT infrastructure is a good example of how multiple HP BTOSoftware products can be used either individually to meet specific needs, or can be combined to provide a broader remote monitoring solution. The following products integrate with HPOMto enable remote or agentless monitoring of network elements, systems, applications, and services: l HP Network Node Manager i HP NNMi is primarily a remote-monitoring solution, in that it uses existing SNMP agents for network element discovery and status, without requiring additional code to be installed on the managed object. HPOMand HP NNMi integration components and documentation are included with HPOM. l HP SiteScope HP SiteScope is primarily a remote-monitoring solution. However, unlike HP NNMi, it use a probe-based approach to query monitored nodes. HPOMand HP SiteScope integration components and documentation are included with HPOM. Related Topics: l Deployment models l Identify the originating node l Monitor SNMP devices l Monitor WMI information l HP NNMi Adapter HP Operations Manager (9.00) Page 157 of 1297 Online Help Configuring nodes l HP SiteScope Adapter l License HPOM Deployment models There is no fixed upper limit for the number of nodes you can monitor within an HPOMenvironment. Scalability of agent-based or agentless monitoring in your environment primarily depends on the resources on the management server system, the managed nodes, and the network. The effect agentless monitoring has on the CPU and memory utilization on the proxy systemis dependent on the number of nodes, the number of metrics that are gathered, and the frequency of gathering that is used. The network connection and bandwidth between the proxy and the monitored nodes can also influence the time needed for gathering the data. Therefore, we recommend that you monitor resource utilization on the proxy systemto avoid problems with other applications running on the proxy. If monitoring significantly affects other applications, reduce the gathering frequency, choose another proxy systemwith more resources or split the work among several proxy systems, sharing the monitoring of nodes and metrics, as described in Proxy systems in large environments. The location and arrangement of proxy systems in agentless monitoring can be divided into the following scenarios: l HPOMmanagement server systemas the proxy system l Independent proxy system l Proxy systems in large environments HPOM management server system as the proxy system The most simple arrangement is to use the HP Operations agent running on the HPOM management server systemas a proxy agent for remote monitoring, that is the HPOMmanagement server systemalso acts as a proxy system. Note: If you plan to install additional HP BTOSoftware products, such as HP NNMi, HP Performance Manager, or HP Reporter on the systemhosting the HPOMmanagement server and proxy agent, make sure that the available systemresources are sufficient for all installed products. Resource consuming processes reduce the performance of remote monitoring as well as the performance of the HPOMmanagement server and other installed software. The following recommendations apply: HP Operations Manager (9.00) Page 158 of 1297 Online Help Configuring nodes l The maximumnumber of agentless monitored nodes should not exceed ten. This is not a hard- coded limit, but a recommendation to help ensure that resource utilization related to agentless monitoring does not result in a significant deterioration of the HPOMmanagement server performance. l The HPOMmanagement server systemhas sufficient resources to deal with the additional work load fromagent-based monitoring in addition to its regular tasks. Independent proxy system Using an independent proxy systemis recommended when the HPOMmanagement server system does not have sufficient resources to handle the proxy tasks without a noticeable impact on the performance of the HPOMmanagement server. In this case, select a suitable managed node to play the role of the proxy system. The following recommendations apply: l The selected managed node has sufficient resources to deal with the additional proxy work load. Proxy systems in large environments Whenever the number of agentless nodes being monitored is a strain on a single proxy system, we recommend using additional proxy systems. HP Operations Manager (9.00) Page 159 of 1297 Online Help Configuring nodes For each proxy system, the following recommendations apply: l The selected managed node has sufficient resources to deal with the additional proxy work load. Note: Any combination of the possible proxy systemconfigurations is acceptable, that is, you could have one proxy systembeing the HPOMmanagement server system, and one or more proxy systems being any other suitable managed node. Related Topics: l Monitor agentless nodes l Identify the originating node l Monitor SNMP devices l Monitor WMI information l License HPOM Identify the originating node In agentless monitoring, policies on the proxy systemdetect and process events on the monitored nodes. Based on the deployed policies, the proxy agent generates and forward HPOMmessages to the HPOMmanagement server. It is important that whenever a message is generated, the HPOMmanagement server can identify the node generating that message. Otherwise the message would be discarded and would not have any influence on the status of an HPOMservice. Therefore, it is very important that the incoming message belongs to one of the following: l Proxy system (required) See Configure the proxy system. l Monitored node (recommended) See Configure monitored nodes. Tip: To track discarded messages, you can temporarily set the server configuration variable Send warning message for each discarded message in the Message Action Server Message Filter namespace. If set to true, the management server sends a warning message that contains the name of the originating node in the message text. You can use this variable to detect systems that are not configured on the management server but that send many messages and hence slow down message processing. Configure the proxy system You must configure the systemused as the proxy systemfor agentless monitoring as a managed node in the HPOMmanagement server. If you configure only the proxy systemas a managed node (and not the agentless nodes as shown in the next section), then you have to make sure that all messages that are created by agentless monitoring specify the proxy systemas the originating node. (This is required because all messages have to be associated with a managed node. If policies set the node property to another node, and this node is not configured as managed node in HPOM, then the corresponding message is discarded.) In addition, you can put the originating node name in the message, for example in the message text or the object box, so that you do not loose this information. HP Operations Manager (9.00) Page 160 of 1297 Online Help Configuring nodes This setup can be used if it is not necessary to distinguish between several monitored nodes, and if you do not use the monitored node names in HPOMservice definitions. The proxy systemis treated as the owner of the problemand messages are shown as messages belonging to the proxy systemitself. Configure monitored nodes Besides the proxy server, which must be configured as a managed node in HPOMand has an HP Operations agent running on it, it is recommended to also configure the monitored nodes in HPOM. The advantage of configuring the monitored nodes in HPOMis that policies can set the node name to the originating node and messages will then show up as messages of the originating node in the message browser. It also allows you to create and use services that are hosted on monitored nodes. You can configure agentless nodes in the following ways: l Add agentless nodes individually l Configure external nodes Add agentless nodes individually To manage devices such as printers, routers, computers with unsupported operating systems, and computers without the need for full HP Operations agent monitoring, you must ensure that they have an IP address or a primary node name. To add a monitored node, right-click any group in the Nodes list to display the shortcut menu, and select New Node fromthat menu. The monitored nodes should be set up as follows: l Systemtype: Other l Operating System: SNMP (version v1 or v2) or Unknown These two types of operating systemstart these nodes for HPOMmanagement without an HP Operations agent installation. Note: For Microsoft Windows agentless nodes, do not select a Windows operating system name. If a Windows operating systemname is selected, automatic deployment is enabled by default, and an HP Operations agent is installed on the monitored node and it becomes a standard managed node. Configure external nodes The advantage of setting up agentless nodes as external nodes is that one external node can represent multiple agentless nodes. This means that fewer nodes must be configured. To add an external node, right-click any group in the Nodes list to display the shortcut menu, and select New External Node fromthat menu. Specify a pattern that matches the fully qualified domain names (FQDN), IP addresses, or node names of the agentless nodes. Related Topics: l Create new nodes l Configuring external nodes l Monitor SNMP devices HP Operations Manager (9.00) Page 161 of 1297 Online Help Configuring nodes l Monitor WMI information l Monitor agentless nodes l Deployment models l License HPOM Monitor SNMP devices HPOMis able to receive SNMP events generated by SNMP agents or applications and it can query MIB data using SNMP GET requests. The systemcan receive events using SNMP interceptor policies and monitor MIB variables using measurement threshold policies. The HP NNMi agent-based integration with HPOMis an example of agentless monitoring with SNMP. It provides an SNMP policy that enables HPOMto receive HP NNMi SNMP events. The HP NNMi server itself has an HP Operations agent installed and serves as a proxy for agentless monitoring. The monitored nodes must be configured in HPOM. Otherwise, HP NNMi-related messages of those nodes will not be received by the management server. SNMP event monitoring The SNMP interceptor policy is a remote monitoring policy, as the SNMP interceptor is able to receive events fromany systemin the environment and not just the systemwhere the SNMP interceptor is running. SNMP policies are used, for example, for the HP NNMi integration or with HP Systems Insight Manager. The SNMP interceptor policy type monitors SNMP events, and allows filtering based on originating node, event object ID, or when a character pattern that you choose is found in an SNMP event. The following example shows how one SNMP interceptor policy is able to monitor large volumes of SNMP events after establishing a small number of rules: HP Operations Manager (9.00) Page 162 of 1297 Online Help Configuring nodes Each rule looks for a certain event object ID: HP Operations Manager (9.00) Page 163 of 1297 Online Help Configuring nodes Note: It is recommended that a specific SNMP interceptor policy is only deployed to one proxy system. Node in rule condition If you leave the Node box blank, that is any node in the Rule Condition dialog box, SNMP events of all nodes are matched. If you want to limit the number of monitored nodes, you can specify any of the following: l Monitored node name l Multiple node names with the OR operator | l Multiple node names using variables, for example, $OPC_MGMTSV Node in outgoing message It is also recommended to insert SNMP variables into HPOMmessages that show the originating node, for example, $A is the variable containing the hostname of the originating host in the following example for the HP Systems Insight Manager. The variables differ fromapplication to application, so carefully check the SNMP event and variable definitions. The following example shows how the variable $A is used to set the node property of the outgoing message. This assumes that the originating node is configured as a managed node. HP Operations Manager (9.00) Page 164 of 1297 Online Help Configuring nodes SNMP MIB Monitoring The Measurement Threshold policy type includes the source type MIB, which allows thresholding on values for a specified MIB on a selected node. If source type MIB is selected, an SNMP GET is performed on the specified object ID (OID). By default, the collection is made on the local managed node but can be made remotely by specifying the optional hostname. The following example shows how the MIB with the OID .1.3.6.1.2.1.5.1.0 is monitored on node server.example.com: HP Operations Manager (9.00) Page 165 of 1297 Online Help Configuring nodes Related Topics: l Monitor WMI information l Monitor agentless nodes l Deployment models l Identify the originating node l SNMP interceptor policies l License HPOM Monitor WMI information Windows Management Instrumentation (WMI) is a component of Microsoft Windows operating systems and can be used to manage systems without installing an HP Operations agent. It provides standardized means for managing computer systems in an enterprise environment locally and remotely. WMI enables monitoring and controlling of managed objects, which complements systemmanagement with HPOMfor Windows. The WMI Interceptor and the Measurement Threshold policy type (source type WMI) can both access remote systems. For each policy type, you can specify the remote node as well as the account that the policy uses to access the WMI database of the remote node. The remote node must be configured as follows: HP Operations Manager (9.00) Page 166 of 1297 Online Help Configuring nodes l DCOM enabled DCOMmust be enabled on the remote node. l Local administrator rights The specified user must be a member of the local Administrators group on the remote note. Related Topics: l Monitor agentless nodes l Deployment models l Identify the originating node l Monitor SNMP devices l Windows Management Interface policies l Measurement threshold policies l License HPOM Monitoring cluster-aware applications A cluster-aware application is an application, for example a database application, that runs in a high-availability cluster. A cluster is a group of computers that work together to provide applications (or services, system resources, and data) to users. The computers in a cluster are connected to each other through a network, and programmatically connected by cluster software (for example, Microsoft Cluster Server, HP Serviceguard, Veritas Cluster, or Sun Cluster). High-availability clusters are computer clusters that guarantee high availability of the applications (or services, systemresources, and data) protected by the cluster. If one of the computers in a high-availability cluster is out of service due to failure or maintenance, another computer in the cluster becomes available to provide the application or service. In cluster environments, applications are represented as compounds of resources. Those resources construct a cluster resource group, which represents the application running in a cluster environment. Some applications, for example the database application Oracle, can run as multiple instances. In this case a resource group represents an instance of an application. Some cluster software products refer to the concept of resource groups using different terms: Cluster Software Resource Group HP Serviceguard Application Package (or Package) IBMHACMP Resource Group Microsoft Cluster Server Resource Group (or Group) Red Hat Advanced Server Resource Group (or Cluster Service) Sun Cluster Resource Group Veritas Cluster Server Service Group HP Operations Manager (9.00) Page 167 of 1297 Online Help Configuring nodes A resource group knows the states online, offline, and unknown. A resource group can be taken offline on one computer and be brought online on another computer. Automatic switchover to another computer in a cluster is called failover; manual switchover is known as switchover. A resource group has a network name and an IP address, is known to the name resolution, and can be addressed like an ordinary system. Users always access an application or service through the IP address or hostname of the resource group. The network representation of a resource group is sometimes referred to as logical host. The computers that are part of a cluster are also known as cluster nodes. In HPOM, they are referred to as physical nodes. All physical nodes have an HP Operations agent installed. Physical nodes that have an HTTPS agent installed can be logically grouped to virtual nodes. A virtual node can be regarded as a group of physical nodes linked by a common resource group name. Using virtual nodes to represent resource groups has the following advantages: l Events detected in the scope of the resource group, for example, by policies assigned to the virtual node, may receive that name as the originating node. l Correct filtering and selecting in the console. l Provide appropriate service names and message key correlations for true management of the cluster. HP Operations agents are cluster-aware, which means that the agent recognizes that it runs on a physical node in a cluster. The agent checks the state of the resource group on a physical node to decide whether to enable or disable the policies. By default, if a state maps to online, then a policy is enabled; if it maps to offline or unknown, it is disabled. This allows the agent to monitor the application where it really runs. The figure below shows a high-availability cluster with three physical nodes. The application runs on one of the physical nodes. On this node, the resource group is online and the policies are enabled. If the state of the resource group changes to offline, the HP Operations agent disables the policies on the node. The application starts on one of the other physical nodes and the HP Operations agent enables the policies there. HP Operations Manager (9.00) Page 168 of 1297 Online Help Configuring nodes Related Topics: l Virtual nodes l Create virtual nodes l Receive messages for virtual nodes l Integrate customcommands l Customize resource group state mappings l Configure DCE agents to monitor cluster-aware applications l Monitor DCE TruCluster systems Virtual nodes HPOMfor Windows uses the concept of virtual nodes to represent cluster resource groups. A virtual node can be regarded as a group of physical nodes linked by a common resource group name. The agents on these physical nodes automatically enable and disable policies on a physical node when the state of the resource group changes. A virtual node is hosted on the physical nodes that are part of the resource group. The physical nodes must have the HTTPS agent. (DCE agents are not supported as physical nodes hosting a HP Operations Manager (9.00) Page 169 of 1297 Online Help Configuring nodes virtual node.) The physical nodes of a resource group must not be virtual nodes themselves. To install or update the agent software on the physical nodes belonging to a resource group, you can deploy the agent software to the virtual node. A virtual node must not itself be a physical node. Virtual nodes do not support DHCP, autodeployment, and certificates. There must not be an agent installed on a virtual node. A virtual node has the IP address of the resource group. When you run a command on a virtual node, the command is executed on the node to which the virtual IP address refers. A virtual node carries the name of the resource group as an attribute. A virtual node can be associated with only one resource group name. You can assign the same resource group name to more than one virtual node, but these virtual nodes must not share any common physical nodes. This is because any policy assigned to both virtual nodes would receive the same resource group name a second time and the agent on the physical node would not be able to distinguish the virtual nodes. Policy management When you deploy policies to a virtual node, the resource group name is inserted into the header of each policy. The policies are then installed on all physical nodes that belong the virtual node. Each policy on a physical node has all resource group names attached for the virtual nodes to which it belongs. The policy inventory of the virtual node displays a list of policies that are deployed to the virtual node (but are installed on the physical nodes belonging to the virtual node). You cannot enable or disable policies in the policy inventory of the virtual node because the state of the resource group controls policy enablement for virtual nodes. The State column in the policy inventory displays a hyphen (-) for virtual nodes to indicate that policies cannot be enabled or disabled on these nodes. If you deploy a policy to both the virtual node and the physical node belonging to that virtual node, or you deploy a policy to a physical node only, the policy remains enabled even when the state of the resource group changes. This is because the policy that was deployed directly to the physical node does not contain the resource group name. In some situations you may want to deploy a policy directly to a physical node and not to the virtual node. For example, you may want to monitor a specific metric on a particular physical node independently of the resource group state. Policies that are displayed in the policy inventory of a physical node are deployed directly to that physical node, send messages independently of the resource group state, and can be enabled and disabled manually. Tip: Use the following commands to check the configuration of policies: Agent policies: ovpolicy -list -level 4 Server policies: ovpolivy -list -targetovrg server -level 4 Check the output for lines with attribute and HARG. Related Topics: l Create virtual nodes l Receive messages for virtual nodes l Customize resource group state mappings l Integrate customcommands l Configure HTTPS agents running under non-administrative accounts HP Operations Manager (9.00) Page 170 of 1297 Online Help Configuring nodes Create virtual nodes HPOMfor Windows uses the concept of virtual nodes to represent cluster resource groups. A virtual node can be regarded as a group of physical nodes linked by a common resource group name. The agents on these physical nodes can automatically enable and disable policies on a physical node when the state of the resource group changes. HPOMsupports only HTTPS agents as physical nodes of a virtual node. HTTPS agents are by default cluster-aware, which means that, after having deployed the policies to the virtual node, the agent recognizes automatically that it is running on a cluster system. If cluster awareness is not required, you can disable it. By default, HTTPS agents monitor all resource groups on a cluster system. You can temporarily disable the monitoring of resource groups to reduce the CPU load on the systems. Use the following command on each physical node in the cluster: ovconfchg -ns conf.cluster -set MONITOR_MODE false Messages that are generated for a monitored application in a cluster are by default associated with the physical nodes, not with the virtual node. To associate messages with the virtual node, see Receive messages for virtual nodes. To create a virtual node 1. Optional. For up-to-date information on supported cluster environments, see the support matrix at HP Software Support Online. 2. Open the node configuration editor, if it is not already open. 3. Fromwithin the Configure Managed Nodes dialog box, select the Nodes folder in the managed nodes list. 4. Right-click to open the shortcut menu. 5. Select New Node to open the node configuration wizard which you use to configure the new virtual node. The Base Settings page opens by default. 6. In the Base Settings page, type the name of the virtual node into the Fully Qualified Domain Name box. 7. Select Enter manually and click Next. The OS Setup page opens. 8. Make the following selections in the OS Setup page: a. Select the systemtype, operating system, bit length, and version. Your selection determines the operating systemof the physical nodes that you plan to associate with the virtual node. For example, if you select Windows Server 2008, you will only be able to associate Windows Server 2008 systems with the virtual node. b. Click Expert Mode. The Node Properties dialog box opens. 9. Make the following selections in the Virtualization page: a. Select Virtual Node. b. Click Add next to Hosted on Physical Nodes to select the managed nodes that host the HP Operations Manager (9.00) Page 171 of 1297 Online Help Configuring nodes virtual node. The list of managed nodes shows only nodes with the same operating systemas the virtual node. Note: HPOMsupports only HTTPS agents as physical nodes of a virtual node. c. In the Resource Group box, type the name of the cluster resource group. 10. Click OK to save the virtual node and to close the Node Properties dialog box. 11. Deploy policies to the virtual node. For server policies, the management server creates a single deployment job for the virtual node; for agent policies, it creates one job for each physical node. Note: The management server always deploys all policies to a virtual node, even if a more recent version of the policy already exists on the virtual node. Selecting Deploy policy only if version is newer in the Deploy policies on... dialog box has no effect. 12. Optional. For some physical nodes, for example for multihomed hosts, the standard hostname may be different fromthe name of the node in the cluster configuration. If this is the case, the agent cannot correctly determine the current state of the resource group. Configure the agent to use the hostname as it is known in the cluster configuration: a. On the physical node, run the command ovclusterinfo -a to obtain the name of the physical node as it is known in the cluster configuration: ovclusterinfo -a b. Configure the agent to use the name of the node as it is known in the cluster configuration: ovconfchg -ns conf.cluster -set CLUSTER_LOCAL_NODENAME <name> Replace <name> with the name of the node exactly as reported in the output of ovclusterinfo -a because <name> is case sensitive. c. Restart the agent: i. Stop the agent: ovc -stop AGENT ovc -stop COREXT ii. Restart the agent: ovc -start COREXT ovc -start AGENT Related Topics: l Deploy a policy or policy group l Receive messages for virtual nodes l Customize resource group state mappings l Integrate customcommands Receive messages for virtual nodes By default, messages that are generated by cluster-aware applications are associated with the physical nodes, not with the virtual node. To associate messages with the virtual node, configure HP Operations Manager (9.00) Page 172 of 1297 Online Help Configuring nodes the agents to replace the name of the physical node with the name of the virtual node in the message before sending the message to the management server. You configure the agents by installing configuration files on each physical node. The configuration files contain the name of the cluster-aware application, the name of the instance used by the application, and the resource group used by the cluster software. In addition, you must add the name and instance of the cluster-aware application as custommessage attributes to each policy that you deploy to the virtual node. Before the agents send a message to the management server, they use the names of the application and instance to look up the corresponding resource group. To configure virtual nodes as sending nodes There are two methods for creating and installing the configuration files on the physical nodes: l Create the configuration files manually and copy themto the physical nodes into the required directories. a. Microsoft Cluster Server clusters only. Make sure that the resource group that contains the resource being monitored contains both a network name and an IP address resource. If the resource group being monitored does not contain a network name and an IP address resource, then the following errors will be logged on the physical node and in the management server active messages browser for the physical node: Could not perform cluster API function, error code 1008 returned System Error Number: -1 (ffffffff) - (OpC30-3223). Could not read cluster information System Error Number: -1 (ffffffff) - (OpC30-3221). Application Package Monitor of subagent 0 aborted; process got signal 1 (OpC30-1041). The figure below shows the Microsoft Cluster Administrator window with the SQL-Server resource group shown in detail. This group contains the required network name (CLUSTER04) and IP address resources. b. Create an XML file that describes the cluster-aware application, and name it apminfo.xml. This file is used to define the resource groups that will be monitored and to map the resource groups to application instances. The apminfo.xml file has the following format: Note: No new line is allowed between package tags in the apminfo.xml file. HP Operations Manager (9.00) Page 173 of 1297 Online Help Configuring nodes <?xml version="1.0" ?> <APMClusterConfiguration> <Application> <Name>Name of the cluster-aware application.</Name> <Instance> <Name>Application's name for the first instance. The instance name is used for start and stop commands and corresponds to the name used to designate this instance in messages.</Name> <Package>Resource group in which the application's first instance runs.</Package> </Instance> <Instance> <Name>Application's name for the second instance.</Name> <Package>Resource group in which the application's second instance runs.</Package> </Instance> </Application> </APMClusterConfiguration> Example 1 for apminfo.xml In the example below, the name of the resource group is SQL-Server, and the network (or instance) name is CLUSTER04: <?xml version="1.0" ?> <APMClusterConfiguration> <Application> <Name>dbspi_mssqlserver</Name> <Instance> <Name>CLUSTER04</Name> <Package>SQL-Server</Package> </Instance> </Application> </APMClusterConfiguration> Example 2 for apminfo.xml In the example below, two applications, SQL_Server and Exchange, are defined. Each application defines two instances with a name and corresponding resource group. <?xml version="1.0"?> <APMClusterConfiguration> <Application> <Name>SQL_Server</Name> <Instance> <Name>SQL_Server1</Name> <Package>sqlsrvpkq1</Package> HP Operations Manager (9.00) Page 174 of 1297 Online Help Configuring nodes </Instance> <Instance> <Name>SQL_Server2</Name> <Package>sqlsrvpkq2</Package> </Instance> </Application> <Application> <Name>Exchange</Name> <Instance> <Name>MSEX_Server1</Name> <Package>msexpkq1</Package> </Instance> <Instance> <Name>MSEX_Server2</Name> <Package>msexpkq2</Package> </Instance> </Application> </APMClusterConfiguration> c. Create an XML file that describes the policies to be cluster-aware. The file name must have the format <name_of_cluster-aware_application>apm.xml. <name_of_ cluster-aware_application> must be identical to the content of the <Application><Name> tag in the apminfo.xml file. The application configuration file has the following format: <?xml version="1.0" ?> <APMApplicationConfiguration> <Application> <Name>Name of the cluster-aware application (must match the content of <Application><Name> in the apminfo.xml file). </Name> <Template>First policy that should be cluster- aware.</Template> <Template>Second policy that should be cluster- aware.</Template> <startCommand>An optional command that the agent runs whenever an instance of the application starts.</startCommand> <stopCommand>An optional command that the agent runs whenever an instance of the application stops.</stopCommand> </Application> </APMApplicationConfiguration> The stop and start commands can use the following variables: Variable Description $instanceName Resolves to the name of the instance that is starting or stopping. The instance is defined in the <Instance><Name> HP Operations Manager (9.00) Page 175 of 1297 Online Help Configuring nodes tags of the corresponding apminfo.xml file. $instancePackage Resolves to the name of the resource group that is starting or stopping. The resource group is defined in the <Instance><Package> tags of the corresponding apminfo.xml file. $remainingInstances Resolves to the number of the remaining instances of this application. $openViewDirectory Resolves to the commands directory on the agents. For a list of directories on the various agent platforms, see Deploy instrumentation. Tip: Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. Example for <name_of_cluster-aware_application>apm.xml The following example file called dbspi_mssqlserver.apm.xml shows how the Smart Plug-in for Databases configures the policies for the MS-SQL server. <?xml version="1.0"?> <APMApplicationConfiguration> <Application> <Name>dbspi_mssqlserver</Name><Template>DBSPI-MSS-05min- Reporter</Template> <Template>DBSPI-MSS-1d-Reporter</Template> <Template>DBSPI-MSS-05min</Template> <Template>DBSPI-MSS-15min</Template> <Template>DBSPI-MSS-1h</Template> <Template>DBSPI-MSS6-05min</Template> <Template>DBSPI-MSS6-15min</Template> <Template>DBSPI-MSS6-1h</Template> <Template>DBSPI Microsoft SQL Server</Template> <StartCommand>dbspicol ON $instanceName</StartCommand> <StopCommand>dbspicol OFF $instanceName</StopCommand> </Application> </APMApplicationConfiguration> d. Save the files in the following directories on all physical nodes in the resource group: o apminfo.xml o Nodes with a Windows operating system: %OvDataDir%conf\conf\ o Nodes with a UNIX or Linux operating system: $OvDataDir/conf/conf/ o <application_name>.apm.xml HP Operations Manager (9.00) Page 176 of 1297 Online Help Configuring nodes o Nodes with a Windows operating system: %OvDataDir%bin\instrumentation\conf o Nodes with a UNIX or Linux operating system: $OvDataDir/bin/instrumentation/conf These directories do not exist by default. When you create a file for the first time, you must manually create these directories. There is no special distribution mechanismto transport the files fromthe management server to the nodes. Typically, the files are installed manually on all nodes. There is no merge mechanismto add further entries. You must update them manually. e. On each physical node, check the syntax and configuration of the files with the command ovappinstance: o Nodes with a 32 bit Windows operating system: %OvInstallDir%\bin\ovappinstance -vc o Nodes with a 64 bit Windows operating system: %OvInstallDir%\bin\win64\ovappinstance -vc o Nodes with a UNIX or Linux operating system: $OvInstallDir/bin/ovappinstance -vc f. Stop and restart the agent after copying the files to the physical nodes: i. Stop the agent: ovc -stop AGENT ovc -stop COREXT ii. Restart the agent: ovc -start COREXT ovc -start AGENT g. Add custommessage attributes to each policy that you deploy to a virtual node. Use the following two custommessage attributes: Custom message attribute name Value HP Operations Manager (9.00) Page 177 of 1297 Online Help Configuring nodes namespace Application name as specified in the application name tag or in apminfo.xml. For measurement threshold and open message interface policies, you can use the variable <$OPTION(N)>, where N is the name of a variable that is supplied with the opcmon and opcmsg commands. For example: o Custommessage attribute: <$OPTION(my_namespace)> o opcmon command: opcmon policy_name=p -object o - option my_namespace=SQL_Server o opcmsg command: opcmsg a=a o=o msg_t="text" -option my_namespace=SQL_Server instance Instance name as specified in the application name tag or in apminfo.xml. For measurement threshold and open message interface policies, you can use the variable <$OPTION(N)>, where N is the name of a variable that is supplied with the opcmon and opcmsg commands. For example: o Custommessage attribute: <$OPTION(my_instance)> o opcmon command: opcmon policy_name=p -object o - option my_instance=Instance1 o opcmsg command: opcmsg a=a o=o msg_t="text" -option my_instance=Instance1 Before the agent sends the message to the management server, it uses the names of the application and instance to look up the corresponding resource group (IP address and node name). It then replaces the physical name with the virtual name in the message. The name and IP address of the resource group are added as custommessage attributes to the message. h. Deploy the policies to the virtual node. For server policies, the management server creates a single deployment job for the virtual node; for agent policies, it creates one job for each physical node. Note: The management server always deploys all policies to a virtual node, even if a more recent version of the policy already exists on the virtual node. Selecting Deploy policy only if version is newer in the Deploy policies on... dialog box has no effect. l Create a config file policy based on the template for cluster-aware applications provided by HP. When you deploy the config file policy to the physical nodes, an associated script creates the configuration files based on the information in the config file policy, and copies the files to the correct locations on the physical nodes. HPOMprovides a sample config file policy to help you configure the physical nodes of the cluster. (Click the image to find more information about individual sections of the policy.) HP Operations Manager (9.00) Page 178 of 1297 Online Help Configuring nodes Some HP Operations Smart Plug-ins (SPIs) may also provide configuration files for cluster awareness. For each config file policy, you can determine whether the configuration files extracted fromthe config file policy overwrite the SPI configuration files, or vice versa. a. Microsoft Cluster Server clusters only. Make sure that the resource group that contains the resource being monitored contains both a network name and an IP address resource. If the resource group being monitored does not contain a network name and an IP address resource, then the following errors will be logged on the physical node and in the management server active messages browser for the physical node: HP Operations Manager (9.00) Page 179 of 1297 Online Help Configuring nodes Could not perform cluster API function, error code 1008 returned System Error Number: -1 (ffffffff) - (OpC30-3223). Could not read cluster information System Error Number: -1 (ffffffff) - (OpC30-3221). Application Package Monitor of subagent 0 aborted; process got signal 1 (OpC30-1041). The figure below shows the Microsoft Cluster Administrator window with the SQL-Server resource group shown in detail. This group contains the required network name (CLUSTER04) and IP address resources. b. In the console tree, open Policy management Policies grouped by type Agent policies. Right-click ConfigFile, and then click New Policy. The config file policy editor appears. Alternatively, you can edit or copy the sample config file policy ClAwConfig, which is available in Policy management Policy groups Samples en Cluster Awareness. c. In the General tab, for Application, select ClusterAwareness. d. For Sub-Group, select APM. e. The entry in the Filename box is set to apm.xml. This is a read-only setting. f. Click Load Template to load the cluster awareness template into the edit field. The template has the following sections: o Command definitions This section contains the command that creates the configuration files and copies them to the correct locations on the physical nodes. The same command removes the configuration files when you remove the policy fromthe nodes. The command type (3) identifies the script as a Perl script. o <APMOptions> The options in this section determine whether the configuration files extracted fromthe config file policy overwrite the SPI configuration files. <APMCopySPIAppConfig> HP Operations Manager (9.00) Page 180 of 1297 Online Help Configuring nodes If set to true, the script associated with the config file policy copies the SPI configuration files (<application_name>.apm.xml) from <DataDir>/bin/instrumentation/ to <DataDir>/bin/instrumentation/conf. If set to false, SPI configuration files are not copied at all. <APMCopySPIAppConfigFirst> The script associated with the config file policy evaluates this option only if the option <APMCopySPIAppConfig> is set to true. If set to true, the script first copies the SPI configuration files, then the configuration files extracted fromthe config file policy. The configuration files fromthe policy may therefore overwrite the SPI configuration files. If set to false, the script first copies the configuration files extracted fromthe config file policy, then the SPI configuration files. The SPI configuration files may therefore overwrite the policy files. o <APMClusterConfiguration> This section lists the cluster-aware applications and their instances. The information in this section is used to denote the resource groups that are monitored and to map application instances to resource groups. The information in this section is copied into the apminfo.xml file. o Type the name of the cluster-aware application into the application name tag. o Type the name of the instance used by the application into the instance name tag. o Type the name of the resource group used by the cluster software into the instance package tag. o Optional. Add further applications. o <APMApplicationConfigurations> This section contains the names of one or more cluster-aware applications. The config file policy script creates a configuration file for each named application (<application_name>.apm.xml). o Type the name of the cluster-aware application into the application name tag. The name must match the application name in the <APMClusterConfiguration> section. o Optional. Add further applications. g. Assign the category ClAw to the policy to associate the config file instrumentation with the policy. This ensures that the management server automatically deploys the config file instrumentation when it deploys the config file policy: i. Click File Properties in the menu bar of the config file policy. A dialog box opens and displays the properties of the policy. HP Operations Manager (9.00) Page 181 of 1297 Online Help Configuring nodes ii. In the Category field, type ClAw. iii. Click OK to save your changes and close the properties dialog box. h. Save the config file policy, and then deploy it to the physical nodes. i. Add custommessage attributes to each policy that you deploy to a virtual node. Use the following two custommessage attributes: Custom message attribute name Value namespace Application name as specified in the application name tag or in apminfo.xml. For measurement threshold and open message interface policies, you can use the variable <$OPTION(N)>, where N is the name of a variable that is supplied with the opcmon and opcmsg commands. For example: o Custommessage attribute: <$OPTION(my_namespace)> o opcmon command: opcmon policy_name=p -object o - option my_namespace=SQL_Server o opcmsg command: opcmsg a=a o=o msg_t="text" -option my_namespace=SQL_Server instance Instance name as specified in the application name tag or in apminfo.xml. For measurement threshold and open message interface policies, you can use the variable <$OPTION(N)>, where N is the name of a variable that is supplied with the opcmon and opcmsg commands. For example: o Custommessage attribute: <$OPTION(my_instance)> o opcmon command: opcmon policy_name=p -object o - option my_instance=Instance1 o opcmsg command: opcmsg a=a o=o msg_t="text" -option my_instance=Instance1 Before the agent sends the message to the management server, it uses the names of the application and instance to look up the corresponding resource group (IP address and node name). It then replaces the physical name with the virtual name in the message. The name and IP address of the resource group are added as custommessage attributes to the message. j. Deploy the policies to the virtual node. For server policies, the management server creates a single deployment job for the virtual node; for agent policies, it creates one job for each physical node. HP Operations Manager (9.00) Page 182 of 1297 Online Help Configuring nodes Note: The management server always deploys all policies to a virtual node, even if a more recent version of the policy already exists on the virtual node. Selecting Deploy policy only if version is newer in the Deploy policies on... dialog box has no effect. Related Topics: l Config File l Add categories to a policy l Deploy a policy or policy group l Create virtual nodes l Integrate customcommands l Customize resource group state mappings l ovclusterinfo l ovappinstance Integrate custom commands HTTPS agents enable and disable policies when the state of the resource group changes. This allows the agent to monitor a cluster-aware application where it really runs. You can configure the agents to performadditional tasks when the state of the resource group changes, for example to start or stop commands. Note: For more information about integrating start and stop commands into DCE agents, see Configure DCE agents to monitor cluster-aware applications. You configure the agents by adding one or more commands to the <APMApplicationConfigurations> section of config file policies for cluster awareness, or directly to the <application_name>.apm.xml file. <application_name>.apm.xml is dependent on the application namespace. It is not dependent on the instance level. You must therefore also specify the instance on which the command will run. Instead of naming the instance you can use the following variables, which are set by the agent when start or stop tasks are performed: Variable Description $instanceName Resolves to the name of the instance that is starting or stopping. The instance is defined in the <Instance><Name> tags of the corresponding apminfo.xml file. $instancePackage Resolves to the name of the resource group that is starting or stopping. The resource group is defined in the <Instance><Package> tags of the corresponding apminfo.xml file. $remainingInstances Resolves to the number of the remaining instances of this application. $openViewDirectory Resolves to the commands directory on the agents. For a list of directories on the various agent platforms, see Deploy instrumentation. HP Operations Manager (9.00) Page 183 of 1297 Online Help Configuring nodes To integrate custom commands 1. Edit the <APMApplicationConfigurations> section of config file policies for cluster awareness, or the <application_name>.apm.xml file. For more information, see Receive messages for virtual nodes. 2. Add the start and stop commands using the following format: <?xml version="1.0" ?> <APMApplicationConfigurations> <APMApplicationConfiguration> <Application> <Name>Name of the cluster-aware application (must match the application name in the apminfo.xml file).</Name> <startCommand>An optional command that the agent runs whenever an instance of the application starts.</startCommand> <stopCommand>An optional command that the agent runs whenever an instance of the application stops.</stopCommand> </Application> </APMApplicationConfiguration> </APMApplicationConfigurations> Tip: Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. The following is an example for the cluster-aware application SQL_Server. When the resource group goes online, the agent also runs the command C:\startSQLSrv.bat $instanceName to start an instance of the SQL_Server application. When the resource group goes offline, the agent runs the command C:\stopSQLSrv.bat $instanceName to stop the instance. <?xml version="1.0"?> <APMApplicationConfigurations> <APMApplicationConfiguration> <Application> <Name>SQL_Server</Name> <StartCommand>C:\startSQLSrv.bat $instanceName</StartCommand> <StopCommand>C:\stopSQLSrv.bat $instanceName</StopCommand> </Application> </APMApplicationConfiguration> </APMApplicationConfigurations> 3. If you have modified the <application_name>.apm.xml file, save the file and restart the agent: a. Stop the agent: ovc -stop AGENT ovc -stop COREXT b. Restart the agent: HP Operations Manager (9.00) Page 184 of 1297 Online Help Configuring nodes ovc -start COREXT ovc -start AGENT 4. If you have modified a config file policy for cluster awareness, save the policy and deploy it to the physical nodes. Related Topics: l Config File l Configure HTTPS agents running under non-administrative accounts l Monitoring cluster-aware applications Customize resource group state mappings The agent checks the state of the resource group on a cluster node to decide whether the policies have to be enabled or disabled. By default, if a state maps to online, then a policy is enabled; if it maps to offline or unknown, then it is disabled. You may want to modify the mapping, for example, to treat the resource group state which is only partially online as offline. Use the tool ovconfchg on all HTTPS agents in a cluster to change the mapping of resource group states. To change the mapping on DCE agents running Microsoft Cluster Server, you must configure parameters in a nodeinfo policy. To customize resource group state mappings on HTTPS agents ovconfchg -ns conf.cluster.RGState.<cluster_software> -set <cluster_ state> <state> For example, to map the Microsoft Cluster Server state ClusterGroupPartialOnline to offline, enter: ovconfchg -ns conf.cluster.RGState.MSCS -set ClusterGroupPartialOnline offline In the example above, the HTTPS agent has been modified to treat a cluster group in a partial online state as offline rather than the default value of online, and as such when the resource group is in a partially online state the policies continue to be enabled. Default resource group state mappings Cluster Software Mapping HP Serviceguard [conf.cluster.RGState.MCSG] down=offline halting=unknown starting=unknown unknown=unknown up=online Microsoft Cluster Server [conf.cluster.RGState.MSCS] ClusterGroupFailed=offline ClusterGroupOffline=offline ClusterGroupOnline=online ClusterGroupPartialOnline=online ClusterGroupStateUnknown=unknown Red Hat Advanced Server started=online HP Operations Manager (9.00) Page 185 of 1297 Online Help Configuring nodes [conf.cluster.RGState.RHAS] Sun Cluster [conf.cluster.RGState.SC] ERROR_STOP_FAILED=unknown OFFLINE=offline ONLINE=online PENDING_OFFLINE=unknown PENDING_ONLINE=unknown UNMANAGED=unknown Veritas Cluster Server [conf.cluster.RGState.VCS] _OFFLINE_=offline _ONLINE_=online _PARTIAL_=unknown _UNKNOWN_=unknown Cluster group states in Microsoft Cluster Server Cluster Group State Description ClusterGroupFailed At least one resource in the group has failed. ClusterGroupPending At least one resource in the group is in a pending state. There are no failed resources. ClusterGroupOnline All of the resources in the group are online. ClusterGroupPartialOnline At least one resource in the group is online. No resources are pending or failed. ClusterGroupOffline All of the resources in the group are offline or there are no resources in the group. ClusterGroupStateUnknown The state of the group is unknown. To customize cluster group state mappings on DCE agents running Microsoft Cluster Server By default only the state "ClusterGroupOnline" is treated as online. But it is possible to map other states using the following nodeinfo parameters: l OPC_APM_HANDLE_GROUP_AS_ONLINE This nodeinfo parameter allows you to define which cluster group states are treated as online. Syntax: OPC_APM_HANDLE_GROUP_AS_ONLINE <state1>, <state2> Example: OPC_APM_HANDLE_GROUP_AS_ONLINE ClusterGroupOnline, ClusterGroupPartialOnline, ClusterGroupFailed l PC_APM_HANDLE_PARTIAL_AS_ONLINE (deprecated) HP Operations Manager (9.00) Page 186 of 1297 Online Help Configuring nodes This nodeinfo parameter allows you to define that the cluster group state "ClusterGroupPartialOnline" is handled as online. Syntax: OPC_APM_HANDLE_PARTIAL_AS_ONLINE TRUE This nodeinfo variable is still available for backward compatibility but should not be used in future. Instead use: OPC_APM_HANDLE_GROUP_AS_ONLINE ClusterGroupOnline, ClusterGroupPartialOnline If both variables, OPC_APM_HANDLE_GROUP_AS_ONLINE and OPC_APM_HANDLE_ PARTIAL_AS_ONLINE, are used, the variable OPC_APM_HANDLE_GROUP_AS_ONLINE has the higher priority and OPC_APM_HANDLE_PARTIAL_AS_ONLINE is ignored. To customize cluster node state mappings on DCE agents running Microsoft Cluster Server By default, the state "ClusterNodeUp" is considered as online. But it is possible to map other states using the following nodeinfo parameter: l OPC_APM_HANDLE_NODE_AS_ONLINE This nodeinfo parameter allows you to define which cluster node states are treated as online. Syntax: OPC_APM_HANDLE_NODE_AS_ONLINE <state1>, <state2> Example: OPC_APM_HANDLE_NODE_AS_ONLINE ClusterNodeUp, ClusterNodeJoining Cluster node states in Microsoft Cluster Server Cluster Node State Description ClusterNodeUp The node is physically plugged in, turned on, booted, and capable of executing programs. ClusterNodeDown The node is turned off or not operational. ClusterNodeJoining The node is in the process of joining a cluster. ClusterNodePaused The node is running but not participating in cluster operations. ClusterNodeStateUnknown The state of the node is unknown. Related Topics: l Monitoring cluster-aware applications l Node Info Policy Type HP Operations Manager (9.00) Page 187 of 1297 Online Help Configuring nodes Configure HTTPS agents running under non-administrative accounts By default, HTTPS agents regularly check the status of the resource group. On UNIX and Linux nodes, the agents use cluster application-specific commands, which can typically only be run by root users. (On Windows nodes, the agents use APIs instead of running commands.) If you change the user of an HTTPS agent, the agent may no longer have the permissions required to successfully execute cluster commands. In this case you must configure the agent to use a security program(for example, sudo or .do) when issuing cluster commands. To configure non-root HTTPS agents to use a security program 1. On the physical cluster nodes, log in as root and open a shell prompt. Ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 2. To stop the agent, type the following command: ovc -kill 3. To configure the agent to use a security program, type the following command: ovconfchg -ns ctrl.sudo -set OV_SUDO <security_program> Replace <security_program> with the name of the programyou want the agent to use, for example /usr/local/bin/.do. 4. To start the agent, type the following command: ovc -start Cluster commands If you are using a configuration file to specify which users can run which commands, you must add the cluster commands listed in the table below to this file. For example, if you use sudo and the agent runs as AgentUser, add the following line to the sudoers file to allow the AgentUser user to run HP Serviceguard commands without the need for a password: AgentUser ALL=(ALL) NOPASSWD: /usr/sbin/cmviewcl,/usr/sbin/cmgetconf Cluster software Cluster commands AIX Cluster /usr/es/sbin/cluster/clstat /usr/es/sbin/cluster/utilities/clRGinfo /usr/es/sbin/cluster/utilities/clgetip HP Serviceguard /usr/sbin/cmviewcl /usr/sbin/cmgetconf HP Operations Manager (9.00) Page 188 of 1297 Online Help Configuring nodes Microsoft Cluster Server The agent uses APIs instead of commands. Red Hat Cluster Suite (Red Hat Enterprise Linux 3) /usr/sbin/redhat-config-cluster-cmd /usr/sbin/clustat Red Hat Cluster Suite (Red Hat Enterprise Linux 4) /sbin/cman_tool /usr/sbin/clustat Red Hat Cluster Suite (Red Hat Enterprise Linux 5) /usr/sbin/cman_tool /usr/sbin/clustat Sun Cluster /usr/cluster/bin/scha_cluster_get /usr/cluster/bin/scha_resource_get /usr/cluster/bin/scha_resourcegroup_get TruCluster /usr/sbin/clu_get_info Veritas Cluster /opt/VRTSvcs/bin/haclus /opt/VRTSvcs/bin/hasys /opt/VRTSvcs/bin/hagrp /opt/VRTSvcs/bin/hares Related Topics: l Change the user of an HTTPS agent on a UNIX or Linux node Configure DCE agents to monitor cluster-aware applications DCE agents must be configured to be able to enable and disable policies when the state of the resource group changes. The configuration described below will create a scenario where policies that you designate are enabled on the node in the cluster where the application is currently running, and disabled on all other nodes in the cluster. Note: DCE agents are not supported with virtual nodes. To configure DCE agents to monitor cluster-aware applications 1. Optional. For up-to-date information on supported cluster environments, see the support matrix at HP Software Support Online. 2. Microsoft Cluster Server clusters only. Make sure that the resource group that contains the resource being monitored contains both a network name and an IP address resource. If the resource group being monitored does not contain a network name and an IP address resource, then the following errors will be logged on the physical node and in the management server active messages browser for the physical node: Could not perform cluster API function, error code 1008 returned System Error Number: -1 (ffffffff) - (OpC30-3223). Could not read cluster information System Error Number: -1 (ffffffff) - (OpC30-3221). HP Operations Manager (9.00) Page 189 of 1297 Online Help Configuring nodes Application Package Monitor of subagent 0 aborted; process got signal 1 (OpC30-1041). The figure below shows the Microsoft Cluster Administrator window with the SQL-Server resource group shown in detail. This group contains the required network name (CLUSTER04) and IP address resources. 3. Create an XML file that describes the cluster-aware application, and name it apminfo.xml. This file is used to define the resource groups that will be monitored and to map the resource groups to application instances. The apminfo.xml file has the following format: Note: No new line is allowed between package tags in the apminfo.xml file. <?xml version="1.0" ?> <APMClusterConfiguration> <Application> <Name>Name of the cluster-aware application.</Name> <Instance> <Name>Application's name for the first instance. The instance name is used for start and stop commands and corresponds to the name used to designate this instance in messages.</Name> <Package>Resource group in which the application's first instance runs.</Package> </Instance> <Instance> <Name>Application's name for the second instance.</Name> <Package>Resource group in which the application's second instance runs.</Package> </Instance> </Application> </APMClusterConfiguration> Example 1 for apminfo.xml In the example below, the name of the resource group is SQL-Server, and the network (or HP Operations Manager (9.00) Page 190 of 1297 Online Help Configuring nodes instance) name is CLUSTER04: <?xml version="1.0" ?> <APMClusterConfiguration> <Application> <Name>dbspi_mssqlserver</Name> <Instance> <Name>CLUSTER04</Name> <Package>SQL-Server</Package> </Instance> </Application> </APMClusterConfiguration> Example 2 for apminfo.xml In the example below, two applications, SQL_Server and Exchange, are defined. Each application defines two instances with a name and corresponding resource group. <?xml version="1.0"?> <APMClusterConfiguration> <Application> <Name>SQL_Server</Name> <Instance> <Name>SQL_Server1</Name> <Package>sqlsrvpkq1</Package> </Instance> <Instance> <Name>SQL_Server2</Name> <Package>sqlsrvpkq2</Package> </Instance> </Application> <Application> <Name>Exchange</Name> <Instance> <Name>MSEX_Server1</Name> <Package>msexpkq1</Package> </Instance> <Instance> <Name>MSEX_Server2</Name> <Package>msexpkq2</Package> </Instance> </Application> </APMClusterConfiguration> 4. Save the completed apminfo.xml file on each node in the cluster in the following directory: n Nodes with a Windows operating system: <install_dir>\Installed Packages\{790C06B4-844E-11D2-972B-080009EF8C2A}\conf\OpC n Nodes with a UNIX or Linux operating system: /var/opt/OV/conf/OpC 5. Write policies to monitor the cluster-aware application. 6. Create an XML file that describes the policies to be cluster-aware. The file name must have the HP Operations Manager (9.00) Page 191 of 1297 Online Help Configuring nodes format <name_of_cluster-aware_application>apm.xml. <name_of_cluster- aware_application> must be identical to the content of the <Application><Name> tag in the apminfo.xml file. The application configuration file has the following format: <?xml version="1.0" ?> <APMApplicationConfiguration> <Application> <Name>Name of the cluster-aware application (must match the content of <Application><Name> in the apminfo.xml file). </Name> <Template>First policy that should be cluster- aware.</Template> <Template>Second policy that should be cluster- aware.</Template> <startCommand>An optional command that the agent runs whenever an instance of the application starts.</startCommand> <stopCommand>An optional command that the agent runs whenever an instance of the application stops.</stopCommand> </Application> </APMApplicationConfiguration> The stop and start commands can use the following variables: Variable Description $instanceName Resolves to the name of the instance that is starting or stopping. The instance is defined in the <Instance><Name> tags of the corresponding apminfo.xml file. $instancePackage Resolves to the name of the resource group that is starting or stopping. The resource group is defined in the <Instance><Package> tags of the corresponding apminfo.xml file. $remainingInstances Resolves to the number of the remaining instances of this application. $openViewDirectory Resolves to the commands directory on the agents. For a list of directories on the various agent platforms, see Deploy instrumentation. Tip: Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. Example for <name_of_cluster-aware_application>apm.xml The following example file called dbspi_mssqlserver.apm.xml shows how the Smart Plug-in for Databases configures the policies for the MS-SQL server. HP Operations Manager (9.00) Page 192 of 1297 Online Help Configuring nodes <?xml version="1.0"?> <APMApplicationConfiguration> <Application> <Name>dbspi_mssqlserver</Name><Template>DBSPI-MSS-05min- Reporter</Template> <Template>DBSPI-MSS-1d-Reporter</Template> <Template>DBSPI-MSS-05min</Template> <Template>DBSPI-MSS-15min</Template> <Template>DBSPI-MSS-1h</Template> <Template>DBSPI-MSS6-05min</Template> <Template>DBSPI-MSS6-15min</Template> <Template>DBSPI-MSS6-1h</Template> <Template>DBSPI Microsoft SQL Server</Template> <StartCommand>dbspicol ON $instanceName</StartCommand> <StopCommand>dbspicol OFF $instanceName</StopCommand> </Application> </APMApplicationConfiguration> 7. Assign a category to the policies. For more information about categories, see Add categories to a policy. 8. Create a category directory for the category you defined earlier. Copy the XML files generated in step 6 to this directory. The management server automatically deploys the XML files to the node whenever it deploys policies of this category. The files are placed in the following directories on the managed nodes: n Nodes with a Windows operating system<install_dir>\Installed Packages\{790C06B4-844E-11D2-972B- 080009EF8C2A}\bin\Instrumentation\conf n Nodes with a UNIX or Linux operating system: /var/opt/OV/bin/instrumentation/conf 9. Ensure that the physical nodes where the resource groups reside are all managed nodes. 10. Deploy the policies listed in <application_name>.apm.xml and the monitors to all the physical nodes in the cluster. 11. Restart the agent: a. Stop the agent: opcagt -kill b. Restart the agent: opcagt -start Related Topics: l Customize resource group state mappings l Monitor DCE TruCluster systems l ovclusterinfo l ovappinstance HP Operations Manager (9.00) Page 193 of 1297 Online Help Configuring nodes Monitor DCE TruCluster systems l You must create a node group for your TruCluster systemand add the TruCluster members to this node group. l Installing or uninstalling the agent software must be done on one TruCluster member; the software is added to or deleted fromthe other TruCluster members automatically. l Deploy instrumentation and policies to all TruCluster members. Cluster Application Availability (CAA) is used to start a single-instance application on an individual TruCluster member and relocate it during failover to another cluster member. You can use CAA to relocate application monitoring during a failover. For further information on CAA, see the Cluster Highly Available Applications manual in the Tru64 UNIX TruCluster documentation set. Chapter 2, Using CAA for Single-Instance Application Availability, is particularly useful. For further information on TruCluster systemadministration, see the Cluster Administration manual in the Tru64 UNIX TruCluster documentation set. To relocate the monitoring of a single-instance application during failover 1. Create the CAA resource profile and action script for the application, either through the SysMan Menu or by using the caa_profile command. This step creates the /var/cluster/caa/profile/.cap and /var/cluster/caa/scripts/.scr files, respectively. a. Test the action script. b. Validate the resource profile. c. Register the resource with CAA. d. Start the resource. 2. Fromthe HPOMserver, deploy this policy to all cluster members. 3. After the initial deployment of the policy, use the opctemplate -d command to disable the policy for all cluster members on which the application does not run. opctemplate -d This step is required only after the initial policy deployment. On subsequent policy deployments, the policy state is maintained on the managed TruCluster members. 3. Edit the application's action script, which has three main routines: start, stop, and check. a. Enable the policy in start routine with the opctemplate -e command. b. Disable the policy in stop routine with the opctemplate -d command. View example With these changes, if the TruCluster member on which the application is running fails, or if a particular required resource fails, CAA does the following: l Disables the monitoring of the application l Relocates, or fails over, the application to another member that either has the required resources HP Operations Manager (9.00) Page 194 of 1297 Online Help Configuring nodes available or on which the required resource can be started l Starts monitoring the application on that other member Sample Application This is a simple Tcl/Tk application named xhostname that HPOMwill monitor. #!/usr/bin/wish set hname [exec hostname -s] set clarg [lindex $argv 0] wm minsize . 350 30 wm title . "$argv0 on $hname $clarg" button .hostname -font helvb24 -text $hname -command { exit } pack .hostname -padx 10 -pady 10 CAA Profile The following is the CAA profile for the xhostname application. NAME=xhostname TYPE=application ACTION_SCRIPT=xhostname.scr ACTIVE_PLACEMENT=0 AUTO_START=0 CHECK_INTERVAL=60 DESCRIPTION=xhostname FAILOVER_DELAY=0 FAILURE_INTERVAL=0 FAILURE_THRESHOLD=0 HOSTING_MEMBERS= OPTIONAL_RESOURCES= PLACEMENT=balanced REQUIRED_RESOURCES= RESTART_ATTEMPTS=1SCRIPT_TIMEOUT=60 CAA Action Script The following is the CAA action script for the xhostname application. This script contains annotations to show you where you need to modify the existing code. #!/usr/bin/ksh -p # # ***************************************************************** # * * # * Copyright (c) Digital Equipment Corporation, 1991, 1998 * # * * # * All Rights Reserved. Unpublished rights reserved under * # * the copyright laws of the United States. * # * * HP Operations Manager (9.00) Page 195 of 1297 Online Help Configuring nodes # * The software contained on this media is proprietary to * # * and embodies the confidential technology of Digital * # * Equipment Corporation. Possession, use, duplication or * # * dissemination of the software and media is authorized only * # * pursuant to a valid written license from Digital Equipment * # * Corporation. * # * * # * RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure * # * by the U.S. Government is subject to restrictions as set * # * forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, * # * or in FAR 52.227-19, as applicable. * # * * # ***************************************************************** # # HISTORY # # @(#)$RCSfile$ $Revision$ (DEC) $Date$ # # This is the CAA action script for the xhostname application. # This action script has been modified so that the monitoring # of the application fails over along with the application. # # The start and stop routines of the script have been enhanced # to enable the monitoring template in the start routine and disable # the monitoring template in the stop routine, using the # "opctemplate -e | -d" command. If the enabling and # disabling of the monitoring template was not successful # a message is sent to the HPOM management server. In order # that the message is sent, the opcmsgi agent should be # running on the managed nodes (Assign and Distribute the # Default Digital UNIX (Tru64 UNIX) opcmsg(1|3) template onto all the # TruCluster nodes). # PATH=/sbin:/usr/sbin:/usr/bin export PATH XHOSTNAME=/usr/bin/xhostname export DISPLAY="<hostname>:0" (You need to add this next block of code from here. # PATH for the opctemplate and opcmsg command OPCTEMPLATE=/usr/opt/OV/bin/OpC/opctemplate OPCMSG=/usr/opt/OV/bin/OpC/opcmsg # Monitoring template for the Xhostname application # that has been assigned and distributed to all the # TruCluster nodes. TEMPLATE=Xhostname .to here) HP Operations Manager (9.00) Page 196 of 1297 Online Help Configuring nodes case $1 in 'start') # Start the xhostname application if [ -x $XHOSTNAME ]; then if $XHOSTNAME & then (You need to add this next block of code from here.. # Check if the opctemplate command exists. Enable the template. if [ -x $OPCTEMPLATE ]; then $OPCTEMPLATE -e $TEMPLATE # Check if the enabling of the template was successful # else send a message to the HPOM management server. if [ `$OPCTEMPLATE -l $TEMPLATE | grep -c enabled` -ne 1 ] then # Check if the opcmsgi agent is running. This agent is needed to send # the message to the HPOM management server. if [ `ps -eaf | grep -v grep | grep -c opcmsgi` -ne 0 ] then $OPCMSG appl=$TEMPLATE \ msg_grp=OS \ object=daemon \ msg_text="Template $TEMPLATE not enabled" \ sev=warning fi fi fi .to here) fi fi exit 0 ;; 'stop') (You need to add this next block of code from here.. # Check if the opctemplate command exists and disable the template if [ -x $OPCTEMPLATE ]; then $OPCTEMPLATE -d $TEMPLATE # Check if the disabling of the template was successful else send a # message to the HPOM management server. if [ `$OPCTEMPLATE -l $TEMPLATE | grep -c disabled` -ne 1 ] then # Check if the opcmsgi agent is running. This agent is needed to send # the message to the HPOM management server. if [ `ps -eaf | grep -v grep | grep -c opcmsgi` -ne 0 ] HP Operations Manager (9.00) Page 197 of 1297 Online Help Configuring nodes then $OPCMSG appl=$TEMPLATE \ msg_grp=OS \ object=daemon \ msg_text="Unable to disable template $TEMPLATE" \ sev=warning fi fi fi .to here) # Check if the xhostname application is running and stop it. ps -eu 0 -o pid,command | grep -v grep | grep -E '/usr/bin/xhostname' | cut -f1 -d' ' | \ xargs kill -KILL exit 0 ;; 'check') PID=`ps -eu 0 -o command | grep -v grep | grep -E '/usr/bin/xhostname' ` if [ -z "$PID" ] ; then exit 1 fi exit 0 ;; *) $ECHO "usage: $0 {start|stop|check}" exit 1 ;; esac Related Topics: l Configure DCE agents to monitor cluster-aware applications HP Operations Manager (9.00) Page 198 of 1297 Online Help Configuring nodes Configuring management servers There are several ways to change the configuration of a management server. HP Operations Manager (9.00) Page 199 of 1297 Online Help Configuring management servers Generic server configuration The server configuration dialog contains a generic server configuration tab, which enables you to configure many different aspects of a management server's configuration. This eliminates the need to manually configure values on a management server using registry editors or commands. Related Topics: l Change server configuration values l Find help on server configuration values l ovowconfigutil Change server configuration values The server configuration dialog enables you to change many different values, which control many different aspects of a management server's configuration. Tip: Click Find to open a find dialog box where you can search for all or part of a value name in all namespaces. To change server configuration values 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Select a Namespace. A list of values appears. Each namespace contains a group of related values. 3. Optional. To see all available values, select Expert mode. Otherwise, the dialog shows only the most commonly used values. 4. Click the value that you want to change. Depending on the type of value, you can either type a new value, or select a value froma list that appears. 5. Optional. If a value appears in bold, the default value has been changed. To reset the value to its default, right-click the value, and then click Set to default. 6. If the value name ends with an asterisk (*), you must restart one or more management server components. Read the Description for the exact requirements. 7. Click OK. Related Topics: l Find help on server configuration values Find help on server configuration values The server configuration dialog enables you to change many different values, which control many different aspects of a management server's configuration. When you select a configuration value, a description appears in the dialog. More detailed online help is also available for many configuration values. HP Operations Manager (9.00) Page 200 of 1297 Online Help To find help on server configuration values: 1. In the Server Configuration dialog, click the Generic server configuration tab, and then select the appropriate Namespace. 2. Optional. To see all available values, select Expert mode. 3. Right-click the value that you need help on, and then click Help. Note: If the help menu itemis unavailable, no appropriate help topics exist. HP Operations Manager (9.00) Page 201 of 1297 Online Help Duplicate message suppression As messages arrive fromvarious managed nodes, they are compared to existing messages on the management server. If a duplicate is found, the systemincrements the original message's duplicate count, discards the new message, and forwards notification of the change to the original message's duplicate count to all interested message browsers. You can configure duplicate message suppression to store the most important attributes of the new message with the original message before the duplicate is discarded. A maximumof 10 duplicate annotations, plus 1 duplicate annotation containing the original message attributes, is stored by default with the original message. You can also configure the management server to add automatic action responses as annotations to original messages. If you do not want to suppress message duplicates indefinitely, you can configure the management server to create a new message after a specific interval, or after a specific number of duplicates. By default, the management server does not start remote automatic actions for duplicate messages, but you can change this behavior. Message suppression and newpolicy creation and testing When creating and testing new policy versions, you should do one of the following: l Disable message suppression temporarily l Acknowledge all messages which were created by the old policy version. This prevents messages created by the new policy frombeing recognized as duplicates of the messages created by the old policy. Note: If server-based flexible management is enabled, all participating servers have to be configured in exactly the same way concerning message suppression to prevent inconsistencies between the servers. Related Topics: l Configure duplicate message suppression l Specify duplicate message criteria l Configure maximumsuppression thresholds l Configure automatic actions for duplicate messages l Generate message keys automatically Configure duplicate message suppression The message suppression tab in the server configuration dialog enables you to configure how the management server handles duplicate messages. To configure duplicate message suppression 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click the Message Suppression tab. HP Operations Manager (9.00) Page 202 of 1297 Online Help 3. Check the Suppress and count duplicate messages check box. The number of duplicate messages appears in the message browser headline in the Duplicates column. Selecting this option can improve performance if a message stormoccurs. Suppressing messages delays their arrival in the browser for the specified number of seconds and can prevent message storms. One message is sent to the browser and the count indicates whether a stormis in progress. 4. To specify the criteria for a duplicate message, click Message Fields to open the Duplicate Message Comparison Fields dialog box and use it to indicate your choice. 5. Specify the severity level, the message text, or both, to display in the browser using the options in the Display the severity of: list box. You can display the following options: n Severity and message text of the original message n Severity and message text of the most recent duplicate n Severity of the duplicate and the message text of the original message If messages are not matched by severity, message text, or both, (for example, if they contain a message key) you could have a duplicate with different severity or message text, or both. You would want to see the data of the most recent duplicate, for example, if the severity had changed fromMajor to Normal. You should not change the default Display the severity and the text of the most recent duplicate because some SPI-generated messages would cause the console to show the wrong severity and message text. 6. Time interval (in milliseconds): Specify the time interval at which the duplicate counter is refreshed in the message browser, rather than the real-time arrival of messages. This helps to control message storms. 7. Buffered duplicates limit: Specify the number of cached duplicates to be consolidated on the server side before they are sent to the console. This setting is only functional when Time interval (in milliseconds) is set to a value higher than 0 and the Unlimited checkbox is cleared. Whenever the time interval for adding duplicates to the browser expires, or the maximum number of duplicates cached is reached, the duplicates are sent consolidated to the console. If you have specified 5 seconds, for example, and 1,000 duplicates, if 5 seconds is reached before 1,000 duplicates have arrived, the duplicates are posted anyway. If 1,000 duplicates arrive before the 5 second interval is up, they will be posted even though the interval has not been exceeded. 8. Duplicate Message Storage Settings: Check the box Store duplicate messages if you want to include the duplicate as a duplicate annotation in the Message Browser dialog box Duplicates tab. 9. Maximum number of duplicates to store: Enter a number in the field for the maximum number of duplicates you want to keep. The Unlimited choice is usually not recommended because the number could become extremely high. 10. Click Apply. Related Topics: l Specify duplicate message criteria l Configure maximumsuppression thresholds HP Operations Manager (9.00) Page 203 of 1297 Online Help l Generate message keys automatically l Specify console data presentation properties Specify duplicate message criteria For a message to be considered a duplicate of an existing message, selected criteria must match those same criteria in the original message. By specifying characteristics such as node name, you can specify which criteria must be matched. By doing so, you can control the number of duplicate messages received in the message browser. Messages with identical message keys are always considered duplicates. For messages without message keys, you can specify one or all of the following criteria that a message must meet to be considered a duplicate. By default, all options are selected. l Severity l Service ID l Message Text l Condition l Message Group l Node Name l Application l Object To select the criteria a duplicate message must possess 1. Select the check box for each criteria that must match the original message. Click Select All to select all boxes. All selected criteria or the message key (if available) will be used for duplicate message suppression. 2. Optional. Click Clear All if the message key should be the only criteria for duplicate message suppression. 3. Click OK to close the dialog box and confirmyour changes. When you return to the message browser, the options you selected will take effect. Related Topics: l Configure duplicate message suppression l Generate message keys automatically Configure maximum suppression thresholds If an original message remains unacknowledged, you may not want to suppress its duplicates indefinitely. You may want a new message after a specific interval, or after a specific number of duplicates. For example, you can configure the management server to suppress duplicate messages for a maximumof 24 hours. Alternatively, you can configure the management server to suppress a maximumof 20 duplicate messages. You can also specify both thresholds, so that the management server creates a new message in either case. HP Operations Manager (9.00) Page 204 of 1297 Online Help To configure maximum suppression thresholds 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Message Suppression . A list of values appears. 3. Optional. Set the value of Maximum duplicate time interval. This value configures the number of minutes after the arrival of an original message that it is possible for another message to be its duplicate. Messages can only be duplicates of an original message if they arrive within this interval. Use 0 to specify an infinite interval. 4. Optional. Set the value of Maximum duplicate count. This value configures the maximum number of duplicate messages that an original message can have. Use 0 to specify an infinite number of duplicates. 5. Click Apply. Related Topics: l Configure duplicate message suppression Configure automatic actions for duplicate messages By default, if a duplicate message contains a remote automatic action request, the management server ignores this request. The remote automatic action runs for the original message only. However, if you want the action to run for duplicate messages as well, you can enable this. However, the remote action security policy may still block the remote actions. Note: Local automatic actions always run on the node for duplicate messages. By default, if the management server discards a duplicate message, it also discards any automatic action response. This applies for both local and remote automatic actions. However, you can configure the management server to add automatic action responses as annotations to the original message. To enable remote automatic actions for duplicate messages 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Message Suppression. A list of values appears. 3. Optional. Set the value of Enable automatic actions on duplicate messages to true. This configures the management server to start remote automatic actions on messages that are duplicates. 4. Optional. Set the value of Enable action annotations on duplicate messages to true. This configures the management server to annotate the original messages with responses to the actions of duplicate messages. This may have a small performance impact. 5. Click Apply. Related Topics: l Remote Action Security Policies l Configure duplicate message suppression HP Operations Manager (9.00) Page 205 of 1297 Online Help Generate message keys automatically Messages with identical message keys are always considered duplicates. For messages without message keys, you can specify criteria that a message must meet to be considered a duplicate. For a message to be considered a duplicate of an existing message, selected criteria must match those same criteria in the original message. Alternatively, you can configure the management server to automatically add message keys to messages without message keys. The management server calculates the message key based on the criteria that a message must meet to be considered a duplicate. Comparing messages based on their message keys is faster than comparisons based on message criteria. However, significant performance improvements were observed only on HPOMfor UNIX management servers. It is therefore recommended to configure automatic generation of messages keys only in scenarios where HPOMfor Windows management servers forward many messages without message keys to HPOMfor UNIX management servers. To generate message keys automatically 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Message Suppression. A list of values appears. 2. Set the value of Enable automatic message key generation to true. 3. Click Apply. Related Topics: l Specify duplicate message criteria l Configure duplicate message suppression l Change server configuration values HP Operations Manager (9.00) Page 206 of 1297 Online Help Security Security is involved in many of the HPOMtasks performed by administrators and operators: l HPOM user and group accounts HPOMuses Windows user and group accounts to control access to and operation of the product. For more information about these accounts, see the following topics: n HPOMgroup accounts n HPOMuser accounts n Update HPOMuser accounts l Auditing Auditing enables you to monitor how HPOMis used and what configuration changes are made. HPOM group accounts HPOMuses Windows group accounts to identify valid users of the product. During the installation, HPOMcreates the following two groups, either locally on the management server (if you are performing a workgroup installation), or in the domain for domain installation: l HP-OVE-ADMINS (HPOMadministrators) l HP-OVE-OPERATORS (HPOMoperators) You can also specify different names during the installation, or, instead of having HPOMcreate themfor you, you can also create these groups yourself before or during the installation. The purpose of these groups is to allow users to access the HPOMconsole and HPOMresources so that they can performHPOMadministrator or operator tasks. For example, you can add Rosa Galvez, who is not a Windows administrator, to the HP-OVE-ADMINS group so that she can performHPOMadministrator tasks, or add Sean Payne, another HPOMuser who is not a Windows administrator, to the HP-OVE-OPERATORS group to performoperator tasks. Local or domain administrators by default cannot access HPOM. Note: No user should be part of both groups. An HPOMadministrator should not be added to the HP-OVE-OPERATORS group. HP-OVE-ADMINS The HP-OVE-ADMINS group by default contains the following members: l HP-OVE-User l HP-OVE-Deleg-User l Installing user After installing the management server, the installing user is always an HPOMadministrator, even if you remove the installing user fromthe HP-OVE-ADMINS group. You can remove the installing user's HPOMadministrator permissions as follows: HP Operations Manager (9.00) Page 207 of 1297 Online Help a. Configure an alternative HPOMadministrator by adding at least one other user to the HP- OVE-ADMINS group. b. Log in to the management server with an account that is a member of the HP-OVE-ADMINS group. c. In the console, launch the tool Tools HP Operations Manager Tools Cleanup rights of the installing user. d. Remove the installing user fromthe HP-OVE-ADMINS group. Note: The installing user still has HPOMadministrator permissions until they log out. HPOM Administrator Tasks Users classified as HP-OVE-ADMINS can performthe following HPOMadministrator functions: l Add managed nodes l Configure managed nodes, tools, service types, and user roles l Deploy policies and packages Required administrator privileges for package deployment By default, members of the HP-OVE-ADMINS group may not have sufficient rights to deploy, remove, and reinstall packages. Depending on the selected deployment option, the user who initiates the update must have the following privileges: n PMAD user deployment option This option requires the HP-OVE-Deleg-User account to be domain or local administrator on the node. n Impersonate user deployment option For this option, members of the HP-OVE-ADMINS group must be domain administrators or members of the local Administrators group on the node. n Use alternate credentials deployment option This option applies to HTTPS agents only. Members of the HP-OVE-ADMINS group can specify the user name and password of an alternate user with local administrator rights on the node. l Create and modify policies, tools, services, and user roles l Create automatic and operator-initiated commands l Expand and navigate Policy Management in the console tree l Run utilities (register packages, upload and download fromuser roles policies) l Performall operator tasks HP-OVE-OPERATORS The HP-OVE-OPERATORS group is initially empty. HP Operations Manager (9.00) Page 208 of 1297 Online Help HPOM Operator Tasks Users classified as HP-OVE-OPERATORS can performall HPOMtasks except those listed under HP-OVE-ADMINS tasks: l All actions on messages l Use message filters l Change severity l Modify message text l With the proper authority, execute tools, view service maps, and access policy and package management. As an administrator, after adding a user to the HP-OVE-OPERATORS group, you can further define the rights of that user with the User Roles Editor. Related Topics: l HPOMuser accounts l Configuring user roles HPOM user accounts When the HPOMmanagement server is installed, you are asked to supply the name of two Windows user accounts that are used by several HPOMservices and processes to control their security rights: l HP-OVE-User This is the user account under which the HPOMmanagement server processes run, with the exception of the policy management and deployment process. l HP-OVE-Deleg-User The policy management and deployment process (ovpmad) runs under the HP-OVE-Deleg-User account. In domain environments, the HP-OVE-Deleg-User account must have delegation rights, if you plan to deploy Windows HTTPS agents froma remote console using the Impersonate user deployment option Both user accounts are by default members of the HP-OVE-ADMINS, Administrators, and Users groups. They are domain accounts if HPOMis installed in a Windows domain, or local accounts if HPOMis installed in a Windows workgroup environment. Note: The HP-OVE-User and HP-OVE-Deleg-User accounts are intended solely for the use of the HPOMproduct. As such, the HPOMproduct assumes that it owns these accounts and can safely manipulate themas needed to meet the needs of the product. Specifying accounts that are used for other purposes may cause problems in your environment. Choose account names that will not be used by anyone else in your organization. The accounts that you supply during the installation for the HP-OVE-User and HP-OVE-Deleg-User users can be changed after the installation using the ovchgpass.exe command. Use the command to change the user name, password, or both. This command changes the password everywhere that the HPOMsystemuses this account, to ensure that HPOMservices do not fail. Related Topics: HP Operations Manager (9.00) Page 209 of 1297 Online Help l Update HPOMuser accounts l HPOMgroup accounts Update HPOM user accounts You can change account information for the HP-OVE-User and HP-OVE-Deleg-User users with the OVChgPass.exe utility. As administrator, when you install HPOM, you choose a user name and password for these accounts. The user accounts are used by the HPOMmanagement server services. User name and password are registered in the services. Using OVChgPass.exe, you can create a new account or change the password for the existing HP-OVE-User and HP-OVE-Deleg-User accounts. When you change the password, it is changed in every instance where it is used. If you change the user name, it is also changed in every instance where it is used. The names of the current HP-OVE-User and HP-OVE-Deleg-User accounts are found and updated in the registry at this location: HKEY_LOCAL_ MACHINE\SOFTWARE\HewlettPackard\OVEnterprise\Security\Aliases|HP-OVE- User HKEY_LOCAL_ MACHINE\SOFTWARE\HewlettPackard\OVEnterprise\Security\Aliases|HP-OVE- Deleg-User The utility runs on the management server and performs these updates: l Creates a new user account on the systemwhere the tool runs, if the given account does not exist. Alternatively, only the password is changed. In both cases, the user is added to the HP- OVE-ADMINS, Administrators, and Users groups. (The utility does not update the user accounts when started on a subsequent cluster node.) l Updates all HPOMservices that run as the old HP-OVE-User or HP-OVE-Deleg-User by associating themwith the new user/password. l Updates all DCOMservers currently configured to run under the HP-OVE-User or HP-OVE- Deleg-User identity properties. l Updates all HPOMtools that are configured to run under the HP-OVE-User or HP-OVE-Deleg- User account. (To update the HPOMtools manually, you can run the tool Tools HP Operations Manager Tools Modify Tools login/password.) l Updates all scheduled task policies that are configured to use the HP-OVE-User or HP-OVE- Deleg-User to start commands. Only the latest version of the policy (with the highest version number) is updated; a new version of this policy will be created. If any action fails, the update procedure continues. To avoid inconsistency, you must make a manual change of the failed account data. In this case, note the failed action and write down the name of the service shown in the error message. If the first step should fail (update or creation of the Windows account), the tool stops execution. If the given user accounts do not yet exist, the user who runs the OVChgPass.exe utility must have sufficient privileges to create user accounts locally on the management server systemor, for domain installations, in the domain. Alternatively, the user must have sufficient rights to change passwords. HP Operations Manager (9.00) Page 210 of 1297 Online Help Note: To update user accounts in a cluster environment, run the utility on all physical nodes of the cluster. To update HPOM user accounts 1. Open a command prompt on the management server and type: OVChgPass.exe 2. The Update Account dialog box opens and displays the HP-OVE-User tab. 3. Optional. Select the HP-OVE-Deleg-User tab, if you want to change the HP-OVE-Deleg-User account. 4. Optional. Enter the domain where the user is located. Leave this box blank for a local account. 5. Optional. Type the new user name in the New Account Name box. Note: If you change the user name for the HP-OVE-Deleg-User, you must execute the Windows Node Security Setup tool. 6. Optional. Select Skip system login update, if you do not want HPOMto create the new user account or to change the user password. When you select this option, make sure the administrator has already made the required account changes locally or in the domain. 7. Optional. Type the new password in the New Password box. 8. Click OK. 9. Manually restart all HPOMservices for your changes to take effect. Related Topics: l HPOMuser accounts l HPOMgroup accounts l Start Windows node security setup Access requirements for NTFS partitions NTFS partitions requirements include: l The local groups named Administrators, HP-OVE-ADMINS, and HP-OVE-OPERATORS must have full access to the executable files and subdirectories in the following directories on the management server: n %OvInstallDir% n %OvBinDir% n %OvDataDir% n %OvShareDir% n %SYSTEMROOT%\system32 In addition, these groups must either be given the Bypass Traverse Checking privilege or they must also have Execute access to all of the parent directories of these directories. By default, HP Operations Manager (9.00) Page 211 of 1297 Online Help Windows 2000 installations give this type of access to "Everyone," so you should only need to make changes like this if you modified your file systemsecurity fromthe default settings. l Accounts used for running tools must have the correct access on any NTFS partitions that will be accessed by the tool. On FAT file systems or partitions, there is no security to set. Trust relationships between Active Directory domains If your managed environment includes more than one Active Directory domain, you must ensure that the correct trust relationships exist between these domains. Management servers, consoles, and nodes can run in different domains, and if two-way trusts exist between all your domains, no issues should arise. However, if some trust relationships do not exist, certain HPOMfeatures may not function properly. Specifically, to make full use of all HPOMfeatures, the following trust relationships must exist: l Trust is required between the management server's domain and the domain where the HPOM service accounts exist. The management server consists of a number of services, which run under service accounts (called HP-OVE-User and HP-OVE-Deleg-User by default). l Trust is required between the management server's domain and the console user's domain. The console uses DCOMto communicate with the management server. The management server must be able to verify the console user's credentials. Note: You can open remote consoles in the same domain as the management server, and in its trusted domains. You cannot open remote consoles in domains that the management server does not trust. You also cannot open remote consoles if the management server is part of a workgroup. l Trust is required between the domain of the computer on which the console runs and the domain where the HPOMservice accounts exist. The management server uses a DCOMinterface to notify the console of updates that it must display (for example, the status change of a deployment job). The computer on which the console runs must be able to verify the management server's credentials. (The management server runs under the HPOMservice accounts.) Some remote agent installation options do not require trust relationships to exist. However, to enable all remote agent installation options, the following trust relationships are required: l Trust between the managed node's domain and the domain where the HPOMservice accounts exist. l Trust between the managed node's domain and the console user's domain. The figure below shows a management server, console, and managed nodes, all in separate domains. In addition, the HPOMservice accounts exist in a fourth domain. l domain-a.example.com: remote console domain l domain-b.example.com: management server domain In addition another management console or managed nodes can exist in the domain as well. HP Operations Manager (9.00) Page 212 of 1297 Online Help l domain-c.example.com: managed nodes domain l domain-d.example.com: HPOMservice users domain The figure above shows the following trust relationships: 1. The trust relationship fromthe managed nodes domain to the remote console domain. 2. The two-way trust relationship between the management server domain and the remote console domain. 3. The trust relationships fromthe remote console domain, management server domain, and managed nodes domain, to the HPOMservice users domains. Related Topics: l Install agents remotely l Install agents in trusted domains HP Operations Manager (9.00) Page 213 of 1297 Online Help Auditing For security reasons, if is essential to be able to monitor activity, which occurs on the HPOM management server. If you can track use of or changes to the configuration of the HPOM management server and record attempts to gain unauthorized access to data, you have a good chance of being able to determine exactly who was responsible for any security breach and when. The audit feature allows you to monitor how HPOMfor Windows is used and what, if any, configuration changes are made. HPOMwrites auditable events to its own, internal, customevent log, %OvDataDir%\log\OvConfigChangeEvents.Evt, which you can browse using the standard Windows Event Viewer. In order to run an audit, you have to configure HPOMto monitor the underlying Windows services, which are used to control the various HPOMmanagement areas. You can do this individually for each management area that you want to audit, or collectively if you want to audit all management areas concurrently. Once enabled, the security-audit feature allows you to track events in the following areas: l Policy Management and Deployment To audit the management and deployment of policies, you need to monitor the Policy Management and Deployment Server (PMAD). Enabling auditing of the PMAD server logs activity in the following areas: n The deployment of policies to (and removal from) managed nodes n Any alteration to (and editing of) policies Note: The detail which the security audit feature collects is limited. For example, you can determine that version 1.2 of a policy was replaced with version 1.3, but you cannot use the security-audit feature to find out what the changes between the two policies are. l HP Operations agent: Management and Deployment To audit the management and deployment of the HP Operations agent, you need to monitor the Policy Management and Deployment server (PMAD). Enabling auditing of the PMAD server logs activity in the following areas: n The deployment of the HP Operations agent to (and removal from) managed nodes l HPOM Tools To audit the use of HPOMtools, you need to monitor the Message-action Server. Enabling auditing of the Message-action Server records activity in the following areas: n Any access to (and execution of) HPOMtools on the HPOMmanagement server l Automatic and Operator-initiated Actions To audit the execution of either automatic or operator-initiated actions, you need to monitor the Message-action Server. Enabling auditing of the Message-action Server logs activity in the following areas: n Each time an automatic or operator-initiated action is started or stopped on the HPOM management server l HPOM Users and User Roles HP Operations Manager (9.00) Page 214 of 1297 Online Help To audit the activity of HPOMusers, such as the administrator and the operator, you need to monitor the Security Server. Enabling auditing of the Security Server logs activity in the following areas: n Any changes to HPOMuser roles, rights, and permissions l Messages To audit changes to messages, you need to enable monitoring of message changes done locally or on forwarded messages. Enabling message auditing logs activity in the following areas: n Each time the state of a message, the severity, the text, an annotation, or a custommessage attribute changes, an audit log is created in the eventlog. n Audit logs are created each time messages are downloaded or deleted using DB Maintenance. For each entry in the audit records, HPOMfor Windows records the following information: l The source of the event, for example: the Policy-Management server or the Message-action server l An Event ID: a unique identifier for each event type, which makes searching the log much easier l The date and time, at which the event occurred l A User ID: a unique identifier to link an HPOMoperator or administrator to the reported event Related Topics: l Log files and event sources l Audit policy management and deployment l Audit the message and action server l Audit the security server l Audit message changes l Enabling and disabling security audits Log files and event sources If you make use of the security-audit feature, HPOMfor Windows writes changes to the configuration of the HPOMfor Windows management server to a customapplication log named, OvConfigChangeEvents.Evt, which is stored in the following location: %OvDataDir%\log on the HPOMfor Windows management server. Three HPOMfor Windows components are currently able to make use of the Security Audit feature, namely; l Policy management and deployment server (OvPmad) The event source indicated in the Event Viewer for the policy management and deployment server is: OvPolicyMgmt l Security Server (OvSecurityServer) The event source indicated in the event viewer for the security server is: OvSecSvr l Message and action Server (OvEpMessageActionServer) HP Operations Manager (9.00) Page 215 of 1297 Online Help The event source indicated in the event viewer for the message-action server is: OvEpMsgActSvr l Local message changes The event source indicated in the event viewer for message changes done locally on the HPOM server is: MessageChanges_local l Changes to forwarded messages The event source indicated in the event viewer for message changes done on another management server and forwarded to this management server is : MessageChanges_ forwarded In order for the Windows event service to be able to distinguish between the customor the standard application log, the names used to identify event sources in the customlog used by the security- audit feature must be different to the names used to identify sources in the standard application log. For example, the name OvPolicyMgmt is used to identify the source of events associated with the PMAD sever in the security-audit log: the name HPOV-PMAD is used when PMAD writes entries to the standard application log. Note: The standard application log contains errors, warnings, and other useful information about Windows applications or services, for example; when they are shut down. The security-audit log contains entries relating strictly to events, which have passed or failed the HPOMor Windows audit. Related Topics: l Security audits l Enabling and disabling security audits Audit policy management and deployment You enable auditing of policy management and deployment by monitoring the underlying Windows service, which controls policy management and deployment, namely: OvPmad. When you enable auditing for policy management and deployment, the PMAD server writes entries to the customapplication log OvConfigChanges for each change that is made to the policy- management configuration and, in addition, for each and every deployment job that is started, restarted, suspended, or canceled. The PMAD server also writes an entry to the customapplication log for any operation that fails due to insufficient user rights, for example; when an operator tries to edit a policy without the necessary permissions. Each entry in the customapplication log concerning an audit event for policy management and deployment contains the following information in the event header: l Date: The date when the event occurred, for example: "1/23/2004" l Time: The time at which the event occurred, for example: "10:18:52 AM" l Type: The type of event, for example: "Success Audit" for events concerning policy management and deployment jobs which succeed and "Failure Audit" for events relating to jobs that fail, for example; due to insufficient permissions. HP Operations Manager (9.00) Page 216 of 1297 Online Help l User: The name of the user who called the PMAD interface, for example: the user of the MMC console l Hostname: the hostname of the HPOMfor Windows management server on which the event was logged l Source: This value is always set to "OvPolicyMgmt" for the HPOMfor Windows PMAD Server. l Category: This value is always set to "None" l Event ID: A unique identifier for the logged event l Description: A short description of the event, which has been logged, for example: (PMD393) A deployment job (ID '1012') to install version 9.0 of policy 'WINOSSPI-Ex60 Exchange Application Warnings' (type 'Windows Event Log') on node 'YODA (management server)' has been added to the job queue. Related Topics: l Security audits l Log files and event sources l Enable and disable security audits Audit the security server You enable auditing of the Security Server by monitoring the underlying Windows service which controls the security server, namely: OvSecurityServer. When you enable auditing for the Security Server, the security server writes entries to the custom application log OvConfigChanges for every change that is made to the configuration of a user role in the user-roles editor. Each entry in the customapplication log concerning an audit event for the security server contains the following information in the event header: l Date: The date when the event occurred, for example: "1/23/2004" l Time: The time at which the event occurred, for example: "10:18:52 AM" l Type: The type of event, for example success or failure: This value is always set to the value "Success Audit" for the HPOMfor Windows Security Server. l User: The name of the user who called the security-server interface, for example: the user of the MMC console l Hostname: The hostname of the HPOMfor Windows management server, on which the event was logged HP Operations Manager (9.00) Page 217 of 1297 Online Help l Source: This value is always set to "OvSecSvr" for the HPOMfor Windows Security Server. l Category: This value is always set to "None" l Event ID: A unique identifier for the logged event l Description: A short description of the event, which has been logged, for example: (SS74) Message group 'Default' of the role 'PSoft Admin' has been updated, flags enabled: 'Own', 'Disown', 'Acknowledge', 'Unacknowledge', 'Change Severity', 'Change Text', 'Launch Operator Initiated Command', 'Relaunch Automatic Command'. Related Topics: l Security audits l Log files an event sources l Enable and disable security audits Audit the message and action server You enable auditing of the message and action server by monitoring the underlying Windows service which controls the message and action server, namely: OvEpMessageActionServer. When you enable auditing for the message and action server, the message and action server writes entries to the customapplication log OvConfigChanges each time an automatic or operator- initiated action is started or stopped and, in addition, each time a tool is used by an HPOM administrator or operator. Each entry in the customapplication log concerning an audit event for the message-action server contains the following information in the event header: l Date: The date when the event occurred, for example: "1/23/2004" l Time: The time at which the event occurred, for example: "10:18:52 AM" l Type: The type of event that is being logged. For the message-action server, this is always set to the value: "Success Audit" l User: The name of the HPOMuser who initiated the event, for example: n "<domain>\Administrator" for operator-initiated actions, where the HPOMuser is known n "NT AUTHORITY\SYSTEM" for automatic actions, where the HPOMuser is not known and the action is performed under the Systemaccount l Hostname: the hostname of the HPOMfor Windows management server on which the event was logged HP Operations Manager (9.00) Page 218 of 1297 Online Help l Source: This value is always set to "OvEpMsgActSvr" for the HPOMmessage and action server. l Category: This value is always set to "None" l Event ID: A unique identifier for the logged event l Description: A short description of the event, which has been logged, for example: (AS103) Tool execution task sent to agent on node "yoda.test.dom (<$OPC_MGMTSV>)". The tool execution will be started as user $AGENT_ USER. The output will be sent to display "yoda.test.dom:0.0". The call ID of this tool execution task is "bb97111f-fd5b-4641-9678- 57b1923ece56". The command call is "SetMgmtServer.exe /system /forced". Exceptions and Restrictions When you run an audit of the HPOMmessage and action server, note that the restrictions described in the following list apply to the type of events that can be logged: l Automatic actions The message and action server does not either start or control automatic actions, which are configured to run on the managed node immediately after message generation, for example, when the target-node is defined as "<$MSG_NODE_NAME>" in the automatic action. This means that there is no way to log these automatic-action events as part of the audit of the Message-action Server. Note: Automatic actions that are set up to be run either on the HPOMmanagement server (by using the setting <$OPC_MGMTSV> in the automatic action) or on a managed node other than the node which generates the message, are handled by the message and action server and, as a result, are logged in the customevent log used by the auditing feature. l Operator-Initiated Actions Operator-initiated actions that are set up to be run on <$OPC_GUI_CLIENT> or on <$OPC_ GUI_CLIENT_WEB> are executed directly fromthe GUI: they are not started or controlled by the message and action server, which means they do not appear in the audit log. l Tools The message and action server does not start or control any tools, which run in the context of the HPOMconsole (as opposed to on the HPOMmanagement server), even if the console is running on the HPOMmanagement server. Tools which you configure to run in the context of the HPOMconsole are started and stopped directly fromthe GUI, which means that the start and stop events do not appear in the audit log. Related Topics: l Security audits l Log files and event sources l Enable and disable security audits HP Operations Manager (9.00) Page 219 of 1297 Online Help Audit message changes Message change auditing makes it possible to audit changes made to messages. As a user in a regulated environment, it is important to you to be able to audit which changes to messages were made, when messages were changed, and by whom. Message change auditing provides auditing capability for the following message changes: l Message state change (such as own, disown, acknowledge, unacknowledge) l Message severity change l Message text change l Message annotation change l Message download using DB Maintenance (only a single audit message is written, not a message change event for every downloaded/deleted message) l Custommessage attribute change Message change auditing does not audit the following message changes: l New message creation or forwarded message arriving l Message action state change (such as running, successful, failed) l Message counter change Note: Action Execution ("Action started by user .." and "Action execution cancelled by user ..") itself is audited as part of the message and action server auditing. It is not necessary to audit the action state changes to messages that were caused by action execution. Audit message changes for forwarded messages Server-based flexible management enables you to forward messages between two management servers (HPOMfor Windows and HPOMfor UNIX), and also to forward message operations (such as acknowledge, own, and severity change) for forwarded messages. This means that messages are kept in sync between the management servers even when a message is changed on one of the servers. It is possible to configure auditing for forwarded message changes independently of the auditing for local message changes. As with auditing for local message changes, auditing for forwarded messages is turned off by default. To get auditing for forwarded messages, you must enable it manually, in addition to enabling auditing for local message changes. Audit database maintenance During database maintenance, HPOMdownloads acknowledged messages at specified times and deletes themfromthe database. This is a change to messages that must be audited. However, because this is a mass update that may concern many messages, not every change to a message should be audited. For database maintenance, only one message change audit event is generated that explains how many messages have been touched by database maintenance. Related Topics: l Security audits l Enable and disable security audits HP Operations Manager (9.00) Page 220 of 1297 Online Help l "Maintain acknowledged messages in the database" (on page 298) l Server-based flexible management policies Message change audit event log When message change auditing is turned on, audit events related to message changes are written to the customevent log "OvConfigChanges." As administrator, you should be aware of the amount of auditing data that can be generated with message change auditing and should consider increasing the maximumlog size for the OvConfigChanges event log. It is important to choose the right strategy for the automatic overwrite of the event log, because the default "Overwrite events as needed" may not be suitable for every customer environment. "Do not overwrite" might be better froman auditing point of view. Certain specific registry settings can help in this area. See the following URL for details: http://support.microsoft.com/kb/312571/en-us Using this information, you can make sure that you do not lose events and that the event log size is still limited. When you use these settings, it is helpful to set up an HPOMevent log policy that waits for event 524, described in http://support.microsoft.com/kb/312571/en-us. Event 524 indicates that the event log has reached its maximumsize. When this event occurs, the policy would move the event log file just backed up to another location, so that there is a complete history of all previous event logs (and auditlog entries) available. When message change auditing is turned on, message changes are visible in the event viewer, as shown below: If you double-click an event fromthe list, the Event Properties dialog displays attributes of the specified event. See the help topic Message change audit event attributes for details. Message change audit event attributes Audit events for message changes contain the following attributes: HP Operations Manager (9.00) Page 221 of 1297 Online Help Attribute Description Type Is always "Success Audit." Date, Time Contains the date/time when the auditing event was logged. Due to race conditions, this may not be exactly the time when the message change was done in the local HPOMfor Windows database; for forwarded message changes this may not be the time when the message change was originally made to the message on the sending server. Source Is "MessageChanges_local" or "MessageChanges_forwarded," depending on where the original message change was done. If changed locally, the source is "MessageChanges_local." If the message change was received fromanother management server, the source is "MessageChanges_forwarded." Category Can be one of the following, depending on the message change that was audited: l CustomMessage Attributes Change l Severity Change l State Change l Text Change l Annotation Add l Annotation Delete l Annotation Modify l DBMaint execution (for English locale) The Category name is locale dependent. Event The identifier for the type of message change that was audited: l custommessage attribute change, event = 711 l message severity change, event = 712 l message state change, event = 713 l message text change, event = 714 l message annotation add, event = 715 l message annotation delete, event = 716 l message annotation modified, event = 717 l DB Maintenance message download and deletion, event = 718 l DB Maintenance message deletion, event = 719 User For local message changes, this is the local user who made the change. For forwarded message changes, this is the user account of the service that logged the auditing event; in most cases this will be the LOCAL SYSTEMaccount. Computer Always the host name of the local HPOMfor Windows server. HP Operations Manager (9.00) Page 222 of 1297 Online Help Description Depends on the type of message change that was audited, as described below: l For a custommessage attribute change, the description is: (MS711) The custommessage attributes were changed on $(MsgSeverity) message "$(MsgId)" to $(NewListOfCMAs) by user "$(UserName)" at $(DateTime). l For a message severity change, the description is: (MS712) The message severity was changed on message "$(MsgId)" from "$(OldSeverity)" to "$(NewSeverity)" by user "$(UserName)" at $(u). l For a message state change, the description is: (MS713) The message state was changed on $(MsgSeverity) message "$(MsgId)" from"$(OldState)" to "$(NewState)" by user "$(UserName)" at $(DateTime). l For a message text change, the description is: (MS714) The message text was changed on message "$(MsgId)" from "$(OldText)" to "$(NewText)" by user "$(UserName)" at $(DateTime). l For a message annotation add, the description is: (MS715) A message annotation was added to message "$(MsgId)" with the annotation text "$(NewAnnoText)" by user "$(UserName)" at $(DateTime). l For a message annotation delete, the description is: (MS716) A message annotation was deleted frommessage "$(MsgId)" with the annotation text "$(OldAnnoText)" by user "$(UserName)" at $(DateTime) l For a message annotation modified, the description is: (MS717) A message annotation was modified on message "$(MsgId)" from annotation text "$(OldAnnoText)" to "$(NewAnnoText)" by user "$(UserName)" at $(DateTime). l For DB Maintenance message download and deletion, the description is: (MS718) DBMaint execution has downloaded $(NumberOfMessages) messages that have been acknowledged earlier than $(DateTime) to file "$(Path/FileName)." After the download, these messages have been deleted fromthe database. l For DB Maintenance message deletion, the description is: (MS719) DBMaint execution has deleted $(NumberOfMessages) messages fromthe database that have been acknowledged earlier than $(DateTime). Localization Information The Description string is locale dependent, as follows: $(DateTime) will be replaced by the date/time when the message change was done in the database on the local HPOMfor Windows server. For forwarded message changes, this may not be the time when the message change was originally done to the message on the sending server. HP Operations Manager (9.00) Page 223 of 1297 Online Help $(DateTime) will be localized to the regional and language options of the HPOMfor Windows server system(systemsettings, not the user settings, as done in the console). For example, a systemlocale of English (United States) will look like this: 8/30/2005 7:43:49 PM +0200 UTC. This also indicates that the time is regionalized to central European daylight savings time (UTC+2). $(UserName) will be replaced by the user logon name, followed by the display name, as configured in the user configuration on the domain server, for example, "HPOMTest\Administrator (John Doe, HP USA)." The display name is only provided in $(UserName) if it can be resolved by asking the Domain server. To be able to resolve this name, the HPOMfor Windows server must be a domain member of the user's domain. In the example above, the HPOMfor Windows server must be member of the HPOMTEST domain to be able to resolve the user's display name. Note: The lookup of the display name is very expensive. For performance reasons this lookup is only done once and the lookup result is stored in a memory cache. A change of a user's display name on the domain server will not become visible in the HPOMfor Windows message change auditing until the WMI service is restarted with the following command: net stop winmgmt; net start winmgmt Restrict message change auditing to higher severities Some users need message change auditing, but only need to audit changes to messages with a higher severity. For example, you might need to audit all changes to messages with a severity of "Major" or "Critical," but not messages with a severity of "Minor" or below. For severity changes events, all message changes are audited when the old severity is at least the configured severity, or when the new severity is at least the configured severity. In the example given above, a severity change of "Major" to a severity of "Normal" and a severity change of "Normal" to "Critical" would be audited. A severity change of "Minor" to "Normal" would not. You can set the severity threshold when to audit message changes by setting the minimal message severity that should be audited. To restrict message change auditing to higher severities 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Auditing. A list of values appears. 3. Set the value of Restrict message severities for message change auditing to the lowest severity of message that you want to audit. The default value is Normal, which means that all message changes are audited. 4. Click Apply. Handle large annotations and message texts Annotations can be very large (for example, file listings that have been created by automatic actions and are added to the message can be up to several MB). Automatically generated message texts can also be large. In general, it is not helpful to fill up the auditing event log with these huge amounts of data. Additionally, the event log API enforces a limit of 32KB for each parameter that is passed to an HP Operations Manager (9.00) Page 224 of 1297 Online Help event log text. A maximumof 32KB of an annotation can be written to the event log; anything over the maximumis truncated. You can restrict the size threshold of how much of annotations and message texts should be audited. To handle large annotations and message texts 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Auditing. A list of values appears. 3. Set the value of Restrict event size for message change auditing to the maximumnumber of bytes for message texts and annotations in the audit log. The maximumvalue is 32 KB; when annotations or message texts are audited and exceed this value, the text that exceeds this limit is truncated. The message change auditing feature indicates that an annotation or a message text has been cut by adding "..." to the end of the text. The default value is 32767, which means that the maximumof 32 KB text (the Windows Event Log API limit) is audited. Even if you configure a value above 32 KB, only 32 KB of text will be audited. 4. Click Apply, and then OK to save your changes and close the Server Configuration dialog box. Enable and disable security audits You can enable and disable security audits in HPOMglobally by setting the value Turn on in general in the auditing namespace in the Server Configuration dialog box. Security audits are disabled by default and can only be enabled by setting Turn on in general to True. Note: Changing the value of Turn on in general is not sufficient by itself to enable or disable the security-auditing feature. You also have to restart the HPOMservices that you want to audit, for example: OvPmad (policy management and deployment). After you set Turn on in general to True and restart the services, you can change the value of Turn on at runtime to enable and disable auditing without having to restart the resources and services again. Auditable events are written to the HPOMcustomevent log. Normal events which cannot (or do not need to) be audited, such as application errors and warnings, are written to the standard Windows event log. The auditing namespace also contains values for enabling and disabling each auditable event source, for example: l Turn on action execution auditing l Turn on agent certificate request handling auditing l Turn on config change auditing l Turn on forwarded message change auditing l Turn on local message change auditing l Turn on outage auditing HP Operations Manager (9.00) Page 225 of 1297 Online Help l Turn on policy management and deployment auditing l Turn on user roles configuration auditing You can enable or disable auditing of each event source at any time either individually or collectively. To enable or disable auditing globally for the first time The steps described in this procedure allow you to enable or disable auditing globally, that is, for all the HPOMcomponents, which are able to write to the HPOMcustomlog for auditing. Caution: This procedure is not recommended for enabling or disabling auditing on an HPOM management server, which is running in a high-availability cluster. For more information, see Security audits in a high-availability environment. 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. 2. Click Namespaces, and then click Auditing. A list of values appears. 2. Set the value of Turn on in general as follows: n Enable auditing: True n Disable auditing: False 3. Click Apply. 4. Restart the services associated with the event sources you want to audit. You can do this globally with the following two commands: c:>net stop winmgmt c:\>vpstat -3 -r Alternatively, you can restart services individually (or in a batch file) as follows: c:\>net stop WinMgmt c:\>net stop OvSecurityServer c:\>net start OvSecurityServer c:\>net start OvPmad c:\>net start OvEpStatusEngine c:\>net start OvOWReqCheckSrv c:\>net start OvAutoDiscovery Note: After you restart the services, you can change the value of Turn on at runtime to enable and disable auditing without having to restart the services again. 5. Start the Windows Event Viewer and, in the console tree, click the OvConfigChanges item. 6. You can now control auditing more quickly and accurately using the procedure below. The sample VB script "SetAuditing.vbs" in the directory "examples\OvOW\Policy Management\scripts" can be used to globally enable or disable auditing. Call "cscript.exe SetAuditing.vbs /enable" and auditing will be enabled. HP Operations Manager (9.00) Page 226 of 1297 Online Help To manage auditing for individual event sources This procedure allows you to enable or disable auditing at runtime for individual or multiple event sources, without having to restart any associated Windows services for the change to take effect. Note: The values that you modify in this procedure only take effect after auditing has been enabled globally for the first time, and the Windows services that you want to audit restarted. 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. 2. Click Namespaces, and then click Auditing. A list of values appears. 2. Set the value of Turn on at runtime as follows: n Enable auditing: True n Disable auditing: False 3. Click Apply. 4. To enable or disable auditing for individual event sources: a. Set the value of Turn on at runtime to True. b. Set values for the individual event sources that you want to enable or disable, for example: o Turn on action execution auditing o Turn on agent certificate request handling auditing o Turn on config change auditing o Turn on forwarded message change auditing o Turn on local message change auditing o Turn on outage auditing o Turn on policy management and deployment auditing o Turn on user roles configuration auditing c. Set the values to True (enabled) or False (disabled), as required, and then click Apply. Related Topics: l Security audits l Event sources in security audits l Security audits in a high-availability environment Security audits in a high-availability environment If you want to enable and make use of the auditing feature on an HPOMmanagement server that is installed in a high-availability cluster, you need to bear in mind the following special considerations. l In a high-availability cluster, the custom-event logs which the audit feature uses to record activity on the HPOMfor Windows management server are located on both cluster nodes in %OvDataDir%\log in the same way as a stand-alone HPOMmanagement server: they are not HP Operations Manager (9.00) Page 227 of 1297 Online Help located in %OvShareDir%\log. The cluster service synchronizes the customevent log at regular intervals between the active and backup nodes in the cluster, too. Note: Synchronization between active and backup cluster nodes can only take place if the custom-event log, OvConfigChangeEvents.evt, exists and is writable on the individual backup nodes in the cluster, for example; after a fail over. l You only have to enable auditing once in the high-availability environment, on the active HPOM for Windows management server in the cluster. You change the values in the auditing namespace in Server Configuration dialog to change the registry keys that configure auditing. In the event of a fail over, the registry keys on the active HPOMmanagement server are automatically replicated to the backup nodes in the cluster, along with their sub-keys and settings (on or off). l The customlogs for audit events are constantly synchronized between the active cluster node where the HPOMfor Windows management server is running, and the backup cluster node. l Any changes that are subsequently made either manually or automatically to these registry keys (or their sub-keys) on the active cluster node (where the HPOMmanagement server is running) are automatically replicated by the cluster service to the other nodes in the cluster in the event of a fail over. The registry keys are "attached" to a cluster resource called "OvOW Registry Replication". Whenever this resource is brought online on a cluster node, the MS Cluster Service overwrites any existing keys with the keys fromthe machine, where this resource was previously online. For example, if you disable auditing for the Policy Management and Deployment component in the cluster by setting the value Turn on policy management and deployment auditing to False, this sets the registry key HKEY_LOCAL_ MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\OvConfigChanges\OvPolicyMgmt , and the cluster service sets the same value on the other nodes in the cluster. Note: Registry changes are only replicated fromthe active to the backup HPOMin the high- availability cluster. If you make manual changes to the key settings management server in the registry of the backup HPOMmanagement server in the high-availability cluster, these changes will be not be replicated to the active cluster node, where the HPOMmanagement server is running. More importantly, the changes made to the registry on the backup cluster node are lost in the event of a fail over, when the cluster service starts the HPOMmanagement server on the backup cluster node and, in the process, creates a replica of the active cluster node's registry on the backup cluster node. To enable or disable auditing globally in a high-availability cluster You enable and disable security audits on an HPOMmanagement server that is installed in a high- availability cluster in the same way you enable and disable security audits on a stand-alone HPOM management server, with one exception: the method you use to stop and restart Windows services. Caution: The steps described in this procedure must be carried out on the active HPOM management server in the high-availability cluster. 1. In the console tree on the active HPOMmanagement server in the high-availability cluster, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. HP Operations Manager (9.00) Page 228 of 1297 Online Help 2. Click Namespaces, and then click Auditing. A list of values appears. 3. >Set the value of Turn on in general as follows: n Enable auditing: True n Disable auditing: False 4. Click Apply. 5. On the active HPOMmanagement server in the high-availability cluster, restart the services associated with the event sources you want to audit, as follows: a. In the Cluster Administrator, locate the cluster group for your HPOMmanagement server installation, for example: HPOM b. Take the HPOMmanagement server off line: Right-click the cluster group for your HPOMmanagement server installation and select the Take offline option fromthe menu which pops up. This command stops all the resources and Windows services associated with the HPOMmanagement server, without provoking a fail over. c. Stop and restart the Windows-Management service (WinMgmt). At the command prompt, type: c:\>net stop WinMgmt c:\>net start WinMgmt d. Bring the HPOMmanagement server back on line: Next, right-click the cluster group for your HPOMmanagement server installation once again and select the Bring online option fromthe menu which pops up. This command restarts all the resources and Windows services associated with the HPOMmanagement server. Note: After you restart the services, you can change the value of Turn on at runtime to enable and disable auditing without having to restart the services again. 6. Start the Windows Event Viewer and, in the console tree, click the OvConfigChanges item. To manage auditing for individual event sources This procedure explains how to enable or disable auditing at runtime for individual or multiple event sources on the active HPOMmanagement server in the high-availability cluster without having to restart any associated Windows services for the change to take effect. Note: The registry keys that you modify using the Server Configuration dialog do not exist on the backup nodes in the cluster until a fail over occurs and the registries on the cluster nodes are synchronized. 1. In the console tree on the active HPOMmanagement server in the high-availability cluster, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. 2. Click Namespaces, and then click Auditing. A list of values appears. 3. Set the value of Turn on at runtime as follows: HP Operations Manager (9.00) Page 229 of 1297 Online Help n Enable auditing: True n Disable auditing: False 4. Click Apply. 5. To enable or disable auditing for individual event sources on the active HPOMmanagement server in the high-availability cluster: a. Set the value of Turn on at runtime to True on the active HPOMmanagement server b. Set values for the individual event sources that you want to enable or disable, for example: o Turn on action execution auditing o Turn on agent certificate request handling auditing o Turn on config change auditing o Turn on forwarded message change auditing o Turn on local message change auditing o Turn on outage auditing o Turn on policy management and deployment auditing o Turn on user roles configuration auditing c. Set the values to True (enabled) or False (disabled), as required, and then click Apply. 6. Start the Windows Event Viewer on the active HPOMmanagement server in the high- availability cluster and, in the console tree, click the OvConfigChanges item. Related Topics: l Security audits l Log files and event sources l Enabling and disabling security audits Auditing security When you change values in the auditing namespace in the Server Configuration dialog, this sets the registry keys that configure auditing. Therefore, auditing can only be turned on or off by an administrator who has write access to the registry on the HPOMserver. In regulated environments (21CFR Part 11), special security requirements apply that can be fulfilled using the standard Windows EventLog security mechanisms shown below: l Users cannot change or delete audit log entries. This is not possible in general for single eventlog entries. (You cannot change or delete a single event froma Windows eventlog). l Access to the eventlog file can be restricted in Windows, so viewing the eventlog is not possible for non-admin users. Non-admin users also cannot delete eventlog files using the event viewer. l Non-admin users can be restricted in Windows so they are not allowed to edit the registry; this means they cannot turn HPOMauditing on or off. HP Operations Manager (9.00) Page 230 of 1297 Online Help Configuration data exchange In an environment with multiple management servers, you must configure each node on every management server that may receive the node's messages. Management servers discard messages if they originate fromunknown nodes. This applies for both agent-based and server- based flexible management. HPOMprovides commands that enable you to exchange node configuration data between management servers. In addition, you can also optionally use commands to exchange the following types of configuration data: l Policies l Node inventories l Instruction text l User roles l Tools l Services l Instrumentation Note: There are some restrictions on the data that you can exchange between HPOMfor Windows and HPOMon UNIX or HPOMon Linux. For more details, see Configuration interoperability. Alternatively, you can configure management servers to exchange node and service configurations automatically. You can automatically synchronize node and service data with other servers by forwarding the information fromone server to one or more other servers. The synchronized data includes nodes, external nodes, node groups, services, and service types. To exchange configuration data using command line tools, you must first export the data to files on one management server. You then copy the files to other management servers and import the data. There are different command line tools for working with HPOMfor Windows and HPOMon UNIX or HPOMon Linux management servers. The table below summarizes which command line tools you must use. Windows to Windows Windows to UNIX or Linux UNIX or Linux to Windows Nodes Export ovpmutil ovowconfigexchange opccfgdwn Import ovpmutil opccfgupld ovowconfigexchange HP Operations Manager (9.00) Page 231 of 1297 Online Help Policies Export ovpmutil ovpmutil opccfgdwn Import ovpmutil opctempl From HPOMon UNIX 8.3x ImportPolicies From HPOMon UNIX or HPOMon Linux 9.00 ovpmutil Node inventories Export ovpmutil Not supported Not supported Import ovpmutil Instruction text Export Only possible by exchanging policies ovowconfigexchange Only possible by exchanging policies Import opctempl User roles Export ovpmutil Not supported Not supported Import ovpmutil Tools Export ovpmutil Not supported Not supported Import ovpmutil Services Export ovpmutil ovpmutil Not supported Import ovpmutil opccfgupld Instrumentation Export Copy fromfile system Copy fromfile system Copy fromfile system Import HPOM's configuration data exchange functionality provides flexible options for data exchange. You should plan how to create, maintain, and distribute configuration data between multiple management servers. For example, you could consider the following scenarios: l Exchange all data so that every management server has the same configuration. l Exchange subsets of data so that each management server has a specialized configuration. l Performall configuration tasks centrally on one management server, and then distribute the data to other management servers. l Performconfiguration tasks on all management servers, and exchange the data as necessary. Related Topics: l ovpmutil l ovowconfigexchange l ImportPolicies HP Operations Manager (9.00) Page 232 of 1297 Online Help Exchange node configurations In an environment with multiple management servers, you must configure each node on every management server that may receive the node's messages. Management servers discard messages if they originate fromunknown nodes. This applies for both agent-based and server- based flexible management. Tip: To track discarded messages, you can temporarily set the server configuration variable Send warning message for each discarded message in the Message Action Server Message Filter namespace. If set to true, the management server sends a warning message that contains the name of the originating node in the message text. You can use this variable to detect systems that are not configured on the management server but that send many messages and hence slow down message processing. In addition, before you can deploy a flexible management policy froma management server, you must configure nodes on that management server to represent all the other management servers that the flexible management policy mentions. HPOMprovides commands that enable you to exchange node configuration data between management servers. To speed up the distribution of node configurations, it may be useful to first upload all node configurations to one management server. You can then download the node configurations to all other management servers. To exchange node configurations between HPOM for Windows management servers 1. In the console tree, right-click the node group that you want to export, and then click Properties. 2. Select the Unique ID, right-click it, and then click Copy. HP defined node groups have readable IDs, for example Root_Nodes. Other node groups have numerical IDs, for example {89BE12EB-5FB7-4CA5-ABAC-D540B63CFEE3}. The braces are part of the ID. 3. Open a command prompt and type the command: ovpmutil CFG NDS DNL <filename.mof> /p <unique ID> For example, to export all node configurations in the Windows node group to the file c:\temp\windows.mof, type: ovpmutil CFG NDS DNL c:\temp\windows.mof /p Root_Windows 4. Optional. Add either of the following optional parameters to the command: /configuredonly Export only nodes that have the operating systemdefined. /externalonly Export only external nodes. 5. Press Enter. The command generates a file with the name you specify. 6. Copy the file to your other HPOMfor Windows management server. 7. Open a command prompt and type the command: ovpmutil CFG NDS UPL <filename.mof> /noautodeploy HP Operations Manager (9.00) Page 233 of 1297 Online Help The /noautodeploy option clears the Enable Auto Deployment property for every imported node, regardless of the setting on the original management server. To import the setting from the original management server, omit this option. If automatic deployment is selected for any node, the management server begins to deploy policies to the node immediately. 8. Optional. In the console tree, right-click the imported node group and then click All Tasks Synchronize inventory Policies and packages. This updates the inventory to reflect policies and packages that already exist on the node. Alternatively, you can exchange node inventory data fromthe original management server. To export node configurations for HPOM on UNIX and HPOMon Linux management servers 1. Open a command prompt and type the command: ovowconfigexchange -ent NODES -dnl <folder> -src_path "<path to node group>" For example, to export all node configurations in the Windows node group to the folder c:\temp\windows-nodes, type: ovowconfigexchange -ent NODES -dnl c:\temp\windows_nodes -src_path "\HP Defined Groups\Windows" 2. Optional. Add either of the following optional parameters to the command: -no_ip_detect Disable DNS lookups of IP addresses for nodes that have the FQDN specified. -dest_codeset <code set> Export the files using a specific code set. The default is ASCII. The code set must match the code set that the database uses on the target management server. -dest_hierarchy <destination hierarchy> Download the nodes using a specific destination node hierarchy. If you do not specify a destination hierarchy, the tool defines an arbitrary node hierarchy (named CFGX_ <management server>_<date>_<number>). The upload creates this node hierarchy on the target management server and adds the nodes to the newly created hierarchy as well as to the Node Bank's Holding Area. 3. Press Enter. The command generates several files in the folder you specify. 4. Copy the folder and its contents to your target management server. You can import the node configurations with the command opccfgupld. For more details, see the HPOMon UNIX or HPOMon Linux documentation. To import node configurations from HPOM on UNIX and HPOMon Linux management servers 1. You can export node configurations fromHPOMon UNIX and HPOMon Linux management servers using the user interface or with the command opccfgdwn. For more details, see the HPOMon UNIX on HPOMon Linux documentation. 2. HPOMon UNIX and HPOMon Linux export configuration data to a target directory that you specify. The target directory contains a hierarchy of subdirectories. Copy the entire directory, HP Operations Manager (9.00) Page 234 of 1297 Online Help including all subdirectories and files, to a folder on your HPOMfor Windows management server. 3. Optional. Disable automatic deployment on the management server. Otherwise, when you import the node configurations, the management server begins to deploy policies to the nodes immediately.. 4. On the HPOMfor Windows management server, open a command prompt and type the command: ovowconfigexchange -ent NODES -upl <folder> -dest_path "<path to node group>" -src_codeset <code set> -upl Specify the folder that contains the configuration data fromthe source management server. -dest_path Specify an existing node group. -src_codeset Specify the code set that the database uses on the source management server. For example, to import node configurations in the SJIS code set fromthe folder c:\temp\UNIX_nodes\ into a node group called HPOMforUNIXNodes, type: ovowconfigexchange -ent NODES -upl c:\temp\UNIX_nodes\ -dest_path "\HPOM for UNIX Nodes" -src_codeset SJIS Tip: If you need to set any systemproperties of nodes after you import them, you can use ovownodeutil -change_platform. (See ovownodeutil.) 5. Optional. In the console tree, right-click the imported node group and then click All Tasks Synchronize inventory Policies and packages. This creates jobs to retrieve the inventory of policies and packages that already exist on the node. Related Topics: l ovpmutil l Synchronize policies and packages l Disable policy autodeployment l Exchange node inventories l ovowconfigexchange Exchange node inventories The management server keeps an inventory of the policies and packages that are currently installed on the node. HPOMprovides commands that enable you to exchange node inventory data between HPOMfor Windows management servers. Before you exchange node inventories, you should consider exchanging node configurations and policies. When you import inventory data on a management server, the management server ignores and associations between unknown nodes, policies, and packages. Node inventory exchange is an alternative to inventory synchronization, which creates jobs to retrieve inventory data fromeach node over the network. HP Operations Manager (9.00) Page 235 of 1297 Online Help To exchange node inventories 1. In the console tree, right-click the node group that you want to export node inventories for, and then click Properties. 2. Select the Unique ID, right-click it, and then click Copy. HP defined node groups have readable IDs, for example Root_Nodes. Other node groups have numerical IDs, for example {89BE12EB-5FB7-4CA5-ABAC-D540B63CFEE3}. The braces are part of the ID. 3. Open a command prompt and type the command: ovpmutil cfg ppn dnl <filename.xml> /p <unique ID> Press Enter. The command generates a file with the name you specify. For example, to export node inventories for a node group with the ID {89BE12EB-5FB7-4CA5-ABAC- D540B63CFEE3} to the file inventory.xml in the current folder, type: ovpmutil cfg ppn dnl inventory.xml /p {89BE12EB-5FB7-4CA5-ABAC- D540B63CFEE3} 4. Copy the file to your other HPOMfor Windows management server. 5. Open a command prompt and type the command: ovpmutil cfg ppn upl <filename.xml> For example to import node inventories fromthe file inventory.xml in the current folder, type: ovpmutil cfg ppn upl inventory.xml Related Topics: l Synchronize policies and packages l ovpmutil Exchange instruction texts Messages often have useful instruction texts that give in-depth information and helpful advice about the problemthat caused the message. These instruction texts can be very lengthy. To reduce bandwidth consumption, instruction texts are not sent within messages, but are stored on the management server as part of the policy that generates the message. The message itself contains a reference to the policy, so the management server can therefore retrieve the instruction text for the message. However, if a management server receives a message that refers to a policy that is not available on that management server, the management server cannot retrieve the instruction text. To ensure that instruction texts are available on all management servers, exchange policies (and all policy versions) that contain the instruction texts to be copied. To exchange policies between two HPOMfor Windows management servers, you can use the command line tool ovpmutil as follows: 1. Export all policies and all policy versions on the source management server using this command: ovpmutil CFG POL DNL all_policies.mof /a 2. Copy the all_policies.mof to all other management servers and import it using this HP Operations Manager (9.00) Page 236 of 1297 Online Help command: ovpmutil CFG POL UPL all_policies.mof You can also export just the instruction texts without the policies for later importing to an HPOMon UNIX or HPOMon Linux management server. Export instruction texts using this command: ovowconfigexchange -ent INSTR_TXT -dnl <folder> Related Topics: l ovpmutil l ovowconfigexchange Configuration interoperability Note: HP supports integration between specific versions of HP Operations Manager (HPOM) management servers only. (See the support matrix at HP Software Support Online.) You can exchange configuration data between HPOMfor Windows management servers and HPOMon UNIX or HPOMon Linux with the following exceptions: l Policies n Scheduled task policy: Supported if no scripting is used. HPOMfor Windows 7.x policies can only be imported into HPOMon UNIX or HPOMon Linux if they do not use scripting. n Agent-based flexible management template/flexible management policy: Cannot be downloaded or uploaded with command-line tools. Use the editors to cut and paste instead. Escalation, message forwarding, and service outage are supported only in HPOMon UNIX environments. l Nodes Use ovpmutil to exchange configuration data between two HPOMfor Windows management servers. Nodes with a type that is not supported with HPOMfor Windows cannot be uploaded. l User Roles Exchange of user roles is not possible between HPOMfor Windows and HPOMon UNIX or HPOMon Linux. l Tools Exchange of tools is not possible between HPOMfor Windows and HPOMon UNIX or HPOM on Linux. l Services Possible for two between HPOMfor Windows management servers. Not possible fromHPOM on UNIX or HPOMon Linux to HPOMfor Windows. FromHPOMfor Windows to HPOMon UNIX or HPOMon Linux, with known restrictions. n Reports and graphics associated with services on Windows are ignored when uploaded into HPOMon UNIX or HPOMon Linux. HP Operations Manager (9.00) Page 237 of 1297 Online Help n GUIDs of hosting nodes are replaced by fully qualified host names. n Some fields are known in HPOMon UNIX and HPOMon Linux, but not in HPOMfor Windows Windows (depth, background, title, service attributes, icons) and are not filled. n Operator assignment must be done manually after uploading an HPOMfor Windows service configuration into HPOMon UNIX or HPOMon Linux. n The tool-user field might not be set in HPOMfor Windows, but is a required field in HPOMon UNIX and HPOMon Linux. Set this before exporting, or edit the exported XML file. n The tool-password field in HPOMfor Windows is ignored. (An equivalent field does not exist in HPOMon UNIX or HPOMon Linux.) l Instrumentation HPOMon UNIX 8.xx management servers do not allow instrumentation subdirectories. This limitation means that you cannot create categories to automatically deploy instrumentation along with a particular policy. The limitation does not apply to HPOMfor UNIX version 9.00 and higher. Exchange node and service configurations automatically In an environment with multiple servers (HP Operations Manager and HP Operations Manager i), you can automatically synchronize node and service data with other servers by forwarding the information fromone server to one or more other servers. The synchronized data includes nodes, external nodes, node groups, services, and service types. The data synchronization by default uses both of the following synchronization methods in combination: l Scheduled (time-based) synchronization Service auto-discovery policies on the source server regularly download the node and service data. The agent on the management server processes the data to detect any changes and reports the changed elements to the management server. The management server then establishes an HTTPS connection to one or more target servers and forwards the changed elements only. l Event-driven synchronization A WMI event listener continuously listens on the source server for changes to the node and service data. When a change occurs, the management server immediately forwards the changed elements. This ensures that the node and service configuration on all servers is always accurate and up to date because it is updated at runtime each time the environment changes. Note: In HPOMfor Windows, you can also exchange node and service configuration data using the ovpmutil command line tool. This tool enables you to download the configuration data on one management server and upload it on other servers. This kind of configuration exchange must be repeated manually each time the configuration changes. HP Operations Manager (9.00) Page 238 of 1297 Online Help To forward node and service data 1. Configure trusted certificates for multiple servers. In an environment with multiple servers, you must configure each server to trust certificates that the other servers issued. 2. Configure the list of target servers: a. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. b. Click Namespaces, and then click Discovery Server. A list of values appears. c. Add the hostname of the server to List of target servers to forward discovery data. If there is more than one target server, separate the hostnames with semicolons (for example, server1.example.com;server2.example.com). d. Optional. If the target server uses a port other than port 383, append the port number to the hostname, for example: server1.example.com:65530;server2.example.com:65531 e. Optional. Set the value of Enable discovery WMI listener to false if you do not want to immediately synchronize changes with other servers. The other servers are updated again the next time discovery runs. f. Click OK to save your changes and close the Server Configuration dialog box. g. Restart the OvAutoDiscovery Server process for your changes to take effect. 3. Deploy the following policy group to the source management server: Policy management Policy groups Samples HPOM Discovery The policy group contains the following service auto-discovery policies: n DiscoverOM: Discovers and downloads nodes, external nodes, node groups, and services. n DiscoverOMTypes: Discovers and downloads service types. Discovery starts immediately and subsequently runs every day at 1:30 (DiscoverOMTypes) and at 2:00 (DiscoverOM). To manipulate received data Target servers process the received configuration data by applying mapping rules and scripts. The mapping rules define how the imported nodes and services correspond to the data model on the target server. You can also use the mapping rules as filters that discard node and service data that is not needed on the target server. Scripting enables you to performadditional processing and customization before the mapping and before and after the upload of data. HPOMprovides the following default synchronization package: %OvShareDir%\server\conf\discovery\sync-packages\default If you create customsynchronization packages, you must configure the server to use the custom synchronization package in addition to the default package: HP Operations Manager (9.00) Page 239 of 1297 Online Help 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Discovery Server. A list of values appears. 3. Add the name of the customsynchronization package to Packages used for mapping discovery data.Separate the package names with semicolons (for example, default;cluster). 4. Do not set the value of Enable groovy scripting to true. The ability to run Groovy scripts is reserved for future use. 5. Click OK to save your changes and close the Server Configuration dialog box. 6. Restart the OvAutoDiscovery Server process for your changes to take effect. To turn off data forwarding 1. Optional. Disable data forwarding. Caution: If you want to keep the synchronized node and service data on the servers, you must first disable data forwarding. If you do not disable data forwarding before removing the discovery policies fromthe management server, then all nodes, external nodes, node groups, services, and service types, including those that existed previously on the servers will be deleted. a. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. b. Click Namespaces, and then click Discovery Server. A list of values appears. c. Clear the List of target servers to forward discovery data. d. Click OK to save your changes and close the Server Configuration dialog box. e. Restart the OvAutoDiscovery Server process for your changes to take effect. 2. Uninstall the policy group HPOM Discovery on the management server. Related Topics: l Configure trusted certificates for multiple management servers l Change server configuration values l Service Auto-Discovery Policies l Deploy a policy or policy group l Remove policy fromnode l Topology Synchronization l ovpmutil l ovagtrep Switch the primary management server By default, nodes send messages to the management server that you used to install the agent. This is called the primary management server. If you want to switch the primary management server HP Operations Manager (9.00) Page 240 of 1297 Online Help after you install the agent, you launch a tool on the new management server. After you do this, the nodes send their messages to the new primary management server. Note: It is also possible to configure a different primary management server in the agent installation defaults, but you must do this before you install the agent. You may want to prepare to switch primary management servers in a backup scenario. For example, you could configure a second management server to monitor the health of a primary management server. If the second management server detects a systemfailure at the primary management server, an administrator could then switch primary management responsibility to the second management server. The second management server would assume control of all the managed nodes previously managed by the failed management server. Before you can switch primary management servers, you must configure the following prerequisites: l Exchange trusted certificates between the management servers, and update the trusted certificates on the nodes. (See Configure trusted certificates for multiple management servers.) l Exchange node configuration between the management servers. The new primary management server must exist as a node on the current primary management server. The nodes for which you want to switch the management server must exist on both management servers. (See Exchange node configurations.) l Configure the new primary management server as a secondary management server of the nodes. You do this by deploying a flexible management policy to the nodes fromthe current primary management server. (See Configure action-allowed and secondary managers.) In addition, if the primary management server is currently an HPOMon UNIX or HPOMon Linux management server, you must consider the following prerequisites: l If the HPOMon UNIX or HPOMon Linux management server deployed the agent package to the node, the agent package version must be 8.51 or higher. (You cannot switch the primary management server if the HPOMon UNIX or HPOMon Linux management server deployed a lower version of the agent package. This restriction includes all DCE agents.) l You cannot manage some HPOMon UNIX or HPOMon Linux policies froman HPOMfor Windows management server. Similarly, you cannot manage some HPOMfor Windows policies froman HPOMon UNIX or HPOMon Linux management server. Consider removing or disabling these types of templates and policies before you switch the primary management server. (See Configuration interoperability.) To switch the primary management server 1. Open a console connected to the new primary management server. 2. In the console tree, expand Tools HP Operations Manager Tools. 3. In the details pane, double-click Switch Management Server. The Parameters page opens. 4. Select the nodes that you want to switch to this management server. Click Next. The Login page opens. 5. Optional. Type a User Name and Password. The user must be a member of the HPOM administrators group. If you leave the User Name and Password blank, the tool starts with the HP Operations Manager (9.00) Page 241 of 1297 Online Help 6. Click Launch.... The Tool Status dialog opens, which updates when the tool succeeds or fails. Tip: You can also use the opcragt command-line tool to switch the primary management server on all selected nodes. For more details, see opcragt. Related Topics: l Configure HTTPS agent installation defaults l Configure DCE agent installation defaults HP Operations Manager (9.00) Page 242 of 1297 Online Help Management server status The vpstat tool is a command line utility consisting of several tools for checking systemstatus, file version, critical services, registry entries, DCOMservers, RPC servers, minimal system requirements, and critical processes for HP Operations Manager for Windows. Each tool within vpstat is launched with its own command. Help is available with the -? option. For example, to view help for the -3 command (List Services), type vpstat -3 -? at the command prompt. Items that are verified depend on the contents of the configuration file. All commands except the -1 command use this file. The requirements are read fromit and compared with the actual state of the HPOMfor Windows program. In case of a mismatch, noncompliant items are displayed to the screen. The default configuration file, vpstat.conf, is provided with the tool. The file vpstat.conf should only be modified by support personnel. The file vpstat.conf is version dependent. The [CHKVER] section of the configuration file lists all the HPOMfor Windows files that are part of the product. If the product is updated, then some of these files may also be updated and show new versions or different time stamps. Related Topics: l vpstat command syntax l vpstat return codes vpstat command syntax To run a vpstat tool command, type the number for the command preceded by the minus sign. You can optionally use a parameter list, which is specific for a command. Output fromthe vpstat tool can be redirected through a standard output streamredirection using the > filename option at the command line. For example, to get System, Memory, Disk, Network, and Security Info for the local node written to the file MyNode.txt, type: vpstat -1 > MyNode.txt Common command syntax You can pass more than one command with appropriate parameters (if any) to the vpstat tool. The common vpstat command line syntax is: vpstat.exe [-t <TrcFile>] [-f <CfgFile>] -<command> [-?|<paramList>] Parameter Description -t <TrcFile> This option is reserved for use by HP Support. -f <CfgFile> Optional. Specifies a configuration file other than the default. When used, specify this parameter as a first parameter at the command line. HP Operations Manager (9.00) Page 243 of 1297 Online Help -<command> Command number preceded by the minus sign. Commands are: -1 Get system, memory, disk, network, and security information. -2 Check file version. -3 Start and stop services. -4 List registry entries. -5 List DCOMservers. -6 List RPC servers. -7 Check managed node requirements. -8 List processes. -9 Get management server/console version. -p List patch history. -z Run all the options and print results to the file vpstatout.txt. If no command is specified, all possible commands are displayed to the screen. -? Optional. The question mark, preceded by the minus sign in combination with the command number (example: vpstat -3 -?), prints out a command line help for the command. If used without the command number, all possible commands of the tool are listed. This parameter is not valid for the -1, -p, and -z commands. (No help is available for these commands.) <parameter_ list> Optional. The parameter list is specific for each command. All commands, with the exception of the -1 command, have the ability to take additional parameters. To list possible parameters for individual commands, use: vpstat -<command> -? Detailed descriptions of the parameter list for each of the commands are shown in the examples. Related Topics: l -1 Get system, memory, disk, network, and security information l -2 Check file version l -3 Start and stop services l -4 List registry entries l -5 List DCOMservers l -6 List RPC servers l -7 Check managed node requirements l -8 List processes l -9 Get management server/console version l -p List patch history l -z Run all options Get system, memory, disk, network, and security information The vpstat -1 command is the only command that does not use the configuration file. It does not performany checking; it gathers several kinds of information about a local computer, such as: HP Operations Manager (9.00) Page 244 of 1297 Online Help l Current computer system(CPU type, speed). l Current global memory status. l Current number of installed disks on the systemand their space availability. l Current network settings by capturing the output of ipconfig /all. (The utility ipconfig.exe must be available in the systempath.) l Current user security summary (User account, Group accounts, Account privileges). To get system, memory, disk, network, and security information, run vpstat using the following syntax: vpstat -1 Sample output: ============================================================ ==================== System Information ==================== ============================================================ System Summary for Computer VMBERT6 Processor 0 Identifier : x86 Family 6 Model 15 Stepping 8 ~MHz : 2327 Global Memory Status MemoryLoad : 77 percent. TotalPhys : 1047998464 bytes AvailPhys : 235884544 bytes TotalPageFile : 1226825728 bytes AvailPageFile : 620417024 bytes TotalVirtual : 2147352576 bytes AvailVirtual : 2126385152 bytes Disk space summary Drive C:\ Client Quota : 3806642176 bytes Total Free : 3806642176 bytes Total Disk : 10725732352 bytes Network settings Output for "ipconfig /all" Windows IP Configuration Host Name . . . . . . . . . . . . : VMBert6 Primary Dns Suffix . . . . . . . : deu.hp.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : deu.hp.com hp.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-0C-29-2C-3F-1E DHCP Enabled. . . . . . . . . . . : No HP Operations Manager (9.00) Page 245 of 1297 Online Help IP Address. . . . . . . . . . . . : 16.57.36.253 Subnet Mask . . . . . . . . . . . : 255.255.240.0 Default Gateway . . . . . . . . . : 16.57.32.1 DNS Servers . . . . . . . . . . . : 16.14.64.51 16.8.64.51 Security Summary User account : VMBERT6\Administrator Group accounts : VMBERT6\None \Everyone VMBERT6\HP-OVE-ADMINS BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users NT AUTHORITY\This Organization NONE_MAPPED \LOCAL NT AUTHORITY\NTLM Authentication Account privileges SeChangeNotifyPrivilege SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeSystemtimePrivilege SeShutdownPrivilege SeRemoteShutdownPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeSystemProfilePrivilege SeProfileSingleProcessPrivilege SeIncreaseBasePriorityPrivilege SeLoadDriverPrivilege SeCreatePagefilePrivilege SeIncreaseQuotaPrivilege SeUndockPrivilege SeManageVolumePrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege Check file version The vpstat -2 command checks the file version and the time stamp (last write and link time). It reads the necessary information fromthe [CHKVER] section of the configuration file and compares the version of the listed files and their time stamps with the actual information for the files installed on the system. Time is expressed in Universal Coordinated Time (UTC). To get the file version and the time stamp, run vpstat using the following syntax: HP Operations Manager (9.00) Page 246 of 1297 Online Help vpstat -2 Sample output: ============================================================ ==================== Check File Version ==================== ============================================================ Configuration file: C:\ProgramData\HP\HP BTO Software\conf\vpstat\vpstat.conf Ver: 08.15.00050 Date: Wed May 6 21:37:57 2009 Remark: HP Operation Manager - Performance. C:\Program Files\HP\HP BTO Software\bin\Win64\DnsDscr.exe version A.23.0.6.23 date 04/24/2009 02:15:47 pass C:\Program Files\HP\HP BTO Software\bin\Win64\HyperbolicTree.dll version 2, 2, 1, 9 date 01/22/2002 23:40:04 pass . . . ----------- CHECK VERSION SUMMARY SECTION ----------- None to report None to report PATH: C:\Program Files\HP\HP BTO Software\bin\win64\ C:\Windows\system32 C:\Windows C:\Windows\System32\Wbem c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\ c:\Program Files\Microsoft SQL Server\100\Tools\Binn\ c:\Program Files\Microsoft SQL Server\100\DTS\Binn\ c:\Program Files\HP\HP BTO Software\bin\win64\OpC ******* FILE VERSION CHECK STATUS: PASSED ----------- END OF CHECK VERSION SUMMARY ----------- Start and stop services The vpstat -3 command lists the state of the HPOMmanagement server services, and enables you to start and stop particular services. There are two operational modes for this command. The complete parameter list is: l vpstat -3 [<ServiceNames>][ -n <NodeName>][ -d] [[ -s]|[ -l]|[ -a]] The first mode lists and checks the state of the services. HP Operations Manager (9.00) Page 247 of 1297 Online Help l vpstat -3 [<ServiceNames>][ -n <NodeName>][ -d] -r [<action>] The second mode uses the -r parameter to start or stop particular services. Parameter Description By default (without any optional parameter), vpstat -3 checks for critical HPOMservices that need to be in active state on the systemwhere the management server is installed. The services that must be up and running are configured in the vpstat.conf file. < ServiceNames > Optional. With the <ServiceNames> as the first parameter on the command line, you can specify the services that are checked directly. If a critical service that is not registered or not in active state is found, it is reported as an error. -n <NodeName> Optional. Use the -n option to check the management server running on a remote system. You can specify a name or IP address to identify the target system. For example, to check the management server services on a remote system named SVR0123, type vpstat -3 -n SVR0123. Only the services with errors are displayed. You can override this with the -l option, which forces all services that are examined to display. -d Optional. The -d option displays a service's details, such as current state, logon account, startup type, dependencies, and other registration information. -s Optional. Use the -s option to check if HPOMservices are started. -l Optional. Use the -l option to list all services that are examined and to check if the services are started. -a <action> Optional. Use the -a option to list all registered services, not only services which are critical to HP Operations Manager for Windows. In conjunction with this option, the -s option can be used to list only the services that are started. -r <action> Use the -r option to restart HPOMservices. By default, this command option stops and restarts the services. You can use the following optional actions: STOP Stops the services. When stopping a service, the vpstat utility considers the service that is not responding to be blocked and terminates its process after 20 seconds. START Starts the services. DISABLE Disables the service before it is stopped to prevent any automatic restart. Without <ServiceNames>, DISABLE also includes OvServerMonitor. Use DISABLE with care, especially in a cluster environment. A failover will fail if the services are not enabled again. HP Operations Manager (9.00) Page 248 of 1297 Online Help ENABLE Enables the service before starting it. Without <ServiceNames>, ENABLE also includes OvServerMonitor. KILLALL Performs the same operations as DISABLE but also kills all remaining standalone processes that are not running as a service (OvOWELRemoteAccess.exe, OvBLXmlMessageserver.exe). Example: vpstat -3 OvEpMessageActionServer -r START List registry entries Use the vpstat -4 command to list and check all registry entries that are needed by HP Operations Manager for Windows. The necessary keys are configured in the [REGLIST] section of the vpstat.conf configuration file. The complete parameter list is: vpstat -4 [ -r][ -l] Parameter Description By default (without any optional parameter), only those that are not registered are displayed as output. -l Optional. Use the -l parameter to force all keys that are examined to display. -r Optional. Use the -r parameter to list all subkeys and their contents for all keys. List DCOM servers The vpstat -5 command lists COM/DCOMservers. It checks the COM/DCOMclasses by their class IDs on the systemwhere the management server is installed. The necessary classes are taken fromthe [COMLIST] section of the configuration file. The complete parameter list is: vpstat -5 [ -d][ -l] Parameter Description By default (without any optional parameter), only those that are not registered are displayed as output. -d Optional. Use the -d parameter to display a detailed object registration list. This includes full registry sub-tree output for CLSID, TypeLib, and AppID. -l Optional. Use the -l parameter to force all COM/DCOMservers that are registered to display. List RPC servers The vpstat -6 command checks for all critical HP Operations Manager for Windows RPC servers that should be registered. HP Operations Manager (9.00) Page 249 of 1297 Online Help The complete parameter list is: vpstat -6 [ -d][ -l][ -a] Parameter Description By default (without any optional parameter), only those that are not registered are displayed as output. -d Optional. Use the -d parameter to view more detailed RPC registration parameters, such as a server's UUID and the bindings. By default, this command checks only the RPC servers that are in the [RPCLIST] section of the configuration file. -l Optional. Use the -l parameter to force all RPC servers that are registered to display. -a Optional. Use the -a parameter to list all the registered RPC servers found on the system. Check managed node requirements The vpstat -7 command performs a requirements check (using the OvOWReqCheckSrv tool) on a local or remote node. For this operation, vpstat reads the [REQLIST] section of the configuration file. You can check a node's requirements remotely fromthe management server or a remote console. The complete parameter list is: vpstat -7 [-srv <management server>] [-n <node name> | <IP address>] [-s][ -d] Parameter Description -srv < management server> This option is only available when running vpstat on remote consoles. With the - srv option, followed by a space and by the name of the management server, vpstat is instructed to connect to the specified management server. -n <node name> | <IP address> With the -n option, followed by a space and by a computer name or an IP address, vpstat is instructed to connect to the specified systemand to perform the requirements checklist for that system. If not specified, the local node is checked. -s With the -s option, vpstat is instructed to display the result of the MC line requirements check in a short form(OK or NOK). -d With the -d option, vpstat is instructed to display the result of the requirements check in a detailed form. Besides the short print out (OK or NOK), the demanded and the current values of the requirement are also displayed. If a certain requirement is not specified, that requirement is not verified and has automatically passed. If all requirements match the actual state, the checked node meets minimal requirements. Sample output for vpstat -7 -d -n <NodeName> HP Operations Manager (9.00) Page 250 of 1297 Online Help Prerequisites checked for: Windows2003 Requirements: ------------- [ PASS ] Default system share (e.g. C$, D$) accessible [ PASS ] 40MB hard disk space required for installation [ PASS ] Default launch permissions [ PASS ] Event Log Service [ PASS ] Remote Procedure Call (RPC) Service [ PASS ] Plug & Play Service [ PASS ] Security Accounts Manager Service [ PASS ] Net Logon Service [ PASS ] Remote Registry Service [ PASS ] Server Service [ PASS ] Workstation Service Recommendations: ---------------- [ PASS ] Windows Management Instrumentation Service [ PASS ] SNMP Trap Service [ PASS ] SNMP Service [ PASS ] NT LM Security Support Provider Service STATUS: All checked prerequisites are OK. List processes The vpstat -8 command checks the processes required by HP Operations Manager for Windows to be running. The output shows missing processes that should be running on the checked system. Also other processes can be displayed with this command. The complete parameter list is: vpstat -8 [ProcessName...][ -d][ -l][ -m][ -a][ -k PID|Name] Parameter Description When invoked without any optional parameter, the necessary process names are taken fromthe [PROCESSLIST] section of the configuration file. By default, only the missing processes are displayed. < ProcessName> Optional. With the <ProcessName> as the first parameter on the command line, you can directly specify the processes to be checked or listed. -d Optional. Use the -d parameter to display process details such as current and peak working set size, page faults, image size, base address, and entry point. -l Optional. Use the -l parameter to list all checked processes. -m Optional. Use the -m parameter to list all modules (for example, DLLs) that are loaded into the process address space with the corresponding version and image file name. -a Optional. Use the -a parameter to lists all processes without performing a check. HP Operations Manager (9.00) Page 251 of 1297 Online Help -k [< PID >|< ProcessName >] Optional. Use the -k parameter to terminate a particular process (forced kill). This must be specified either by its PID or a process name. Sample output for vpstat -8 -l Configuration file: C:\Program Files\HP\data\conf\vpstat\vpstat.conf Ver: 0.8.00.201 Date: Wed Sep 5 02:29:14 2007 Remark: HP Operation Manager - Performance. ID:1456 OVTRCSVC.EXE 06.00.035 C:\Program Files\HP\bin ID:1536 SQLSERVR.EXE 2005.090.3042.0 c:\Program Files\HP\MSSQL.1\MSSQL\Binn ID:1612 OVCD.EXE 06.00.030 C:\Program Files\HP\bin ID:1748 DNSDSCR.EXE A.22.0.14.5 C:\Program Files\HP\bin ID:1800 SERVICELOGGER.EXE 2, 6, 0, 0 c:\Program Files\HP\bin ID:2244 OVMSMACCESSMANAGER.E A.5.0.22.5 C:\Program Files\HP\bin ID:2452 OVOWREQCHECKSRV.EXE A.22.0.22.6 C:\Program Files\HP\bin ID:2532 OVOWWMIPLATPROV.EXE A.1.1.12.5 C:\Program Files\HP\bin ID:2676 OVPMAD.EXE A.5.0.58.10 C:\Program Files\HP\bin ID:2952 OVSECURITYSERVER.EXE A.3.0.29.2 C:\Program Files\HP\bin ID:3012 OVAUTODISCOVERYSERVE A.4.5.10.21 C:\Program Files\HP\bin ID:3060 OVEPMSGACTSRV.EXE A.5.0.45.26 C:\Program Files\HP\bin ID:3180 OVEPSTATUSENGINE.EXE A.5.0.26.5 C:\Program Files\HP\bin OK:ALL CRITICAL PROCESSES ARE RUNNING Get management server/console version The vpstat -9 command gets the version of the HP Operations Manager for Windows management server and console. The command can retrieve the version information of the installed product fromthe local systemas well as froma remote system. The complete parameter list is: vpstat -9 [-n NodeName] Parameter Description When invoked without any optional parameter, the version information of the installed HPOMfor Windows version is retrieved fromthe local system. -n < NodeName> Optional. With the <NodeName> as the first parameter on the command line, you can directly specify the systemfromwhich to retrieve the management server and console versions. Sample output for vpstat -9 -n SVR5678 Connecting ... Product version on node: \\SVR5678 HP Operations Manager (9.00) Page 252 of 1297 Online Help Management server : Not Installed Management console : A.08.10 On SVR5678, only a remote console is installed. This is why Not Installed displays in the management server line. List patch history The vpstat -p option displays a list of patches and hotfixes that have been installed and uninstalled. To get a list of patches: vpstat -p Sample output: ----------- PATCH DETAILS SECTION ----------- Patch Name : OMW_00006 Superseded by: OMW_00044, 9-10-2009, 15:20:49 Patch Name : OMW_00016 Superseded by: OMW_00048, 8-10-2009, 15:44:29 Patch Name : OMW_00020 Superseded by: OMW_00048, 8-10-2009, 15:44:29 Patch Name : OMW_00029 Superseded by: OMW_00048, 8-10-2009, 15:44:29 Patch Name : OMW_00044 Description : Agent WINDOWS A.08.60.1 Installed : 9-10-2009, 15:20:49 Patch Name : OMW_00048 Description : Mgmt Server/Console Installed : 8-10-2009, 15:44:29 HotFix Name : OMWHOTFIX_00001 Description : Mgmt Server/Console Installed : 8-11-2009, 17:00:29 Patch Name : OMW_00050 Description : Mgmt Server/Console Uninstalled : 9-1-2009, 15:36:39 The latest installed patches are: OMW_00044, OMW_00048, OMWHOTFIX_00001 -------- END OF PATCH DETAILS SECTION -------- Run all options The vpstat -z option runs all commands and prints the output to a file called vpstatout.txt. First, it looks for an environment variable named TEMP. If the variable is found, it stores the file in that directory (usually C:\TEMP). Otherwise, it stores the file in the current working directory. The following parameters are used for each option: -1, -2, -3 -d, -4 -l, -5 -l, -6 -l, -7 -d, -8 -d, -9, -p To run all options: HP Operations Manager (9.00) Page 253 of 1297 Online Help vpstat -z Sample output: generating file 'C:\TEMP\vpstatout.txt'... vpstat return codes All vpstat commands that verify a condition (like services running) return codes based on results of the verification. Normally, vpstat return codes indicate whether checked items (defined with the vpstat command) have passed verification. HPOMincludes the following vpstat return codes: 0 There was no error and checking was successful. 1 There was no error and checking was not successful. negative value If there was an error - execution of the tool failed. Examples l Checking a single process: vpstat -8 opcctla.exe Returns 0 if the opcctla.exe process is running; otherwise it returns 1. l Checking all processes (configured in the vpstat configuration file): vpstat -8 Returns 0 if all process listed in the [PROCESSLIST] section of the configuration file are running; otherwise it returns 1. Negative return codes If an internal error occurs during vpstat tool execution, a negative return code is returned. The following table includes possible negative return codes. Error Code Description -100 Retrieving of systemplatformtype failed. -101 Retrieving of systemmemory status failed. -102 Retrieving of systemdisk space status failed. -103 Retrieving of systemnetwork settings failed. -104 Retrieving of systemsecurity settings failed. -110 Retrieving of information fromconfiguration file (vpstat.conf) failed. -111 Systemruns out of physical memory when creating report. -112 Cominternal error (cannot initialize COMlibrary). HP Operations Manager (9.00) Page 254 of 1297 Online Help -113 Wrong parameter is specified. -114 Specified folder was not found. -115 Error in configuration file (vpstat.conf). -116 Internal error occurs. -117 Caught internal exception. -120 Opening of service control manager database failed. -121 Enumerating services under specific service control manager failed. -122 Opening of specific service failed. -123 Retrieving configuration parameters of specified service failed. -124 Retrieving the name and status of each service that depends on the specified service failed. -130 Establishing connection to predefined registry key failed. -131 Opening of specified registry key failed. -132 Retrieving of data for specific registry key failed. -133 Converting specified string into original class identifier failed. -140 Creating of an enquiry context for viewing the elements in an endpoint map failed. -141 Server is not listening for remote procedure calls. -150 Cannot connect to specified node. -151 Operating systemis not Windows. -152 Whenever establishing connection to predefined registry key failed or property under specified registry key does not exist. -160 Try to kill process failed, because process name or PID cannot be found. -170 Retrieving of handle to current process failed. -171 Enumerating of process modules failed. -172 Retrieving "exe" module failed (vpstat.exe). -180 Net-bios computer name cannot be retrieved. -190 Specified file cannot be found on specified path. -191 Patch configuration file is not specified. -192 Inserting of lines fails while patching configuration file. -193 Patching of REGLIST section in vpstat.comfailed. HP Operations Manager (9.00) Page 255 of 1297 Online Help -194 Patching of RPCLIST section in vpstat.comfailed. -195 Patching of COMLIST section in vpstat.comfailed. -196 Specified file cannot be found on specified path. -197 Patching of REQLIST section in vpstat.comfailed. -198 Patching of PROCLIST section in vpstat.comfailed. -199 Patching of CHKVER section in vpstat.comfailed. -200 Patching of DEPLIST section in vpstat.comfailed. -210 Saving changes to configuration file (vpstat.conf) failed. HP Operations Manager (9.00) Page 256 of 1297 Online Help Backup and restore It is important that you regularly back up the data on your HPOMmanagement server to preserve the data and configuration in the event of a failure and to maintain the customized configurations, policies, files, graphs, instrumentation, and reports that you have created. You can use any of the following methods: l Full systembackup (offline backup) l HPOMmanagement server backup (online backup) l Database backup (online backup) Full system backup (offline backup) A full systembackup that includes the operating system, all partitions, disks, and files, is the easiest way to back up and restore your HPOMmanagement server. A full systembackup is an offline backup. This means that the HPOMserver, as well as the operating system, is shut down and the backup is started using a special boot disk or partition and special backup or imaging software. HP recommends that you create an image/backup of your HPOMmanagement server using a suitable solution so that you can restore your complete system, including operating systemsettings like IP configuration, DNS configuration, and all installed software, including HPOMfor Windows. However, such a solution is not appropriate for a daily backup, because the management server must be shut down. Full backups can be supplemented with regular database backups. HPOM management server backup (online backup) In cases where you cannot use a full systembackup or imaging solution (for example, because you do not want to shut down the management server), you can use an HPOMtool that enables you to back up the management server online. A management server backup includes the HPOMdatabase and also HPOMconfiguration data fromthe registry, fromother configuration files, and fromthe file system(for example, instrumentation). To restore a management server fromthis type of backup, you must first restore the operating systemindependently. You can then restore the management server using a combination of the backup data and the HPOMinstallation media. HP recommends that you backup the management server at least once after the installation. The backup data contains everything that is necessary to restore the management server and enable it to communicate with the managed nodes after a complete failure. Database backup (online backup) HPOMprovides a policy and scripts that enable you to back up and restore the HPOMdatabase. The database backup has the advantage that it completes more quickly than the management server backup tool, and is therefore more suitable to run every night. However, the database backup does not include configuration data fromthe registry, fromother configuration files, or fromthe file system(for example, instrumentation). Therefore, you cannot rely on database backups alone. You may want to combine a full systembackup or management server backup with daily database backups. HP Operations Manager (9.00) Page 257 of 1297 Online Help If you performdaily database backups to save data, you may decide to performmanagement server backups only after you make significant changes to the management server configuration (for example, after you install a Smart Plug-in, or change the management server certificates). Related Topics: l Back up the HPOMmanagement server l Restore the HPOMmanagement server l Back up the HPOMdatabase l Restore the HPOMdatabase l Back up miscellaneous data and files Back up the HPOM management server HPOMprovides a tool that enables you to backup the management server online. The tool downloads backup data to a folder that you specify. This backup data includes the HPOMdatabase and also HPOMconfiguration data fromthe registry, fromother configuration files, and fromthe file system(for example, instrumentation). The backup data does not include the operating system, group membership, exported messages, customconsole definitions, or licenses. If you want to back up these items, you must back themup separately. To restore a management server fromthis type of backup, you must first restore the operating systemindependently. You can then restore the management server using a combination of the backup data and the HPOMinstallation media. To back up the HPOM management server 1. In the console tree, open the following tool group: Tools HP Operations Manager Tools HPOM Self Management 2. In the details pane, double-click Backup Management Server . The Properties dialog box opens. 3. In Parameter, type a hyphen (-) followed by the destination folder for the backup data, including the drive letter. If the path contains spaces, enclose the entire parameter in quotation marks (" "). For example: "-c:\temp\Backup Data" If you omit the parameter, the tool creates the backup data in the following folder: <share_dir>\datafiles\backup\ Note: The folder must already exist. You must specify a folder on a local drive on the management server. Click Next. The Login dialog box opens. 4. In User Name and Password, type the user name and password of a user who has administrative permissions on the SQL Server instance and permission to write files into the HP Operations Manager (9.00) Page 258 of 1297 Online Help backup folder. 5. Click Launch.... The Tool Status dialog box opens, and shows the status of the tool. The tool may take some time to complete. 6. Optional. After the backup tool succeeds, move the destination folder that you specified to a safe location. Caution: The backup data contains everything needed to create a management server that can manage existing nodes. Store this data securely. Restore the HPOM management server You can restore an HPOMmanagement server using the backup data that the Backup Management Server tool creates in combination with the HPOMinstallation media. HP recommends that you first install a clean operating systemon the computer, or restore the operating systemfroman image. It is not possible to repair an existing HPOMmanagement server. Therefore, if you choose not to install a clean operating systemon the computer, you must successfully uninstall the existing HPOMmanagement server before you can start to restore it. You must also make sure that the new system's full computer name is identical to that of the failed system. If the management server is in a cluster environment, make sure that the hostname of the HPOMvirtual management server also remains unchanged. After you restore the operating system, you can then restore the management server using a combination of the backup data and the HPOMinstallation media. For details on restoring a 64-bit version of HPOM, see the Installation and Migration Guide, which is available on the installation media in the folder \Documentation\HPOM Guides\en. For details on restoring a 32-bit version of HPOM, see the instructions that accompany the latest installation patch that applies to your version of HPOM. Note: You can check for installation patches at the HP Software Support web site. Back up the HPOM database HPOMincludes the scheduled task policy VP_SM_DB_Backup, which starts a script that performs a backup of the HPOMdatabase. If you deploy this policy to a management server, the policy schedules a backup of the database at 0:30 every day. If necessary, you can change this schedule before you deploy the policy. Alternatively, you can start a backup script immediately fromthe command prompt. Note: HPOMfor Windows 8.10 provided a version of VP_SM_DB_Backup for deployment to the node that hosts the HPOMdatabase. If you migrated fromHPOM8.10, and the management server uses a remote database, check the policy inventory of the node that hosts the remote database. HP recommends that you remove the older version of the VP_SM_DB_Backup policy fromthe node that hosts the remote database. If you deploy the latest version of the policy to a remote database server, the policy will fail and send a critical message. The VP_SM_DB_Backup policy sends messages to informyou of the backup progress: HP Operations Manager (9.00) Page 259 of 1297 Online Help l When the backup starts. l After a successful backup. (This message also contains the backup duration time.) l After a backup failure. (Critical message) The backup script creates backup files for the database and the database transaction log in a folder on the management server. By default this is a subfolder called backup in the database folder that was configured during the original management server installation. For example, if you use the local database supplied with HPOM(Microsoft SQL Server Express), the default database backup folder is: %OvDataDir%datafiles\OVOPS\backup The backup files have the following names: l openview_dat.bak (openview database) l openview_log.bak (openview database transaction log) The backup script overwrites these files each time it runs. If you want to keep several versions of the backup files, make sure that you copy each set of backup files before the policy runs again. To schedule a regular backup of the HPOM database 1. In the console tree, open the following policy group: Policy Management Policy Groups HPOM Self Management en Database Server 3. In the details pane, right-click VP_SM_DB_Backupand then click All Tasks Edit.... 4. In Execute as user and Specify password, type the user account and password of a user who has administrative permissions on the SQL Server instance and permission to write files into the backup folder. 2. Optional. By default the policy schedules the backup for 0:30 every morning. If that time does not suit your needs, you can adapt the schedule in the Schedule tab. 3. Click Save and Close, and then deploy the policy to the HPOMmanagement server. 4. Check regularly that the backup script successfully creates the backup files. To start a management server backup immediately You can start an immediate database backup by opening a command prompt on the management server, and then typing the following command: cscript "%OvInstallDir%\support\backup_openview.vbs" Related Topics: l Restore the HPOMdatabase Restore the HPOM database If you used the scheduled task policy VP_SM_DB_Backup or the script backup_openview.vbs to create a backup of the HPOMdatabase, you can restore it manually. The database backup does not include the operating system, management server software, configuration data fromthe HP Operations Manager (9.00) Page 260 of 1297 Online Help registry, fromother configuration files, or fromthe file system(for example, instrumentation). Therefore, if there is a problemwith the management server, you must restore it froma full system backup or a management server backup before you can restore the database. Before you restore the HPOMdatabase, you must stop the management server processes. Stop the management server processes 1. Close all open consoles. 2. Stop all services and processes using the following command: vpstat -3 -r STOP 3. If the management server is in a cluster environment, use the same command to stop the services and processes on every cluster node. Restore the HPOM database 1. Copy the database backup files to the same folder into which they were originally generated. By default this is a subfolder called backup in the database folder that was configured during the original management server installation. For example, if you use the local database supplied with HPOM(Microsoft SQL Server Express), the default database backup folder is: %OvDataDir%datafiles\OVOPS\backup The backup files have the following names: n openview_dat.bak (openview database) n openview_log.bak (openview database transaction log) 2. Make sure that the database is available. If you use the local SQL Server Express database that HPOMprovides, the database service was stopped with the other management server processes. In this case, use Services in the Windows Control Panel to restart the service called SQL Server (<instancename>). 3. Run cscript %OvInstallDir%\support\restore_openview.vbs. 4. Check the output of the script. The output should end with the text Restore succeeded. 5. Start the services and processes using the following command: vpstat -3 -r START Sample output Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. HPOM is stopped This backup files will be used to restore the openview database: BackupType: Full DB backup BackupFileLocation: E:\HPOM\Data\datafiles\OVOPS\backup\openview_dat.bak BackupName: openview_Full BackupStartDate: 2006-11-09 14:55:59.000 HP Operations Manager (9.00) Page 261 of 1297 Online Help BackupFinishDate: 2006-11-09 14:56:06.000 BackupType: Transaction log backup BackupFileLocation: E:\HPOM\Data\datafiles\OVOPS\backup\openview_log.bak BackupName: openview_Log BackupStartDate: 2006-11-09 14:56:06.000 BackupFinishDate: 2006-11-09 14:56:06.000 Are you sure that you want to replace the current openview DB with the contents of the backup above ? (y/n) y replace openview database with Restore Restore succeeded Related Topics: l Back up the HPOMdatabase Back up miscellaneous data and files The following items are not included in the HPOMmanagement server backup, but you can back themup separately. Group membership If the HPOMusers are local accounts, write down which users belong to the groups HP-OVE- OPERATORS and HP-OVE-ADMINS on the HPOMmanagement server. These group memberships must be recreated manually unless they will be restored as part of a full system recovery (froma full systembackup). If you used domain user groups during the HPOMinstallation, there is no need to back up the group membership information on the management server. Licenses All licenses are stored in the file %OvShareDir%\server\OprEl\AutoPass\LicFile.txt. Exported messages (optional) The default setting of the HPOMserver is to delete messages in the acknowledged message browser after 30 days. It is also possible to export the message into a Comma Separated Value (CSV) file. The setting is customizable in the Database Maintenance namespace in the Server Configuration dialog box. If you want to back up the downloaded messages (for example, for customreporting on messages), make sure that these files are included in the backup procedure. Custom HPOM console MMC definitions (optional) By default the HPOMserver includes only one HPOMconsole MMC definition file: %OvDataDir%\bin\HP Operations Manager.msc HP Operations Manager (9.00) Page 262 of 1297 Online Help Reconfiguring your setting in this single file is not complex or time consuming but you may want to back up the file as part of your daily backup. If you have created additional HPOMconsole MMC configuration files for specific users, then these files will have been saved in a location that you have explicitly selected, for example: Documents and Settings\<UserName>\Desktop A backup of these files will save time when recovering the HPOMserver, particularly if you have a number of these files - such as when multiple users are allowed to connect to the HPOMserver using Remote Desktop Services to run the HPOMconsole. In most cases the HPOMconsole MMC configuration files will reside on the systems that host the HPOMremote console. Consideration of the backup strategy for these files should be part of a full disaster recovery plan - although in many cases, recreating the console definitions is a simple option. Related Topics: l Change server configuration values HP Operations Manager (9.00) Page 263 of 1297 Online Help Improved availability HPOMfor Windows manages services and applications and therefore increases their availability for their users by detecting problems before they interfere with the normal operation of these services and applications. However, it is also desirable to improve the availability of the management server. The following options improve the availability of the management server itself: l Install the management server in a cluster to support failover fromone cluster node to another in case of a failure. l Set up a pool of management servers where the role of the primary manager is assigned to a virtual interface. Managed nodes send their messages not to a physical server but to its virtual interface. l Set up a standby management server and replicate the database periodically using Microsoft SQL Server Log Shipping. HPOM installed in a failover cluster You can install an HPOM management server in a failover cluster. Failover support means that the Windows cluster service is able to switch the HPOMmanagement server fromone cluster node to another if there is a problemwith the cluster node or the management server itself. To install and manage a 64-bit version of HPOMin failover cluster, you should be familiar with the Windows Failover Clustering feature and its concepts. If you have a 32-bit version of HPOMin a failover cluster, you should be familiar with the Windows Cluster Administrator and its concepts. Note: If you have an existing, non-clustered HPOMmanagement server and would like to ensure its availability by installing it in a failover cluster, you must migrate the management server fromthe current computer to the failover cluster. An HPOMmanagement server in a failover cluster must have a consistent installation on all cluster nodes. See the topic Check Cluster Consistency for details about how to check the consistency of your HPOMinstallation and about the impact of an inconsistent installation. You can manage failover clusters in Windows using Failover Cluster Management. The topic HPOMCluster Resource Group gives an overview about the cluster resources set up during the HPOMinstallation. The topic Registry Key Replication describes which server configurations are replicated between the cluster nodes. Check cluster consistency When the HPOMmanagement server is part of a failover cluster, it is necessary to keep the installation consistent on all nodes, regardless of which of the physical cluster nodes it is currently running on. A consistent installation means that all nodes have the same SPIs and HPOMpatches installed. A clustered installation also requires a consistent configuration of HPOMon all cluster nodes. Caution: As long as a cluster inconsistency is unresolved, HPOMcannot start or failover to the inconsistent cluster nodes. This could lead to unexpected down times of the management server. HP Operations Manager (9.00) Page 264 of 1297 Online Help Using the console tool Cluster Check Report, you can evaluate the current consistency status of the clustered HPOMinstallation. The tool also enforces cluster consistency. See the topic Cluster Consistency Enforcement for details. During the installation of the management server, a self management policy called "VP_SM-Cluster Consistency Check" is deployed to the management server virtual node. This policy checks the cluster once a day and generates a critical message if an inconsistent cluster is discovered. For details about this inconsistency, see the message annotations and instructions. Consistent configuration is ensured by both storing data in the database and replication of registry keys. For details, see Registry Key Replication. Cluster check report HPOMprovides a tool called Cluster Check Report, which checks to see whether all SPIs and HPOMpatches are installed on all cluster nodes. This tool is located in the console tree under Tools HP Operations Manager Tools Cluster Tools. It produces a report similar to the one shown below. --------------------------- OvOW Cluster Check Report --------------------------- Inventory ----------- OVOW cluster version: A.09.00 OVOW local version: A.09.00 OvOW installed on cluster nodes: * hpomcluster1.example.com * hpomcluster2.example.com Installed patches: Missing Installations: Pending Uninstallations: * end of report * First, the report shows the inventory of the HPOMinstallation. It shows which version of HPOMis installed on the cluster and on the node running HPOMat the moment. It shows the names of the cluster nodes on which HPOMis installed and an inventory of all SPIs and patches installed on the cluster, if any. After that the report shows if there are any SPIs or patches which are not installed on all cluster nodes. If this list is empty, then the cluster is consistent. However, if there are any entries there you must install the missing SPIs or patches on these nodes as soon as possible because HPOM HP Operations Manager (9.00) Page 265 of 1297 Online Help enforces a consistent installation and will refuse to run on the nodes in this list. This can lead to an unexpected down-time of the management server in case of a failure. The last part of the report shows if there are any previously installed SPIs or patches which have not been uninstalled on all cluster nodes. If this list is empty, then the cluster is consistent. However, if there are any entries there you must uninstall the SPIs or patches on these nodes as soon as possible, because HPOMenforces a consistent installation and will refuse to run on the nodes in this list. This can lead to an unexpected down-time of the management server in case of a failure. Cluster consistency enforcement The HPOMCluster Consistency Check cluster resource performs cluster consistency enforcement, explained in the topic "HPOMCluster Resource Group" (on page 266). Each time the resource is ordered to go online by the cluster service, it performs the cluster consistency checks. These checks must be performed successfully to start HPOMon that node. If this check fails for the current node, HPOMcannot start. Depending on the cluster configuration, HPOMwill be moved to the next available node. If the consistency check fails, an error is written to the Windows application event log. Attached to this event is a copy of the cluster check report, which contains the reason for the failure. HPOM Cluster Resource Group During the installation of a 64-bit version of HPOMin a failover cluster, you must specify an entry in Services and Applications that you created for HPOMin Failover Cluster Management. The installation creates several resources in the Services and Applications entry that you specify. The following screenshot shows the Services and Application entry in Failover Cluster Management. HP Operations Manager (9.00) Page 266 of 1297 Online Help On a 32-bit version of HPOMin a failover cluster, you have equivalent resources in Windows Cluster Administrator. Caution: After installing HPOMon a cluster, you must not change the names of the HPOM resource group or any HPOMresources. Otherwise, adding new nodes to the cluster or uninstalling HPOMwill fail. You can change the way that the cluster service treats the resources using Failover Cluster Management or Windows Cluster Administrator (depending on the version of HPOM). The HPOM installer creates the HPOMresources with the default settings defined by Microsoft. For details about these settings and their impact on the cluster and HPOM, consult the Failover Cluster Management or Windows Cluster Administrator online help that Microsoft provides. HPOMin a failover cluster contains the following resources: Resource Description HPOM Network Name This resource is the owner of the network name of the virtual HPOMserver entered during the installation. This resource depends on the IP address resource. HPOMIPv4 Address This resource is the owner of the IP address of the virtual HPOMserver entered during the installation. This resource depends on the shared disk drive resource. HP Operations Manager (9.00) Page 267 of 1297 Online Help Disk Drive This is the shared disk used by HPOMto store that part of its data which needs to be in sync between all cluster nodes. All other resources depend on this resource; they cannot work without it. HPOM Access Manager This resource controls the HPOMAccess Manager service. This resource depends on the HPOMStore Provider resource. HPOM AutoDiscovery Server This resource controls the HPOMAutoDiscovery Server service. This resource depends on the HPOMAccess Manager resource. HPOM Certificate Server This resource controls the HPOMcertificate server. This resource depends on the HPOMCluster Consistency Check resource. HPOMCluster Consistency Check This cluster resource ensures the consistency of the HPOMinstallation across all cluster nodes. See the Check Cluster Consistency topic for details. This resource depends on the HPOMRegistry Replication resource. HPOMDNS Discovery This resource controls the HPOMDNS Discovery service. This resource depends on the HPOMRegistry Replication resource. HPOM Message Action Server This resource controls the HPOMMessage Action Server service. This resource depends on the HPOMAccess Manager resource. HPOMPolicy Management and Deployment This resource controls the HPOMPMAD service. This resource depends on the HPOMStore Provider resource. HPOM Prerequisites Check Server This resource controls the HPOMNode Prerequisites Check Server service. This resource depends on the HPOMCluster Consistency Check resource. HPOM Registry Replication This resource is a placeholder for the registry keys that need to be replicated between the cluster nodes to keep the HPOMconfiguration on all nodes in sync. See the Check Cluster Consistency and the Registry Key Replication topics for details. This resource depends on the network name resource. HPOM Security Server This resource controls the HPOMSecurity Server service. This resource depends on the HPOMAccess Manager resource. HPOM Service Logger This resource controls the HPOMService Logger service. This resource depends on the HPOMCluster Consistency Check resource. HPOMStatus Engine This resource controls the HPOMStatus Engine service. This resource depends on the HPOMSecurity Server resource. HPOMStore Provider This resource controls the HPOMStore Provide service. This resource depends on the HPOMCluster Consistency Check resource. HP Operations Manager (9.00) Page 268 of 1297 Online Help HPOMWMI Platform Provider This resource controls the HPOMWMIPlatformProvider service. This resource depends on the HPOMCluster Consistency Check resource. SPI-Share This resource controls a Windows file share called "SPI-Share" which is used to store templates for the config file policy type. It depends on the network name resource. In order to use HPOMin a failover cluster, all the above-mentioned resources need to be online. Registry key replication As described in the Check Cluster Consistency topic, it is vital for the operation of HPOMin a cluster to have the HPOMinstallation on all cluster nodes installed and configured consistently. Because part of the HPOMconfiguration is stored in the systemregistry, parts of it will get replicated between the cluster nodes by the HPOMRegistry Replication cluster resource, as described in the topic HPOMCluster Resource Group. Each time this resource goes online on a cluster node, it replaces the registry keys listed below with the ones existing on the last active node. This has two consequences: first, only the currently active node has an up-to-date HPOM registry, and second, it is necessary make changes in these replicated keys on the currently active node. Changes made on other nodes will be lost whenever they become active. The following list shows the registry keys replicated by the registry replication resource. Each key, with all its values and its subkeys, will be replicated. Note: This list is not a documentation of how these keys are used by HPOMor an encouragement to change these. Refer to other parts of the documentation to see whether changing these keys is supported or not. SOFTWARE\Hewlett-Packard\OpenView\Common SOFTWARE\Hewlett-Packard\OpenView\OvOWRmtAgt SOFTWARE\Hewlett-Packard\OVEnterprise\Agent\OvMsgActFM SOFTWARE\Hewlett-Packard\OVEnterprise\Cluster\ConsistencyCheck SOFTWARE\Hewlett-Packard\OVEnterprise\Cluster\MgmtServerNodes SOFTWARE\Hewlett-Packard\OVEnterprise\Cluster\Patches SOFTWARE\Hewlett-Packard\OVEnterprise\Cluster\Resource SOFTWARE\Hewlett-Packard\OVEnterprise\Cluster\SPIs SOFTWARE\Hewlett-Packard\OVEnterprise\Cluster\Tillie SOFTWARE\Hewlett-Packard\OVEnterprise\Cluster\Upgrades SOFTWARE\Hewlett-Packard\OVEnterprise\Log SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\AutoDeployment SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\DBAccess SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\IIS SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\MsgActSrv SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\MsgStormDetect SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\NLS SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\NNM8 Adapter SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\Pmad SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\Server-based flexible management SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\ToolWebService HP Operations Manager (9.00) Page 269 of 1297 Online Help SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\WebService SOFTWARE\Hewlett-Packard\OVEnterprise\Plug-Ins\Self Manager SOFTWARE\Hewlett-Packard\OVEnterprise\Security SYSTEM\CurrentControlSet\Services\Eventlog\OvConfigChanges Server pooling Server pooling is an enhancement of the HPOMbackup server concept, which is an option to implement high availability for HPOM. Typically, in a backup server scenario, two or more HPOMmanagement servers are configured identically. The main installation is referred to as the primary manager and the others as backup servers. If the primary manager is temporarily inaccessible for any reason, you can configure HPOMto transfer messages fromthe managed nodes to one or more designated backup management servers using the command opcragt -primmgr. (Note that in large environments this switch may take some time to complete.) In a server pooling scenario, HPOMmanagement servers are also configured identically, but the role of the primary manager is assigned to a virtual interface. Managed nodes send their messages not to a physical server but to its virtual interface. If a physical server with a virtual interface is temporarily inaccessible for any reason, you can switch the virtual interface to another physical server. Agents on managed nodes reconnect to the virtual interface automatically, where no manual interaction is required. This is one of the main benefits of server pooling. If you have to performsome maintenance tasks on one physical server, simply transfer its virtual interface to another physical server and proceed with your maintenance work. HTTPS-based buffered message forwarding (hot message synchronization) is set up between all physical servers. Every message delivered to one physical server is transferred to all other physical servers, even when they are not accessible at the moment. When your maintenance work is finished and the HPOMmanagement server is running again, this physical server will get all those missed messages fromthe other physical server. All physical servers are also defined as responsible managers. This allows all physical servers to performthe configuration deployment and the action execution on all managed nodes. Every physical server can have more than one virtual interface at once, which allows the implementation of load balancing. Load balancing in general terms refers to spreading a workload among multiple computers. Load balancing is often achieved by a load balancing software or hardware device. In the context of HPOM, load balancing refers to the concept of switching the responsibility for a group of managed nodes or switching a Java GUI fromone management server to another; for example, in the following situations: l The load fromincoming messages is too high. l The number of managed nodes is too high for one management server. With a second management server added, you can split the load by directing half of the managed nodes or Java GUIs to the second management server. Server pooling is not designed for dynamic, short termload balancing. This is because the agent may run into a timeout and may start buffering messages. After a successful switchover, it will HP Operations Manager (9.00) Page 270 of 1297 Online Help establish a new connection. Load balancing can be used, however, for longer term, manual load balancing. HPOMdoes not support any load balancing software installed on the management server. To move some of the virtual interfaces to other, less used physical servers, you use commands such as ovbbccb, netstat, and ifconfig. If you are using a load balancer in your network environment, you can set up the virtual IP address on the load balancer instead of on a management server. The load balancer forwards the data to a management server according to its rules. Nodes that communicate with the management server using outbound-only connections are not supported together with load balancers. Comparison of Cluster, Backup Server, and Server Pooling The following table compares HPOMcluster, backup server, and server pooling environments. Feature Cluster Backup server (hot standby) Server pooling (hot standby - switch of virtual IP address) Failover of consoles Automatic Manual Manual Quick failover of consoles by moving the virtual IP address (can be automated). Failover of agents Automatic Manual (or scripted) failover to new server with opcragt -primmgr (this may take some time to complete for large numbers of managed nodes). Manual Quick failover of agents by moving the virtual IP address (can be automated). Configuration synchronization Not necessary Need to regularly synchronize the configuration . Need to regularly synchronize the configuration . Disaster recovery Cluster nodes must be close together, which means no disaster recovery. Backup server can be located remotely. Continuous operation is possible even when the primary site is completely unavailable. All servers must be in the same subnet, which means they need to be close together and thus do not provide for disaster recovery. Data corruption Data corruption is possible (if data is corrupted on the shared disk, it is corrupted on all cluster nodes). Load balancing Backup server can be used Backup server can be used to share the HP Operations Manager (9.00) Page 271 of 1297 Online Help Feature Cluster Backup server (hot standby) Server pooling (hot standby - switch of virtual IP address) to share the consolesload (both servers are fully operational management servers). consoles load (both servers are fully operational management servers). Hardware cost Higher hardware cost (special hardware is needed to provide for no single point of failure) . Requirements The following requirements apply: l Two or more physical servers. For details of the HPOMversions supported for server pooling, see the support matrix at HP Software Support Online. l All physical servers must be located in the same subnet. Special network configuration is required for Windows Server 2008 environments. l One or more virtual interfaces. l HTTPS agents. Server pooling is not supported with DCE agents. Limitations The following limitations apply: l Connections to the virtual interface fromthe HPOMMMC console are not supported. Only web console sessions are supported. l Physical nodes that are part of a clustered HPOMmanagement server installation cannot be part of an HPOMserver pool. l Clustered HPOMmanagement servers cannot be added to an HPOMserver pool. l The following are not supported for this release of HPOMServer Pooling: n External DNS-based hostname redirects for the virtual interface (CNAME entries) n External IP mapping mechanisms n Route Health Injection HP Operations Manager (9.00) Page 272 of 1297 Online Help Setup details A basic server pooling setup includes two physical servers and one virtual interface: l You need two instances of the HPOMmanagement server (M1, M2), each with their own HPOM database. Each instance and the database are fully online all the time. The management servers are configured as backup servers with buffered message forwarding set up between them. Each message is forwarded froman active server to a backup server. l A virtual interface (V), which belongs to only one physical server at a time. Flexible management setup All managed nodes have M1, M2, and V defined as responsible managers. Each responsible manager has all rights including the action execution and the configuration deployment. Responsible managers are defined in an agent-based flexible management policy, which must be deployed to all nodes. M1 and M2 entries in the flexible management policy are required for the server-to-agent communication (configuration deployment, action execution). An entry for the virtual interface is required for the agent-to-server communication (message sending). All managed nodes also have the virtual interfaces defined as primary managers. You can deploy the configuration fromboth servers (M1 and M2) if you keep the configuration data on both servers synchronized. Message forwarding setup M1 and M2 are set up to allow HTTPS-based buffered message forwarding fromone server to another. This is defined with a server-based flexible management policy. After failover, you do not need to synchronize messages between the two databases, because they are already synchronized. When the failed physical server starts up again, it receives all missed messages. For more details, see Server-based Flexible Management Policies. Configuration synchronization The node configuration in the database should be identical on all servers. In addition, node groups, policies, policy groups, and tools that are used to manage the nodes should be identical. It is therefore recommended that you periodically exchange the configuration between the management servers. Connecting Web consoles All Web consoles should connect to the virtual interface. Username and password for each user should be identical on both servers, so that Web consoles can automatically reconnect in case of a failover. Switchover behavior When a switch occurs, the virtual interface is transferred fromthe primary manager to the backup server. Web consoles show a small delay because they have to reconnect, which is done without HP Operations Manager (9.00) Page 273 of 1297 Online Help user intervention. Agents also reconnect automatically without user intervention. The delay in message processing is reduced, because the agents practically do not buffer messages any more at the primary manager downtime. This solution also provides the database redundancy. If the primary database becomes corrupt, a forced switchover of the virtual interface can take place. Server pooling scenarios The following scenarios vary fromsimple to more complex. You can adapt any of these scenarios to meet your specific needs. Scenario 1 Figure1 shows two physical servers (server1, server2) with one virtual interface (virtual_ server). This is similar to the classic backup server scenario. If you need to restart server1, you can simply switch the virtual_server to server2. After restart, server1 receives all missed messages. Scenario 2 Figure2 shows two physical servers (server1, server2) with two virtual interfaces (virtual_ server1, virtual_server2). In this case, load balancing is achieved with all managed nodes connected to the virtual_server1 and all Web consoles connected to the virtual_ server2. HP Operations Manager (9.00) Page 274 of 1297 Online Help Scenario 3 Figure3 shows a more complex scenario. It assumes three physical servers where each physical server has two virtual interfaces. Each managed node sends messages to one of the virtual interfaces. Physical servers are using event correlation to filter out related messages. When you detect a high server load on the physical server server1, switch one of the virtual interfaces fromthat server to another server. When the load on the physical server server1 decreases, switch the virtual interface back to the server1. Configuring server pooling The following procedure sets up two physical servers with one virtual interface. Using this procedure, you can easily set up more than two physical servers, and more than one virtual interface. The following configuration changes are necessary: 1. "Install the management server" (on page 276). Install the HPOMmanagement server as a standalone server on each physical server (M1 and M2). 2. "Configure the virtual interface" (on page 277). Configure the virtual interface. 3. "Configure the primary manager" (on page 279). Add a virtual interface and all physical servers as responsible managers in the responsible manager policy file. 4. "Configure message forwarding" (on page 281) Configure all HPOMservers in a backup server scenario with buffered message forwarding set up between them. 5. "Exchange trusted certificates" (on page 282). Exchange the servers' trusted certificates. 6. "Configure managed nodes" (on page 284). Set the virtual interface as a primary manager on all managed nodes. If a physical server with a virtual interface is temporarily inaccessible for any reason, you can switch the virtual interface to another physical server. HP Operations Manager (9.00) Page 275 of 1297 Online Help Install the management server Install the HPOMmanagement server as a standalone server on each physical server (M1 and M2). For instructions on how to install the HPOMmanagement server, see the HP Operations Manager for Windows Installation and Migration Guide. HP Operations Manager (9.00) Page 276 of 1297 Online Help Configure the virtual interface Configure the virtual interface as described below. If your nodes communicate with the management server using outbound-only communication, you must also create a new OV resource group on both physical servers. To configure the virtual interface 1. Activate the V virtual interface on the physical server M1 by adding the V virtual interface's IP address to the network interface adapter of M1 (using the netsh command, for example). 2. Invent a dummy core ID, for example cf600f32-0aba-7532-1e83-f61cdcefb5d7. 3. If your nodes communicate with the management server using outbound-only communication, continue with "To create an OV resource group for the virtual interface" (on page 277). Otherwise continue with "Configure the primary manager" (on page 279). To create an OV resource group for the virtual interface Performthe following steps only if your nodes communicate with the management server using outbound-only connections. Configure all outbound-only settings with the -ovrg virt option. This configures a new OV resource group named virt. See the HPOMFirewall Concepts and Configuration Guide for more information. 1. Create a new OV resource group for the V virtual interface. On the M1 physical server, enter the following command: md "%OvShareDir%\virt\conf\xpl\config" md "%OvShareDir%\virt\datafiles\xpl\config\jobs" where: virt is the name of the virtual resource group. 2. Create a new OvCoreId for the virtual interface. On the M1 physical server, enter the following: ovcoreid -create -ovrg virt ovcoreid -ovrg virt > C:\tmp\virt_coreid.txt Copy the C:\tmp\virt_coreid.txt file fromthe M1 to the same location on the M2. 3. On the physical server M2, create the same OV resource group virt and set the same OvCoreId. Enter the following commands: md %OvShareDir%\virt\conf\xpl\config md %OvShareDir%\virt\datafiles\xpl\config\jobs ovcoreid -set <GUID from C:\tmp\virt_coreid.txt> -ovrg virt where: GUID is the GUID contained in C:\tmp\virt_coreid.txt. 4. Issue a new certificate for the V virtual interface. On the physical server M1, enter the following: HP Operations Manager (9.00) Page 277 of 1297 Online Help ovcm -issue -file C:\tmp\virt.cert -name <V_virtual_interface> - pass virt -coreid <GUID from C:\tmp\virt_coreid.txt> where: <V_virtual_interface> is the name of the V virtual interface. 5. Import the new certificate into the keystore. On the physical server M1, enter the following command: ovcert -importcert -ovrg virt -file C:\tmp\virt.cert -pass virt To verify the imported certificate, use the following command on the physical server M1: ovcert -list -ovrg virt The certificate and trusted certificates should be listed. Copy the C:\tmp\virt.cert file fromthe M1 to the same location on the M2. On the physical server M2, enter the following: ovcert -importcert -ovrg virt -file C:\tmp\virt.cert -pass virt To verify the imported certificate, use the following command on the physical server M2: ovcert -list -ovrg virt The certificate and trusted certificates should be listed. 6. Bind the V virtual interface's IP address to the new OV resource group virt. On both physical servers, enter the following command: ovconfchg -ovrg virt -ns bbc.cb -set SERVER_BIND_ADDR <V_IP_ address> -set SERVER_PORT 383 where: <V_IP_address> is the IP address of the V virtual interface. 7. Activate the V virtual interface on the physical server M1 by adding the V virtual interface's IP address to the network interface adapter of M1. 8. Start the virt OV resource group on the physical server M1: ovbbccb -start virt HP Operations Manager (9.00) Page 278 of 1297 Online Help Configure the primary manager Agent-based flexible management policies enable you to configure managed nodes to send messages to different management servers based on time and message attributes. To configure the primary manager 1. Create a new agent-based flexible management policy. a. Add the physical servers and the virtual interface (M1, M2, V) as responsible managers to the policy. b. Add the core IDs of all responsible managers, which are returned by executing the following command on each physical system: ovcoreid c. Add the core ID of the virtual interface. The core ID of the virtual interface is the dummy GUID created in "To configure the virtual interface" (on page 277). Alternatively, if your nodes communicate with the management server using outbound-only communication, the core ID of the virtual interface is the GUID that has been created and written to the file in "To create an OV resource group for the virtual interface" (on page 277). Example of the flexible management policy: # # Configuration policy # defines action-allow managers # messages are always sent to the node's primary manager # RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Server Pool Members authorized for Management" SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "serv1.ovowtest.dom" ID "6150dbc2-5e4c-7531-193f-858e0b716c94" DESCRIPTION "physical" SECONDARYMANAGER NODE IP 0.0.0.0 "serv2.ovowtest.dom"ID "8fee9552-fc01-7531-06dc-e78703acbf1b" DESCRIPTION "physical" SECONDARYMANAGER NODE IP 0.0.0.0 "virt.ovowtest.dom" ID "cf600f32-0aba-7532-1e83-f61cdcefb5d7" DESCRIPTION "virtual" ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 0.0.0.0 "serv1.ovowtest.dom" ID "6150dbc2-5e4c-7531-193f-858e0b716c94" DESCRIPTION "physical" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "serv2.ovowtest.dom" ID HP Operations Manager (9.00) Page 279 of 1297 Online Help "8fee9552-fc01-7531-06dc-e78703acbf1b" DESCRIPTION "physical" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "virt.ovowtest.dom" ID "cf600f32-0aba-7532-1e83-f61cdcefb5d7" DESCRIPTION "virtual" 2. Optional. To check the policy's syntax, click Check Syntax. A message appears, which gives details of any errors. 3. Save the policy. Specify a name like "OMServer Pool Authorization" to find the policy easier later. Close the policy editor. Tip: Assign the policy to a policy group so that you can download the policy with ovpmutil. (You can then upload the policy on all management servers in the pool and thereby synchronize the configuration of all servers.) 4. Deploy the policy to the nodes that you want to configure. HP Operations Manager (9.00) Page 280 of 1297 Online Help Configure message forwarding Server-based flexible management enables you to forward messages between multiple management servers. To configure message forwarding 1. Create a new server-based flexible management policy. Add both physical servers as Message Target Managers to the policy. Example of the server-based flexible management policy: # # Server-Pool msg forwarding policy # TIMETEMPLATES # none RESPMGRCONFIGS DESCRIPTION "" SECONDARYMANAGERS ACTIONALLOWMANAGERS MSGTARGETRULES MSGTARGETRULE DESCRIPTION "Forward all Messages to all Server Pool Members" MSGTARGETRULECONDS MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "serv1.ovowtest.dom" MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "serv2.ovowtest.dom" 2. Optional. To check the policy's syntax, click Check Syntax. A message appears, which gives details of any errors. 3. Save the policy. Specify a name like "OMServer Pool Message Synch" to find the policy easier later. Close the policy editor. Tip: Add the policy to a policy group so that you can download the policy with ovpmutil. (You can then upload the policy on all management servers in the pool and thereby synchronize the configuration of all servers.) 4. Deploy the server-based flexible management policy to the local physical server. 5. Make the same policy available on the physical server M2 and deploy it to M2.You can either create the same policy again on M2 or use the ovpmutil command line tool to download the policy on M1 and upload it on M2. 6. Exchange the node configurations between the management servers. HP Operations Manager (9.00) Page 281 of 1297 Online Help Management servers immediately discard all messages fromunknown nodes. Therefore, before a management server can accept forwarded messages, you must upload the appropriate node configurations. Tip: Alternatively, you can configure external nodes on management server M1 and M2, which can represent a range of nodes without the need to configure each individual managed node. This option enables a management server to accept messages that originate from the nodes, but is not suitable if you need to manage the nodes fromthis management server. For example, you cannot start commands or launch tools on an external node. Exchange trusted certificates To enable server-based flexible management, you need to exchange the servers' trusted certificates. To exchange trusted certificates 1. On server M1, execute the following command: ovcert -exporttrusted -file C:\tmp\M1.cer -ovrg server 2. Transfer the file C:\tmp\M1.cer to server M2. 3. On server M2, execute the command: ovcert -importtrusted -file <M1_cer> -ovrg server where: <M1_cer>is the absolute filename of the certificate file that was transferred to server M2. 4. To export the M2 trusted certificate, execute the following command: ovcert -exporttrusted -file C:\tmp\M1_M2.cer -ovrg server Note: The trusted Certificates of M1 and M2 have been already merged in step 3. 5. Transfer the file C:\tmp\M1_M2.cer to server M1. 6. On server M1, execute the command: ovcert -importtrusted -file <M1_M2_cer> -ovrg server where: <M1_M2_cer>is the absolute filename of the certificate file that was transferred fromM2 to M1. 7. After the trusted certificates have been exchanged between both servers, execute the following command on both servers: ovcert -updatetrusted 8. When you have completed all the changes in the trusted certificate configuration on the management servers, you need to synchronize these changes to the managed nodes. On all managed nodes, you need to execute the following command: ovcert -updatetrusted HP Operations Manager (9.00) Page 282 of 1297 Online Help You can simplify this step by running the tool Update trusted certificates in the HPOM console. HP Operations Manager (9.00) Page 283 of 1297 Online Help Configure managed nodes To install new agents If you want to performa new agent installation on the managed nodes, follow the procedure below: 1. Define the policy group that contains the flexible management policy to be auto-deployed to all new managed nodes. (This is the agent-based flexible management policy that you created in "Configure the primary manager" (on page 279). You configure auto-deployment in the property dialog of the root node group in the node editor. 2. Edit the agent installation default settings that you want the management server to apply when it installs agents remotely. (You can also use these settings for manual HTTPS agent installations by creating an agent profile.) Instruct each managed node that its primary manager is the V virtual interface: a. Place an entry in the agent_install_defaults.cfg file on both physical servers. The file is located in the following directory: %OvDataDir%\shared\conf\pmad b. Add the namespace and the primary manager specification to the agent_install_ defaults.cfg file on both physical serves as follows: [eaagt] OPC_PRIMARY_MGR=<V_virtual_interface> where: <V_virtual_interface> is the name of the V virtual interface. 3. Install the agent software on the managed nodes: n Remote agent installations i. Install the agent remotely (using the agent installation defaults). n Manual agent installations i. On the physical server M1, download the agent-based flexible management policy, enter the following: ovpmutil cfg pol dnl <download directory> /pnn <primary node name> where: <primary node name> is the name of the managed node. The output is located in <download directory>. Transfer the policy header and data files to the nodes that you plan to install and store themin a temporary folder. ii. Create an agent profile. Any settings defined in the agent_install_ defaults.cfg file are also added to the agent profile. iii. To validate your changes to the agent installation defaults, execute the following HP Operations Manager (9.00) Page 284 of 1297 Online Help command: ovpmutil dnl prf /fqdn <name of any managed node> /d C:\tmp The defaults snippet created in C:\tmp should contain the following line: eaagt: OPC_PRIMARY_MGR=<V_virtual_interface> iv. Manually install HTTPS agents with a profile on each managed node but do not yet run the opcactivate command to activate the agent. v. Upload the agent-based flexible management policy, enter the following: ovpolicy -install -dir <directory> vi. Activate the agent on the node, enter the following: opcactivate -srv <V_virtual_interface> where: <V_virtual_interface> is the name of the V virtual interface. To configure existing agents On existing HTTPS agents, follow the procedure below: 1. Deploy the flexible management policy fromserver M1 to all managed nodes that have M1 set as primary manager. 2. Repeat the procedure on the physical server M2. 3. Instruct each managed node that its primary manager is the V virtual interface. For each managed node that belongs to physical server M1 (M2), use the following command on physical server M1 (M2): opcragt -set_config_var eaagt:OPC_PRIMARY_MGR=<virtual_interface> <node> where: <virtual_interface> is the name of the V virtual interface, and <node> is the name of the managed node that belongs to physical server M1 (M2). The alternative way to set OPC_PRIMARY_MGR is to configure the flexible management policy with a MSGTARGETRULE rule, so that the virtual interface is used as a target for all messages. The following is an example of the relevant part of the flexible management policy that you created in "Configure the primary manager" (on page 279). Add the following lines at the end of the flexible management policy and deploy the updated policy to the nodes. MSGTARGETRULECONDS MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "virt.ovowtest.dom" ID "cf600f32-0aba-7532-1e83-f61cdcefb5d7" HP Operations Manager (9.00) Page 285 of 1297 Online Help Note: Do not performthe opcragt -primmgr commands on the physical server. If you do it, the OPC_PRIMARY_MGR entry on the HTTPS agent side is overwritten with the address of the physical server, where opcragt -primmgr was executed. The HTTPS agent will send messages to that physical server (unless MSGTARGETRULE is defined in theflexible management policy), and in the case of a switchover, the HTTPS agent will not send messages to the new physical server with the virtual interface's IP address. Related Topics: l Configure HTTPS agent installation defaults l Install agents remotely l Manually install an HTTPS agent with a profile HP Operations Manager (9.00) Page 286 of 1297 Online Help Move a virtual interface to another physical server When you need to move a virtual interface fromone physical server to another, follow the procedure described below. To disable the V virtual interface on the physical server M1 1. Outbound-only communication only. Stop the virt OV resource group on the physical server M1. Enter the following: ovbbccb -stop virt 2. Stop the V virtual interface by removing the virtual IP address fromthe physical server M1. To enable the V virtual interface on the physical server M2 1. Start the V virtual interface on the physical server M2 by adding the virtual IP address to its network interface. 2. Outbound-only communication only. Start virt OV resource group on the physical server M2. Enter the following: ovbbccb -start virt HP Operations Manager (9.00) Page 287 of 1297 Online Help Server pooling in cluster environments Nodes that run as part of a clustered HPOMmanagement server installation cannot be included in server pools. Including clustered HPOMmanagement servers in a server pool is currently not supported. HP Operations Manager (9.00) Page 288 of 1297 Online Help Migrate from existing backup server environments You can convert an existing backup server environment into a server pooling environment. This can be performed in one step, or you can use a phased approach. To migrate to server pooling 1. Configure a virtual interface. See "Configure the virtual interface" (on page 277) for more information. 2. Add the virtual interface to the existing flexible management policy and then deploy the changed policy to all nodes. 3. Message forwarding between physical servers is probably already set as required. The HTTPS-based message forwarding is recommended. 4. Configure the agents on managed nodes to send their messages to the virtual interface. This can be performed in one step for all agents, or in phases for the limited number of agents. Use the procedure that describes how to change primary manager setting for the existing HTTPS agents fromsection "Configure managed nodes" (on page 284). After you change the primary manager setting to the virtual interface on existing agents with the opcragt command, it is not necessary to restart the agents in order to start sending their messages to the virtual interface. HP Operations Manager (9.00) Page 289 of 1297 Online Help Additional useful information DNS configuration l All management servers as well as the virtual interface should use static IP addresses. l All IP addresses, including those for the virtual interfaces, should appear in the Reverse Lookup zone on your DNS server. Create additional reverse pointer records if these entries are missing. Network configuration on Windows Server 2008 In Windows Server 2008, when you activate an IP address using the netsh command-line utility, the resulting gratuitous ARP Address Resolution Protocol message contains 0.0.0.0 as the sender's IP address. Most network devices regard these gratuitous ARPs as invalid and therefore cannot update their ARP tables. The ARP tables are not refreshed until the next valid ARP request arrives. Therefore, in a Windows Server 2008 server pooling environment, when the virtual interface moves to another physical server, the agents on the managed nodes cannot reach physical server M1 any more and start buffering and the console cannot connect to the management server. As soon as the ARP tables are updated and the IP address of the virtual interface is associated with the MAC address of physical server M2, the connection problems are resolved. To avoid interruptions, run the following commands on the computer that just acquired <virtual_ IP> (for example, physical server M2) to manually update the ARP tables: arp -d * ping -S <virtual_IP> <target_name> <virtual_IP> is the IPaddress of the virtual interface. <target_name> can be any address on the subnet, but not one on the same computer. It can be any other computer or a gateway, or even a non-existing address. The command arp -d * deletes all entries in the ARP tables of the computer where it is run. Before the computer can send an ICMP Internet Control Message Protocol ping, it must find out the MAC address of the target computer and therefore sends an ARP request. The command ping -S <virtual_IP> <target_name> sets the sender IP address of the ARP request to <virtual_ IP>. All computers on the subnet receive this broadcast and update their ARP tables accordingly. Tip: Add the commands to the server pooling scripts immediately after the netsh command that adds the IP address. Certificate handling The command line tool ovcert is very helpful to examine the certificate key store of a management server. To view installed certificates, type: ovcert -list The output lists two key stores: l Default key store l Server key store HP Operations Manager (9.00) Page 290 of 1297 Online Help The default key store lists agent certificates. Certificates installed in the server key store are used by HPOMserver components. Each installed certificate is listed as a GUID. To view extended information about a certificate, execute the following command: ovcert -certinfo <GUID> [-ovrg server] Note: The parameter -ovrg server must be specified if the certificate referred to in <GUID> is installed in the server key store. SSL connections The command line tool bbcutil allows testing connectivity and the correct certificate exchange between two nodes. To ping a remote system, execute the following command: bbcutil -ping https://<hostname> This ping command tests HPOMCommunication Broker on the remote system. It will be reported as unavailable, if there is neither an HPOMagent nor HPOMserver running on the system. An Ok result means that there are trusted certificates installed in the default key store. An SslError result indicates missing trusted certificates on one or both nodes (ping source and target). Certificates of the server key store are not used by bbcutil. You can also ping the network name of the virtual interface. Configuration synchronization If you have more than two management servers in your server pool, it might become necessary to simplify the server pooling configuration synchronization between your physical servers. It is useful to store your configuration data in a single place that is either accessible fromall physical servers (for example, a network file share), or on a removable media (for example, a USB flash drive). The server pool configuration includes: l The physical server's data model, which includes n Server pooling-relevant policies for action-allowed managers (flexible management) and message forwarding (server-based flexible management) n Node configuration n User roles n Service model n Server configuration values l File <virt>_coreid.txt that contains a virtual interface's Core ID l File <virt>.cert that holds a virtual interface's certificate l Trusted certificates of all physical servers (either the single certificate of each server or all certificates merged in one file) l Default agent installation profile agent_install_defaults.cfg You would typically create this store when you are finished configuring the first server. HP Operations Manager (9.00) Page 291 of 1297 Online Help 1. Export the entire configuration by executing the following command: ovpmutil cfg all dnl <Config_Store_Dir> where: <Config_Store_Dir>is a directory in your configuration store. If this directory does not exist, it will be created. 2. Copy the <virt>_coreid.txt and <virt>.cert files that have been created in the section "Configure the virtual interface" (on page 277) to your configuration store. The coreid.txt file is used to reference the coreid when you want to create the virtual interface on other management servers. The .cert file holds the virtual interface's certificate, that needs to be imported after the virtual interface has been configured on a new server pool member. 3. Copy the .cert files that were created in the section "Exchange trusted certificates" (on page 282) to your configuration store. These certificates need to be imported to new server pool members to create a trust relationship between the servers and the managed agents. 4. Copy the default agent installation profile to the configuration store. On the next HPOMserver that needs to be configured for server pooling, performthe steps fromthe section "Configure the virtual interface" (on page 277) to "Configure managed nodes" (on page 284), and reuse the stored configuration instead of creating new artifacts. 1. Import the server configuration data by executing the following command: ovpmutil cfg all upl <Config_Store_Dir> /noautodeploy where: <Config_Store_Dir>is the directory in your configuration store that holds the configuration data. 2. Use the GUID fromthe <virt>_coreid.txt file to set the virtual interface's coreid. Import the certificate from<virt>.cert as described in the section "Configure the virtual interface" (on page 277). 3. Exchange the trusted certificates fromyour configuration store with the one fromthe new server pool member as described in section "Exchange trusted certificates" (on page 282). Please note that all servers need to exchange their trusted certificates with all other server pool members. 4. Place the default agent installation profile fromyour configuration store into the directory described in section "Configure managed nodes" (on page 284). Failover to backup server In a warmstandby scenario, the secondary management server maintains a copy of the SQL Server database of the primary management server. The standby database on the secondary management server runs in "Recovery" (read-only) mode. To synchronize the two databases, a scheduled task policy backs up the transaction log of the active database, copies it to the secondary management server, and restores it to the standby database. This task runs at regular intervals. In case of a failure of the primary management server, the database on the secondary management server switches from"Recovery" to "Online" mode and the HPOMservices are started on the secondary management server server. Next, the Switch Management Server Tool is executed HP Operations Manager (9.00) Page 292 of 1297 Online Help on every managed node in order to switch the agents to report to the secondary management server fromnow on. To connect to the secondary management server, any consoles must be restarted. For more information, see the HPOMHigh Availability Utilizing Microsoft SQL Server Log Shipping white paper at the following location: %OvInstallDir%\paperdocs\en\HPOM_HA_with_SQL_Log_Shipping.pdf HP Operations Manager (9.00) Page 293 of 1297 Online Help Database maintenance You may find it necessary to performcertain maintenance tasks related to the openview database. Common maintenance tasks include: l Moving an existing database fromone systemto another l Distributing database files to different disk drives l Maintaining acknowledged messages in the database l Exporting acknowledged messages fromthe database l Resizing the amount of virtual memory that Microsoft SQL Server Express consumes Note: The database requirements described in the HPOMfor Windows Installation Guide also apply to the database maintenance tasks. To improve the performance of database queries, you may add your own indexes to the SQL Server database. Adding customindexes does not violate any support agreements you may have with Hewlett-Packard. Related Topics: l Move the database l Move the database files l Maintain acknowledged messages in the database l Export acknowledged messages fromthe database l Resize SQL Server Express virtual memory usage Move the database HPOMrequires a data repository, which is by default an SQL Server Express database installed locally on the management server (unless the management server runs in a cluster). During the HPOMinstallation, you can choose between installing an instance of SQL Server Express, or using a previously configured instance of SQL Server. This SQL Server instance can reside locally on the management server or on a remote database server. The HPOMinstallation then always creates a new database (openview) using the SQL Server (Express) instance that you have chosen. Moving the database may become necessary, for example when you need to separate the database fromthe management server to overcome hardware performance limitations, or when you need to upgrade the SQL Server version. You can move the openview database fromone SQL Server (Express) instance to a different SQL Server instance. The following migration paths are supported: l SQL Server Express instance SQL Server instance l SQL Server instance SQL Server instance To move the database 1. On the source database server, use SQL Server Management Studio, SQL Server Management Studio Express, or the osql command to performa full backup of the openview database. HP Operations Manager (9.00) Page 294 of 1297 Online Help 2. Copy the backup files to the destination database server. 3. On the destination database server, use SQL Server Management Studio or the osql command to restore the openview database. SQL Server restores the database to the same folder as the source folder, which is by default %OvDataDir%\datafiles\<instance name>. If the destination folder does not exist, create it before performing the restore. (If you specified a different folder during the management server installation, restore the database to this location by specifying the new restore destination for each file.) 4. On the destination database server, create the Windows authenticated database users: a. Copy the file %OvInstallDir%\lbin\OvOW\ServerConsoleInstall\dbscripts\create_ WinAuthUser.sql fromthe source database server to any folder on the destination database server. b. Open the file create_WinAuthUser.sql in an editor and replace all occurrences of <DOMAIN\HP-OVE-User> and <DOMAIN\HP-OVE-Deleg-User> with the management server account and the deployment account used in your installation. (The default accounts are <domain name>\HP-OVE-User and <domain name>\HP-OVE-Deleg- User, for example, EXAMPLE\HP-OVE-User and EXAMPLE\HP-OVE-Deleg-User.) Tip: Remember to also replace the angle brackets (< and >). c. Load the edited SQL script in SQL Server Management Studio and run it. 5. Configure the management server to connect to the database server: a. On the management server, open the ODBC Data Source Administrator and specify the new database server and instance name for the openview database (default: <database server>\OVOPS). openview is a systemdata source. b. Test the data source. If the test fails, performthe following additional tests: i. Fromthe management server, connect to the remote database server using the following command: osql -E -S <database server>\<database server instance> -d openview If the command completes successfully, the connection to the database server has been established. ii. Verify the name of the database server instance. iii. Verify the authentication to access the remote database. c. Open a command prompt and type the following command to stop all management server services: vpstat -3 -r stop d. Open a registry editor and go to the key "HKLM\Software\Hewlett- Packard\OVEnterprise\Management Server\DBAccess". e. Update the value OvOWInstance to contain the hostname of the destination database HP Operations Manager (9.00) Page 295 of 1297 Online Help server and the instance name (default: <database server>\OVOPS). (If you used an unnamed instance, enter the name of the database server only.) f. Update the value OvOWInstance_short to contain the instance name (default: OVOPS). (If you used an unnamed instance, leave the value empty.) g. Open a command prompt and type the following command to start all management server services: vpstat -3 -r start 6. Optional. If no other processes are using the old openview database, you can delete the database completely and then stop and disable the database instance server: a. Delete the openview database using the following commands: osql -E -S <database server>\<database server instance> drop database openview go quit b. Stop and disable the following services: SQL Server (<instance name>) SQL Server Agent (<instance name>) 7. Optional. If the source database was located on the management server and you no longer want the vpstat command to start and stop the database service, performthe following steps: a. Change to the directory %OvDataDir%\conf\vpstat and open the configuration file vpstat.conf in a text editor. b. Search for the section beginning with [SERVICELIST]. c. Add a number sign (#) at the beginning of the following line: .Service=VAR_SQLSERVER_INSTANCE SQLSERVER_LOCAL d. Save your changes and close the vpstat.conf file. 8. Optional. If the source database was an SQL Server Express database located on the management server, remove the self-management policy VP_SM_CHK_OVODB fromthe management server. 9. Optional. If the source database was located on the management server and the HP Operations Smart Plug-in for Databases is installed, remove the SPI and its policies fromthe management server and redeploy the SPI and policies on the remote database server. This is required because the location of the database instance has changed to the remote database server. Related Topics: l Distribute database files and log files to different disk drives Move the database files After initial installation, all components of the management server database are stored in the same directory, for example, as: %OvDataDir%\datafiles\<database_instance> HP Operations Manager (9.00) Page 296 of 1297 Online Help The database consists of several physical files, as shown in the table: File Name Purpose openview.mdf Primary partition for systemtables openview_log.ldf Transaction log file msgaction_dat.ndf Message Action Server tables msgaction_idx.ndf Message Action Server indexes pmad.ndf Policy Management and Deployment tables and indexes role.ndf Security Server Role tables and indexes store.ndf Store tables and indexes In large production environments with many managed nodes, a considerable amount of data could be collected and stored into the database. In such environments, it is advisable to distribute the database files and log files to dedicated disk drives with sufficient capacity to prevent data overflow. To achieve better performance by using parallel disk I/Os, you should distribute database files to separate disk drives. Note: You must have SQL Server sysadmin authorization to performthis procedure. To move the database files to another disk location 1. Stop any console sessions. 2. Stop the Windows Management Instrumentation (WMI) service, which stops all management server components. 3. Change to the folder %OvInstallDir%\lbin\OvOW\ServerConsoleInstall\dbscripts. This folder contains the scripts for attaching and detaching the physical files with the HPOM database. 4. Make sure that there are no more processes active in the openview database before you detach this database. 5. Detach the openview database by running the detach script: osql -S<database_instance> -E -i detachdb.sql The operation is successful if there is no error message. 6. Copy the physical database files that you want to move to their new location. 7. Make a copy of the attachdb.sqlscript, type: copy attachdb.sql myattach.sql 8. Edit the attach script myattach.sql, replacing the lines containing <NEW_LOCATION> with the actual physical location of the file. Note: You must specify all physical database files, even those that did not move. HP Operations Manager (9.00) Page 297 of 1297 Online Help 9. Attach the database files, run the command: osql -S<database_instance> -E -i myattach.sql 10. Start the OVEpStatusEngine service, which starts all management server components. Related Topics: l Move the database Maintain acknowledged messages in the database When you acknowledge a message it moves fromthe active messages browser to the acknowledged messages browser. The management server database that contains these acknowledged messages eventually reaches its capacity if regular maintenance is not performed. By default, HPOMfor Windows deletes acknowledged messages after 30 days. If you want to save the messages, you can configure HPOMfor Windows to export the acknowledged messages to CSV Comma Separated Values text files before deleting them. To configure maintenance of acknowledged messages 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespace and then click Database Maintenance. A list of values appears. 3. Change any of the values in the following table: Value Default Description Syntax Examples Database maintenance time 3:00 (3:00 A.M.) Specifies when the maintenance cycle starts. The default specifies that the database is scanned daily at 3:00 a.m. for acknowledged messages. [DayOfWeek- ]HourOfDay:Minute DayOfWeek: 0 -6; Sunday = 0 HourOfDay: 0 -23 Minute: 0 -59 6-20:10 (each Saturday at 8:10 p.m.) 23:59 (every day at midnight) Acknowledged message retention period (in days) 30 Specifies the time interval after which acknowledged messages should be deleted. The default is 30 days. To save these deleted messages, export the messages to text files. NumOfDays- NumOfHours- NumOfMin NumOfDays: 0 - any number. NumOfHours: 0 - 23 NumOfMin: 0 - 59 2-0-0 (purge messages after 2 days of acknowledgement). 375-23-0 (purge messages after 375 days, 23 hours of acknowledgement) Messages processed per database transaction 150 Defines the maximumnumber of messages that can be processed (exported or deleted) within one transaction. After the defined number of messages has been processed, the current transaction is committed and a new transaction is started to process the next block of messages. The default value is 150 (process maximum150 messages within a transaction; after processing 150 messages, start a new transaction). For best performance, delete no more than 1,000 any value > 0 HP Operations Manager (9.00) Page 298 of 1297 Online Help messages at a time. Maximum database maintenance scan duration (in seconds) 0 (unlimited time) Defines the maximumtime interval (duration) in seconds database maintenance is allowed to perform its operation. The default is 0 (indicates unlimited time). Decrease the database configuration if there is a danger that occasionally database maintenance could take too long (more than 30 minutes), which could then lead to problems as it overlaps with other scheduled tasks. If during operation, the end of the defined time interval is reached but there are still outstanding message blocks to be processed, then database maintenance finishes the processing of the current message block by committing the current transaction. Database maintenance will not start additional transactions so that it can continue with processing further messages. In this case, it writes the following warning message into the Windows Application Event Log: (MS850) DBMaint stopped due to the maximum duration time limit being reached. Messages that could not be processed (exported or deleted) due to the maximumtime interval being reached will be processed the next time database maintenance is scheduled to run. any value > 0 1800 (Process messages maximum30 minutes.) To delete acknowledged messages immediately Assume that the current time is 2:10 p.m. Change the following configuration values: l Database maintenance time: 14:11 This value uses time specifications in the range of 0:00-23:59. It does not understand a.m. and p.m. You should add one or two minutes to the current time. l Acknowledged message retention period (in days): 0-0-0 A value of 0-0-0 means a time interval of zero, so it includes all acknowledged messages. Note: Reset the values to their normal settings when this exceptional maintenance finishes. Related Topics: l Export acknowledged messages fromthe database Export acknowledged messages from the database To prevent the message database frombecoming too large, HPOMfor Windows deletes acknowledged messages after 30 days (or a period that you specify). If you want to save the messages, you can configure HPOMfor Windows to save the message information to CSV Comma Separated Values text files. Message export produces two files: HP Operations Manager (9.00) Page 299 of 1297 Online Help l Messages: HistoryYYYY-MM-DD-HH-MMMessages.csv l Annotations: HistoryYYYY-MM-DD-HH-MMAnnotations.csv If no messages are available for download, no file is written. To export acknowledged messages 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespace and then click Database Maintenance. A list of values appears. 3. Change any of the values in the following table: Value Default Description Export acknowledged messages before deleting them False Configures whether the database maintenance scan exports acknowledged messages to the file systembefore it deletes them fromthe database. Set this value to true if you want the messages exported before they are deleted fromthe message database (default is false). Location of the exported message files c:\\ A string that defines the location of the exported message files. Set this value to any drive and directory that you want. If the path does not exist, the messages are neither exported nor deleted, and an error message is written to the event log. The default path is c:\\. To make your CSV files go to the right directory, you need to put double back slashes for every directory, as shown: C:\\Documents and Settings\\All Users\\Application Data\\HP\\HP BTO Software\\Datafiles\\OldMessages Note: If you try to insert a different path, it will fail or default to the root "C:\". You must use the double back slashes, as in C:\\. Field separator for export , (a comma) A character that specifies the field separator which should be used in the exported message files for delimiting fields in a row. The default field separator character is the comma (,). Character code page for export MULTIBYTE A string that defines the character code page used for the exported message files. Set this value to UCS2 for 2 bytes Unicode. Set it to MULTIBYTE for mulitbyte character code page. The default value is MULTIBYTE. Use Microsoft Excel convention for export False Defines whether Microsoft Excel convention is used for formatting multi-line text fields in the message files. Set this value to true if you want to process the exported files with Microsoft Excel. Set this value to false if you want to leave the formatting unchanged and do not want to use Microsoft Excel for further processing exported message files. The default value is false. Related Topics: HP Operations Manager (9.00) Page 300 of 1297 Online Help l Maintain acknowledged messages in the database Resize SQL Server Express virtual memory usage The HP Operations Manager installation limits the amount of memory that Microsoft SQL Server Express can access by setting the max server memory configuration option for the HPOM database instance (default name OVOPS) to 50% of physical memory. Depending on how much physical memory is available, you can increase or decrease the maximum amount of virtual memory that Microsoft SQL Server Express is allowed to consume. You can use, for example, the stored procedure sp_configure to adjust the max server memory server configuration option accordingly. For more information about max server memory, see Server Memory Options at Microsoft SQL Server Developer Center. Related Topics: l Move the database l Move the database files HP Operations Manager (9.00) Page 301 of 1297 Online Help Node name resolution in HPOM Several enhancements have been implemented to improve the performance of HPOMfor Windows node name resolution. The speed of the node name resolution has a significant impact on the following areas: l Message filter (directly impacts flow of new incoming messages) l Health check l Actions These enhancements will help resolve (or at least reduce) the following performance related problems: l Slow initialization of the HPOMnode cache during the startup phase of the OvEpMessageActionServer service (30 to 60 minutes). During the initialization, the message flow is disabled. l Slow name resolution if using agentless nodes. l Significant delays for new incoming messages due to slow node name resolution. l Slow health check, slow processing of ICMP replies sent frommanaged nodes. Managed environments that do not make use of DHCP will experience the largest benefits. Here, an optional memory based cache can be configured which drastically reduces the number of the Windows API calls gethostbyname() and gethostbyaddr(). However, environments using DHCP can also take advantage of a modified ip-address verification which tries to avoid unnecessary reverse node name resolution. To make use of the enhancements, you must configure several values using the Server Configuration dialog box. If the values are not set, then the enhancements will not take effect. See the Related Topics for enhancement details. Related Topics: l "Avoid unnecessary name resolution for agentless nodes" (on page 302) l "Reduce the number of Windows API calls gethostbyname() and gethostbyaddr()" (on page 304) l "Configure the number of retries for gethostbyname and gethostbyaddr" (on page 305) l "Avoid unnecessary reverse name resolution" (on page 306) Avoid unnecessary name resolution for agentless nodes Certain environments make use of "agentless nodes". These nodes are not physical nodes, meaning they do not have an IP address or an agent ID. They are only used to associate messages to themthat originate fromnon-IP network elements or fromother HP BTOSoftware products such as HP SiteScope. Agentless nodes are configured in HPOMby using an arbitrary name. Although agentless nodes do not have an IP address and an agent ID, the Message and Action Server by default tries to resolve themwhen initializing its node cache and each time they appear in a message. This unnecessary name resolution has a significant impact on startup time and on message throughput. HP Operations Manager (9.00) Page 302 of 1297 Online Help Currently HPOMnode configuration does not allow to explicitly define a node as "agentless". Therefore, the following convention is used to define agentless nodes. A node set up in the node database qualifies for being recognized as a agentless node when it meets the following prerequisites: l Must not have an IP address and the name given should not be DNS resolvable at any time. l Must not have an agent ID. l Must not be configured for DHCP. l Must match a user-configured value pair for the following properties: n Systemtype n Operating system If a node qualifies as being an agentless node based on the systemtype and operating system properties, then no name resolution will be performed during production and messages associated with the node will pass the message filter without further checks. To configure nodes as agentless nodes 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. 2. Click Namespaces, and then click Node Cache Settings. A list of values appears. 3. Change any of the values in the following table: Value Possible Settings Default Setting Description Node system type for agentless nodes KNOWN, UNKNOWN, ANY, TURNOFF TURNOFF Specifies how to qualify agentless nodes in dependency of their systemtypes. If the value is set to KNOWN, then systemtype must be set to a known systemtype (for example, PentiumCompatible, Power PC family, SPARC Family, PA-RISC Family, Itaniumcompatible) and must not be set to Other. If the value is set to UNKNOWN, then systemtype must be set to Other. If the value is set to ANY, then any node qualifies independently of the systemtype setting. Node OS type for agentless nodes KNOWN, UNKNOWN, ANY, TURNOFF TURNOFF Specifies how to qualify agentless nodes in dependency of their operating systems. If the value is set to KNOWN, then the operating systemmust be set to a known operating systemand must not be set to Unknown. Supported operating systems are shown on the Software Support Online web site support matrix. If the value is set to UNKNOWN, then the operating systemmust be set to Unknown. If the value is set to ANY, then any node qualifies independently of the operating systemsetting. HP Operations Manager (9.00) Page 303 of 1297 Online Help Note: For qualifying agentless nodes, both values must be set. If none or only one of the values is set, then no agentless nodes will qualify. The following examples show how the management server interprets the settings described above to determine if a node qualifies as agentless node or not: 4. Click OK to save your settings and to close the Server Configuration dialog. 5. Restart the Message and Action Server service (OvEpMessageActionServer) for your changes to take effect. The following examples show how the management server interprets the settings described above to determine if a node qualifies as agentless node or not: Node system type for agentless nodes Node OS type for agentless nodes Description UNKNOWN UNKNOWN Node qualifies as an agentless node if the systemtype is set to Other and the operating systemis set to Unknown. KNOWN KNOWN Node qualifies as an agentless node if the systemtype is set to a known systemtype (for example, PentiumCompatible, Power PC family, SPARC Family, PA-RISC Family, Itaniumcompatible), and the operating systemis set to a known operating system. ANY ANY >Node qualifies as an agentless node independently of the system type and operating systemsettings. Related Topics: l "Change server configuration values " (on page 200) Reduce the number of Windows API calls gethostbyname() and gethostbyaddr() To drastically reduce the number of the Windows API calls gethostbyname() and gethostbyaddr(), an HPOMuser-configurable name server cache has been added. It caches the parameter and the returned results of these functions. Whenever a name resolution or reverse name resolution is required for a node, it will be first checked whether the required information is already available in the cache. If the information is there, then it will be used instead of calling gethostbyname() or gethostbyaddr(). When the maximumnumber of the cache entries is reached, the entry with the lowest reference count number will be swapped to make space for a new entry. The strategy is to keep those entries which are mostly referenced in the cache. Also the parameter and results of unsuccessful gethostbyname() and gethostbyaddr() calls are kept in the cache. This helps to quickly detect nodes that are not resolvable because they might have been deleted fromDNS but still send messages as an agent is installed there. Note: Caching is used only if none of the managed nodes are configured for DHCP in the HPOM node configuration. If there are DHCP nodes configured, then the name server cache will be ignored independently of whether it is enabled or disabled. HP Operations Manager (9.00) Page 304 of 1297 Online Help You can configure the name server cache with two values in the Node Cache Settings namespace in the Server Configuration dialog box: Turn on node cache and Node cache size. After you have changed a value, restart the OvEpMessageActionServer service for the change to take effect. Name Default Value Description Turn on node cache TRUE When set to TRUE, the name server cache is enabled and will be used. Node cache size 100 Defines the maximumnumber of entries in the name server cache. It should be set to a minimumvalue of 100. The maximumvalue depends on the available main memory and the number of managed nodes. Recommended setting: Number of managed nodes plus 100. NOTE: the name server cache is located in the address space of OvEpMsgActSrv.exe, so there might be an increased usage of the virtual memory of this process. Related Topics: l Change server configuration values Configure the number of retries for gethostbyname and gethostbyaddr Independent of whether name server caching is enabled or disabled, the Windows API functions gethostbyname() and gethostbyaddr() will be used at some points. Under certain conditions (network problem, DNS problems) these calls might fail. This would then be interpreted as "node name could not be resolved". There is however a very low probability that a name or IP address could be successfully resolved if these calls would be retried more often. By default, the maximumnumber of retries is 3. So if the first call fails, there is a maximumof 2 more retries. Such retries however have a significant impact on the time it takes to decide whether a node name is resolvable or not. If the assumption can be made that the network and DNS is reliable and is properly configured, then the number of retries can be set to the minimumvalue of 1. In case there are some doubts on the reliability of the network and DNS, the number should be set to 2 or 3. The number of overall retries for the Windows API calls gethostbyname() and gethostbyaddr() is configured by the value Name resolution retries in the Node Cache Settings namespace in the Server Configuration dialog box. After you have changed a value, restart the OvEpMessageActionServer service for the change to take effect. Name Default Value Description Name resolution retries 3 Specifies the maximumnumber of retries in case of unsuccessful gethostbyname() and gethostbyaddr() function calls. Possible values: 1, 2, or 3. Related Topics: HP Operations Manager (9.00) Page 305 of 1297 Online Help l "Change server configuration values " (on page 200) Avoid unnecessary reverse name resolution By default, HPOMperforms reverse name resolution for incoming messages that contain the IP address and optionally the node name of the managed node, but no agent ID. Such messages are typically triggered by SNMP traps and are proxied. The default reverse name resolution process calls the function gethostbyaddr() by using the IP address stored in the arriving message. Then it takes the returned node name and verifies whether it really corresponds to the name which is stored in the message. If no node name is stored in the message, then it crosschecks whether the node name returned by the gethostbyaddr() call is known in the HPOMnode configuration. If the returned node name is a short name, then it calls gethostbyname() to get the long host name (FQDN). Then it checks whether the long host name is known in the HPOMnode configuration. These multiple level of checks are used to cover all kind of theoretical corner cases which might show up very rarely in well-managed environments. The vast majority however will never hit such corner cases, so in most environments the reverse name resolution could be avoided safely if the following conditions match: l If the name of a managed node is changed, then this change is immediately performed manually in the HPOMnode configuration by using the HPOMmanagement console. l If the IP address of a non-DHCP managed node is changed and the IP address was used for configuring the primary node name or the communication path then this change is immediately performed manually in the HPOMnode configuration by using the HPOMmanagement console. Avoiding unnecessary reverse name resolution can be configured by the value Reverse name resolution method in the Node Cache Settings namespace in the Server Configuration dialog box. Name Default Value Description Reverse name resolution method 1 If set to 1, reverse name resolution is always performed if no agent ID but IP address is contained in an incoming message. If set to 2, reverse name resolution will be avoided if possible. HPOMverifies the IP address as follows: if the message contains only the IP address, but no node name, then check whether the IP address is known in the HPOMconfiguration. If yes, then the message can pass. If the message contains both the IP address and node name, then first check whether the pair IP address plus node name can be found in the HPOM node configuration. If yes, then the message can pass. Otherwise HPOM performs a reverse name resolution. Note: If DHCP is not used and name server caching is enabled, then reverse name resolution (if required) will be fast in any case. Related Topics: l "Change server configuration values " (on page 200) HP Operations Manager (9.00) Page 306 of 1297 Online Help Message storms A message stormis the phenomenon that occurs when an unusually high number of new messages arrive on the management server within a short time interval and flood the active message browser. During a message storm, the disc space consumption for the database increases significantly. Frequently, message storms can lead to management server outages. It could take a significant amount of time to reset the management server to a consistent state. Message storms can occur for the following reasons: l Wrongly designed policies that generate a high number of messages. In many cases the messages describe the same event. l Due to some network problems or long-lasting maintenance tasks, agents were disconnected fromthe management server. During this time, the agents detected multiple problems, generated a high number of messages, and buffered themlocally. When the communication to the management server is re-established, the agents send the buffered messages within a short time interval. l If network devices are included in the managed environment, these devices might generate considerably more SNMP traps than usual in case of serious network failures. If the monitoring policies do not consider this by applying suppression rules, then the systemforwards SNMP events endlessly. This can lead to message storms. Related Topics: l Detect and suppress message storms l Configure the message stormdetection mechanism Detect and suppress message storms As a systemadministrator, you can take the necessary precautions to detect and, optionally, suppress message storms by configuring the message stormdetection mechanismand defining appropriate automatic and operator initiated actions. The message stormdetection mechanismis based on the following two message properties: l Detection based on TimeCreated Agents create a high number of messages within a short time interval. The message storm detection is based on the TimeCreated property of the message, which is set on the managed node when the agent creates the message. If there are many messages froma certain node where the TimeCreated values are close by, this indicates a message storm. This is the classical case for a message storm. In most cases, the root cause might be wrongly defined policies. l Detection based on TimeReceived Agents send a high number of messages within a short time due to a large backlog of buffered messages on managed nodes. The detection is based on the TimeReceived property of the message, which is set on the management server when the message arrives. HP Operations Manager (9.00) Page 307 of 1297 Online Help If there are many messages froma certain node where the TimeReceived values are close by, but the TimeCreated values show normal deltas, then this indicates a message storm. However, this is a less common cause for a message storm. As administrator, you can configure what to interpret as a message stormfor both message properties by setting configuration values in the Server Configuration dialog box in the following namepaces: l Message StormDetection Based on Time Created l Message StormDetection Based on Time Received You can enable the detection for both properties in parallel or for only one. As soon as a message stormis detected, a high priority notification message is sent to the console and the automatic action assigned to the message is launched. Note: By default, the message stormdetection mechanismis disabled. Message stormdetection works on a per node basis. Related Topics: l Message storms l Configure message stormdetection Configure message storm detection Message stormdetection is disabled by default. By setting appropriate values in the Server Configuration dialog box, you can configure the message stormdetection mechanismaccording to the individual needs of your managed environment. You can configure what to interpret as a message stormby setting configuration values in the following namepaces: l Message StormDetection Based on Time Created l Message StormDetection Based on Time Received The following table shows the values, which are the same in both namespaces used by the message stormdetection mechanism. Note that these values have to be defined separately for each of the two available mechanisms. The assigned configuration values however can differ between two mechanisms. Value Name Possible Values Description Enable message storm detection based on time created Enable message storm detection based on True, False Used to enable or disable message stormdetection. Set it to true to enable, set to false to disable. HP Operations Manager (9.00) Page 308 of 1297 Online Help time received Time interval to analyze Any value from1 to 604800 Time interval in seconds over which the message flow is analyzed. Number of messages for beginning of message storm Any value from2 to 1000000 Used in combination with the time interval to analyze. If based on the message property TimeCreated, then it specifies the maximumnumber of messages which can be created on a managed node within the defined time interval. If based on the property TimeReceived, then it specifies the maximum number of messages which can be received on the management server froma managed node within the defined time interval. If this value is exceeded, then this indicates a message storm. In this case the mgmt server automatically creates a high priority message and sends it immediately to the console. This message contains information about the affected node, message count, and time interval. The severity of this message can be configured with the value "Severity of the message stormbegin message". Optionally, both an automatic and operator- initiated action can be associated with this message by using the values "Automatic action of the message stormbegin message" and "Operator-initiated action of the message stormbegin message". The actions could contain the command to start the "opcragt" tool to stop the agent on the affected node on demand. Suppress messages during message storm True, False Defines whether to suppress messages for a managed node for which a message stormhas been detected. If the option suppression is selected, then all messages for the affected managed node will be suppressed until the message stormis over. The end of a message stormis detected automatically. Use the value false if you do not want messages to be suppressed; use the value true if you want messages to be suppressed. Suppressed messages are not stored in the database and are lost. Number of messages for end of message storm Any value from1 to 1000000 Defines the number of messages to fall below until a message stormis indicated as over. If the message stormis over, then the message suppression is stopped automatically for the affected node. Then the management server creates a high priority message and sends it immediately to the console to informoperators about the end of the message storm. This message contains information about the affected node, message count, and time interval. The severity of this message can be configured with the registry value "Severity of the message stormend message". Optionally, both an automatic and operator- initiated action can be associated with this message by using the registry values "Automatic action of the message stormend message" and "Operator-initiated action of the message stormend message". HP Operations Manager (9.00) Page 309 of 1297 Online Help Severity of the message storm begin message 2,4, 8, 16, 32 Severity of the high priority message sent to the console to indicate the start of a message storm. Use the following numeric values: 2 normal 4 warning 8 minor 16 major 32 critical Severity of the message stormend message 2, 4, 8, 16, 32 Severity of the high priority message sent to the console to indicate that a message stormis over. Use the following numeric values: 2 normal 4 warning 8 minor 16 major 32 critical Automatic action of the message storm begin message String Name of a command file (.cmd or .bat) or name of a script file (.vbs) to be associated as an automatic action to the high priority message that is sent when a message stormis detected. Run time options and variables can be optionally added following the command/script file name. The automatic action is executed on the management server immediately as a high priority action. The action execution does not involve the agent. It is also executed if the agent is stopped or is not installed on the management server. Possible tasks for the automatic action could be: l Stop the agent on the affected managed node by using the "opcragt" tool. l Send an email to the operators. l Page the operators. Assign an empty string if no automatic action should be assigned to the message. Use the file %OvBinDir%\OvMsgStormStartAutoTmpl.cmd as the template for a command file that could be assigned as an automatic action to a high priority message. Automatic action of the message stormend message String Name of a command file (.cmd or .bat) or name of a script file (.vbs) to be associated as an automatic action to the high priority message that is sent when a message stormis over. Run time options and variables can be optionally added following the command/script file name. The automatic action is executed on the management server immediately as a high priority action. The action execution does not involve the agent. It is also executed if the agent is stopped or is not installed on the management server. A possible task for the automatic action could be to send an email to the operators to indicate the end of a message storm. Assign an empty string if no automatic action should be assigned to the message. HP Operations Manager (9.00) Page 310 of 1297 Online Help Operator- initiated action of the message storm begin message String Name of a command file (.cmd or .bat) or name of a script file (.vbs) to be associated as an operator-initiated action for the high priority message that is sent when a message stormis detected. Run time options and variables can be optionally added following the command/script file name. A possible task in the operator-initiated action could be to restart the agent on the affected managed node by using the "opcragt" tool. Assign an empty string if no operator-initiated action should be assigned to the message. Use the file %OvBinDir\OvMsgStormStartOperatorTmpl.cmd as a template for a command file that could be assigned as an operator-initiated action for a high priority message. Operator- initiated action of the message stormend message String Name of a command file (.cmd or .bat) or name of a script file (.vbs) to be associated as an operator-initiated action for the high priority message that is sent when a message stormis over. Run time options and variables can be optionally added following the command/script file name. Possible tasks depend on the managed environment and user requirements. Assign an empty string if no operator initiated action should be assigned to the message. Message key prefix for message storm messages Any string User-defined prefix of the message key to add to the high priority messages generated when a message stormis detected and when a message stormis over. One of the following keys is constructed when a message stormis detected: <MsgKeyPrefix>:TimeCreated:start:<NodeID> <MsgKeyPrefix>:TimeReceived:start:<NodeID> One of the following keys is constructed when a message stormis over: <MsgKeyPrefix>:TimeCreated:end:<NodeID> <MsgKeyPrefix>:TimeReceived:end:<NodeID> Note: Defining this value ensures that a message created at the end of a message stormautomatically acknowledges the message created when the message stormwas detected. Assign an empty string if no message key should be created and to suppress automatic acknowledgement. Service name for message storm messages Any string Service name that should be assigned to the high priority messages. The following format is used: <ServiceName>@@<NodeID> Note: If message stormdetection is enabled, then it is necessary to insert all values correctly. Missing incorrect values will disable message stormdetection. Change the configuration dynamically After the initial configuration of the message stormdetection mechanism, the OvEpMessageActionServer service must be restarted to read the configuration values. HP Operations Manager (9.00) Page 311 of 1297 Online Help Subsequent changes to the configuration values, however, do not require a restart of the OvEpMessageActionServer service. Values can be changed at any time during production and the new values take effect immediately, so it is possible to dynamically enable and disable the message stormdetection mechanism. Note: Any dynamic change to the configuration values while the message stormdetection mechanismis enabled will reset the message flow analysis by starting a new measuring time interval. Metrics collected up to this point are ignored. Related Topics: l Message storms l Variables used in message stormdetection Variables used in message storm detection Variables can be added as run time options when starting the command files or scripts assigned to high priority messages. See the values: l Automatic action of the message stormbegin message l Automatic action of the message stormend message l Operator-initiated action of the message stormbegin message l Operator-initiated action of the message stormend message The following table lists the variables that you can use. Variable Description <$MSGSTORM_ MSG_ID> Returns the unique identity number of the high priority notification message, as generated by the message stormdetection mechanism. <$MSGSTORM_ NODE> Returns the IP address of the managed node that caused the message storm. <$MSGSTORM_ NODE_NAME> Returns the node name of the managed node that caused the message storm. <$MSGSTORM_ NODE_ID> Returns the GUID of the managed node that caused the message storm. <$MSGSTORM_ TYPE> Returns the type of the message storm. Value 1 is returned for message storms based on the message property "TimeCreated." Value 2 is returned for message storms based on the message property "TimeReceived" <$MSGSTORM_ NUM_ MESSAGES> If a message was generated to indicate that a message stormhas begun, then this variable returns the number of messages received within the time interval for which the message flow has been analyzed. If a message was generated to indicate that a message stormis over, then this variable returns the number of messages received within the time interval for which the message flow has been analyzed. The returned number must be below the number specified with the registry value "RecoverCount." <$MSGSTORM_ TIME_ INTERVAL> Returns the time interval in seconds during which the message flow was analyzed HP Operations Manager (9.00) Page 312 of 1297 Online Help <$MSGSTORM_ EVENT> Returns the value 1 if message has been created to indicate a message storm; returns the value 2 if message indicates that the message stormis over. <$OPC_ MGMTSV> Returns the node name of the management server where the message storm has been detected. Related Topics: l Detect and suppress message storms l Configure message stormdetection High priority messages and actions Message storms are exceptional situations which can lead to disruption in your environment. It is important that the notification message generated by the message stormdetection mechanismbe sent immediately to the management consoles and that the automatic action assigned to it be executed without any delay. The management server achieves this by using high priority messages, which have the following characteristics: l They are generated and sent directly by the management server, without involving the agent. l They are not placed into the message queue but are sent immediately. l Automatic actions assigned to high priority messages are treated as emergency actions and are executed immediately without involving the agent. Consequently, the agent on the management server does not have to run to handle high priority messages and actions. l High priority messages cannot be created by policies. Note: High priority messages do not automatically have Critical severity. Their severity can be defined by using the values "Severity of the message stormbegin message" and "Severity of the message stormend message". Related Topics: l Message storms l Variables used in message stormdetection l Messages generated by message stormdetection Messages generated by message storm detection If a message stormis detected, then the message stormdetection mechanismcreates a high priority message with the following properties. Property Value Severity Set to the severity as defined with the value "Severity of the message stormbegin message" Group OVO Application OVO Object OVOMsgStorm HP Operations Manager (9.00) Page 313 of 1297 Online Help Message key <MsgKeyPrefix>:TimeCreated:start:<NodeID> Or <MsgKeyPrefix>:TimeReceived:start:<NodeID> Service name <ServiceName>@@<NodeID> Text Message stormdetected on <NodeName>. Detection was based on the message property <TimeCreated | Time Received>. Node Id: <NodeID> Number of received messages: <Nbr of messages received fromaffected node> Time interval: <Nbr of seconds> Note: The output of the automatic and operator-initiated actions is automatically added as annotations to the message and the message reflects the execution states of these actions. If a message stormis over, then a high priority message with the following properties is created by the message stormdetection mechanism. Property Value Severity Set to the severity as defined with the value "Severity of the message stormend message" Group OVO Application OVO Object OVOMsgStorm Message key <MsgKeyPrefix>:TimeCreated:end:<NodeID> Or <MsgKeyPrefix>:TimeReceived:end:<NodeID> Service name <ServiceName>@@<NodeID> Text Message stormon node <NodeName> is over, because the number of received messages is below the configured maximumnumber. Detection was based on the message property <TimeCreated | Time Received>. Node Id: <NodeID> Configured maximumnumber of messages: <RecoverCount> Number of received messages: <Nbr of messages received fromaffected node> Time interval: <Nbr of seconds> Note: The output of the automatic and operator-initiated actions is automatically added as annotations to the message and the message reflects the execution states of these actions. Detecting the end of message storms The detection of both the start and the end of message storms is based on analyzing the message flow. However, if your administrator configured automatic actions to stop the agents on the affected nodes, then agents will not send messages until they are restarted, so message flow is stopped. In order to detect the end of message storms when the message flow is stopped, the message stormdetection mechanismmaintains a list of managed nodes for which a message stormhas been detected. This list is checked every five minutes to see whether new messages have arrived HP Operations Manager (9.00) Page 314 of 1297 Online Help fromthe nodes. If no messages have arrived in the last five minutes and the configured time interval for message stormrecovery has passed, then a high priority message is generated to indicate that the message stormis over. Related Topics: l Detect and suppress message storms l Configure message stormdetection l Variables used in message stormdetection l High priority messages and actions HP Operations Manager (9.00) Page 315 of 1297 Online Help Message delays A message delay is the phenomenon that occurs when new, incoming messages that arrive on the management server are propagated with a significant time delay to different internal consumers (for example, WMI, console, status engine). The biggest contributor to message delays is the OvEpMessageFilter component of the OvEpMessageActionServer service. The OvEpMessageFilter component validates whether messages originate fromauthorized managed nodes. All messages must pass this validation before they can be routed to consumers. OvEpMessageFilter uses the OvEpNodeCache component which is responsible for determining valid managed nodes. Message validation is fast for all messages that include an AgentId and where the sending node is set up as an HPOMmanaged node. In all other cases the validation must pass a multiple level name resolution process which can cause significant delays. Possible root causes for message delays are: l Messages from deleted nodes Messages are sent fromnodes that have been deleted on the management server but the agents have not been uninstalled and are still sending messages. l Messages from agentless nodes A proxy node gathers information (for example, SNMP traps) fromagentless nodes and forwards this information as HPOMmessages to the management server. The validation of messages fromproxy nodes may also take considerable time as these messages do not contain an AgentId. In the worst case, delivery of new messages stops completely and the message pipeline hangs. Related Topics: l Detect nodes that cause a message delay l Configure message delay detection Detect nodes that cause a message delay To detect nodes that contribute to message delays, you can measure the time it takes to resolve node names and the time it takes to route a message fromthe message queue to all consumers. l Measure the time for node name resolution (OvNameResMsgFilter) To measure the node name resolution, you define a threshold value (in milliseconds) that the node name resolution is allowed to take. If the measured value exceeds the threshold value, the logging mechanismstores the resolution information (node name, IP address, time to resolve, and so on) in a user-configurable log file. Recommended threshold values range from50 to 200 milliseconds. l Measure the time for message routing (OvMessageFlow) To measure the time for message routing, you define a threshold value (in milliseconds) it can take to route a message to all consumers. (This includes the time used for the node name resolution.) If the measured value exceeds the threshold value, the logging mechanismstores HP Operations Manager (9.00) Page 316 of 1297 Online Help the routing information (node name, IP address, proxy information, message ID, first 40 characters of the message, discard information, time to validate the sending node, and so on) in a user-configurable log file. Recommended threshold values range from200 to 1000 milliseconds. Note: Enabling message delay detection does not affect the behavior of node resolution or message routing. It only generates log information when thresholds are exceeded. Log information for node name resolution The following lines show an extract of a log file for measuring node name resolution (OvNameResMsgFilter): Measure: OvNameResMsgFilter Component: OvEpMessageFilter Time Started: 2007-05-19 14:20:18.413 Node Name: node_x Resolved: no Time Finished: 2007-05-19 14:20:25.319 Elapsed time: 6906 State: Finished with threshold exceeded *-*-*-*-*-*-*-*-*-* Measure: OvNameResMsgFilter Component: OvEpMessageFilter Time Started: 2007-05-19 17:33:18.406 Agent Id: 25da9f90-fe5c-71d7-0422-0f887c4c0000 Node Name: node_y Ip Addr: 15.136.124.76 Resolved: yes Time Finished: 2007-05-19 17:33:18.609 Elapsed time: 203 State: Finished with threshold exceeded *-*-*-*-*-*-*-*-*-* The first log entry shows that node "node_x" could not be resolved. The elapsed time for this measure interval was 6906 milliseconds. The message did not contain an AgentId or IP address, but a node name only and the node does not exist as managed node. The second log entry shows that node "node_y" with ip 15.136.124.76 could be resolved as a managed node but the resolution time exceeded the configured threshold value. Log information for message routing The following lines show an extract of a log file for measuring message routing (OvMessageFlow): Measure: OvMessageFlow Component: OvEpMessageFilter Time Started: 2007-05-19 11:07:25.155 Node Name: node_y Ip Addr: 15.136.124.76 Time Created: May 19 11:07:25 Time Received: May 19 11:07:25 OvEpMessage: Id="f1da7a30-a973-71d8-1afb-0f887c4c0000", Text="This is HP Operations Manager (9.00) Page 317 of 1297 Online Help a good message..." Proxied: no NodeResTime: 0 Discarded: no Time Finished: 2007-05-19 11:07:25.217 Elapsed time: 63 State: Finished with threshold exceeded *-*-*-*-*-*-*-*-*-* Measure: OvMessageFlow Component: OvEpMessageFilter Time Started: 2007-05-19 11:16:32.337 Node Name: node_x Time Created: May 19 11:16:25 Time Received: May 19 11:16:32 OvEpMessage: Id="37ffd310-a975-71d8-1afb-0f887c4c0000", Text="Wrong node ..." Proxied: yes NodeResTime: 6938 Discarded: yes Time Finished: 2007-05-19 11:16:39.274 Elapsed time: 6938 State: Finished with threshold exceeded *-*-*-*-*-*-*-*-*-* The first log entry shows that a message has been routed to all consumers in 63 milliseconds, but it exceeded the configured threshold. The time for the node resolution (field NodeResTime) was below 1 millisecond. (The name resolution worked well.) The message came froma managed node and was not discarded. The second log entry shows that a message was discarded because it was proxied and the node name of the originating node was not known on the management server. The resolution time for the node was 6938 milliseconds and this exceeded the threshold. Note: The logging mechanismalways logs discarded messages, whether they exceed the threshold or not. Related Topics: l Configure message delay detection Configure message delay detection Message delay detection is disabled by default. By setting appropriate values in the Server Configuration dialog box, you can configure the message delay detection mechanismaccording to the individual needs of your managed environment. You can configure how to detect message delays by setting configuration values in the following namepaces: l Message Delay Detection Measuring Node Name Resolution l Message Delay Detection Measuring Complete Message Routing The following table shows the values, which are the same in both namespaces used by the message delay detection mechanism. These values have to be defined separately for each of the two available mechanisms. The assigned configuration values however can differ between two mechanisms. HP Operations Manager (9.00) Page 318 of 1297 Online Help Value Name Possible Values Default Value Description Enable message delay detection measuring node name resolution Enable message delay detection measuring the complete message routing True, False False This value enables or disables message delay detection based on the time it takes to resolve a node name or the time it takes to route a message through the HPOMmessage flow. Set it to True to enable, set to False to disable. Log file name String C:\Program Files\HP\HP BTO Software\ Support\ MeasureLog.txt The fully qualified name of the log file. If the file does not exist, it will be created automatically. The directory where the file will be stored must already exist. All new entries are appended at the end of the file. (Make sure sufficient disk space is available.) You can use the same log file for measuring both node name resolution and message routing. Measuring type NORMAL, CRITICAL NORMAL A NORMAL measure waits until the measure interval has finished, then compares the elapsed time with the threshold and generates log information if the threshold has been exceeded. Only one single log entry is created per measure interval. This is the recommended measure type. A CRITICAL measure immediately generates log information as soon as the threshold value has been exceeded and does not wait until the end of the measure interval. It generates two log entries: the first one when the threshold has been exceeded and a second one when the measure interval has finished. If the second log entry is missing, then this indicates a hang during the measure interval. However the first entry contains sufficient information for finding out which message caused the hang. CRITICAL measures should only be used for tracking down hangs while routing messages and the threshold value should be set to a high value (more than 60000 milliseconds). HP Operations Manager (9.00) Page 319 of 1297 Online Help Threshold value (in milliseconds) Integer Node name resolution: 100 Message routing: 500 The threshold value in milliseconds. If the threshold is exceeded then appropriate log records will be written to the log output file. Recommended values: Node name resolution: 50 to 200 milliseconds Message routing: 200 to 1000 milliseconds Related Topics: l Detect nodes that cause a message delay l Change server configuration values HP Operations Manager (9.00) Page 320 of 1297 Online Help HPOM self management HPOMself management monitors the availability and performance HPOMitself. HPOMself management can automatically: l discover HPOM's own agents and servers and model themin a service hierarchy. l update the discovered service hierarchy. l deploy policies that monitor the discovered agents and servers. Related Topics: l "Synchronizing self management" (on page 321) l "Self-management policies" (on page 323) Synchronizing self management HPOMself management discovers management serversand agents on managed nodesand automatically deploys policies that monitor their availability and performance. Self management automatically constructs a service hierarchythat models your servers and agents. This first takes place during installation, and you can easily update the service hierarchy by synchronizing it. During synchronization, self management discovers any new agents or servers and adds themto the service hierarchy. It automatically deploys policies to monitor the new services. If any agents or servers are no longer available, they are removed fromthe service hierarchy, and the policies are automatically removed. You can: l "Schedule synchronization" (on page 321) l "Start synchronization manually" (on page 322) l "Disable self-management functions " (on page 322) Schedule synchronization To schedule regular synchronization for HPOMself management: 1. In the console tree, open Policy management Policies grouped by type Agent policies Scheduled Task. 2. In the details pane, right-click VP_SM-Server_SynchAgentServices, and then click All Tasks Edit. 3. Click the Schedule tab and specify how often you want to synchronize your service hierarchy. 4. Click Save and Close. 5. Deploy the new version of the policy to the management server. Note: By default, self-management synchronization is scheduled to start daily at 3:00am, and the policy is already deployed to the management server. Related Topics: HP Operations Manager (9.00) Page 321 of 1297 Online Help l Scheduled Task Policies l Deploy a policy or policy group Start synchronization manually To start synchronization for self management manually: 1. Click the Tools icon in the console tree. 2. Open the HPOM Self Management tool group. 3. Right-click the Synchronize Agent Services tool. 4. Select All Tasks Launch tool. 5. Type in a valid User Name and Password for the management server. 6. Click the Launch button. The Tool Status window appears and shows details of the synchronization operation. This may take some time. Related Topics: l "Synchronizing self management" (on page 321) l "Schedule synchronization" (on page 321) Disable self-management functions HPOMself management discovers management servers and agents on managed nodes and creates a service hierarchy that models them. The management server then automatically deploys policies that monitor the availability and performance of these services. Although it is not recommended, you can disable the creation of the services, and the automatic deployment of the policies. Caution: The self-management functions minimize the administrative effort required to monitor the management server and agents deployed on both the server and managed nodes. Before disabling either, or both, of these features make sure you understand how to administer the self-management manually. To disable self-management service creation 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Self Management. A list of values appears. 3. Set the value of Create Services to False. To disable automatic deployment of self-management policies 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Self Management. A list of values appears. 3. Set the value of Auto Deploy Policies to False. HP Operations Manager (9.00) Page 322 of 1297 Online Help Note: These procedures apply only to self-management service creation and policy deployment. The procedures do not disable automatic service discovery or policy deployment supplied by Smart Plug-ins (SPIs). Related Topics: l "Server self-management policies" (on page 323) l "Agent self-management policies" (on page 324) l Disable policy autodeployment Self-management policies HPOMprovides self-management policies that monitor the availability and performance of the management serverand agents on managed nodes. By default, these policies are automatically deployed as follows: l Agent policies The policies in the group HPOM Self Management Agent are auto-deployed to a node if the Operations Agent package is installed. l Server policies The policies in the group HPOM Self Management Server are auto-deployed to HPOM management servers. l Database server policies The policies in the group HPOM Self Management Database Server are auto-deployed to the HPOMmanagement servers if a local database is used. Note: If necessary, you can disable self-management functions. Related Topics: l "Server self-management policies" (on page 323) l "Agent self-management policies" (on page 324) l "Database server self-management policies" (on page 324) Server self-management policies HPOMincludes a number of self-management policies that monitor the management server. These policies monitor processes that need to be running on the management server, and make sure you that know about any problems. l VP_SM_OVOWServices The service/process monitors check approximately every five minutes whether the necessary services and process are still running on the management server. If not, a message is sent to the active message browser. The operator can restart the service using an operator-initiated command. When the service is running again, the message is acknowledged. The following services are monitored by the VP_SM_OVOWServices policy: HP Operations Manager (9.00) Page 323 of 1297 Online Help n OvAutoDiscovery Server n OvDnsDscr n OvEpMessageActionServer n OvEpStatusEngine n OvMsmAccessManager n OvPmad n OvSecurityServer n OvOWReqCheckSrv n Windows Management Instrumentation l OvSvcDiscServerLog Checks the log file of the service discovery server for errors. l VP_SM-Server_EventLogEntries Checks the Application Event Log for errors. l VP_SM-Server_SyncAgentServices Synchronizes the agent services according to the specified schedule. l VP_SM-WMI-Restart Tries to stop and restart OVMsmAccessManager and OVEpStatusEngine if WMI terminates unexpectedly. Agent self-management policies HPOMincludes a self-management policy that monitors the service discovery agent. The service discovery agent must be running on every node that you want to manage. This policy makes sure you know about any problems with the service discovery agent and helps you to solve them. l OvSvcDiscErrorLog The OvSvcDiscErrorLog policy checks approximately every five minutes for any entries in the error log file of the service discovery agent. If entries match the search pattern, a message is sent to the active message browser. Database server self-management policies HPOMincludes the policy VP_SM_CHK_OVODB, which monitors the size of database if a local SQL Server Express database is used. This policy checks the size of the database every five minutes. The limit of the database size is 4GB. l If the database size is greater than or equal to 90% of the 4GB limit, the policy sends a critical message to the active message browser. If the database size subsequently falls to below 90% of this limit, the policy sends a normal message to the acknowledged message browser. l If the database size is greater than or equal to 80% of the 4GB limit, the policy sends a warning HP Operations Manager (9.00) Page 324 of 1297 Online Help message to the active message browser. If the database size subsequently falls to below 80% of this limit, the policy sends a normal message to the acknowledged message browser. HPOMalso includes the policy VP_SM_DB_Backup, which starts a script that performs a backup of the HPOMmanagement server. To schedule a backup of the HPOMmanagement server, you can deploy the policy to the management server. Note: HPOMfor Windows 8.10 originally provided a version of VP_SM_DB_Backup that enabled you to back up just the HPOMdatabase. It was necessary to deploy the policy to the systemwhere the HPOMdatabase is installed. The latest version of VP_SM_DB_Backup must be deployed to the management server. If your management server uses a remote database, check the policy inventory of the corresponding node. HP recommends that you remove the older version of the VP_SM_DB_Backup policy fromthe node that hosts the remote database. If you deploy the latest version of the policy to a remote database server, the policy will fail and send a critical message. Related Topics: l "Backup and restore" (on page 257) Message queue file self-monitoring When the HPOMmanagement server receives messages, it stores themtemporarily in a message queue file before processing them. The maximumsize of this file is 2 GB. The operating system components that the management server uses do not support larger files. If the file size grows beyond 2 GB, the file becomes corrupt. The management server loses messages fromthe file, and cannot process new messages. Under normal conditions this problemdoes not occur. However, the following circumstances could lead the message queue file to grow uncontrollably: l Message storms (if message stormdetection is not enabled). l Many new messages arriving, but slow processing of the message queue due to DNS name resolution problems. l Processing of the message queue is suspended due to WMI problems. In this case new messages are still accepted. To prevent the message queue file becoming corrupt, the management server monitors the size of this file. By default, if the file size approaches 2 GB, the management server rejects new messages until the file size returns to normal. Agents start to buffer rejected messages locally, and try to resend themlater. Therefore, you do not lose the messages that the management server rejects. The management server sends a high-priority message to connected consoles when the file approaches 2 GB, and also when the file drops back to a safe size. When it sends these high- priority messages, the management server bypasses the agent and the message queue. (You cannot create high-priority messages using policies.) You can change this default behavior in the following ways: l Define whether the management server continues to accept messages after the message queue file size reaches the maximum. l Define different message queue file size thresholds. l Configure the severity, message key, application, object, message group, and message text of HP Operations Manager (9.00) Page 325 of 1297 Online Help the high-priority messages. l Configure automatic and operator-initiated commands for the high-priority messages. Configuration values for message queue file self-monitoring You can configure message queue file monitoring by changing values in the Message Queue File Monitoring namespace using the Server Configuration dialog box. The following table describes the values that you can change. Value Default Description Message queue monitoring mode 2 This value configures the action that the management server takes when the message queue file size reaches the configured maximum. Set one of the following values: l 0 - Ignore this problemand let the queue file keep growing. If the file size grows beyond 2 GB, the file becomes corrupt. l 1 - Send a high-priority message to connected consoles, but continue accepting messages. Reject messages only if the file size reaches the systemlimit of 2 GB. l 2 - Send a high-priority message to connected consoles, and reject new messages, so that agents buffer messages locally. Accept messages again only if the message queue file size drops below the configured Message queue rearm file size. Message queue maximum file size 2147473407 This value configures the maximumfile size to which the message queue file is allowed to grow before the monitor takes the action defined in Message queue monitoring mode. Set a value in bytes between 20000000 (about 19 MB) and 2147473407 (2 GB minus 10 KB). If you configure a value that is outside this range, the management server uses the default value. Message queue rearmfile size 2146435071 This value configures the file size to which the message queue file size must return after reaching the configured maximum. When the message queue file returns to a size below this threshold, the management server sends a high priority message to connected consoles. If the value of Message queue monitoring mode is 2, the management server also begins accepting messages again. Set a value in bytes that is smaller than the Message queue maximum file size. The value must also be between 256000 (about 250 KB) and 2146435071 (2 GB minus 1 MB). If you configure a value that is outside this range, the management server uses a value that is half the defined message queue maximumfile size. HP Operations Manager (9.00) Page 326 of 1297 Online Help Severity of queue monitor warning messages 32 This value configures the severity of the high-priority message that the management server sends when the message queue file size reaches the configured maximum. Set one of the following numeric values: l 2 - Normal l 4 - Warning l 8 - Minor l 16 - Major l 32 - Critical Note: The high-priority message that the management server sends when the message queue file size drops below the configured Message queue rearm file size has normal severity. You cannot configure the severity of this message. Message key prefix for queue monitor messages Empty string (no message key defined) This value configures a prefix for the message key of the high- priority messages about the message queue file size. The management server constructs the message key in the format: <UserDefinedPrefix>:QueueFileSize:MsgQueue. If you configure this value, the message that the management server sends when the message queue file size returns to below Message queue rearm file size automatically acknowledges the previous high-priority message. If you leave this value empty, the message key remains blank, which prevents automatic acknowledgement of these messages. Message application for queue monitor messages OVO This value configures the application property of the high-priority messages about the message queue file size. Message object for queue monitor messages QueueFileSize This value configures the object property of the high-priority messages about the message queue file size. Message group for queue monitor messages OVO This value configures the message group property of the high- priority messages about the message queue file size. HP Operations Manager (9.00) Page 327 of 1297 Online Help Message text for queue monitor warning messages The queue file '%1' has reached its maximum allowed size. Current file size: %2 Configured max size: %3 Required size: %4 This value configures the message text of the high-priority message that the management server sends when the message queue files size reaches the configured maximum. You can use the following variables in the message text: l %1 - Name of the message queue file l %2 - Current size of the message queue file l %3 - Configured maximumsize of the message queue file l %4 - Projected size of the message queue file if the currently received message would be added to the message queue. The projected size would exceed the configured maximum. Note: The default message text is localized. If you customize the message text, then the message will apply your customtext for all languages. Additional message text for queue monitor warning messages No further data will be written into the queue file until its size is back to normal. This configuration value applies only to configurations where the value of Message queue monitoring mode is 2. This value configures the text that is appended to the message text of the high-priority message that the management server sends when it starts rejecting new messages. Note: The default message text is localized. If you customize the message text, then the message will apply your customtext for all languages. Message text for queue monitor normal messages The size of the queue file '%1' is back to normal. Current file size: %2 This value configures the message text of the message that the management server sends when the message queue file size drops below the configured Message queue rearm file size. You can use the following variables: l %1 - Name of the message queue file l %2 - Current size of the message queue file Note: The default message text is localized. If you customize the message text, then the message will apply your customtext for all languages. Automatic action for queue monitor messages Empty string (no automatic action defined) This value specifies the name of a command file (.cmd or .bat) or script file (.vbs) to add as an automatic command to high-priority messages about the message queue file size. (This enables you, for example, to configure an automatic command that pages an operator or sends an urgent email.) The management server bypasses the agent and runs the automatic command immediately. The management server adds the results of the automatic command as an annotation to the high- priority message. When the management server runs the command file or script, it automatically adds the following parameters, which your command file or script can evaluate: HP Operations Manager (9.00) Page 328 of 1297 Online Help <ReasonOfCall> Specifies the reason why the automatic command was called. This can be one of the following values: l 0 - The message queue file size is back to normal. l 1 - The message queue file size has reached the configured maximum. l 2 - The message queue file size has reached the system limit of 2 GB. <MessageId> ID of the high-priority message. <CurrFileSize> Current size of the message queue file in bytes (before adding the new message). <ReqFileSize> Required size of the message queue file in bytes (if the new message were added). <QueueFileName> Fully qualified name of the message queue file. You can use the following command file as a template: %OvBinDir%\OvMsgQueueMonAutoActionTmpl.cmd. Operator- initiated action for queue monitor messages empty string (no operator- initiated action defined) This value specifies the name of a command file (.cmd or .bat) or script file (.vbs) to add as an operator-initiated command to high- priority messages about the message queue file size. When the operator starts this command, the management server bypasses the agent and runs the command immediately. The management server automatically appends parameters for your command file or script to evaluate. These are the same parameters that the management server appends to automatic commands (see above). You can use the following command file as a template: %OvBinDir%\OvMsgQueueMonOperatorActionTmpl.cmd Testing message queue file self-monitoring Before you use customized message queue file self-monitoring in a production environment, test whether it works as you expect. Consider the following questions: l Do you receive high-priority messages when the message queue file size reaches the configured maximumand then when the file returns to a size below the configured rearmfile size? Does the first message have the configured severity, application, object, message group, and message text? l Do the high-priority messages have the configured automatic and operator-initiated commands? Do the commands run correctly and is the output correct? l Does automatic acknowledgement work correctly? HP Operations Manager (9.00) Page 329 of 1297 Online Help l Does the management server reject incoming messages when the message queue file size reaches the configured maximum? Does the management server accept messages again when the file returns to a size below the configured rearmfile size? Normally, it is difficult to create tests that cause the message queue file size to reach the configured maximum. The permitted ranges for configuration values suit production environments, but for testing it is desirable to configure smaller values. In a test environment, you can specify values that are smaller than normally permitted for Message queue maximum file size and Message queue rearm file size by defining negative values. The management server interprets these negative values as test values and automatically converts to themto positive values without checking whether the values are permitted. Caution: Performtests in a test environment. Do not use negative values in production environments. The following example explains a test case that sends a high-priority message if the message queue file size reaches 20000 bytes. In this example, the management server continues to accept new messages. When the message queue file returns to size below 10000 bytes, the management server sends a second high-priority message. 1. Set the following values appropriately: n Severity of queue monitor warning messages n Message key prefix for queue monitor messages n Message application for queue monitor messages n Message object for queue monitor messages n Message group for queue monitor messages n Message text for queue monitor warning messages n Additional message text for queue monitor warning messages n Message text for queue monitor normal messages n Automatic action for queue monitor messages n Operator-initiated action for queue monitor messages 2. Set Message queue monitoring mode to 1. 3. Set Message queue maximum file size to -20000. 4. Set Message queue rearm file size to -10000. 5. Use opcmsg to create test messages and use Windows Explorer to check the size of the file %OvShareDir%\tmp\queues\MsgQueue. When the file size reaches 20000 bytes (which happens quickly), check that a high-priority message appears in the console for the management server node. 6. Check whether the automatic command completes successfully and that the results appear as an annotation to the high-priority message. 7. Start the operator-initiated command, and check the results. 8. Continue to send new messages until the message queue file size reaches approximately HP Operations Manager (9.00) Page 330 of 1297 Online Help 265000 bytes. The file size automatically reduces. Check that a second high-priority message appears in the console. 9. Check whether the automatic and operator-initiated commands complete successfully for the second high-priority message. 10. Check that the second high-priority message automatically acknowledges the first high-priority message. Related Topics: l "Message storms" (on page 307) l "Node name resolution in HPOM" (on page 302) l "Change server configuration values " (on page 200) WMI resource cleanup When a remote console connects to a management server, it registers with WMI on the management server for events. Each registration increases the handle count of the svchost.exe process that hosts WMI. When a remote console session ends abnormally, for example when you use Windows Task Manager to end the program, the WMI registrations and hence the handles held by svchost.exe are not released. Over time, the handle count can grow until no more consoles are able to connect because WMI has no more handles available. If the handle count exceeds 10,000, then it is common for remote consoles to experience problems connecting to the management server. The most common error message associated with such problems is: (SC1085) Unable to receive all message events from management server To prevent the handle count becoming too large, the management server periodically cleans up the handles held by svchost.exe by correctly deregistering remote console connections fromWMI. The cleanup occurs at a configurable time interval (24 hours by default). Note: WMI resource cleanup requires Microsoft hotfix KB931320 to be installed on management servers running Windows Server 2003. Configuration values for WMI resource cleanup You can configure WMI resource cleanup by changing values in the Server Monitor namespace using the Server Configuration dialog box. The following table describes the values that you can change. Value Default Description Enables automatic cleanup of WMI resources true This value enables the automatic cleanup of WMI resources that remain when a console is terminated abnormally. How often the Server Monitor cleans up WMI resources 24 This value determines how often (in hours) the resource cleanup runs. A value of 24 means that resources are cleaned up once every 24 hours. Related Topics: HP Operations Manager (9.00) Page 331 of 1297 Online Help l "Change server configuration values " (on page 200) Optimize web console performance The web console may take a long time to load messages into the message browser when the database contains many active and acknowledged messages. In addition, private message filters in combination with complex service hierarchies and large numbers of managed nodes may cause database queries to last a long time and eventually terminate with timeouts. Other message-related database operations (for example, inserting new messages or updating properties of existing messages) are blocked for the duration of these queries. To optimize the performance of message-related database queries fromthe web console, you can divide the OV_MS_Message table into partitions for active and for acknowledged messages, and create indexes on the partitioned OV_MS_Message table. You can then configure the web console to pass these indexes to SQL Server as optimization hints to accelerate message-related database queries. HPOMprovides the SQL script OV_PartitionMessageTable.sql to partition and create indexes on the OV_MS_Message table. The script performs the following tasks: l Creates two partitions in the OV_MS_Message table: one partition for all active messages and a second partition for all acknowledged and deleted messages. l Creates indexes on the OV_MS_Message table. n OV_MS_NodeNameIdx (for message queries based on nodes and node groups) n OV_MS_ServiceIdHashIdx (for message queries based on services or service groups) n OV_MS_TimeRecStateIdx (for message queries based on any node or service ID) n OV_MS_ApplicationIdx, OV_MS_GroupIdx, and OV_MS_ObjectIdx (for message queries based on message filters) Note: Depending on the number of messages and the speed of your system, the SQL script may take considerable time to complete. For example, with several million messages in the database, the script may take up to two hours. To optimize web console performance 1. Stop all management server processes: vpstat -3 -r stop If necessary, restart the SQL Server process. This process must be running; otherwise the SQL script cannot run. 2. On the database server, create two folders for the new partitions of the OV_MS_Message table. The SQL script uses the following default data folders: D:\OMW810\DBFiles\ActiveMsg E:\OMW810\DBFiles\AcknowledgedMsg 3. Open the SQL script in a text editor: %OvInstallDir%\support\DBTuning\OV_PartitionMessageTable.sql HP Operations Manager (9.00) Page 332 of 1297 Online Help 4. Replace the default data folders with the folders you created in step 2 and save the file. 5. Optional. If the database resides on a remote database server, copy the modified SQL script to the database server. 6. Run the SQL script on the SQL Server database. 7. Configure the web console: a. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. b. Click Namespaces, and then click Web Console. c. Click Expert Mode. A list of values appears. d. Change the values in the following table: Value Default Description SQL optimization hint for node queries not set This value specifies indexes for message queries based on nodes or node groups. (The user has selected specific nodes or node groups, but not the Nodes folder.) If you use the HPOMprovided SQL script to optimize the OV_MS_ Message table, use the index OV_MS_NodeNameIdx. SQL optimization hint for service queries not set This value specifies indexes for message queries based on services or service groups. (The user has selected specific service groups, but not the Services folder.) If you use the HPOMprovided SQL script to optimize the OV_MS_ Message table, use the index OV_MS_ServiceIdHashIdx. SQL optimization hint for all messages not set This value specifies indexes for message queries based on any node or service ID. (The user has selected the Nodes folder or the Services folder.) If you use the HPOMprovided SQL script to optimize the OV_MS_ Message table, use the index OV_MS_TimeRecStateIdx. SQL optimization hint for message filters not set This value specifies indexes for message queries based on message filters. If you use the HPOMprovided SQL script to optimize the OV_MS_ Message table, use the indexes OV_MS_ApplicationIdx, OV_ MS_GroupIdx, and OV_MS_ObjectIdx. SQL transaction isolation level for message queries 1 (READ COMMITTED) This value specifies that statements cannot read data that has been modified but not committed by other transactions. This prevents dirty reads. Data can be changed by other transactions between individual statements within the current transaction. This isolation level ensures that the snapshot of messages shown in the message browser is consistent at the time when the message browser is populated and at the time intervals when the message browser is automatically refreshed to show the current messages. However, to ensure data consistency during reads shared locks HP Operations Manager (9.00) Page 333 of 1297 Online Help are placed on the data rows, data pages, or the entire table. These locks are kept until the read operation has finished. Other message related transactions that update message properties, insert, or delete new messages may have to wait until the read transaction has finished. In case of large message volumes this behavior could negatively impact the concurrent transactions. In environments where the primary goal is the fast throughput for new incoming messages and fast execution of message property updates and where it does not matter whether message properties as shown in the message browser are consistent or not administrators can define the transaction isolation level READ UNCOMMITTED (0). This means that no shared locks are issued and no exclusive locks are honored. When this option is set, it is possible to read uncommitted or dirty data; values in the data can be changed and rows can appear or disappear in the data set before the end of the transaction. This transaction isolation level allows the highest transaction concurrence, insert, delete, and update operations are not blocked by read operations. However, the result of read operations might be not consistent. Related Topics: l "Change server configuration values " (on page 200) l Table OV_MS_Message Filter and modify internal messages Most of the messages that appear in the message browser originate fromthe policies that you deploy to nodes. If you need to customize the messages that you receive (for example, change the severity), you can modify the policy that the messages originate from. However, in addition to messages that originate frompolicies, you also receive internal messages. The self-management functionality on agents and management servers generates these internal messages to notify you about the status of your managed nodes: l Internal messages fromagents typically notify you about the status of agent components. l Internal messages frommanagement servers notify you about the status of agent health checks (heartbeat polling). You cannot directly modify the internal messages that agents and management servers generate. However, if you want to filter and modify internal messages, you can redirect themthrough policies. Filter and modify internal messages from agents To redirect an agent's internal messages: 1. Create an open message interface policy with at least one rule. For example, you could create a rule that matches all messages with the message group 'OpenView'. Alternatively, you could create rules to match specific message texts. The following message texts are examples of internal messages fromagents: HP Operations Manager (9.00) Page 334 of 1297 Online Help n (ctrl-45) Component 'coda' with pid 5920 exited. Restarting component. n (bbc-250) OV Communication Broker stopped. Exit code (0). 2. Optional. Configure the open message interface policy to suppress messages that are identical relative to their attributes. 3. Deploy the open message interface policy to the node. 4. On the node, set the parameter OPC_INT_MSG_FLT in the eaagt namespace to TRUE. Note: There are several different ways to set agent parameters. n Using a node info policy. (See Node Info Policies.) n In the HTTPS agent installation defaults. (See Configure HTTPS agent installation defaults.) n Using ovconfchg at a command prompt on the node. (See ovconfchg.) n Using ovconfpar at a command prompt on the management server. (See ovconfpar.) Filter and modify internal messages from management servers To redirect a management server's internal messages: 1. Modify the windows event log policy VP_SM-Server_EventLogEntries. This policy already contains the following rules, which filter agent health check messages: n forwards all health check ok messages with source HPOV-MS n forwards all agent buffering ok messages with source HPOV-MS n forwards all health check error messages with source HPOV-MS n forwards all agent buffering error messages with source HPOV-MS Alternatively, you can create a new windows event log policy of your own. The agent health checks generate different messages, depending on the ping protocol that you configure for heartbeat polling, and also the agent communication type: ICMP ping related messages (HTTPS and DCE agents) The agent health checks may generate one of the following messages when an ICMP ping fails: n (MS471) Routing packages via gateway "<gateway>" to node "<node>" (id: <id>) failed (NET_UNREACHABLE). A node is not reachable because a network route isn't accessible. This message relies on the ICMP net_unreachable package which is returned froma router. n (MS472) Routing packages via gateway "<gateway>" to node "<node>" (id: <id>) failed (HOST_UNREACHABLE). A network router detected that a node is not reachable. The systemis either not running, or the node is no longer connected to the network. This message relies on the ICMP host_unreachable package which is returned fromthat router. HP Operations Manager (9.00) Page 335 of 1297 Online Help n (MS473) Node "<node>" may be down. Failed to contact it using ping. The HP OpenView Operations Self Manager was unable to contact the managed node. This could be caused by network problems between the management server and the managed node, a high work load, or a congested network. n (MS1057) Node <node> cannot be reached. Ping command is using a bad port number. Agent ping related messages (HTTPS and DCE agents) The agent health checks may generate one of the following messages when an HTTPS or DCE agent ping fails: n (MS465) Control agent on node "<node>" is now running, but Message Agent is not running. The Self Manager detected that the control agent on the managed node is running again, but the message agent terminated unexpectedly and is still not working correctly. To re-start the agents, run 'opcagt -start' on the managed node. n (MS466) Control agent on node "<node>" is now running. The Self Manager detected that the control agent on the managed node is running again. n (MS467) Message agent on node "<node>" is not running. The Self Manager detected that the message agent on the managed node terminated unexpectedly. Check the error logfile on that node for information about the cause of the problem. To re-start the agents, run 'opcagt -start' on the managed node. n (MS468) Message agent on node "<node>" is now running. The Self Manager detected that the message agent on the managed node is running again. n (MS537) Control agent on node "<node>" is not running. The Self Manager detected that the control agent on the managed node is not running and an unexpected communication problemoccurred. Check the error logfile on that node for information about the cause of the error, and re-start the agents by running 'opcagt -start' on the managed node. n (MS851) The Message Agent on node "<node>" is buffering messages for this Management Server. Buffering for: <management server> n (MS852) The Message Agent on node "<node>" is buffering messages for another Management Server. Buffering for: <management server> n (MS853) The Message Agent on node "<node>" does not buffer anymore. n (MS860) Control agent and subagents on node "<node>" are now running. The Self Manager detected that the control agent and subagents on the managed node are running again. Agent ping related messages (HTTPS agents only) The agent health checks may generate one of the following messages when an HTTPS agent HP Operations Manager (9.00) Page 336 of 1297 Online Help ping fails: n (MS732) OV Control Daemon is not running on node "<node>". n (MS733) OV Control Daemon on node "<node>" is now running. n (MS734) Security certificate has been installed on node "<node>". n (MS735) Node "<node>" does not have a security certificate installed. n (MS736) Message Agent on node "<node>" is no longer buffering messages. n (MS737) Message Agent on node "<node>" is buffering messages for this Management Server. n (MS738) Message Agent on node "<node>" is buffering messages. n (MS739) Core ID on node "<node>" has been aligned with the value stored in the OVO database. n (MS740) The local core ID for node "<node>" is not the same as the core ID for this node stored in the OVOdatabase. Agent ping related messages (DCE agents only) The agent health checks may generate one of the following messages when an DCE agent ping fails: n (MS470) Agent on node "<node>" is using a different AgentId than configured on the management server. Possibly a different agent than intended was contacted by the heartbeat monitoring. Please check the communication related properties of this node. n (MS534) Control agent on node "<node>" is now running, but message agent and subagents are stopped. The Self Manager detected that the control agent is running again on the managed node, but all subagents were stopped. This could happen if someone ran 'opcagt -stop' on the managed node. To start the subagents, run 'opcagt -start' on the managed node. n (MS535) Could not contact RPC server of agent on "<node>". RPC server of agent not registered. Agent is probably not running. The Self Manager detected that the RPC server (part of the control agent) on the managed node is not running. This could happen if someone ran 'opcagt -stop' on the managed node. To start the subagents, run 'opcagt -start' on the managed node." n (MS536) Could not contact RPC server of agent on "<node>". RPC server of agent registered but not running. Restart agent to start RPC server. The Self Manager detected that the control agent on the managed node is not running although the RPC server is still registered. Check the error logfile on that node for information about the cause of the problem, and re-start the agent by running 'opcagt -start' on the managed node. n (MS578) Could not contact RPC server of agent on "<node>" using well-known port configured locally. Restart agent to start RPC server. The Self Manager detected that the control agent on the managed node is not running at the HP Operations Manager (9.00) Page 337 of 1297 Online Help locally configured port. Check the error logfile on that node for information about the cause of the problem, and re-start the agent by running 'opcagt -start' on the managed node. Make sure, the local port configuration matches the configuration on the managed node. n (MS579) Could not contact RPC server of agent on "<node>". Communication failure connecting RPC server of agent. n (MS867) Agent is running but access is denied on node "<node>". 2. Deploy or update the windows event log policy to the management server. 3. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. 4. Click Namespaces, and then click Agent Health Check. A list of values appears. 5. Set the value of Target for agent health problem messages to EVENTLOG. This value configures the management server to write the agent health check messages to the application event log instead of creating internal messages. 6. Click OK. Related Topics: l Forward internal messages fromagents Agent health checks Note: The agent health checks described here check the health of the HPOMagent and of all its subagents. Self management monitors the health of the agents on each managed node using the following mechanisms: l The control agent checks the health of its subagents and reports aborting agents by sending a message to the message browser. l After a configurable interval (300 seconds by default), the management server checks the agent health. The management server attempts to contact the agent with either an ICMP ping or a call to the control agent, or both. The management server reports the health of the agents either to the active message browser, or to the Windows event log. An event log policy that is deployed to the management server evaluates events in the event log and forwards themto the message browser. Message correlation acknowledges Node down messages automatically when a Node up message arrives. Some sample message generated by the server are: Node down-messages: l Could not contact RPC server of agent on radish. RPC server of agent not registered. Agent is probably not running. l Node rhubarb is maybe down. Even to contact it with ping-packages failed. l Message agent on node radish is not running. Node up-messages: HP Operations Manager (9.00) Page 338 of 1297 Online Help l Message agent on node radish is now running. l Control agent on node radish is now running. Note: The management server does not check the health of nodes that have an empty package inventory. Nodes can have an empty package inventory if, for example, you install the agent manually, or if you upload the node configuration fromanother management server. If you want the management server to start checking the health of these nodes, synchronize the package inventory. To configure advanced agent health check options 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. 2. Click Namespaces, and then click Agent Health Check. A list of values appears. 2. Change any of the values in the following table: Values Value type Unit Default value Description Health check ping protocol List l DISABLED l AGENTONLY l ICMPONLY l ENABLED ENABLED This value configures the default ping protocol. You can change the default for each node in the Node Properties dialog. l DISABLED means that the management server performs no agent health check at all. l AGENTONLY means that the server does not actively contact the node with ICMP pings, but still contacts the agent on the node. This is useful for nodes behind a firewall. l ICMPONLY means that the server does not contact the agent, but only uses ICMP pings. This is useful for managed nodes like SNMP devices that do not have an agent installed. l ENABLED means that all aspects of agent health check are used. Enable health check Boolean l True l False True Enables or disables all aspects of the health check. Time interval to check agent health Integer Number of seconds 300 The default interval at which the management server checks the health of each agent. You can change the default for each node in the Node Properties dialog. HP Operations Manager (9.00) Page 339 of 1297 Online Help Maximum number of parallel checks Integer Number of threads 100 The maximumnumber of parallel threads that are used to do the active check (server pings the node). After you have changed this value, restart the OvEpMessageActionServer service for the change to take effect. Health check retries Integer 0 to 3 retries 0 This value configures the number of health check ping retries to do immediately if an agent could not be reached. The node is considered down when all retries have been unsuccessful. Increase this value if you have an unreliable network infrastructure. Health check retry interval (in seconds) Integer Number of seconds 5 The time interval at which the management server retries to check the health of an agent after a failed attempt. Target for agent health problem messages List l SERVER l EVENTLOG l SERVER_ EVENTLOG SERVER The target for messages that indicate problems with agent health checking. l SERVER means that these messages are directly written to the active message browser on the management server, without passing any policy-based message filter. l EVENTLOGmeans that these messages are written to the application event log so that they can be picked up by a Windows Event Log policy. The VP_SM-Server_ EventLogEntries policy already contains two rules for these health messages named "forwards all health check...". These rules can be easily adapted or used as templates for your own health checking rules. l SERVER_EVENTLOGcombines SERVER and EVENTLOG. Severity of agent health problem messages List l Normal l Warning l Minor l Major l Critical Critical The severity for messages that indicate problems with agent health checking. For example, "Node xxx may be down. Failed to contact it using ping." If you configure the Target for agent health problem messages to include the event log, this value sets the event types as follows: l Normal results in information events. HP Operations Manager (9.00) Page 340 of 1297 Online Help l Warning, minor, and major result in warning events. l Critical results in error events. Health check report buffering Boolean l True l False True This value configures whether to report that an agent is buffering messages. Severity of buffering for this management server List l Normal l Warning l Minor l Major l Critical Major This value configures the severity of messages that indicate that the agent is buffering messages for this management server. Severity of buffering for other management servers List l Normal l Warning l Minor l Major l Critical Warning This value configures the severity of messages that indicate that the agent is buffering messages for a management server other than this one. Enable access denied warning for raw socket creation Boolean l True l False True This value configures whether to write a warning to the systemevent log if the management server cannot accept alive packets fromagents. (See Accepting alive packets below.) Accepting alive packets On nodes that have the DCE agent, the message agent sends an alive packet to the management server at a configurable interval. However, in HPOM8.10, the management server is no longer able to receive these alive packets by default. The management server runs under the HP-OVE-User account, which no longer has administrative rights. Without administrative rights, the management server cannot open the raw socket that it needs to receive alive packets. To continue receiving alive packets, you must add the HP-OVE-User to the local administrators group on the management server. Before you give the HP-OVE-User administrative rights, check the security requirements of your organization. If the management server can accept alive packets, it checks whether it received a packet froma node before it contacts that node by ICMP ping or call to the control agent. If the management server has received an alive packet, it does not attempt to contact the node. You can change the frequency with which each node sends alive packets. You do this by configuring the value for OPC_HBP_INTERVAL_ON_AGENT in a nodeinfo policy, which you deploy to the agent. The agent sends an alive packet at an interval equal to two-thirds of the configured value. On nodes that have the DCE agent, the default value of OPC_HBP_INTERVAL_ ON_AGENT is 280, so the agent sends an alive packet every 120 seconds. HP Operations Manager (9.00) Page 341 of 1297 Online Help If the management server cannot accept alive packets, change the default value of OPC_HBP_ INTERVAL_ON_AGENT to 0 on nodes with DCE agents. The agent stops sending alive packets, which prevents unnecessary network load. On nodes that have the HTTPS agent, the value is not set by default, so the HTTPS agent sends no alive packets by default. Changing agent health check behavior l To reduce network traffic by monitoring less frequently, increase Time interval to check agent health and OPC_HBP_INTERVAL_ON_AGENT. Time interval to check agent health should remain greater than the value for OPC_HBP_INTERVAL_ON_AGENT to ensure that the server looks for the alive packet after the node sends it. l To increase monitoring, decrease Time interval to check agent health and OPC_HBP_ INTERVAL_ON_AGENT. Time interval to check agent health should remain greater than the value for OPC_HBP_INTERVAL_ON_AGENT to ensure that the server looks for the alive packet after the node sends it. l To monitor nodes through a firewall, or if the ICMP-port cannot be used, set Health check ping protocol to AGENTONLY to switch off the check with PING-packets. The active check with RPCs will still be done. Note that this increases the network traffic because the server will check the health of the agent with an RPC call each time the Time interval to check agent health is exceeded. (RPC calls require more bandwidth than ping.) l To reduce CPU load and memory consumption, reduce the value of Maximum number of parallel checks. This might be necessary when monitoring large environments, or if the management server has limited resources. l To stop the health check entirely, set Enable health check to false. Related Topics: l Configure network properties l Node info policies l Synchronize packages HP Operations Manager (9.00) Page 342 of 1297 Online Help Forward messages to external applications HPOMfor Windows provides options to forward messages to external applications, including external trouble-ticket or notification software, using the standard interfaces of HPOM. HPOMfor Windows does not provide a dedicated trouble-ticket or notification interface as HPOM for UNIX does. However, a major part of the functionality can be implemented easily by using HPOMfor Windows and underlying platformservices, particularly the WMI infrastructure on the HPOMfor Windows management server. On the server, all HPOMfor Windows objects (nodes, services, messages, ...) are represented by WMI objects in HPOMfor Windows' own namespace: \Root\HewlettPackard\OpenView\data> You can use regular HPOMfor Windows WMI policies to monitor these objects so that any new message that arrives on the management server can trigger an automatic action that forwards the message to an external application in the following sequence: l The WMI policy catches events triggered by the creation of an instance of the class OV_ Message on the HP Operations management server. l Then the new message can be forwarded to any other party using a script or programbound to the policy rule as an automatic command, as shown in the illustration. The script itself can performwhatever operations are necessary. In this example, the operation would be to either submit a trouble-ticket or trigger a notification system. The WMI policy can contain as many rules as required, and therefore can match arbitrary messages. The executed export script may be different for each rule. WMI and HPOM for Windows WMI, as Microsoft's implementation of WBEM, is used heavily as infrastructure on the HP Operations management server. In addition to the basic CIMobjects provided by the operating HP Operations Manager (9.00) Page 343 of 1297 Online Help system, many HPOMfor Windows data objects are represented as WMI objects that can be accessed using WMI policies, scripts, or programs. However, these classes are considered internal to HP. They may be modified by HP in subsequent releases and they should be strictly read-only. HP does not provide any detailed documentation about these classes other than what is available in the HPOMfor Windows online help. The WMI class and instance browsers which are integrated into the HPOMfor Windows WMI policy editor can be used to browse through the WMI classes and instances. You can also use the Microsoft tool, wbemtest, to explore WMI classes. Related topics: Detailed information: l Use WMI policies to intercept incoming messages l Use automatic actions to forward messages Examples: l Send messages through email l Example policies and scripts Advanced topics: l Forward message changes Use WMI policies to intercept incoming messages Whether a message is passed to some notification interface, a trouble-ticket system, or any other location, the configuration within HPOMfor Windows is always the same. You will configure a WMI policy and its rules for forwarding messages to notification systems such as email and eternal help desk systems when an instance of the class OV_message has been created on the HPOM management server. To configure the WMI policy 1. In the console tree, select Policy Management Policies grouped by type Windows Management Interface. 2. Right-click to open the context menu. Select New Policy to open the WMI policy editor. 3. In the WMI Namespace box, type the namespace name: ROOT\HewlettPackard\OpenView\Data 4. Set the Object type to Instance. 5. In the Instance class name box, type OV_Message. 6. In the Type of query field, select Query the intrinsic event for these instances. 7. For all other fields, keep the defaults. After specifying these general settings, configure the rules that define which messages should be forwarded: HP Operations Manager (9.00) Page 344 of 1297 Online Help Note: Forwarding all incoming messages will increase the load on the management server and might affect the overall systemperformance. To configure WMI policy rules for message forwarding Follow these steps to specify which messages you want to forward. You can identify these by specifying one or more message attributes. The following example shows conditions which check to see if a message has a severity of 32 (critical) and if the message text starts with 'EXSPI'. The last condition is used to prevent loops. 1. In the WMI policy editor, select the Rules tab. Click Newto open the New rule dialog box. 2. Use the Condition tab of the Rule dialog box to specify arbitrary conditions to determine which messages should be forwarded. 3. To create a new rule condition, click Add to open the New condition dialog box. HP Operations Manager (9.00) Page 345 of 1297 Online Help 4. Fromthe Property name list, select the name of the property to be used to filter messages for forwarding. For example, select Severity fromthe list. 5. Select fromthe Operator list. For example, select ==equal. 6. In the Specific value to compare box, enter the number 32, which represents the severity level "Critical". The other severity levels are represented by the following number equivalents: Major=16 Minor=8 Warning=4 Normal=2 Unknown=1 7. Click OK to return to the New rule dialog box, where the condition you just created appears in the list. 8. Click OK again to return to the Rule tab, where your newly created rule is summarized. 9. Configure the automatic command using the instructions in Use automatic actions to forward messages. 10. To prevent loops, see How to prevent loops for details. 11. After you have created the WMI policy, deploy it to the HP Operations management server (It will not work on any other system). 12. Send a critical test message (or any other test message which matches the rule configured earlier). The message should show up in the HPOMconsole as usual and the forwarding command should launch. If something went wrong, an additional error message should appear in the HPOMconsole. This message would be generated by the WMI policy if the automatic command failed. If no error message appears, check to see if the message was forwarded correctly to the external application. Related Topics: HP Operations Manager (9.00) Page 346 of 1297 Online Help l Forward messages to external applications l Use automatic actions to forward messages Use automatic actions to forward messages You can forward messages using an automatic command. This command will differ, depending on the external application to which you want to forward the message: l To forward a message to an email system, use the FwdMsgAsEMail.vbs VBScript. l To forward a message to your own application, this application must offer a command line interface or scripting interface to feed in HP Operations message data. With the automatic command, you can execute this interface and pass in any message attribute that you want. l To forward messages to a trouble ticket systemor notification system, see Example policies and scripts. To configure an automatic action 1. Configure the message as described in the topic Use WMI policies to intercept incoming messages. Use a message text like "Could not forward message to ..." and set a property to prevent loops. See How to prevent loops for details. This message is primarily for troubleshooting purposes. If the forwarding succeeds, then no additional message will be generated. 2. Configure a VB script. It gets the message ID as a parameter: cscript.exe "%OvBinDir%\MyForwardingScript.vbs" "<$WBEM:TargetInstance.Id>" The following example shows the call of an executable that receives additional attributes of the message as parameters: "C:\Program Files\Test\Forward.exe" "<$WBEM:TargetInstance.Id>" "<$WBEM:TargetInstance.Text>" "<$WBEM:TargetInstance.Object>" 3. Configure the automatic action: a. Fromthe WMI policy editor, select the Rules tab. b. Select Newto open the New Rule dialog box. c. Select the Actions tab. HP Operations Manager (9.00) Page 347 of 1297 Online Help d. Click Automatic command to open the Automatic Command dialog box. e. Click Wait until local command completes and then and send the message only if the local command fails. This ensures that the error message you configured above is only generated when the forwarding command fails. HP Operations Manager (9.00) Page 348 of 1297 Online Help f. Optional. Select Acknowledge the message when command is successful. If the forwarding fails due to a network problemor other external cause, you will receive a corresponding error message. After the external problemis solved, you can restart the automatic command, initiating the forwarding again. If it then succeeds, it will automatically acknowledge the error message in your message browser. Related Topics: l Example policies and scripts l Send messages through email Example policies and scripts Several example policies and scripts are available on the HPOMfor Windows management server. These can be used as templates for your own forwarding policies and scripts. Example policies can be found in the Samples policy group. HP Operations Manager (9.00) Page 349 of 1297 Online Help Example Policy: Forwarding to a trouble ticket system Policy Details opcmsgTTNS Example opcmsg policy to submit messages tagged with the Forward- to-TT or Notification flag. This can be used to generate messages to be caught with the SubmitTTByFlag or SubmitNSByFlag policies, shown below. SubmitTTByFlag WMI policy that forward messages tagged as DoNotification to the script SubmitNS.vbs. With the policy opcmsgTTNS, use: opcmsga=TT o=oo msg_t=hallo or opcmsg a=TT-ack o=oo msg_t=hallo, which automatically acknowledges the message after successful submission. SubmitTTByRule WMI policy that forwards messages which have the message group TT- Rule to the script SubmitTTvbs. With the policy opcmsgTTNS use: opcmsg a=aa o=oo msg_t=hallo msg_g=TT-Rule UpdateTT WMI policy listening for generic message change events. Calls the scriptUpdateTTvbs. UpdateTTStateChange WMI policy listening for message state change events (triggered by own, acknowledge,...). Calls the script UpdateTTvbs with options -s and the new state. Example policy: Forwarding to a notification system Policy Details SubmitNSByFlag WMI policy that forwards messages tagged as DoNotification to the script SubmitNS.vbs. With the policy opcmsgTTNS use: opcmsg a=NS o=oo msg_t hallo SumitNSByRule WMI policy that forwards messages to the script SubmitNS.vbs which have the message group NS-Rule. With the policy opcmsgTTNS use: opcmsg a=NS o=oo msg_t hallo msg_g=NS-Rule Example Policy: Forward messages using Email See the help topic Sending messages through email for details. Example Scripts Example scripts can be found in this location: %OvInstallDir%\examples\OvOW\MessageForwarding HP Operations Manager (9.00) Page 350 of 1297 Online Help Example Script: Forwarding to a trouble ticket system Script Details OvOWSubmitTT.vbs Submits the message to C:\temp\test.out as a simulation. OvOWUpdateTT.vbs Logs message updates in C:\temp\test.out as a simulation. Example Script: Forwarding to a notification system Script Details OvOWSubmitNS.vbs Collects the 14 notification parameters as HPOMfor UNIX does and adds an entry in C:\temp\test.out as a simulation. Example Script: Forward messages to Remedy ARS Script Details OvOWSubmitARS.vbs Submits the message to Remedy ARS. OvOWSubmitAR.arq. Macro necessary for Remedy ARS submission. Example Script: Forward messages using Email See the help topic Send messages through email for details. Related Topics: l Example: Forward messages to Remedy ARS Send messages through email This method for sending messages through email relies on the WMI instance class OV_Message that HP Operations Manager for Windows creates whenever a message is received by the management server. A WMI policy monitors the namespace for these instances. When an instance is created that matches criteria that you specify in the policy, an automatic command runs an executable which extracts the message information fromWMI, formats it according to your specifications, and then sends it to an email address that you specify in the policy. Note: If message counters are enabled, only one message (the original) is sent by email. The duplicates to the original message are not sent by email. When the original message is acknowledged and a duplicate to the acknowledged message arrives, a new email will be created. To receive messages through email 1. Modify the automatic command a. Start the HP Operations Manager for Windows Management Console. b. Locate the policy Samples/Send Email/FwdMsgAsEMail HP Operations Manager (9.00) Page 351 of 1297 Online Help c. Double-click the policy to open it. d. Click the Rules tab and use the Automatic Command link to access the following command: cscript.exe "%OvBinDir%\FwdMsgAsEMail.vbs" -MsgId <$WBEM:TargetInstance.Id> -to "Recipient@RecipientDomain.com" - from "Sender@SenderDomain.com" -mailsrv "fqdn of SMTP server" - name "HP Operations Manager" Performthe following changes: i. Replace Recipient@RecipientDomain.com with the email address you want to send the email to (for example Joe@mailserver.de). The email client contacts the RecipientDomain server by way of SMTP. ii. Replace Sender@SenderDomain with the email address you want to use to send the email from. iii. Replace "fqdn of SMTP server" with the fully qualified domain name of the SMTP server you want to use to send the emails. 2. Indicate which messages should be sent. You must now modify the rule with conditions that match specific properties of the instance class OV_Message. For example, to forward every message with severity Critical, add a rule that looks like this: Property of: TargetInstance Property name: Severity Operator: == equal Select value or property: value Specific value to compare: 32 If you want to match more than one type of message, copy the rule and modify the conditions. You can also modify the email recipient if different messages should be mailed to different email addresses. Caution: The policy sends a message to the message browser to verify that email was sent. It is important that the match criteria that you define for each rule does not also match this verification message. If it does, then a loop condition will occur. 3. Save the policy and deploy to the management server. FwdMsgAsEMail.vbs This script retrieves important information message and node properties fromWMI and calls OvEpMail.exe with the corresponding parameters to send an email. Usage FwdMsgAsEMail.vbs -from <Sender@SenderDomain.com name> -name <display name> -to <Recipient@RecipientDomain.com> HP Operations Manager (9.00) Page 352 of 1297 Online Help -mailsrv <fqdn of SMTP server> -MsgId <Message ID> -subject <subject text> (optional) -from <Sender@SenderDomain.com> is the senders email address -name <display name> is the name that will be displayed as originator -to <Recipient@RecipientDomain.com> is the recipients email address - mailsrv <fgdn of SMTP server> is the fully qualified domain name (for example, mail.mydomain.com) of the SMTP server to be used for sending the email address. -MsgId <Message ID> is an ID that identifies the message. It is usually passed through the HP Operations Manager for Windows variable <$WBEM:TargetInstance.Id> It is used to retrieve the message data fromWMI. - subject <subject text> specifies the text within the subject field of the email. The script FwdMsgAsHtmlEMail is also available. Both scripts share the same parameters, but produce somewhat different output: l FwdMsgAsEMail.vbs takes the message text and passes it to OvEpMail with the option - format convert. This produces an email consisting of the preformatted message text. l FwdMsgAsHtmlEMail takes more properties of the message fromWMI and passes themto OvEpMail with the -format HTML. This creates a formatted HTML page. OvEpMail.exe OvEpMail.exe is a command line mail client. Usage OvEpMail.exe -to <Recipient@RecipientDomain.com>[;<Recipient2@Recipient@Domain.xxx;<...> -from <Sender@SenderDomain.com name> [-name <display name>] -mailsrv <fqdn of SMTP server> -format <plain|HTML|convert> -body <body text> -subject <subject text>] (optional) -to <Recipient@RecipientDomain.xxx>[;<Recipient2@Recipient2Domain.xxx> ; <...>] is one or more recipient(s) email address. (Entering more than one email address separated by ";" is optional.) -from <Sender@SenderDomain.com> is the sender's email address HP Operations Manager (9.00) Page 353 of 1297 Online Help - mailsrv <fqdn of SMTP server> is the fully qualified domain name (such as "mail.mydomain.com") of the SMTP server to be used for sending the emails. -name <display name> is the name that will be displayed as originator. -format The format parameter takes the three values plain, HTML or convert: plain: The body text of the email is a text that consists of ASCII characters.It will be sent as an email in text format. HTML: The body text is an entire HTML page. Every character is an ASCII character.This page will be sent as an email in HTML format. convert: With this option the body text may contain any character.The text will be sent as a preformatted HTML email.That means, there will be a replacement of non ASCII characters and HTML special characters. They will be replaced in the HTML style, with &#<integer value of the character>.This option enables you to send many kinds of texts, for example, HTML listings, texts including Chinese characters, and so on. -body <body text> is the message you want to send. - subject <subject text> specifies the text within the subject field of the email. Forward messages to Remedy ARS Remedy ARS provides a program(runmacro.exe) that can be used to externally create a trouble ticket or operate on an existing trouble ticket. This programcan be called by a trouble ticket submission script such as the examples shown below: Example 1: ExecPath="runmacro.exe -eSubmit AR -hg:\ProgramFiles\remedy" &_ " -p Node=' " & ' " -p MsgId=" &" -p Text=' &Text Example 2: WscriptEchoExecPath Set WshShell=WScriptCreateObject("WScript.Shell") RunError=Wsh.ShellRun(ExecPath,1, TRUE) Additionally, an ARS macro is required. In this example, it is SubmitAR, located in the macro default directory c:\Program Files\remedy\arcmds, that actually does the job (runmacro only triggers the macro). We pass the message attributes as macro parameters (marked by the -p options). The macro itself may look like the example shown below (but this depends on the ARS form structure and how the trouble ticket entries are structured). SubmitAR Set-schema:DemoHelpDesk localhost Submit: DemoHelp Desk_carrot|8=$MsgId$_100000000=$Text$_ 100000001=Demo_100000005_10000001 4=Software_100000038=Demo_100000039=Other_2=$-1$_7=0_ 100000006=0_100000013=0_ end HP Operations Manager (9.00) Page 354 of 1297 Online Help The AR will be submitted into the formDemoHelpDesk, and the parameters Text and MsgId will be used as initial values for the Short Description and Details fields. Note: You cannot simply copy this text into a text file; it contains some internal structure with control characters. You must use the Remedy ARS User tool to create this macro yourself or use the file SubmitAR.arq in the directory %OvInstallDir%\examples\OvOW\MessageForwarding. See the Remedy documentation for more details on how to use runmacro and how to create ARS macros. Related Topics: l Example policies and scripts Forward messages as in HPOM for UNIX Both notification and trouble-ticket systems can be integrated into HPOMfor UNIX by providing a script or command and registering it with HPOMfor Windows. The script is called with a set of 14 standard parameters (the main message attributes plus some additional context information). See the HPOMfor UNIX documentation for details. An example script, SubmitNS.vbs has been provided which collects the 14 parameters as in HPOMfor UNIX and then logs these parameters to C:\temp\test.out as simulation. You might find this useful if you want to reuse a script you have already used with HPOMfor UNIX. The following restrictions apply: l The information about 'responsible users' is not available with HPOMfor Windows. l Do not use MS Windows batch files for this purpose. They can handle at most 10 arguments. l It is not possible to execute programs froma VB script with an overall command line length of more than about 2048 characters. Therefore, if necessary, the text has to be truncated. Related Topics: l Example policies and scripts Forward message changes HPOMfor Windows enables you to modify a message in various ways: l Add and modify annotations l Change severity and message text l Own, disown, acknowledge, and unacknowledge messages All these modifications can be forwarded to the trouble-ticket systemthat has received the original copy of the message. On the HPOMfor Windows side this is fairly simple; the HP Operations server generates change events which can be caught by another WMI policy. Then, these change events must be associated with the created trouble ticket which must meet the following requirements: l The trouble-ticket must contain the HP Operations Message ID as attribute l There must be an external mapping mechanismwhich finds the TT ID for an HP Operations Message ID HP Operations Manager (9.00) Page 355 of 1297 Online Help Because this has to be done in the interface script/programattached to the WMI export policy (outside of HPOMfor Windows) and also depends on the trouble-ticket software itself, it will not be discussed here. See Example policies and scripts for an example of such a message modification policy (UpdateTT policy) and the example script, UpdateTT.vbs. The UpdateTT policy takes advantage of WMI events generated by the HP Operations server whenever a message is modified. To register for change events, use either the generic class OV_ Message_ChangeEvent (to register for any change events) or the derived event classes (which represent specific change events): l OV_Message_SeverityChangeEvent l OV_Message_TextChangeEvent l OV_Message_NumberOfAnnotationsChangeEvent l OV_Message_StateChangeEvent l OV_MessageAction_StateChangeEvent Either the generic or derived classes can be used to listen for message modifications. You must create a separate WMI policy for each change event class, because WMI policies cannot be bound to multiple objects or events in parallel. As in the initial submission policy, there must be a script called as an automatic command. The script must verify itself whether the change event applies to a message which has been submitted to a trouble-ticket systemin the first place. There is no way to specify policy rules filtering for certain message attributes (like the TT-Flag or application, object, ...). Related Topics: l Example policies and scripts How to prevent loops Message forwarding might fail under certain conditions and the operators should be informed about such an error. However, the systemmust not attempt to forward this exact error message that tells the operator that forwarding has failed, because forwarding it will most probably fail again, creating an endless loop which floods the message browser with error messages. To prevent such a loop, set a certain message property to a unique value. For example, set the Type or Application property of the Could not forward message... message that you are creating in the WMI policy to something like Forwarder or ThisPreventsLoops or any other unique value. HP Operations Manager (9.00) Page 356 of 1297 Online Help Next, create a corresponding condition so that messages with such a value are NOT forwarded, as shown in the following example: HP Operations Manager (9.00) Page 357 of 1297 Online Help Related Topics: l Forward messages to external applications l Use WMI policies to intercept incoming messages l Use automatic actions to forward messages Firewall concepts and configuration This document describes how to set up and configure HPOMin a firewall environment. It describes what steps need to be done on the management server, the console and the managed nodes, and on the firewall to allow communication with other HPOMcomponents outside of the firewall. Other HPSoftware products like HPReporter and HPPerformance Manager are covered if they communicate with HPOMcomponents. This document is not based on specific firewall software. All configurations should be easy to adapt to any firewall software. Knowledge of HPOMand firewall administration is required to understand this document. This document discusses the following topics: l Communication overview HP Operations Manager (9.00) Page 358 of 1297 Online Help This section gives an overview of the communication types and channels used within an HPOM environment. It also explains how Network Address Translation (NAT) may influence the configuration. See "Communication Concepts" (on page 366). l Configuring server to agent communication This section explains how the management server communicates with agents and what must be configured to allow a firewall between the server and the agents. See "Configuring Server to Agent Communication" (on page 386). l Configuring server to console communication This section describes the configuration steps that must be performed if you have a firewall between the management server and the console. See "Configuring Server to Console Communication" (on page 434). l Configuring server to server communication This section explains how management servers communicate with each other and what happens if you have a firewall between two or more servers. See "Configuring Server to Server Communication" (on page 441). l Configuring integrated applications This section lists other HP Software applications that may be integrated with HPOM. See "Configuring Integrated Applications" (on page 445). l Port usage This section lists HPOMprocesses and how they use ports. This information may be useful if you want to configure individual systems using personal firewall products, which allow you to filter communication based on process names. See "Port Usage" (on page 451). l Configuration parameters This section lists parameters that are relevant for configuring HPOMin a firewall environment. See "Configuration Parameters" (on page 456). l Troubleshooting This section contains useful information that helps you identify and solve problems that may occur in a firewall environment. See "Troubleshooting" (on page 470). Naming Conventions The following names will be used in the firewall filter rules: Name Description CONSOLE HPOMuser interface (Microsoft Management Console based). DCE NODE HPOMmanaged node where a UNIX DCE agent is available. HTTPS NODE HPOMmanaged node where an HTTPS agent is available. MGMT SRV HPOMmanagement server (HPOMserver). NODE HPOMmanaged node of any node type. Naming Conventions Used in Filter Rules HP Operations Manager (9.00) Page 359 of 1297 Online Help Name Description Perf Mgr HP Performance Manager. Reporter HP Reporter. PROXY Systemthat serves as HTTP proxy. UX NODE HPOMmanaged node running any kind of UNIX operating system. WIN NODE HPOMmanaged node running the Microsoft Windows operating system. Location of Commonly Used Files How you configure individual HPOMcomponents for firewall environments depends on the communication type these components use: l HTTPS communication HTTPS communication parameters are set using the following methods: n HTTPS agent installation defaults Configure values in the HTTPS agent installation defaults. This is recommended if you need to configure settings for large numbers of nodes. You must plan and configure the installation defaults before you create or migrate your nodes. n ovconfchg and ovconfpar command-line tools Use the ovconfchgand ovconfpar tools at command prompt. l DCE communication DCE communication parameters must be entered in the nodeinfo or opcinfo files. See "nodeinfo and opcinfo File on DCE Nodes" (on page 360) for more information. l HTTP communication HTTP communication parameters must be entered in the nodeinfoor default.txt files. Use the nodeinfofile if an HP Operations agent is installed on the system, and the default.txt file, if no agent is present. See "nodeinfo and opcinfo File on DCE Nodes" (on page 360) and "default.txt File" (on page 361) for more information. nodeinfo and opcinfo File on DCE Nodes The node info policy type provides a way to modify configuration information on a managed node. It is primarily a tool for configuring the agent and a troubleshooting tool to be used when working with an HP consultant. A node info policy writes values in the nodeinfo file. This file is created automatically when HPOMinstalls an agent on a node. Deploying a node info policy to a node will cause the values in the node info policy to be written to the end of the nodeinfo file. Removing the policy deletes the values. If values are defined twice in this file, the value that is defined last (fromtop to bottom) is the value that is used. HP Operations Manager (9.00) Page 360 of 1297 Online Help If you want to set some of these values and want to ensure that they are never changed by a node info policy, you can write most of themin the opcinfo file, as well. (The only exceptions are parameters that set values relating to HTTP communication. These values may only be set in the nodeinfo file.) Information in the opcinfo file takes precedence over the nodeinfo file. Each parameter, regardless if specified in a node info policy, the nodeinfo or opcinfo file, consists of a name and a string value. The string value may not contain new line characters. Example: OPC_MGMT_SERVER endive.veg.com The name starts at the beginning of the line and ends at the first white space (space or tab). The value starts after the white spaces and ends at the end of the line. Parameter can be disabled by inserting a number sign (#) at begin of the name. Many firewall related settings have to be made using nodeinfo parameters. Theoretically this could be done using a node info policy, but practically this is most of the times not possible because the node info policy itself can only be deployed to a node if the settings are already active on the managed node. Therefore you should enter the parameters in the nodeinfo file directly. Alternatively, you can also enter themin the opcinfo file (except for HTTP communication parameters). Platform Location of the nodeinfo File Windows <InstallDir>\InstalledPackages\{790C06B4-844E-11D2-972B- 080009EF8C2A}\conf\OpC\nodeinfo UNIX /var/opt/OV/conf/OpC/nodeinfo AIX /var/lpp/OV/conf/OpC/nodeinfo Location of the nodeinfo File Platform Location of the opcinfo File Windows <InstallDir>\InstalledPackages \{790C06B4-844E-11D2-972B- 080009EF8C2A}\bin\OpC\install\opcinfo UNIX /opt/OV/bin/OpC/install/opcinfo AIX /usr/lpp/OV/OpC/install/opcinfo Location of the opcinfo File default.txt File On systems where no agent is installed (for example, HPOMconsole only system, or systemwith HP Reporter only), and where therefore no nodeinfo file exists, HTTP communication settings can be configured in the default.txt file. The syntax differs slightly fromthe nodeinfo parameter syntax. Please see the default.txt file itself for details. Any settings defined in the nodeinfo file (if it exists) will take precedence over the settings defined in the default.txt file. HP Operations Manager (9.00) Page 361 of 1297 Online Help Platform Location of the default.txt File Windows UNIX <OvDataDir>/conf/BBC/default.txt a Location of the default.txt File Example Port Settings For most HPOMcomponents, dedicated ports can be defined. The following settings are used in this document as examples. You are free to choose ports other than those specified. HP has changed the example ports used in this document. You do not need to update your ports if you have used the previous examNote: ple ports. Description Communication Type Function TCP Ports (used in this document) Default Server and console processes (HTTPS) Communication broker (ovbbccb) HTTPS HTTPS server 62999 383 Certificate server (ovcs) HTTPS HTTPS client 62600 none Message and action server (OvEpMsgActSrv) HTTPS HTTPS client 62723- 62835 none Policy management and deployment (OvPmad) HTTPS HTTPS client 62601- 62605 none Remote agent control (opcragt) HTTPS HTTPS client 62621- 62720 none Policy editor (OvPmdPolicyEditorFrame) HTTP or HTTPS HTTP or HTTPS client 62721- 62722 none Used Ports (Examples) a <OvDataDir>is defined by the registry setting: HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett- Packard\HPOpenView\DataDir on Windows systems and the environment variable OvDataDir on UNIX systems. HP Operations Manager (9.00) Page 362 of 1297 Online Help Description Communication Type Function TCP Ports (used in this document) Default Service discovery server (OvAutoDiscoveryServer) HTTP or HTTPS HTTPS server 62723 6602 Server processes (MSRPC) RPC endpoint mapper (rpcd) MSRPC RPC server 135 (cannot be changed) 135 Message and action server (OvEpMsgActSrv) MSRPC RPC server 62201 none Agent processes (HTTPS) Communication broker (ovbbccb) HTTPS HTTPS server 62999 383 Message agent (opcmsga) HTTPS HTTPS client 62301 none Control component (ovcd) HTTPS HTTPS client 62302 none Discovery agent (agtrep) HTTPS HTTPS client 62303 none Embedded performance component (coda) HTTPS HTTPS server 62304 none Reverse channel proxy (for outbound-only communication) HTTPS HTTPS server 62998 9090 Agent processes (DCE) RPC endpoint mapper (rpcd) MSRPC or DCE RPC RPC server 135 (cannot be changed) 135 Control agent (opcctla) MSRPC or DCE RPC RPC server 62001 none Message agent (opcmsga) MSRPC or DCE RPC RPC client 62004- 62006 a none a Only used on UNIX DCE systems. Microsoft DCE does not allow restricting the RPC client port range. HP Operations Manager (9.00) Page 363 of 1297 Online Help Description Communication Type Function TCP Ports (used in this document) Default Distribution agent (opcdista) MSRPC or DCE RPC RPC client 62011- 62013 a none Agent processes (HTTP) Local location broker (llbd) HTTP HTTP server 383 383 Embedded performance component (com.hp.openview.Coda) HTTP server HTTP server 62010 381 Service discovery agent ( com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML ) HTTP client HTTP client 62014 b none Increasing the Maximum Port Number on Windows Systems On a default Windows system, the highest port number that TCP can assign when an application requests an available user port fromthe systemis 5000. You can increase this value to 65,534, at most, by setting the MaxUserPort registry entry under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters For more information about MaxUserPort, see the following web document: http://technet2.microsoft.com/WindowsServer/en/library/730fb465-d402- 4853-bacc-16ba78e9fcc01033.mspx Restrictions The following restrictions apply: Outbound-Only Communication For more information about the current limitations in outbound-only communication, see "Communication Concepts" (on page 366). Port Address Translation (DCE) See "Configuring Server to Agent Communication" (on page 386). a These ports are only needed when the agent should be used together with an HPOMfor UNIX server. HPOMfor Windows uses a different distribution mechanism, which does not use the distribution agents RPC client. b HTTP client ports can be configured. However, this is not necessary if HTTP proxies can be used. HP Operations Manager (9.00) Page 364 of 1297 Online Help Package Deployment to Windows DCE Nodes Outside the Firewall You must open the firewall for DCOMtraffic and Windows authentication if you want to deploy packages, to Windows DCE nodes through a firewall. This is true not only for the Operations agent package, but also for any other deployment package, like the SPI for Exchange 2000 package or the Windows Module Tools package. In most firewall environments, this will not be possible. Therefore those packages should be installed manually using the manual agent installation. You could also use a workaround as described in "Configuring Server to Agent Communication" (on page 386). Deployment of policies or instrumentation to nodes is possible if the firewall is configured according to the rules of "Configuring Server to Agent Communication" (on page 386) and "Configuring Server to Agent Communication" (on page 386). Policy Node Editors Showing Node Data Some policy editors allow displaying metrics or other data froma certain Windows node, because these metrics or counters might not be available on the console or management server system. The policy editors use native Windows APIs or Windows applications like the Microsoft Event Viewer or the Microsoft WMI class browser. These will not work in most firewall environments. Therefore, the following functionality cannot be used: Policy Type Functionality that cannot be used Workaround Measurement Threshold Source tab: Source Type: Real Time Performance Measurement Browse on node l Browse on a node inside the firewall which provides the same counters. l Go to the node behind the firewall. Start the Microsoft Performance Monitor locally on the node and browse the counters locally. Write down the counter, object and instance names and enter themmanually in your policy. Source tab: Source Type: WMI Class browser See workaround for Windows Management Interface policies. Windows Event Log Rule window Microsoft Event viewer (launched by Launch event viewer...) cant be reconfigured to connect to l Connect to a node inside the firewall which provides the same or similar event log entries. l Go to the node behind the firewall. Use the Microsoft Event viewer locally to view event properties. Write down the properties you want to use and enter themmanually in your policy. Restricted Functionality HP Operations Manager (9.00) Page 365 of 1297 Online Help Policy Type Functionality that cannot be used Workaround another computer Windows Management Interface Source tab Class browser l Connect to WMI on a node inside the firewall which provides the same classes and instances. l Go to the node behind the firewall. Use wbemtest locally (always available if WMI is installed) to enumerate classes and view class and instance properties. Write down the class and instance name you want to use and enter themmanually in your policy. l Go to the node behind the firewall. Install the WMI SDK (available from http://msdn.microsoft.com) and use the WMI CIMStudio (easier to use than wbemtest) locally to browse classes and view class and instance properties. Write down the class and instance name you want to use and enter themmanually in your policy. Rule window Launch instance browser Communication Concepts Communication Protocols HPOMuses the following communication protocols fromthe Internet Protocol (IP) suite: l Transmission Control Protocol (TCP) TCP is a protocol that defines how one device can establish a network connection to another device to reliably transmit ordered streams of data. l Hypertext Transfer Protocol (HTTP) HTTP is a protocol that defines how clients can make requests to servers, and how servers can respond to those requests. HPOMcomponents use version HTTP/1.1 and transmit HTTP requests and responses over TCP connections. l Secure HTTP (HTTPS) HTTPS is a protocol that adds a layer of security to HTTP requests and responses. This layer of security prevents any user or device except the intended recipient fromexamining or modifying the data in the HTTP requests and responses. HPOMcomponents transmit HTTPS requests and responses over TCP connections. l Internet Control Message Protocol (ICMP) HP Operations Manager (9.00) Page 366 of 1297 Online Help ICMP is a protocol that defines how devices in a network can exchange diagnostic and error messages that relate to IP communication. Communication Overview The following figure gives an overview of the different components in an HPOMenvironment and how they communicate with each other. Communication Overview (Runtime) l Managed nodes In general, HPOMsupports two types of communication with managed nodes: HTTPS/TCP and DCE/TCP. While the HTTPS communication type is the same for all managed nodes that HP Operations Manager (9.00) Page 367 of 1297 Online Help support HTTPS communication, there are different flavors of DCE that must be distinguished: DCE/TCP and DCE/UDP for UNIX nodes and MSRPC for Windows nodes. For DCE nodes, HPOMalso uses HTTP to retrieve performance data for reporting and graphing purposes, as well as configuration data fromthe service discovery component. (For HTTPS nodes, HPOMuses HTTPS only for any kind of communication.) In regular intervals, management servers and agents also verify each others availability by requesting information fromeach other. This is done using ICMP packages or RPC calls. See "Configuring Server to Agent Communication" (on page 386) for more information about this communication channel. l Consoles HPOMsupports two types of consoles: remote consoles which use DCOMto communicate with the management server, and web consoles which use by default HTTPS for communication. In addition, the policy editor on a console systemby default uses HTTP to communicate with the embedded performance component on both HTTPS nodes and DCE nodes. See "Configuring Server to Console Communication" (on page 434) for more information about this communication channel. l Management servers Management servers can communicate with other management servers, for example for message forwarding purposes. The communication type used for this kind of communication depends on the platformand version of the communication partners: HPOM8 management servers use HTTPS for communication with each other, and DCE to communicate with other HPOM7 servers. See "Configuring Server to Server Communication" (on page 441) for more information about this communication channel. l Database HPOMsupports a remote database which is SQL Server. The communication type used between the HPOMmanagement server and the database is based on Open Database Connectivity (ODBC). l Network Node Manager (NNM) HPOMand HP NNMcommunicate with each other using DCOM. l Performance reporting and graphing HP Reporter and HP Performance Manager use HTTP communication to browse performance data collected by the HPOM7 version of the embedded performance component, and HTTPS to communicate with the HPOM8 version of the embedded performance component. To learn more about the different communication types and how to adjust themfor firewall environments, see the following sections: l "HTTP Communication Types" (on page 369) l "DCE Communication Types" (on page 375) l "Other Communication Protocols" (on page 376) HP Operations Manager (9.00) Page 368 of 1297 Online Help HTTP Communication Types The following kinds of HTTP communication may occur in an HPOMenvironment and must be distinguished: l HTTP Some HPOMcomponents (for example, some DCE agents processes) use a communication mechanismthat is based on HTTP/1.1. This communication mechanismis based on an HTTP client-server infrastructure implemented by HP. For more information, see "HTTP Communication" (on page 369). l HTTPS Most HPOMcomponents (for example, HTTPS agents) use HTTPS to communicate with the management server. HTTPS adds the use of the Secure Socket Layer (SSL) protocol for encryption and authentication purposes to HPs HTTP client-server implementation. For more information, see "HTTPS Communication" (on page 370). l Outbound-only Outbound-only is a function of HPs HTTPS communication. It adds support for limiting the direction of communication to outgoing connections only. For more information, see "HTTP Communication Types" (on page 369). HTTP Communication Some HPOMcomponents use the hypertext transfer protocol (HTTP/1.1) to communicate with each other. These components act as HTTP servers and clients: l HTTP server HTTP servers communicate with HTTP-based client processes. An HTTP server registers at one fixed port. It can handle multiple incoming connections on this one port. l HTTP client HTTP clients communicate with HTTP-based server processes. They use one port of the available range for outgoing communication. A new connection to another HTTP server will normally use another port. However, these source ports can be restricted if needed, so that the HTTP client just uses one specified source port or a specified source port range. HPOMHTTP communication offers the following advantages: l Local location broker A special HTTP server, the local location broker, resides on each systemthat participates in HTTP communication. The local location broker by default listens on port 383 for incoming communication requests. It then responds to these communication requests with the port number of the actual target HTTP server. l Bind port range A restricted bind port range can be used when configuring firewalls. HP Operations Manager (9.00) Page 369 of 1297 Online Help l HTTP proxies One or more standard HTTP proxies can be configured to cross a firewall or reach a remote systemwhen sending messages, files, or objects. HTTP communication is mainly used by DCE agents for communication between reporting and graphing tools and the embedded performance component, and for communication between the service discovery components. There are different ways to configure the HTTP communication in a firewall environment: l HTTP clients with proxies The standard, recommended way is to use HTTP proxies when communicating through a firewall. This simplifies the configuration by using proxies, which are often in use anyhow. The firewall has to be open for exactly one port if proxies can be used in both directions. See "Configuring HTTP Clients with HTTP Proxies" (on page 426) for more information. l HTTP clients without proxies If proxies cannot be used, then each HTTP client has to be configured separately. See "Configuring HTTP Clients without HTTP Proxies" (on page 426) for more information. l HTTP server ports HTTP server ports are usually fixed, you can, however, choose another port if needed. See "Configuring HTTP Servers" (on page 425) for more information. l Local location broker ports The local location broker on a systemusually uses port 383 by default. If required, you can change this port but you then have to change the local location broker port of all systems in the HPOMenvironment. See "Changing the Default Port of the Local Location Broker" (on page 425) for more information. l Systems with multiple IP addresses If you have systems with multiple network interfaces and IP addresses and if you want to use a dedicated interface for the HP Software communication, then you can bind the systemto use a specific IP address for HTTP communication. See "Systems with Multiple IP Addresses" (on page 427) for more information. HTTPS Communication HTTPS communication is based on HTTP communication. It offers the following additional advantages: l SSL authentication and encryption With the help of the Secure Socket Layer (SSL) protocol, HTTPS communication uses authentication to restrict access to data and encryption to secure data exchange. Authentication and encryption ensure data integrity and privacy. Certificates are only accepted if they are generated by the HP Software Certificate Server. l Data compression HP Operations Manager (9.00) Page 370 of 1297 Online Help By default, all data is compressed, so that data is not transmitted in clear text format (even for non-SSL connections). l Single port entry All remote messages and requests arrive through the communication broker, providing a single port entry to the node. (In HTTPS communication, the communication broker replaces the local location broker of HTTP communication.) Depending on how your network and firewall environment is set up, you can configure HTTPS communication in the following ways: l Proxy redirection If your network allows only certain proxy systems to open connections through the firewall, you can redirect HPOMcommunication through these proxies. See "Configuring HTTPS Clients with Proxy Redirection" (on page 400). l Communication broker ports If your network allows inbound connections to only certain destination ports, but not to port 383, you can configure alternate communication broker ports. See "Configuring Communication Broker Ports" (on page 403). l Local ports If your network allows outbound connections fromonly certain local ports, you can configure HPOMto use specific local ports. See "Configuring Local Communication Ports" (on page 401). l Systems with multiple IP addresses If you have systems with multiple network interfaces and IP addresses and if you want to use a dedicated interface for the HP Software communication, then you can bind the systemto use a specific IP address for HTTPS communication. See "Configuring Systems with Multiple IP Addresses" (on page 407) for more information. Outbound-Only Communication Management servers and nodes communicate with each other over the network. Normally, management servers open outbound network connections to nodes and nodes open inbound network connections to management servers. The figure below shows the network connections where there is no firewall that blocks inbound HTTPS connections to the management server as follows: l The management server (1) opens outbound connections to agents for the following tasks: n Policy and instrumentation deployment n Heartbeat polling n Tool launch n Remote action launch fromthe management server n Operator-initiated action launch HP Operations Manager (9.00) Page 371 of 1297 Online Help l Agents (2) open inbound connections to the management server, for example to send messages, actions responses, or to launch remote actions. Server to Agent Communication If a firewall blocks inbound HTTPS connections froma node to a management server, the node cannot communicate with the management server properly. To enable proper communication, you configure an HTTPS agent to act as a reverse channel proxy (RCP). An RCP handles communication between management servers and nodes, so that they do not need to communicate with each other directly. An RCP can run on the managed node that it serves, or on a separate systemthat serves multiple managed nodes. The RCP is on the same side of the firewall as the node or nodes that it serves, that is on the less trusted side of the firewall. Tip: The RCP can serve HTTPS agents on any platform, including those that do not yet support running an RCP on them. RCP Communication Through One Firewall The figure below shows the network connections where there is a firewall that blocks inbound connections to the management server as follows: RCP Communication Through One Firewall l The management server (1) makes an outbound connection through the firewall (2) to an RCP (3). This connection is called a reverse administration channel. The management server maintains the reverse administration channel, so that the RCP never needs to make an inbound connection to the management server. l Agents (4) open connections to the RCP, instead of the management server. The RCP (3) forwards the agents communications to the management server using the reverse administration channel. l The management server (1) also makes outbound connections directly to agents (4). HP Operations Manager (9.00) Page 372 of 1297 Online Help Outbound-Only Communication with HTTP Proxies Outbound-only communication is also possible with optional HTTP proxies between the management server and the RCP, as well as between the RCP and the HTTPS agents, as shown in the following below. An RCP is different froman HTTP proxy in that it can route inbound traffic through a firewall that is completely blocked for inbound traffic, but it can do so only for HP Software communication requests. In contrast, an HTTP proxy can route all traffic, but not inbound through a blocked firewall. RCP Communication with HTTP Proxies Outbound-Only Communication Through Two Firewalls A reverse channel proxy (RCP) can also provide secure communication between management servers and HTTPS agents through two firewalls, as shown in the following figure. Each connection through a firewall requires its own reverse administration channel: one reverse administration channel must be established between the server and the RCP, and another reverse administration channel must be established between the agent and the RCP. See "Configuring Outbound-Only Communication Through Two Firewalls" (on page 414) for more information. RCP Communication Through Two Firewalls In the figure above, (1) represents the reverse administration channel and (2) represents the data flow. Channeling RCP communication through two firewalls can serve the following scenarios: l High security scenario The server and agents are in trust zones with higher trust than the RCP. l Service provider scenario HP Operations Manager (9.00) Page 373 of 1297 Online Help The management server runs in a service provider intranet, and the HTTPS agents are located at the customer site. Fromthe customers perspective, the agents are located in a fully trusted site, but the server is not. Fromthe service providers perspective, the server is located in a fully trusted site, but the agents are not. Limitations of Outbound-Only Communication Outbound-only communication has the following limitations: l RCP platform support Outbound-only communication is supported on all supported HTTPS agent platforms, but an RCP running on Tru64 is not supported. Tip: To use a Tru64 systemwith outbound-only communication, set [bbc.http] PROXY on the Tru64 systemto use an RCP running on a supported platform. For the latest information about platformsupport, see the support matrix which is available at: http://support.openview.hp.com/selfsolve/document/KM323488 To access the HPOMproduct support matrix, a user identification (HP Passport) is required. l Application-Level Gateways (ALGs) HPOMcurrently does not support environments with outbound-only communication and Application-Level Gateways (ALGs). l Backup proxies Outbound-only communication does not fully support backup proxies (HTTP and RCP). However, it is possible to implement a script to detect a proxy failure. To dynamically change the RCP that a systemconnects to, a script can run the following command: ovconfchg-ns bbc.http-set PROXY <rcp> With agent versions 8.54 and higher, you do not need to restart any processes for this change to take effect. For more details on the syntax for specifying proxies, see "Configuring Systems in the Less-Trusted Zone" (on page 413). Performance Considerations for the RCP To ensure good performance, make sure that the RCP systemcan service incoming requests fast enough. The number of incoming requests depends on the number of agents the RCP serves: l One RCP for one agent For a systemhosting one RCP for one agent, meeting the minimumrequirements for an agent systemis sufficient. If you plan to use one RCP for each agent (located on the same system), systemperformance will not be significantly impacted by this single additional process. l One RCP for more than one agent For a systemhosting one RCP for more than one agent, meeting the minimumrequirements for an agent systemmay not be sufficient. You must ensure that the RCP systemwill be able to service all incoming requests fast enough. HP Operations Manager (9.00) Page 374 of 1297 Online Help Incoming requests are serviced on a first-come, first-served basis (FIFOqueue). Usage of CPU capacity by the RCP is roughly comparable to that of the HTTPS message receiver process (OvEpMsgActSrv.exe) onthemanagement server. If an RCP has open reverse administration channel connections to more than one server, and if communication with one of the servers is interrupted, this interruption will not adversely affect communication with the other servers. If the RCP gets overloaded, message throughput will drop. However, sufficient safeguards are in place to ensure that no messages will be lost in transit (as long as the hard disks and file systems are functioning correctly). HTTPS outbound-only communication between the agent and the server uses an end-to-end SSL handshake/authentication. No SSL stops occur between the server and the agent. As a result, no data is buffered by the RCP. DCE Communication Types The following kinds of DCE communication may occur in an HPOMenvironment and must be distinguished: l DCE/TCP See "DCE/TCP Communication" (on page 375) for more information. l DCE/UDP See "DCE/UDP Communication" (on page 375) for more information. l Microsoft RPC See "Microsoft RPC Communication" (on page 376) for more information. l Microsoft DCOM See "Microsoft DCOMCommunication" (on page 376) for more information. DCE/TCP Communication TCP is a connection-oriented protocol. The protocol will detect if packets are dropped on the network and resend only those packets. This makes it the choice for all bad networks. Since TCP is connection oriented, it keeps a connection open for a period after communication is finished. This is to avoid having to reopen a new connection if other communication is requested later. This can cause problems in environments where communication is to multiple different targets, for example, HPOM, because resources stay locked for a while. So, wherever possible, switch the node connection type to UDP. DCE/UDP Communication Because UDP does not do any transmission control, communication packets can be lost on the network. DCE RPCs, based on UDP, implement their own transmission control on a higher level of the communication stack. Therefore no communication can be lost. Since UDP is not connection based, everything is cleaned up immediately after the communication is complete. This makes it the preferred choice for all nodes where the following applies: HP Operations Manager (9.00) Page 375 of 1297 Online Help l The node is located inside the firewall. l The node is connected on a good LAN connection where few packets are lost. Microsoft RPC Communication Microsoft RPCs are mostly compatible to DCE RPCs. Therefore the notes on UDP and TCP apply. Microsoft DCOM Communication Microsofts Distributed Component Object Model (DCOM), which is a proprietary communication technology of Microsoft, extends the Component Object Model (COM) by using MSRPC as underlying communication mechanism. Communication without DCE Endpoint Mapper Allowing one or more well-known ports through a firewall is often considered as a security risk, especially, allowing the well-known port of the DCE RPC endpoint mapper, 135. Security in firewall environments can be significantly improved by reducing communication to a single, user-defined port. The section DCE RPC Communication without using the Endpoint Mapper in the HPOMonline help describes a solution where the DCE RPC endpoint mapper will not be used, which allows you to close port 135 on the firewall, thus increasing the security of your environment significantly. The RPC communication of HPOMwill then require just one open destination port in each direction. For details, see the appropriate section in the online help. Other Communication Protocols ICMP The management server and agents exchange ICMP (Internet Control Message Protocol) messages to check each others availability and health. This is also known as health monitoring or heartbeat polling. Since ICMP packages are usually blocked over the firewall, health monitoring can be configured to use RPCs only or can be disabled altogether. See "Health Monitoring" (on page 391) for more information. DNS If DNS queries are blocked over the firewall, local name resolution has to be set up so that the agent can resolve its own and the management servers name. SNMP Queries If SNMP queries are blocked over the firewall, no automatic determination of the node type when setting up a node is possible. For all nodes outside the firewall, the correct node type has to be selected manually. Enter the Systemtype, OS type, and OS version manually in the node configuration. If SNMP queries are wanted over the firewall, the following ports must be opened up as suggested in the following table: HP Operations Manager (9.00) Page 376 of 1297 Online Help Source Destination Protocol Source Port Destination Port Description MGMT SRV MGD NODE UDP any 161 SNMP MGD NODE MGMT SRV UDP 161 any SNMP Filter Rules for SNMP Queries DHCP The Dynamic Host Configuration Protocol (DHCP) provides configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters froma DHCP server to a host and a mechanismfor allocation of network addresses to hosts. HTTPS agents can be set up on managed nodes to receive dynamically assigned IP addresses using DHCP. Adaptations to the firewall are not necessary because HPOMincludes all necessary communication information in the HTTPS communication layer. Network Address Translation In IP networking, packets are the units of data that the network transports. Each packet consists of user data and headers. The headers contain the control data that devices on the network need to transport the packet correctly. This control data includes addresses that identify the source of the packet and the destination of the packet. When a packet passes through a network address translation (NAT) device, the NAT device changes the addresses in packet headers. The purpose of translating network addresses may be to hide address data fromdevices on untrusted networks, or to enable the devices on a local network that uses a private address range to communicate with systems on other networks (for example the Internet). The source and destination addresses for TCP connections consist of an IP address and a port. NAT devices may translate the source IP address, source port, destination IP address, destination port, or any combination of these. For HPOMcommunication to succeed in environments that include NAT devices, it is important that you correctly configure the NAT devices. HPOMcomponents rely on the NAT devices only to enable correct delivery of the packets that they send. HPOMdoes not rely on the address data in packet headers for any functionality. For example, when a managed node connects to a management server to send a message, it identifies itself including a unique ID in data that it sends. The management server does not rely on the source IP address in the packet headers to identify the managed node. NAT can be set up to translate only the IP addresses of one side of the firewall or to translate all addresses as shown in the figure below. . Firewall using NAT HP Operations Manager (9.00) Page 377 of 1297 Online Help Address Translation of Outside Addresses This is the basic scenario for NAT. Only the outside addresses are translated at the firewall. An example of the environment is shown in the figure below. HTTPS managed nodes handle address translation automatically. However, for DCE managed nodes to handle this scenario, configure themas described in "Configuring Server to Agent Communication" (on page 386). NAT for an Address Outside the Firewall HP Operations Manager (9.00) Page 378 of 1297 Online Help Address Translation of Inside Addresses In this scenario, only the inside address (the management server) is translated at the firewall. An example of the environment is shown in the following figure. HTTPS managed nodes handle address translation automatically. However, for DCE managed nodes to handle this scenario, configure themas described in "Configuring Server to Agent Communication" (on page 386). NAT for an Address Inside the Firewall HP Operations Manager (9.00) Page 379 of 1297 Online Help Address Translation of Inside and Outside Addresses This is the combination of the two previous scenarios. The inside and the outside network have a completely different set of IP addresses that get translated at the firewall. An example of the environment is shown in the figure below.. HTTPS managed nodes handle address translation automatically. However, for DCE managed nodes to handle this scenario, configure themas described in "Configuring Server to Agent Communication" (on page 386). NAT for Addresses Inside and Outside the Firewall HP Operations Manager (9.00) Page 380 of 1297 Online Help IP Masquerading A common use of NAT is to enable local systems that have IP addresses in a private address range to communicate with remote systems on the Internet. Only the NAT device has a public IP address. When packets fromlocal systems pass through the NAT device, the NAT device replaces the source address in the packet headers with its own IP address and one of its ports. The NAT device maintains a translation table that maps the allocated port to the private IP address. When a packet arrives fromthe Internet for a specific port on the NAT device, the NAT device replaces the destination address in the packet headers with the private IP address that is mapped to that port in the translation table. The NAT device typically removes mappings fromthe translation tables when it determines that the connection is no longer in use. If a packet arrives fromthe Internet for a port on the NAT device that is not currently mapped to a private IP address, the NAT device drops the packet. Therefore, this type of NAT often prevents systems on the Internet fromestablishing inbound connections to local systems. HPOMmanagement servers and nodes both listen for inbound connections. In a NAT environment that prevents inbound connections, the following options are available: l Configure static entries in the NAT devices translation tables so that it always forwards certain packets to specific local systems. This is called port forwarding. HP Operations Manager (9.00) Page 381 of 1297 Online Help HPOMcomponents can communicate in port forwarding environments if you configure themto establish connections to the correct port on the NAT device. ("Configuring HPOMfor Port Forwarding" (on page 416).) For DCE managed nodes, because of the restrictions in targeting connections over the firewall in both directions (server to DCE agent and DCE agent to server), this is currently not supported in HPOMenvironments. l Configure outbound-only communication, so that you do not need to configure the NAT device to allow inbound connections to HPOMcomponents. ("Configuring Server to Agent Communication" (on page 386).) Nodes with Duplicate IPAddresses In some environments, the management server on an internal network must manage nodes in several separate external networks, which all use the same private IPaddress ranges. The following figure shows an example of this scenario. The management server manager1.example.com must manage nodes in the domain example.org that have the same IP addresses as other nodes in the domain example.net. Nodes with duplicate IP addresses You can manage nodes with duplicate IPaddresses using either a NAT solution or an HTTPproxy solution. HP Operations Manager (9.00) Page 382 of 1297 Online Help Managing nodes with duplicate IP addresses using NAT A NATsolution that enables the management server to manage nodes with duplicate IPaddresses has the following characteristics: l Each managed node has a unique fully qualified domain name. l The management server resolves the hostnames of all managed nodes to unique IP addresses, which are not in use on the internal network. l Managed nodes resolve the hostname of the management server to a unique IPaddress on their network. l The internal network routes packets for each node to the correct gateway based on the unique IP address on the internal network. l Gateways translate the IPaddresses on the internal network and the IPaddresses on the external network. The following figure shows an example of using NATto manage nodes that have the same IP addresses. Managing nodes with duplicate IPaddresses usng NAT HP Operations Manager (9.00) Page 383 of 1297 Online Help In the above example, the management server communicates with node2.example.org, in the following way: 1. manager1.example.com connects to a DNS server and resolves the hostname of node2.example.org to the unique internal IP address 10.0.2.2. 2. manager1.example.com sends packets with the destination IPaddress 10.0.2.2, and the internal network routes the packets through gateway A. 3. Gateway A translates the IP addresses in each packet header: n New destination IPaddress: 192.168.1.1 n New source IP address: 192.168.100.1 4. Gateway A forwards each packet to the external network, which delivers themto node2.example.org. 5. node2.example.org sends packets with the destination IP address 192.168.100.1, and HP Operations Manager (9.00) Page 384 of 1297 Online Help the external network routes the packets through gateway A. 6. Gateway A translates the IP addresses in each packet header: n New destination IPaddress: 10.0.1.1 n New source IP address: 10.0.2.2 7. Gateway A forwards the packets to the internal network, which delivers themto manager1.example.com. This solution does not require any specific configuration of the HPOMmanagement server or managed nodes. HPOMcomponents rely on the network infrastructure to deliver packets to the correct destinations. Managing nodes with duplicate IP addresses using HTTP proxies An HTTPproxy solution that enables the management server to manage nodes with duplicate IP addresses has the following characteristics: l Each managed node has a unique fully qualified domain name. l A dedicated HTTPproxy is available for each external network. l Each HTTPproxy is able to resolve the IP address of the management server on the internal network and the managed nodes on the external network This solution relies on the HTTPproxies to act as intermediaries between the management server and managed nodes.You must configure the management server and managed nodes to use the correct proxies for connections to each other. You can configure the proxies that management servers and managed nodes use by setting the PROXYparameter in the bbc.http namespace as follows: ovconfchg [-ovrg server] -ns bbc.http -set PROXY <proxy> The value of the PROXY parameter can contain one or more proxy definitions. Specify each proxy in the following format: <proxy_hostname>:<proxy_port>+(<included_hosts>)-(<excluded_hosts>) Replace <included_hosts> with a comma-separated list of hostnames or IP addresses to which the proxy enables communication. Replace <excluded_hosts> with a comma-separated list of hostnames or IP addresses to which the proxy cannot connect. Asterisks (*) are wild cards in hostnames and IP addresses. Both <included_hosts> and <excluded_hosts> are optional. To specify multiple proxies, separate each proxy with a semicolon (;). The first suitable proxy in the list takes precedence. Example: ovconfchg -ns bbc.http -set PROXY proxy1.example.com:3128+(*.example.org)- (*);proxy2.example.com:3128+(*.example.net)-(*) The following figure shows an example of using HTTPproxies to manage nodes that have the same IP addresses. Managing nodes with duplicate IPaddresses using HTTPproxies HP Operations Manager (9.00) Page 385 of 1297 Online Help In the above example, the management server can communicate with node3.example.net, in the following way: 1. manager1.example.com connects to proxy2.example.com at the IPaddress 10.0.5.2 on the internal network and requests a connection to node3.example.net. 2. proxy2.example.com opens a connection to node3.example.net, fromits interface on the external network, which has the IPaddress 192.168.1.4 When the connection is established, the proxy continues to act as an intermediary between manager1.example.com and node3.example.net, enabling communication fromthe internal network to the external network. Configuring Server to Agent Communication Server to Agent Communication The management server communicates with HTTPS agents to exchange the following kinds of information: HP Operations Manager (9.00) Page 386 of 1297 Online Help l Receive messages fromnodes (using HTTPS). l Start tools or message-related actions on nodes (using HTTPS). l Deploy policies or instrumentation to nodes (using HTTPS). l Collect and view performance data on nodes (using HTTPS). l Discover services on nodes (using HTTPS). l Monitor the health of agents (using ICMP packages or RPCs). By default, the management server uses the HTTPS communication type to exchange this kind of information with HTTPS agents. ICMP packages and RPCs are used to check the agent health. In addition to HTTPS, the communication between the server and the agent may also include DNS, SNMP, and DHCP queries. See "Other Communication Protocols" (on page 376) for details. The following figure shows the communication processes. Management Server to HTTPS Agent Communication (Runtime) The following table lists the runtime processes on the management server that establish an HTTPS connection to the communication broker of an HTTPS agent, or receive HTTPS communication requests froman HTTPS agent. Note that some command-line tools on the management server (for example, ovrc, ovdeploy, ovpolicy, ovconfpar, and bbcutil) directly contact the communication broker of an HTTPS agent. HP Operations Manager (9.00) Page 387 of 1297 Online Help Component Function Description Certificate server (ovcs.exe) HTTPS client HTTPS server Contacts the communication broker on the agent. Creates certificates and private keys for authentication in secure communication. Message and action server (OvEpMsgActSrv.exe ) HTTPS client HTTPS server Contacts the communication broker on the agent. Sends action and heartbeat polling requests, and forwards messages to other management servers. Policy management and deployment (ovpmad.exe) HTTPS client Contacts the communication broker on the agent. Installs and removes agent software, and deploys and removes policies and instrumentation to the managed nodes. Remote control (opcragt.exe) HTTPS client Contacts the communication broker of all the agents. HP Reporter HP Performance Manager HTTPS client Query performance data fromthe embedded performance component and the HP Performance Agent Software. Communication broker (ovbbccb.exe) HTTPS server Receives messages and action responses fromthe message agent. Receives certificate requests from the control component. Receives synchronization requests fromthe agent repository (agtrep). Server Processes for HTTPS Communication (Runtime) The following table lists the runtime processes on an HTTPS managed node that establish an HTTPS connection to the communication broker of management server, or receive HTTPS communication requests fromthe management server. Component Function Description Communication broker (ovbbccb) HTTPS server Receives requests fromthe server processes and passes them on to the appropriate agent processes. Returns the current port of the embedded performance component to reporting and graphing tools, and the measurement threshold policy editor. Message agent (opcmsga) HTTPS client Sends messages and action responses to the communication broker of the management server. Control component (ovcd) HTTPS server Sends certificate requests to the communication broker of the management server. Discovery agent (agtrep) HTTPS client Sends synchronization requests to the communication broker of the management server. Embedded performance component (coda) HTTPS server Provides performance data to reporting and graphing tools, and the measurement threshold policy editor. Agent Processes for HTTPS Communication (Runtime) HP Operations Manager (9.00) Page 388 of 1297 Online Help Server to Agent DCE Communication The management server communicates with DCE agents to exchange the following kinds of information: l Receive messages fromnodes (using DCE). l Start tools or message-related actions on nodes (using DCE). l Deploy policies or instrumentation to nodes (using DCE). l Collect and view performance data on nodes (using HTTP). l Discover services on nodes (using HTTP). l Monitor the health of agents (using ICMP packages or RPC calls). l In addition to DCE and HTTP, the communication between the server and the agent may also include DNS, SNMP, and DHCP queries. See "Other Communication Protocols" (on page 376) for details. Management Server to DCE Agent Communication (Runtime) HP Operations Manager (9.00) Page 389 of 1297 Online Help Component Function Description Message and action server (OvEpMsgActSrv.exe ) RPC server RPC client Uses one fixed port which is selected by the operating systembut can be bound to a specific port by the user. Multiple incoming connections. Also acts as RPC client: sends heartbeat polling requests. RPC endpoint mapper RPC server Uses one fixed port. HP Reporter HP Performance Manager HTTPS clients Use one port of an assigned range for outgoing connections. The port range can be restricted by the user. Communication broker (ovbbccb.exe) HTTPS server Receives service discovery data fromthe service discovery agent. Service discovery server ( OvAutoDiscoveryServer.exe ) HTTP or HTTPS server Uses one fixed port which is by default 6602. Can be bound to another specific port by the user. Multiple incoming connections. Server Processes for DCE Communication Component Function Description RPC endpoint mapper RPC server Uses one fixed port. Control agent RPC server Uses one fixed port which is selected by the operating system but can be bound to a specific port by the user. Handles all incoming RPC calls. Message Agent RPC client Needs two ports. The ports are configurable for UNIX nodes but not configurable for Windows nodes because MSRPC is used. One additional port is needed when used with HPOMfor UNIX (bulk transfer). In flexible management environments, two ports are needed for each management server. The message agent sends ICMP calls to the management server to check the health of the server and to report on its own health. Local Location Broker HTTP Uses one fixed port. Agent Processes for DCE Communication HP Operations Manager (9.00) Page 390 of 1297 Online Help Component Function Description server Embedded Performance Component (com.hp.openview.Coda) HTTP server Uses one fixed port which is by default 381. Can be bound to another specific port by the user. Service Discovery Agent ( com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML ) HTTP client Uses one port of a range. The port range can be restricted by the user. Distribution Agent RPC client Needs two ports. The ports are configurable for UNIX nodes but not configurable for Windows nodes because MSRPC is used. Only used with an HPOMfor UNIX server. Health Monitoring For HPOMto work as reliably as possible, the software must check its own availability. This is done through health monitoring processes that are available for both management servers and agents. l Server health monitoring Server health monitoring means that the agents check fromtime to time if the management server is available again after communication problems have occurred. How this is done depends on the communication type of the agent: n DCE agents DCE agents use ICMP and UDP communication to check the availability of the management server. Because ICMP calls are usually not allowed to pass through a firewall, the server health checks can be switched to use RPC calls only. See "Server Health Monitoring" (on page 392) for more information. n HTTPS agents HTTPS managed nodes use HTTP ping calls to check if the management server is available again. Modifications to the firewall are not necessary because HTTP pings are based on HTTPS and allowed through the firewall. l Agent health monitoring Agent health monitoring includes all processes that the management server uses to check the health of the HPOMagents. Different monitoring options are available, but only some of them are recommended in a firewall environment. Depending on the configured monitoring option, the management server sends ICMP messages or RPC calls to the managed nodes to verify that the agent processes are running. Because ICMP messages are usually blocked at the firewall, you can configure all managed nodes that are outside of a firewall to accept health checks based on RPC calls; that is, DCE RPCs for HP Operations Manager (9.00) Page 391 of 1297 Online Help DCE agents and BBC RPCs for HTTPS agents. See "Agent Health Monitoring " (on page 392) for more information. Server Health Monitoring When the communication to the server is broken then the agent will check fromtime to time if the communication is possible again. HTTPS agents use HTTP ping calls, which are usually allowed through the firewall. It is therefore not necessary to reconfigure HTTPS agents or the firewall for server health monitoring. DCE agents first use ICMP and then RPC, if the ICMP call was successful. HPOMswitches to RPC because ICMP calls are less expensive than RPC calls. Because ICMP packages usually are blocked over the firewall, you can configure DCE agents to disable any ICMP requests to the server. Use the following nodeinfoparameter: OPC_RPC_ONLYTRUE See "OPC_RPC_ONLY" (on page 469) for more information about this parameter. Agent Health Monitoring The management server uses heartbeat monitoring processes to check the health of the HPOM agent. There are different types of HPOMheartbeat monitoring checks that can be individually configured for each node: l ICMP Only The agents send ping packages (using the ICMP protocol) to verify the availability of the agent. Because ICMP calls are usually blocked at the firewall, this option is not recommended for nodes outside of the firewall. l ICMP & Agent If this option is configured, the server first attempts to contact the node using ICMP messages. If this succeeds, it will continue to do the heartbeat monitoring using RPC calls. When an RPC call fails, it will use ICMP messages again to find out if, at least, the systemis alive. As soon as this succeeds, the RPC calls are tried again. The management server sends DCE RPCs to DCE agents and BBC RPCs to HTTPS agents. Because ICMP messages are usually blocked at the firewall, this option is not recommended for nodes outside of the firewall. l Agent Only (for firewalls) This is the recommended setting for firewall environments. Because in firewall environments, ICMP messages usually get blocked, this option configures the server so that only RPC calls are used. Because RPC connections must be allowed through the firewall, this will work even if ICMP messages get blocked. The disadvantage is that in the event of a systemoutage, the network load is higher than with normal heartbeat monitoring because the RPC connection is still being tried. l Disabled HP Operations Manager (9.00) Page 392 of 1297 Online Help The management server does not actively check the health of HPOMagents. It ignores any ICMP messages sent by the agents. For more information about configuring advanced agent health check options, see the HPOMonline help. Agent Sends Alive Packets If so configured, the agent can be triggered to send alive packets (ICMP echo reply messages) to the server to indicate that the agent is alive. When such an alive packet is received at the server, it will reset the polling interval there. If the polling interval expires without an alive packet arriving, the server will start the usual polling mechanismas configured to find the agents status. Sending alive packets is by default disabled on HTTPS managed nodes, and enabled on DCE managed nodes. If alive packets are configured, ICMP packages are sent at two-thirds of the configured heartbeat monitoring interval. This will guarantee that an alive packet will arrive at the server before the configured interval is over. You can change the frequency with which each node sends alive packets. You do this by configuring thevalue for OPC_HBP_INTERVAL_ON_AGENT in a nodeinfo policy, which you deploy to the agent. The agent sends an alive packet at an interval equal to two- thirds of the configured value. For example, if you deploy a nodeinfo policy that sets OPC_HBP_ INTERVAL_ON_AGENT to 300, the agent sends an alive packet every 200 seconds. On nodes that have the DCE agent, the default value of OPC_HBP_INTERVAL_ON_AGENT is 280. On nodes that have the HTTPS agent, the value is not set by default, so the agent sends no alive packets. In a firewall environment this option is not advised for nodes outside the firewall because ICMP messages can get blocked there. For nodes inside the firewall this option is recommended since it will avoid RPC calls being made fromthe server to nodes inside the firewall and blocking ports. Agent Installation in Firewall Environments In most firewall environments, the agents will be installed manually and will not use the automatic HPOMagent installation mechanism. To manually install an agent, copy the installation files to your managed node system(using SCP, for example) or to some portable media. For automatic agent installations, use SSH for HTTPS agents. Automatic installation of Windows DCE agents is described in "Package Deployment to Windows DCE Nodes" (on page 393). (UNIX DCE agents cannot be installed automatically.) Package Deployment to Windows DCE Nodes Package deployment to Windows DCE nodes uses Windows authentication and WinNet APIs for the following purposes: l Connect to the admin$-share on a managed node. l Access and modify the registry on a managed node. l Copy files to the managed node. Furthermore, DCOMis used (for example to check what packages are installed). HP Operations Manager (9.00) Page 393 of 1297 Online Help In most cases the protocols needed for Windows authentication, WinNet APIs and DCOMwill not be allowed through a firewall. For these cases, agent packages should be installed manually on nodes outside the firewall. If you want to allow the necessary protocols, see the Microsoft documentation about configuring a firewall for Windows authentication and WinNet APIs (http://www.microsoft.com) and DCOM (http://www.microsoft.com/com/default.mspx). HP cannot provide support for such setups. To deploy packages to Windows DCE nodes: You should also consider using VPNs (for example using IPSec) if you want to deploy packages through a firewall (however, VPN solutions are not described in this document) or use the following approach for Windows nodes 1. First, open the firewall between the management server and the Windows nodes to allow Windows node configuration and package deployment. At the same time, secure your server and agent environment by disabling any communication to other systems (for example through a second firewall). Configuration of Windows Nodes 2. Now deploy all the agent packages that you need on the nodes. 3. Then close down the firewall between the management server and the Windows nodes. You can then open the second firewall again. HP Operations Manager (9.00) Page 394 of 1297 Online Help Firewall Setup after Configuration of Windows Nodes Configuring Agentless Nodes Agentless nodes are nodes that are monitored by HPOMbut do not have an HP Operations agent installed. You can monitor the following event sources without having an HP Operations agent installed: l SNMP l WMI (Windows nodes only) In addition, if so configured, the management server uses ping calls to test whether the agentless node can be reached. It is not recommended to place a firewall between the management server and an agentless node because firewalls generally block ping calls. If Windows Firewall is enabled on an agentless node, you must change the default firewall settings on the agentless node to allow the management server or proxy systemto connect to WMI of the agentless node. Configure Remote WMI Access to Agentless Nodes Change the default Windows Firewall settings on the agentless node to allow the management server or proxy systemto connect to WMI of the agentless node: 1. Open a command shell by clicking Start and Run, then typing cmd, and finally clicking the OK button. 2. In the command shell that is opened, enter one of the following commands: n To enable RemoteAdmin access for all systems, type: netshfirewall set service RemoteAdmin enable n To restrict RemoteAdmin access to the management server or proxy system, type: netshfirewall set service RemoteAdmin enable custom<IP_address_mgmt_sv_or_proxy> HP Operations Manager (9.00) Page 395 of 1297 Online Help For more information about the RemoteAdmin configuration options, use the command netshfirewall set servicehelp. Configuring HTTPS Agents If a firewall blocks HTTPS connections, you can reconfigure communication between management servers and nodes in several ways. The HPOMconfiguration you choose to implement depends mainly on the configuration of your network: l Two-way communication If your network allows HTTPS connections through the firewall in both directions, but with certain restrictions, the following configuration options are possible in HPOMto accommodate these restrictions: n Proxies If your network allows only certain proxy systems to open connections through the firewall, you can redirect HPOMcommunication through these proxies. See "Configuring HTTPS Clients with Proxy Redirection" (on page 400) for more information. n Local ports If your network allows outbound connections fromonly certain local ports, you can configure HPOMto use specific local ports. See "Configuring Local Communication Ports" (on page 401) for more information. n Communication broker ports If your network allows inbound connections to only certain destination ports, but not to port 383, you can configure alternate communication broker ports. See "Configuring Communication Broker Ports" (on page 403) for more information. n Systems with multiple IP addresses If you have systems with multiple network interfaces and IP addresses and if you want to use a dedicated interface for HTTPS communication, then you can bind the systemto a specific IP address. See "Configuring Systems with Multiple IP Addresses" (on page 407) for more information. n Embedded performance component (coda) If you use performance reporting and graphing tools to query performance data fromthe embedded performance component, you can configure a specific server port for coda, or eliminate the need for a server port altogether. See "Configuring the Embedded Performance Component" (on page 407) for more information. l Outbound-only communication If your network allows only outbound HTTPS connections fromthe management server across the firewall, and blocks inbound connections fromnodes, you can configure reverse channel proxies. See "Configuring Outbound-Only Communication" (on page 409) for more information. HP Operations Manager (9.00) Page 396 of 1297 Online Help Configuring Two Way HTTPS Communication Configuring a Firewall for HTTPS Nodes without a Proxy For the runtime of the HPOMagent, the firewall requires a specific range of communication ports to be opened. This allows the use of normal agent functionality. (For details on the agent installation, see "Agent Installation in Firewall Environments" (on page 393).) The following figure shows a firewall environment without a proxy. The management server and agents communicate with each other directly through the firewall. The communication brokers handle all incoming communication requests so that in this scenario the firewall must be opened only for port 383 which is the default port of the communication broker. If you want to change this default port, see "Configuring Communication Broker Ports" (on page 403) for more information Firewall for HTTPS Nodes without a Proxy The following table specifies the filter rules for runtime of HTTPS managed nodes without proxies. Source Destination Protocol Source Port Destination Port MGMT SRV HTTPS NODE TCP Any a 383 HTTPS NODE MGMT SRV TCP Any 383 Filter Rules for Runtime of HTTPS Managed Nodes without Proxies Configuring a Firewall for HTTPS Nodes with Proxies For the runtime of the HPOMagent with HTTP proxy, the firewall requires a specific range of communication ports to be opened. This allows the use of normal agent functionality. (For details on the agent installation, see "Agent Installation in Firewall Environments" (on page 393).) a The local port is by default 0 which means that the operating systemallocates the next available port number. You can also configure a specific port number or range of ports, if required. HP Operations Manager (9.00) Page 397 of 1297 Online Help The following figures show firewall environments with an external proxy, an internal proxy, and both, an internal and an external proxy. In all scenarios, the management server and the agents must be configured to contact the proxy instead of their original target system. See "Configuring HTTPS Clients with Proxy Redirection" (on page 400) for more information about how to configure proxies. Firewall for HTTPS Nodes with an External Proxy The following table specifies the filter rules for the runtime of HTTPS managed nodes with an external proxy. Source Destination Protocol Source Port Destination Port MGMT SRV PROXY TCP Any a Proxy port, dependent on software b PROXY MGMT SRV TCP Proxy port, dependent on software 383 Filter Rules for Runtime of HTTPS Managed Nodes with an External Proxy Firewall for HTTPS Nodes with an Internal Proxy a The local port is by default 0 which means that the operating systemallocates the next available port number. You can also configure a specific port number or range of ports, if required. b The ports that a proxy uses are dependent on the proxy software. For more information about proxy ports, refer to the documentation that the proxy provides, or request the information fromthe proxys administrator. HP Operations Manager (9.00) Page 398 of 1297 Online Help The following table specifies the filter rules for the runtime of HTTPS managed nodes with an internal proxy. Source Destination Protocol Source Port Destination Port PROXY HTTPS NODE TCP Proxy port, dependent on software 383 HTTPS NODE PROXY TCP Any a Proxy port b Filter Rules for Runtime of HTTPS Managed Nodes with an Internal Proxy Firewall for HTTPS Nodes with Internal and External Proxies a The local port is by default 0 which means that the operating systemallocates the next available port number. You can also configure a specific port number or range of ports, if required. b The ports that a proxy uses are dependent on the proxy software. For more information about proxy ports, refer to the documentation that the proxy provides, or request the information fromthe proxys administrator. HP Operations Manager (9.00) Page 399 of 1297 Online Help The following table specifies the filter rules for the runtime of HTTPS managed nodes with an internal and external proxy. Source Destination Protocol Source Port Destination Port PROXY (internal) PROXY (external) TCP PROXY internal, dependent on software a PROXY external, dependent on software PROXY (external) PROXY (internal) TCP PROXY external, dependent on software PROXY internal, dependent on software Filter Rules for Runtime of HTTPS Managed Nodes with Internal and External Proxies Configuring HTTPS Clients with Proxy Redirection You can use the ovconfchg and the ovconfpar command-line tools to configure proxy redirection. If you are installing a large number of nodes, you can include the proxy settings in the agent installation defaults. a The ports that a proxy uses are dependent on the proxy software. For more information about proxy ports, refer to the documentation that the proxy provides, or request the information fromthe proxys administrator. HP Operations Manager (9.00) Page 400 of 1297 Online Help Note: When you use the command ovconfchgin the following procedure, add the parameter -ovrg server only when configuring the management server. To configure proxy redirection with ovconfchg: ovconfchg [-ovrg server] -ns bbc.http -set PROXY <proxy> The value of the PROXY parameter can contain one or more proxy definitions. Specify each proxy in the following format: <proxy_hostname>:<proxy_port>+(<included_hosts>)-(<excluded_hosts>) Replace <included_hosts> with a comma-separated list of hostnames or IP addresses to which the proxy enables communication. Replace <excluded_hosts> with a comma-separated list of hostnames or IP addresses to which the proxy cannot connect. Asterisks (*) are wild cards in hostnames and IP addresses. Both <included_hosts> and <excluded_hosts> are optional. To specify multiple proxies, separate each proxy with a semicolon (;). The first suitable proxy in the list takes precedence. Example: ovconfchg -ns bbc.http -set PROXY proxy1.example.com:3128+(*.example.org)- (*);proxy2.example.com:3128+(*.example.net)-(*) Configuring Local Communication Ports By default, HTTPS clients use local port 0 for outbound connections, which means that the operating systemallocates the local port for each connection. Typically, the operating systemwill allocate local ports sequentially. However, if a firewall restricts the ports that you can use, you can configure HTTPS clients to use a specific range of local ports instead. If you configure HTTPS clients to use a specific range of local ports, ensure that these ports are available. The ports that you configure must not be in use by other HPOMcomponents or any other software that runs on the system. You can use the ovconfchg and the ovconfpar command-line tools to configure local communication ports. If you are installing a large number of nodes, you can include the settings in the agent installation defaults. Note: When you use the command ovconfchg in the following procedure, add the parameter - ovrg server only when configuring the management server. To configure a port range for all HTTPS clients: ovconfchg [-ovrg server] -ns bbc.http -set CLIENT_PORT <lower_port_ number>-<higher_port_number> <lower_port_number> and <higher_port_number> define the range of ports you want to use. Example: 1. To configure a client port range for all HTTPS clients on the management server, type: ovconfchg -ovrg server -ns bbc.http -set CLIENT_PORT62000-62722 HP Operations Manager (9.00) Page 401 of 1297 Online Help 2. Restart the management server processes for the new settings to take effect: a. vpstat -3 -r stop b. vpstat -3 -r start To configure a port range for individual HTTPS clients: You can also use the following command to specify local ports for individual HTTPS clients: ovconfchg -ns bbc.http.ext.<client_name> -set CLIENT_PORT <lower_port_ number>-<higher_port_number> Settings made for individual clients override the global settings made for all clients. Examples: 1. To change the client port range for the remote agent tool, the certificate server, and the policy management and deployment process, type the following commands on the management server: n Remote agent tool ovconfchg -ovrg server -ns bbc.http.ext.opcragt -set CLIENT_PORT 62621-62720 n Certificate server ovconfchg -ovrg server -ns bbc.http.ext.ovcs -set CLIENT_PORT 62600 n Policy management and deployment ovconfchg -ovrg server -ns bbc.http.ext.pmad -set CLIENT_PORT 62601-62605 2. To change the client ports of the message agent and the control component, type the following commands on the managed node: n Message agent ovconfchg -ns bbc.http.ext.opcmsga -set CLIENT_PORT 62301 n Control component ovconfchg -ns bbc.http.ext.ovcd -set CLIENT_PORT 62302 3. Restart the HPOMprocesses: n Management server Restart the management server processes for the new settings to take effect: i. vpstat -3 -r stop ii. vpstat -3 -r start n Managed node Restart the agent processes for the new settings to take effect: HP Operations Manager (9.00) Page 402 of 1297 Online Help i. ovc -kill ii. ovc -start Configuring Communication Broker Ports You can configure any communication broker to listen on a port other than 383. If you do this, you must also configure the other HTTPS systems in the environment, so that their outbound connections are destined for the correct port. You can use the ovconfchg and the ovconfpar command-line tools to configure communication broker ports. If you are installing a large number of nodes, you can include the settings in the agent installation defaults. Note: When you use the command ovconfchg in the following procedure, add the parameter - ovrg server only when configuring the management server. If you need to configure communication broker ports on multiple systems, you can use wildcards and ranges, as follows: l You use a wildcard at the start of a domain name by adding an asterisk (*). For example: n *.emea.example.com:5000 n *.test.com:5001 n *:5002 l You can use wildcards at the end of an IP address by adding up to three asterisks (*). For example: n 192.168.1.*:5003 n 192.168.*.*:5004 n 10.*.*.*:5005 l You can replace one octet in an IP address with a range. The range must be before any wildcards. For example: n 192.168.1.0-127:5006 n 172.16-31.*.*:5007 If you specify multiple values for the PORTS parameter, separate each with a comma (,). For example: ovconfchg -ns bbc.cb.ports -set PORTS *.emea.example.com:5000,10.*.*.*:5005 When you specify multiple values using wildcards and ranges that overlap, the management server or node selects the port to use in the following order: 1. Fully qualified domain names. 2. Domain names with wildcards. 3. Complete IP addresses. HP Operations Manager (9.00) Page 403 of 1297 Online Help 4. IP addresses with ranges. 5. IP addresses with wildcards. For example, use the following command to configure communication broker ports on all management servers and nodes: ovconfchg -ns bbc.cb.ports -set PORTS *.emea.example.com:6000,10.*.*.*:6001,om1.emea.example.com:6002,10.0- 127.*.*:6003 The following ports are used: Host name: node1.asia.example.com IP address: 10.127.1.1 Communication broker port: 6003 Host name: om1.emea.example.com IP address: 10.1.1.1 Communication broker port: 6002 Host name: node1.example.com IP address: 192.168.1.1 Communication broker port: 383 To find out which port is currently configured, type the following command: bbcutil -getcbport <host> Tip: To organize settings for many communication broker ports, you can add parameters of any name in the bbc.cb.ports namespace. The value of any parameter in the namespace is evaluated. Alternatively, you can specify values on separate lines in a text file. For example: *.emea.example.com:6000 10.*.*.*:6001 om1.emea.example.com:6002 10.0-127.*.*:6003 Save the file in the folder /var/opt/OV/conf/bbc. Use the following command to configure the systemto read the file: ovconfchg -ns bbc.cb.ports -set CB_PORTS_CFG_FILE <file_name> To change the communication broker port on a managed node: 1. On the managed node, type: ovconfchg -ns bbc.cb -set SERVER_PORT <port> Example: ovconfchg -ns bbc.cb -set SERVER_PORT 62999 2. On the management server, type: ovconfchg -ovrg server -ns bbc.cb.ports -set PORTS <managed_ node>:<port> HP Operations Manager (9.00) Page 404 of 1297 Online Help ovconfchg -ns bbc.cb.ports -set PORTS <managed_node>:<port> <managed_node> is the domain name or IP address of the managed node. Example: ovconfchg -ovrg server -ns bbc.cb.ports -set PORTS remote_ agt.emea.example.com:62999 ovconfchg -ns bbc.cb.ports -set PORTS remote_ agt.emea.example.com:62999 3. Restart the HPOMprocesses: n Management server Restart the management server processes for the new settings to take effect: i. vpstat -3 -r stop ii. vpstat -3 -r start n Managed node Restart the agent processes for the new settings to take effect: i. ovc -kill ii. ovc -start To change the communication broker port on the management server node: 1. On the management server, type: ovconfchg [-ovrg server] -ns bbc.cb -set SERVER_PORT <port> Note: In the above command, add the parameter -ovrgserver when configuring a management server in a cluster. Example: ovconfchg -ns bbc.cb -set SERVER_PORT 62999 2. On all managed nodes, type: ovconfchg -ns bbc.cb.ports -set PORTS <server_node>:<port> <server_node> is the domain name or IP address of the management server. Example: ovconfchg -ns bbc.cb.ports -set PORTS server_ agt.emea.example.com:62999 3. Restart the HPOMprocesses: n Management server Restart the management server processes for the new settings to take effect: HP Operations Manager (9.00) Page 405 of 1297 Online Help i. vpstat -3 -r stop ii. vpstat -3 -r start n Managed node Restart the agent processes for the new settings to take effect: i. ovc -kill ii. ovc -start To change the communication broker port on both the management server and all managed nodes: 1. On the management server, type: ovconfchg [-ovrg server] -ns bbc.cb -set SERVER_PORT <port> Note: In the above command, add the parameter -ovrg server when configuring a management server in a cluster. ovconfchg -ovrg server -ns bbc.cb.ports -set PORTS <managed_ node>:<port>[,<managed_node>:<port>] ... <managed_node> is the domain name or IP address of the managed node. Example: ovconfchg -ns bbc.cb -set SERVER_PORT 62999 ovconfchg -ovrg server -ns bbc.cb.ports -set PORTS remote_ agt1.emea.example.com:62999,remote_agt2.emea.example.com:62999 2. On all managed nodes, type: ovconfchg -ns bbc.cb -set SERVER_PORT <port> ovconfchg -ns bbc.cb.ports -set PORTS <server_node>:<port> <server_node> is the domain name or IP address of the management server. Example: ovconfchg -ns bbc.cb -set SERVER_PORT 69222 ovconfchg -ns bbc.cb.ports -set PORTS server_ agt.emea.example.com:62999 3. Restart the HPOMprocesses: n Management server Restart the management server processes for the new settings to take effect: i. vpstat -3 -r stop ii. vpstat -3 -r start n Managed node Restart the agent processes for the new settings to take effect: HP Operations Manager (9.00) Page 406 of 1297 Online Help i. ovc -kill ii. ovc -start Configuring Systems with Multiple IP Addresses If you have systems with multiple network interfaces and IP addresses and if you want to use a dedicated interface for the HTTPS communication, then you can use the parameters CLIENT_ BIND_ADDR and SERVER_BIND_ADDR to specify the IP address that should be used. You can use the ovconfchg and the ovconfpar command-line tools to configure client and server bind addresses. If you are installing a large number of nodes, you can include the proxy settings in the agent installation defaults. Note: When you use the command ovconfchgin the following procedure, add the parameter -ovrg server only when configuring the management server. To set the IP address for all HTTPS clients on a system: To set the IP address for all HTTPS clients on a system, enter: ovconfchg -ns bbc.http -set CLIENT_BIND_ADDR <ip_address> To set the IP address for a specific HTTPS client on a system: To set the IP address for a specific HTTPS client on a system, enter: ovconfchg -ns bbc.http.ext.<appl> -set CLIENT_BIND_ADDR <ip_address> Example: ovconfchg -ns bbc.http.ext.opcmsga -set CLIENT_BIND_ADDR 192.168.1.0 To set the IP address for the communication broker on a system: To set the IP address for the communication broker on a system, enter: ovconfchg -ns bbc.http -set SERVER_BIND_ADDR <ip_address> This command applies to the communication broker (ovbbccb) and all other HTTPS RPC servers visible on the network. Because only the communication broker is normally visible on the network, all other RPC servers are connected through the communication broker and are not affected by SERVER_BIND_ADDR setting. Configuring the Embedded Performance Component The embedded performance component is an HTTP server. If you have a firewall between the embedded performance component and performance graphing and reporting tools, you must open two ports for the communication: HP Operations Manager (9.00) Page 407 of 1297 Online Help Source Destination Protocol Source Port Destination Port Purpose of Rule POLICY EDITOR HTTPS NODE TCP Any a 383 Policy editor to communication broker POLICY EDITOR HTTPS NODE TCP Anya Any b Policy editor to embedded performance component REPORTER HTTPS NODE TCP Anya 383 HP Reporter to communication broker REPORTER HTTPS NODE TCP Anya Anyb HP Reporter to embedded performance component PERFORMANCE MANAGER HTTPS NODE TCP Anya 383 HP Performance Manager to communication broker PERFORMANCE MANAGER HTTPS NODE TCP Anya Anyb HP Performance Manager to embedded performance component Filter Rules for the Embedded Performance Component and HP Performance Agent Software without Proxies Configuring a Fixed Port for the Embedded Performance Component By default, the embedded performance component requires two ports to respond to communication requests: port 383 for the communication broker and a randomport to transfer the performance data. Use the following command to configure a fixed port for this type of communication: ovconfchg -ns coda.comm -set SERVER_PORT <port> ovc -restart coda Configuring a Single Port for the Embedded Performance Component If you do not want to open two ports in your firewall for communication between the embedded performance component and performance graphing and reporting tools, you can configure the embedded performance component to use a single port, that is the communication broker port, for all communication requests. By default, the embedded performance component binds to INADDR_ANY, which means that the communication broker returns the value of the SERVER_PORT parameter to the requesting application so that the application can communicate directly with the embedded performance component. If set to localhost, the communication broker returns its own port to the requesting application so that all communication is directed through the communication broker and therefore the firewall must be opened for one port only: ovconfchg -ns coda.comm -set SERVER_BIND_ADDR localhost a The local port is by default 0 which means that the operating systemallocates the next available port number. You can also configure a specific port number or range of ports, if required. b The destination port is by default 0 which means that the operating systemallocates the next available port number. You can configure a specific port number, if required. HP Operations Manager (9.00) Page 408 of 1297 Online Help ovc -restart coda Configuring Outbound-Only Communication To successfully set up outbound-only communication you must configure all systems that participate in the communication: l Reverse channel proxy (RCP) Any HTTPS agent can be configured as RCP. You only need to specify the port number that all systems will connect to. See "Configuring the Reverse Channel Proxy" (on page 409) for details. l Management server (trusted zone) The management server is located in the trusted zone. Before you can instruct it to use one or more RCPs, you must enable outbound-only communication on the system. See "Configuring the Systemin the Trusted Zone" (on page 411) for details. l Managed nodes (less-trusted zone) The managed nodes are located in the less-trusted zone. They must be configured to use one or more RCPs for all connections to the management server. See "Configuring Systems in the Less-Trusted Zone" (on page 413) for details. Configuring a Firewall for Outbound-Only Communication The firewall must be configured to allow the systemin the trusted zone access to the Reverse Channel Proxy (RCP) port listed in the following table. Source Destination Protocol Source Port Destination Port Purpose of Rule Systemin trusted zone Reverse channel proxy HTTPS Any a 9090 b Systemin the trusted zone (usually the management server) to a reverse channel proxy. Filter Rules for Outbound-Only Communication (Through One Firewall) Configuring the Reverse Channel Proxy Note: Before you can configure a systemas a reverse channel proxy (RCP), you must install the HTTPS agent software and add the node to the console. You can deploy the HTTPS agent software automatically fromthe console, or install it manually. You must also configure the node's certificates. 1. Set the port of the RCP that systems on the trusted and on the less-trusted side of the firewall will connect to. Type the following command: ovconfchg -ns bbc.rcp -set SERVER_PORT <port_number> a The local port is by default 0 which means that the operating systemallocates the next available port number. You can also configure a specific port number or range of ports, if required. b 9090 is the default port of a RCP. You can change the default port. HP Operations Manager (9.00) Page 409 of 1297 Online Help For example: ovconfchg -ns bbc.rcp -set SERVER_PORT 62998 The default port number for the RCP is 9090. 2. Register the RCP component so that ovc starts, stops, and monitors it. Type the following command: ovcreg -add <install_dir>/newconfig/DataDir/conf/bbc/ovbbcrcp.xml 3. Start the RCP process. Type the following command: ovc -start ovbbcrcp 4. Check the status of the ovbbcrcpprocess. Type the following command: ovbbcrcp -status The output must include a line with bbc.rcp and the port number on which the RCP is listening. Tip: Once the systemin the trusted zone has been configured for outbound-only communication, the output of ovbbcrcp -status will also list the reverse administration channel connection fromthat system. On computers with a UNIX or Linux operating system, the RCP runs in chroot context with /var/opt/OV/ as its root directory. Therefore, the RCP may not be able to resolve management server hostnames, because it cannot access the /etc directory, which contains the configuration files for name services. The following workarounds for this restriction are available: l Copy the name server configuration files This workaround is more secure, but also requires more maintenance (the hosts file must be updated regularly). a. Create the following directory: /var/opt/OV/etc (The directory /var/opt/OV/etc is viewed as /etc by the RCP.) b. Copy the configuration files for the name services to this new directory (for example /etc/resolv.conf, /etc/hosts, /etc/nsswitch.conf). l Disable the chroot feature This workaround is less secure, because when the chroot feature is disabled, the RCP can access all files and directories on the host system. However, using RCP running on a UNIX or Linux systemunder a non-root user account further enhances security. In this case, you must use this workaround. Otherwise, each time you start up the RCP, an error message will be logged to the System.txt log file. a. You must stop the RCP using the following command: ovc -stop ovbbcrcp b. Disable the ovbbcrcp chroot feature using the following command: HP Operations Manager (9.00) Page 410 of 1297 Online Help ovconfchg -ns bbc.rcp -set CHROOT_PATH / c. Start the RCP using the following command: ovc -start ovbbcrcp Configuring the System in the Trusted Zone The systemin the trusted zone is usually the management server system. To enable inbound communication fromclients, the communication broker on the systemmust be configured to use an RCP: Note: When you use the command ovconfchg in the following procedure, add the parameter - ovrg server only when configuring the management server. 1. Enable outbound-only communication. By default, this is disabled. To change this, type the following command: ovconfchg -ns bbc.cb -set ENABLE_REVERSE_ADMIN_CHANNELS true 2. Specify the reverse channel proxies (RCPs) that the systemin the trusted zone must establish a connection with. You must specify RCPs in the following format: <host>:<port>[,<OvCoreID>] If you specify the optional OvCoreID, the systemchecks that the host has that OvCoreID. You can specify the RCPs in a file or at the command prompt. For easier maintenance, it is recommended to specify themin a file. n File To specify the RCPs in a file: i. Create a text file that specifies each RCP on a separate line. ii. Save the file in the folder <data_dir>\conf\bbc. iii. Type the following command: ovconfchg -ovrg server -ns bbc.cb -set RC_CHANNELS_CFG_FILES <file_name> If you later change the contents of the file, use ovconfchg without parameters. The systemre-reads the file only after you use ovconfchg. n Command prompt To specify the RCPs at the command prompt, type the following command: ovconfchg -ovrg server -ns bbc.cb -set RC_CHANNELS <rcp>[;<rcp>] Separate each RCP with a semicolon (;). 3. Optional. Set the number of seconds that the management server should wait before it retries unsuccessful connection attempts. By default, this is set to 60 seconds. To change the default, type the following command: ovconfchg -ovrg server -ns bbc.cb -set RETRY_INTERVAL <number_of_ seconds> 4. Optional. Set the maximumnumber of attempts that the management server should make to HP Operations Manager (9.00) Page 411 of 1297 Online Help connect to an RCP. By default, this is set to -1 (infinite). To change the default, type the following command: ovconfchg -ovrg server -ns bbc.cb -set MAX_RECONNECT_TRIES <number_ of_tries> 5. Optional. Configure the number of minimumand maximumnumber of worker threads for connections to RCPs. The communication broker uses different threads to enhance the performance of connections to RCPs. By default, the maximumnumber of worker threads is set to 1 and and the minimumnumber of worker threads is set to zero. You can set higher values for enhanced and faster reverse channel communication by typing the following commands: ovconfchg -ovrg server -ns bbc.cb -set RC_MAX_WORKER_THREADS <number> ovconfchg -ovrg server -ns bbc.cb -set RC_MIN_WORKER_THREADS <number> If you are using an HPOMfor UNIX server pool, set the values in namespace of the pooling resource group (in this example: ov_pooling_rg): ovconfchg -ovrg ov_pooling_rg -ns bbc.cb -set RC_MAX_WORKER_THREADS 5 ovconfchg -ovrg ov_pooling_rg -ns bbc.cb -set RC_MIN_WORKER_THREADS 0 6. Optional. Configure the management server to generate a warning message about failed RCP connections. By default, the management server does not generate this message. To change the default, type the following command: ovconfchg -ovrg server -ns bbc.cb -set GENERATE_OVEVENT_FOR_FAILED_ RC_NODES TRUE 7. Check that a reverse administration channel has been established to the RCP. Type the following command: ovbbccb -status 8. One section of the output contains timestamp and status information for each RCP, similar to the following: HP OpenView HTTP Communication Reverse Channel Connections Opened from <management server name>: <rcp>:<port> For more details, type the following command: ovbbccb -verbose -status 9. Test the connection fromthe systemin the trusted zone to the systems in the less-trusted zone: a. Test the connection fromthe management server to the RCP. Type the following command: bbcutil -gettarget <RCP> HP Operations Manager (9.00) Page 412 of 1297 Online Help The output should indicate that all communication is routed directly to the RCP at <RCP>:383. 383 is the default port of the communication broker on the RCP system. If a different port has been configured for the communication broker, the management server must be configured to connect to that port. b. Ping the RCP. Type the following command: bbcutil -ping <RCP> The output should include the statement status=eServiceOK and the OvCoreId of the RCP. Verify that this OvCoreId is correct. c. Check that the agent processes on the RCP are running. On the management server, type the following command: opcragt <RCP> The output should not include any statements about message buffering. d. You can attempt to restore any failed reverse channel connections for a specified resource group. ovbbccb -retryfailedrcp [-ovrg <resource_group>] If you do not specify a resource group name, the command tries to restore all failed reverse channel connections for the default resource group. Configuring Systems in the Less-Trusted Zone The systems in the less-trusted zone are usually the managed nodes or other management servers. These systems must be configured to contact the RCP instead of directly contacting the management server. You can specify different RCPs to use depending on the management server that the systemwants to connect to. 1. Specify the RCP that the systems in the less-trusted zone should use. Type the following command: ovconfchg -ns bbc.http -set PROXY <rcp>[;<rcp>] Separate each RCP with a semicolon (;). Specify each <rcp> in the following format: <rcp_hostname>:<rcp_port>+(<included_hosts>)-(<excluded_hosts>) Replace <included_hosts> with a comma-separated list of hostnames or IP addresses that the systemshould use the RCP to connect to. Replace <excluded_hosts> with a comma-separated list of hostnames or IP addresses that systemshould not use the RCP to connect to. Asterisks (*) are wild cards in hostnames and IP addresses. Note: <excluded_hosts> must always contain the RCP hostname and localhost. 2. Optional. Specify the OvCoreId of the systemin the trusted zone (usually the management server) that the RCP should connect the systems in the less-trusted zone to. This is useful if the RCP cannot resolve the hostnames of management servers, because of firewalls, for example. You can either specify the management server's OvCoreID directly, or specify a command that returns the OvCoreID. HP Operations Manager (9.00) Page 413 of 1297 Online Help n To specify the management servers OvCoreID directly, type the following command: ovconfchg -ns bbc.http -set TARGET_FOR_RC <management_server_ OvCoreID> n To specify a command that returns the management server's OvCoreID, type the following command: ovconfchg -ns bbc.http -set TARGET_FOR_RC_CMD <command> 3. Restart the message agent process. Type the following command: ovc -restart opcmsga 4. Test the connection fromthe systemin the less-trusted zone to the systemin the trusted zone: a. Test the connection fromthe systemto the management server. Type the following command: bbcutil -gettarget <management_server> The output should indicate that all communication is redirected using the RCP. b. Ping the management server. Type the following command: bbcutil -ping <management_server> The output should include the statement status=eServiceOK and the OvCoreId of the management server. Verify that this OvCoreId is correct. c. Send a message fromthe systemto the management server. Type the following command: opcmsg application=test_appl object=test_obj msg_text=test_msg Verify that the message arrives in the console. d. Check that the systemis not buffering messages. Type the following command: opcagt The output should not include any statements about buffering. If agent does buffer messages, wait for two minutes, then run the command again. If the agent is still buffering messages, check that the management server processes are running. Configuring Outbound-Only Communication Through Two Firewalls To configure outbound-only communication through two firewalls, the systemin the trusted zone and the systems in the less-trusted zone must each establish a reverse administration channel to the RCP. This means that all systems in the trusted zone and the systems in the less-trusted zone must be configured as follows: Note: When you use the command ovconfchg in the following procedure, add the parameter - ovrg server only when configuring the management server. 1. Configure the RCP as described in "Configuring the Reverse Channel Proxy" (on page 409). 2. On all systems in the trusted and the less-trusted zone, enable outbound-only communication. By default, this is disabled. To change this, type the following command: HP Operations Manager (9.00) Page 414 of 1297 Online Help ovconfchg -ns bbc.cb -set ENABLE_REVERSE_ADMIN_CHANNELS true 3. On all systems in the trusted and the less-trusted zone, specify the reverse channel proxies (RCPs) that the systems must establish a connection with. You must specify RCPs in the following format: <host>:<port>[,<OvCoreID>] If you specify the optional OvCoreID, the systemchecks that the host has that OvCoreID. You can specify the RCPs in a file or at the command prompt. For easier maintenance, it is recommended to specify themin a file. n File To specify the RCPs in a file: i. Create a text file that specifies each RCP on a separate line. ii. Save the file in the folder <data_dir>\conf\bbc. iii. Type the following command: ovconfchg -ovrg server -ns bbc.cb -set RC_CHANNELS_CFG_FILES <file_name> If you later change the contents of the file, use ovconfchgwithout parameters. The systemre-reads the file only after you use ovconfchg. n Command prompt To specify the RCPs at the command prompt, type the following command: ovconfchg -ovrg server -ns bbc.cb -set RC_CHANNELS <rcp>[;<rcp>] Separate each RCP with a semicolon (;). 4. On all systems in the trusted and the less-trusted zone, specify the RCP that the system should use. Type the following command: ovconfchg -ns bbc.http -set PROXY <rcp>[;<rcp>] Separate each RCP with a semicolon (;). Specify each <rcp> in the following format: <rcp_hostname>:<rcp_port>+(<included_hosts>)-(<excluded_hosts>) Replace <included_hosts> with a comma-separated list of hostnames or IP addresses that the systemshould use the RCP to connect to. Replace <excluded_hosts> with a comma-separated list of hostnames or IP addresses that systemshould not use the RCP to connect to. Asterisks (*) are wild cards in hostnames and IP addresses. Note: <excluded_hosts> must always contain the RCP hostname and localhost. Configuring HPOM for Network Address Translation In NAT environments, one or both communication partners do not know the real network address of their partners. NAT translates all addresses in the network headers. Addresses in the payload of a packet are not translated. You may experience the following problems when using HPOMin a NAT environment: HP Operations Manager (9.00) Page 415 of 1297 Online Help l FTP FTP in active mode might not work. l DHCP DHCP might not work. l FQDN The FQDN might be translated. l SSH If SSH works through the firewall, agent installation using the console is possible. However, you must manually map the certificate request to the node and grant the request. Configuring HPOM for Port Forwarding HPOMcomponents can communicate in port forwarding environments if you configure themto establish connections to the correct port on the NAT device. In the following figure, the management server sends communication requests to port Pfw of the firewall. The firewall then redirects all traffic to the proxy server port (Ppx). Type the following command on the management server to send all communication requests from the management server to a proxy server by way of a firewall with port forwarding enabled: ovconfchg -ovrg server -ns bbc.http -set PROXY <firewall_ip_ address>:<firewall_port>+(<included_hosts>)-(<excluded_hosts>) For example: ovconfchg -ovrg server -ns bbc.http -set PROXY 10.136.120.254:Pfw +(*.ext.mycom.com) An example of NAT with port forwarding is shown in the following figure. Port Address Translation (PAT) HP Operations Manager (9.00) Page 416 of 1297 Online Help Configuring DCE Agents This section includes the following topics: l "Configuring Windows DCE Agents" (on page 417) l "Configuring Systems with Windows Firewall Enabled" (on page 427) l "Configuring UNIX DCE Agents" (on page 430) l "Configuring HPOMfor Network Address Translation" (on page 432) l "Configuring HPOMfor Port Address Translation" (on page 434) Configuring Windows DCE Agents The following scenarios describe the basic communication model between agents on Windows systems and the management server or console. HP Operations Manager (9.00) Page 417 of 1297 Online Help X and Y are used in the scenarios below, because the RPC client chooses any available source port. Because the RPC implementation of Windows is only compatible with DCE but does not implement the full DCE functionality, it is not possible to restrict outgoing communication to a specific port range. l Tool launch and policy and instrumentation deployment The management server launches a tool or deploys a policy on a Windows node: a. The management server asks the endpoint mapper for the port of the RPC server of the agent. The source port on the management server is X (Any), the target port on the agent is 135, which is the default port of the endpoint mapper. b. The endpoint mapper responds to the management server with the port number of the RPC server on the Windows node (62001). The source port on the Windows node is 135, and the target port on the management server is X (Any). c. The management server contacts the Windows node at port 62001 to launch a tool or deploy a policy or instrumentation. The source port on the management server is Y (Any) d. The RPC server responds to the management server. The source port on the Windows node is 62001, and the target port on the management server is Y (Any). l Send a message The message agent sends a message or action response to the management server: a. The message agent asks the endpoint mapper for the port of the RPC server of the management server. The source port of the message agent is X (Any), the target port on the management server is 135, which is the default port of the endpoint mapper. b. The endpoint mapper responds to the message agent with the port number of the RPC server on the management server (62201). The source port on the management server is 135, and the target port on the Windows node is X (Any). c. The message agent contacts the management server at port 62201 and sends a message or action response. The source port on the Windows node is Y (Any). d. The RPC server responds to the Windows node. The source port on the management server is 62201, and the target port on the Windows node is Y (Any). l Service discovery The service discovery agent transfers new discovered services data to the management server: The service discovery agent contacts the service discovery server on the management server. The source port of the service discovery agent is any available port. The target port on the management server is 6602, which is the default port of the service discovery server. Firewall Rules for Windows Managed Nodes The following table lists the firewall rules that must be set up to allow DCE-based communication between the management server and Windows nodes. HP Operations Manager (9.00) Page 418 of 1297 Online Help Rule Number Source Destination Protocol Source Port Destination Port Purpose of Rule 1 WIN NODE MGMT SRV TCP any 135 Message agent to endpoint mapper 2 WIN NODE MGMT SRV TCP any 12001 Message agent to message and action server 3 MGMT SRV WIN NODE TCP any 135 Message and action server to endpoint mapper 4 MGMT SRV WIN NODE TCP any 12003 Message and action server to control agent 5 MGMT SRV WIN NODE ICMP echo request n/a n/a Only needed if agent health monitoring by way of ICMP is enabled, see "Configuring DCE Agents" (on page 417). 6 WIN NODE MGMT SRV ICMP echo request n/a n/a Only needed if agent health monitoring by way of ICMP is enabled, see "Configuring DCE Agents" (on page 417). 7 WIN NODE MGMT SRV ICMP echo request n/a n/a Only needed if agent health monitoring by way of ICMP is enabled, see "Configuring DCE Agents" (on page 417). 8 MGMT SRV WIN NODE ICMP echo request n/a n/a Only needed if agent health monitoring by way of ICMP is Firewall Rules for Windows Nodes HP Operations Manager (9.00) Page 419 of 1297 Online Help Rule Number Source Destination Protocol Source Port Destination Port Purpose of Rule enabled, see "Configuring DCE Agents" (on page 417). For additional firewall rules needed for HTTP communication, see "Configuring HTTP Servers and Clients" (on page 421). Configuring the Management Server RPC Server To configure the DCE RPC server port on the HPOMmanagement server: 1. In the console tree on the management server, right-click Operations Manager, and then click Configure Server. The Server Configuration dialog box opens. 2. Click Namespaces, and then click Message Action Server General. A list of values appears. 3. Set the value of DCE RPC server port to the port number you want to use, for example 62201. 4. Restart the RPC server on the management server by restarting the OvEpMessageActionServer service. Configuring the Agent RPC Server To configure the control agent port range on the managed node (agent), the following nodeinfo parameter has to be set on each managed node: OPC_COMM_PORT_RANGE 12003 After changing the parameter, the HPOMagent processes have to be restarted to make the change effective: ovc -kill ovc -start Checking RPC Communication Settings To check the RPC server port usage, use the opcrpccp utility: %OvInstallDir%\Installed Packages\{790C06B4-844E-11D2-972B- 080009EF8C2A}\contrib\OpC\opcrpccp.exe The following example lists all RPC servers on the local system: opcrpccp show mapping A list having many entries similar to the following will be printed: <object> nil <interface id> 6d63f833-c0a0-0000-020f-887818000000,7.0 HP Operations Manager (9.00) Page 420 of 1297 Online Help <string binding> ncadg_ip_udp:15.136.123.62[62201] <annotation> OvEpRpcDataRcvr l Management server On the HPOMmanagement server, all entries with the annotation OvEpRpcDataRcvr should be registered using the configured port. l Managed node On the HPOMmanaged node, all entries with the annotation Control Agent should be registered using the configured port. Note: You can also use the opcrpccp utility to list the configuration of a remote systemby using the string binding and IP address as options: opcrpccp show mapping ncacn_ip_tcp:15.136.126.183. Configuring HTTP Servers and Clients Various components of different HPSoftware products use a HTTP-based communication mechanism. There are different ways to configure the HTTP communication in a firewall environment. The standard, recommended way is to use HTTP proxies when communicating through a firewall. This simplifies the configuration by using proxies, which are often in use anyhow. The firewall has to be open for exactly one port if proxies can be used in both directions. The following sections explain common management scenarios and the different nodeinfo parameters that are necessary. l "HTTP Communication with Two Proxies" (on page 421) l "HTTP Communication with One Proxy" (on page 422) l "HTTP Communication without Proxies" (on page 423) HTTP Communication with Two Proxies The two proxies have to be configured in such a way that all traffic is routed fromproxy to proxy. If this is the case, then there is no need to configure HTTP server or client ports. It is only necessary to tell the clients which proxy they should use, using the PROXY parameter: HTTP Communication with Two Proxies HP Operations Manager (9.00) Page 421 of 1297 Online Help l Settings on server and remote consoles ovconfchg [-ovrg server] -ns bbc.http -set PROXY <proxy> For example, type the following command: ovconfchg -ovrg server -ns bbc.http -set PROXY proxy1:8088- (localhost,*.intranet.com)+(*) l Settings on managed nodes PROXY <proxy> For example, add the following to the nodeinfo file: PROXY proxy2:8088-(localhost,*.intranet.com)+(8) With this setup the following firewall filter rules are necessary: Rule Number Source Destination Protocol Source Port Destination Port Purpose of Rule 1 Proxy 1 Proxy 2 TCP/HTTP Defined by Proxy 1 Defined by Proxy 2 Proxy-to-proxy communication 2 Proxy 1 Proxy 2 TCP/HTTP Defined by Proxy 2 Defined by Proxy 1 Proxy-to-proxy communication Firewall Rules for HTTP Communication with Two Proxies HTTP Communication with One Proxy In most cases, customers do not have proxies on both sides. The following picture shows a more common scenario with one proxy. HTTP Communication with One Proxy This scenario requires that you configure the HTTP server and client ports on the managed nodes. l Settings on server and remote consoles ovconfchg [-ovrg server] -ns bbc.http -set PROXY <proxy> HP Operations Manager (9.00) Page 422 of 1297 Online Help For example, type the following command: ovconfchg -ovrg server -ns bbc.http -set PROXY proxy1:8088- (localhost,*.intranet.com)+(*) l Settings on managed nodes PROXY <proxy> SERVER_PORT(com.hp.openview.Coda) <port> CLIENT_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) <port> For example, add the following to the nodeinfofile: PROXY proxy1:8088-(localhost,*.intranet.com)+(8) SERVER_PORT(com.hp.openview.Coda) 62010 CLIENT_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 62014 With this the following firewall filter rules are necessary: Rule Number Source Destination Protocol Source Port Destination Port Purpose of Rule O1 NODE Proxy 1 TCP/HTTP 62014 Defined by Proxy Discovery agent to Proxy Firewall Rules for HTTP Communication with One Proxy HTTP Communication without Proxies If proxies are not available at all, then additional ports have to be opened and additional configuration settings are required. HTTP Communication without Proxies HP Operations Manager (9.00) Page 423 of 1297 Online Help In this scenario you have to configure all HTTP server and client ports on the management server, the console, the managed nodes and on all other systems that use the HTTP communication. l Settings on the server a. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. b. Click Namespaces, and then click DiscoveryServer. c. Select the Expert mode check box. A full list of values appears. d. Set the value of Server BBC port used by DCE agent to the port that you want the discovery server to listen on (for example, 62723). e. Click OK. f. Open a command prompt, and then type the following command to restart the discovery server: vpstat -3 "OvAutoDiscovery Server" -r l Settings on server and remote consoles ovconfchg [-ovrg server] -ns bbc.http.ext.OvPmdPolicyEditorFrame - set CLIENT_PORT <port> For example, type the following command: ovconfchg [-ovrg server] -ns bbc.http.ext.OvPmdPolicyEditorFrame - set CLIENT_PORT 62721-62722 l Settings on managed nodes SERVER_PORT(com.hp.openview.Coda) <port> SERVER_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) <port> CLIENT_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) <port> For example, add the following to the nodeinfo file: SERVER_PORT(com.hp.openview.Coda) 62010 SERVER_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 62723 CLIENT_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 62104 Rule Number Source Destination Protocol Source Port Destination Port Purpose of Rule H1 NODE MGMT SRV TCP/HTTP 62014 62723 Discovery agent to service discovery server H2 CONSOLE NODE TCP/HTTP 62721- 62722 383 Policy editor to communication Firewall Rules for HTTP Communication without Proxies HP Operations Manager (9.00) Page 424 of 1297 Online Help Rule Number Source Destination Protocol Source Port Destination Port Purpose of Rule broker H3 CONSOLE NODE TCP/HTTP 62721- 62722 62010 Policy editor to embedded performance component Configuring HTTP Servers The ports used by the HTTP servers can be set using the Server Configuration dialog box and the parameter SERVER_PORT. l Service discovery server To configure a port different fromthe default port 6602 of the service discovery server on the management server, use: a. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. b. Click Namespaces, and then click Discovery Server. c. Select the Expert mode check box. A full list of values appears. d. Set the value of Server BBC port used by DCE agent to the port that you want the discovery server to listen on (for example, 62723). e. Click OK. f. Open a command prompt, and then type the following command to restart the discovery server: vpstat -3 "OvAutoDiscovery Server" -r l Embedded performance component To configure a port different fromthe default port 381 of the embedded performance component (coda) on a node, use: SERVER_PORT(com.hp.openview.Coda) <port> For example, add the following to the nodeinfo file: SERVER_PORT(com.hp.openview.Coda) 62010 Changing the Default Port of the Local Location Broker To set the local location broker SERVER_PORT parameter, use the following nodeinfo parameter on a node: SERVER_PORT(com.hp.openview.bbc.LLBServer) <port_number> Where <port_number> is the number of the port you want to use. HP Operations Manager (9.00) Page 425 of 1297 Online Help Configuring HTTP Clients with HTTP Proxies If proxies are available, then components communicating through a firewall can make use of that proxy. For this, they have to know the proxy systemand the destinations for which they have to use that proxy. This can be configured using a nodeinfo parameter. Each systemshould have a PROXY entry like PROXY <proxy> For syntax details and additional examples, see the HPOMonline help or "PROXY" (on page 458). Configuring HTTP Clients without HTTP Proxies If proxies cannot be used, then each component has to be configured separately. Furthermore, there are some restrictions that require opening a range of client ports. The ports used by the HTTP clients can be set using the parameter CLIENT_PORT. A client port can only be used for the communication with a server on one remote system. If multiple systems are connected in parallel, for example if multiple measurement threshold policy editors get metrics fromvarious systems, then multiple client ports are necessary, at least one per system. Additionally, on Windows, ports will stay in a TIME_WAIT state for five minutes, even if they have been closed. They will be unusable during this time (see also "TCP Time Wait Delay" (on page 470)). Therefore you should specify a port range of about 50 ports (our example uses the port range 62203- 62250). This should be enough for normal operations. If you do not want to open the firewall for the corresponding source ports, then think about installing an HTTP proxy before the firewall. An HTTP proxy will make the setting of CLIENT_PORT unnecessary and requires just one open source port per outgoing connection. (See "HTTP Communication with Two Proxies" (on page 421).) To configure ports for components: l Measurement threshold policy editor To configure the ports of the measurement threshold policy editor, use: ovconfchg [-ovrg server] -ns bbc.http.ext.OvPmdPolicyEditorFrame - set CLIENT_PORT <port> For example, type the following command: ovconfchg [-ovrg server] -ns bbc.http.ext.OvPmdPolicyEditorFrame - set CLIENT_PORT 62721-62722 The firewall has to allow communication fromthe management server fromthat port range to the HTTP server ports. l Service discovery component The HTTP client used for service discovery however, can be configured using a single port. To configure the port of the service discovery agent HTTP client on a node, use: HP Operations Manager (9.00) Page 426 of 1297 Online Help CLIENT_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) <port> For example, add the following to the nodeinfo file: CLIENT_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 62014 Systems with Multiple IP Addresses If your have systems with multiple network interfaces and IP addresses and if you want to use a dedicated interface for the HPSoftware communication, then you can use the nodeinfo parameters CLIENT_BIND_ADDR and SERVER_BIND_ADDR to specify the IP address that should be used. For details see the online help or "CLIENT_BIND_ADDR(app_name)" (on page 458) and "SERVER_BIND_ADDR(app_name)" (on page 459). Configuring Systems with Windows Firewall Enabled Configuring the Management Server with Windows Firewall Enabled If you are using the built-in Windows Firewall, then you can use the following steps to configure the management server for agent communication. 1. Select Network Connections fromthe Control Panel. 2. Right-click on Local Area Connections and select Properties. 3. Select the Advanced tab and click on Settings. 4. Select the Exceptions tab on the Windows Firewall dialog. 5. Use the Add Portbutton to add TCP port 135 and UDP port 135 to the exceptions list (as name use TCP 135 and UDP 135 or similar). 6. Add the following programs to the firewall exception list (in addition to the ones listed above) \Program Files\HP OpenView\bin\OvEpMsgActSrv.exe \Program Files\HP OpenView\bin\OvAutoDiscoveryServer.exe 7. Launch regedit and create the following string key: HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\MsgActSrv "COMM_PORT_RANGE"="62201" More details on the agent side can be found in "Package Deployment to Systems with Windows Firewall Enabled" (on page 427) and "Running the Agent on Systems with Windows Firewall Enabled" (on page 429). See also Configuring Remote Consoles on page67 for the necessary adoptions if you are using remote consoles. Package Deployment to Systems with Windows Firewall Enabled Installing the agent on systems with Windows Firewall enabled requires that some Windows protocols are allowed and that the server can communicate with the HPOMsmart broker. To allow remote deployment, configure the following on the Windows Firewall system: HP Operations Manager (9.00) Page 427 of 1297 Online Help 1. Create dummy files necessary for firewall configuration. As the Windows Firewall does not allow setting up rules for applications that do not yet exist, you have to create dummy application files before configuring the Windows firewall. Create the following files on your Windows Firewall system: %OvInstallDir%\Installed Packages\{20a61d02-cfbf-11d2-8615- 080009d961f6}\NgSB.exe %OvInstallDir%\Installed Packages\Temp\NgSB.exe You can create a dummy file using echo abc >NgSB.exe If %OvInstallDir% is not already set by other HP BTOSoftware applications (check with echo %OvInstallDir%, then use %Program Files%\HP OpenView as Installdir (typically C:\Program Files\HP OpenView). 2. Configure DCOM launch and access permissions. To allow DCOMaccess fromremote clients, configure the following on the node: a. Click on Start, click on Run, type in dcomcnfg. b. Go to Component Services -> Computers -> My Computer. c. Right-click on My Computer and select Properties. d. Select the Default Properties tab. e. Enable Enable Distributed COM on this computer. The same can be achieved by setting the following registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]"EnableDCOM"="Y" (Value Type: String/REG_SZ) 3. Configure firewall for package deployment Note: Windows Firewall offers several configuration options: it is possible to configure Windows Firewall by way of Network Connections, the Control Panel, the command line utility Netsh and by way of Global policy objects (The Windows Firewall settings are contained in the GPOcontainer: Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall). The following describes the configuration by way of Network connections only. On non-English systems you might have to use other service names. Change the default firewall settings as follows: a. Select NetworkConnections fromthe Control Panel. b. Right-click on Local Area Connections and select Properties. c. Select the Advanced tab and click on Settings. d. Select the Exceptions tab on the Windows Firewall dialog box. e. Under Programs and Services, enable File and Printer Sharing (all four ports should be enabled). To make this exception more secure, select File and Printer Sharing, click on Edit, then click on Change Scopeand select My network (subnet) only (if your management HP Operations Manager (9.00) Page 428 of 1297 Online Help server is in the same subnet). If you specify the management servers address in the Custom list, the ports that are opened up will not be accessible fromother systems. Do this for all four ports. f. Use the Add Portbutton to add TCP port 135 and UDP port 135 to the exceptions list. g. Use the Add Programbutton to add the programs you created above to the exceptions list: ..\Installed Packages\{20a61d02-cfbf-11d2-8615- 080009d961f6}\NgSB.exe ..\Installed Packages\Temp\NgSB.exe After this step you can delete the dummy files, if you want. Otherwise they will be overwritten by the package deployment. After the deployment, you can disable the corresponding settings/rules, but you have to enable themagain in case you want to deploy additional or new packages. Running the Agent on Systems with Windows Firewall Enabled With the introduction of the Windows firewall (WF), in Windows XP SP2 and Windows 2003 SP1, Microsoft changed the RPC server security in such a way that anonymous RPC calls are not allowed per default, with the result that the existing management server cannot communicate with the agent anymore. This problemis solved with agent version 7.26 (patch OVOW_00057) and higher. This new agent registers the RPC interfaces so that anonymous RPC calls to those interfaces will be possible again. Automatic Windows Firewall Configuration During the installation, the new agent will automatically register the correct HPOMapplications as exceptions if the Windows Firewall is installed and if the Windows Firewall service is running (the Windows Firewall is enabled, or turned off but not disabled.) If the installation of the new agent successfully configured the Windows Firewall, you will see the following applications in the exception list of the Windows Firewall: l HP Software Communication Broker (referring to %OvAgentDir%\bin\llbserver.exe) l HP Software Performance Collector (referring to %OvAgentDir%\bin\coda.exe) l HP Software Service Discovery (referring to %OvAgentDir%\bin\OvSvcDiscAgt.exe) l HP Software Control Agent RPC Server (referring to %OvAgentDir%\bin\OpC\opcctla.exe) You will also notice that the port 135 for the DCE RPC endpoint mapper was opened in the Windows Firewall configuration for TCP and UDP communication. Manual Windows Firewall Configuration If the automatic Windows Firewall configuration was not done, you can do it manually. This will be necessary if the Windows Firewall was installed after the agent installation or if the Windows Firewall service was not running during the agent installation. Follow these steps to do a manual Windows Firewall configuration: HP Operations Manager (9.00) Page 429 of 1297 Online Help 1. Select Network Connections fromthe Control Panel. 2. Right-click on Local Area Connections and select Properties. 3. Select the Advanced tab and click on Settings. 4. Select the Exceptions tab on the Windows Firewall dialog box. 5. Use the Add Portbutton to add TCP port 135 and UDP port 135 to the exceptions list (as name use TCP 135 and UDP 135 or similar). 6. Use the Add Programbutton to add the following programs to the exceptions list: %OvAgentDir%\bin\llbserver.exe %OvAgentDir%\bin\coda.exe %OvAgentDir%\bin\OvSvcDiscAgt.exe %OvAgentDir%\bin\OpC\opcctla.exe You must replace %OvAgentDir% with the path to your agent installation which by default is C:\Program Files\HP OpenView\Installed Packages\{790C06B4-844E- 11D2-972B-080009EF8C2A}. To make the application exceptions in the Windows Firewall more secure, click Edit and Change Scopeand select My network (subnet) only (if your management server is in the same subnet). If you specify the management servers address in the Custom list, the ports that are opened up will not be accessible fromother systems. Note: For Windows XP SP2 only: If the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients exists, then it must be set to RPC_RESTRICT_REMOTE_ CLIENT_NONE (0) or RPC_RESTRICT_REMOTE_CLIENT_DEFAULT (1), which is the default value. It must not be set to RPC_RESTRICT_REMOTE_CLIENT_HIGH (2), because this will disable all anonymous RPC calls and with that the server-to-agent communication will no longer work. Troubleshooting In case of problems after the reconfiguration of the firewall, look at the firewall log file (see the Advanced tab, Security logging). Check also sections Configuring the Management Server with Windows Firewall Enabled on page 85 and Configuring Remote Consoles on page67, for the necessary adoptions if the Windows Firewall is enabled on the management server or the remote console. Configuring UNIX DCE Agents For UNIX DCE nodes, it is possible to restrict the port range of outgoing RPC calls, too. Therefore, the firewall settings can be more restrictive in Unix environments. The following figures show the difference. l Send a message from a UNIX agent The message agent sends a message or action response to the management server: HP Operations Manager (9.00) Page 430 of 1297 Online Help a. The message agent asks the endpoint mapper for the port of the RPC server of the management server. The source port range of the message agent is 62004-62006, the target port on the management server is 135, which is the default port of the endpoint mapper. b. The endpoint mapper responds to the message agent with the port number of the RPC server on the management server (62201). The source port on the management server is 135, and the target port on the Windows node is 62004-62006. c. The message agent contacts the management server at port 62201 and sends a message or action response. The source port on the Windows node is 62004-62006. d. The RPC server responds to the Windows node. The source port on the management server is 62201, and the target port on the Windows node is 62004-62006. l Send a message from a Windows agent The message agent sends a message or action response to the management server: a. The message agent asks the endpoint mapper for the port of the RPC server of the management server. The source port of the message agent is X (Any), the target port on the management server is 135, which is the default port of the endpoint mapper. b. The endpoint mapper responds to the message agent with the port number of the RPC server on the management server (62201). The source port on the management server is 135, and the target port on the Windows node is X (Any). c. The message agent contacts the management server at port 62201 and sends a message or action response. The source port on the Windows node is Y (Any). d. The RPC server responds to the Windows node. The source port on the management server is 62201, and the target port on the Windows node is Y (Any). Therefore rules 1 and 2 can be more restrictive for UNIX nodes: Rule Number Source Destination Protocol Source Port Destination Port Purpose of Rule 1 DCE NODE MGMT SRV TCP 62004-62006 135 Message agent to endpoint mapper 2 DCE NODE MGMT SRV TCP 62004-62006 62201 Message agent to message and action server 3 In addition, the same firewall rules as for Windows nodes apply, see Configuring HTTP Servers and Clients on page76. Firewall Rules for UNIX DCE Nodes Configuring the Port Range for the UNIX Operations Agent Port Range To configure the agent port range on the managed node, the following opcinfo variables have to be used: HP Operations Manager (9.00) Page 431 of 1297 Online Help OPC_NO_CFG_RQST_AT_STARTUP TRUE 1 OPC_RESTRICT_TO_PROCS opcctla OPC_COMM_PORT_RANGE 62001 OPC_RESTRICT_TO_PROCS opcmsga OPC_COMM_PORT_RANGE 62004-62006 Make sure that there are no more lines after the last line shown here in the opcinfo file because they would not be valid for all the processes but only for the last process named with the OPC_ RESTRICT_TO_PROCS line. Restart the agent processes: opcagt -kill opcagt -start Communication Type DCE/TCP Since DCE/TCP allows restricting port ranges of RPC clients, it is recommended to use TCP as communication type for HPOMfor UNIX agents. The communication type can be configured using the OPC_COMM_TYPE nodeinfo variable. This must be set on each managed node: OPC_COMM_TYPE RPC_DCE_TCP Communication Type DCE/UDP DCE/UDP cannot be completely restricted to a port range. Since all platforms where DCE is available also offer DCE/TCP, it is recommended to use this. If there is a need to use DCE/UDP, the DCE daemon (rpcd/dced) can be forced to use a specific port range only. This is done by setting the RPC_RESTRICTED_PORTS variable before starting the daemon in addition to the setting for the server or agent processes. Note: Restricting the DCE daemons port range will have an effect on all applications that use RPC communications on that system. They all will share the same port range. Configuring HPOM for Network Address Translation How you configure HPOMfor network address translation depends on which addresses are translated: l Outside addresses See Configuring HPOMfor Address Translation of Outside Addresses on page93. 1 HPOMfor Windows uses a push mechanismto deploy policies. Therefore, the HPOMfor UNIX mechanism, which checks for new deployment data on the server, can be disabled, using OPC_ NO_CFG_RQST_AT_STARTUP. In this case, there is no need to restrict the opcdista ports, because opcdistawill never try to use these ports. If the agent should communicate with an HPOM for UNIX server using the HPOMfor UNIX distribution mechanism, then the opcdistaport range can be restricted using OPC_RESTRICT_TO_PROCS opcdistaand OPC_COMM_PORT_RANGE 62011-62013. HP Operations Manager (9.00) Page 432 of 1297 Online Help l Inside addresses See Configuring HPOMfor Address Translation of Inside Addresses on page93. l Inside and outside addresses See Configuring HPOMfor Address Translation of Inside and Outside Addresses on page94. Configuring HPOM for Address Translation of Outside Addresses The server uses an internal Agent ID, sent by the agent, to identify the system. This allows having multiple customers using the same IP addresses. On the node, the agent has to be configured using OPC_AGENT_NAT TRUE. See Configuring the Agent for a NAT Environment on page94 for more information. Configuring HPOM for Address Translation of Inside Addresses A manager configuration file must be created on the management server and distributed to each node. See Setting up the mgrconf File on page95 for more information. Configuring HPOM for Address Translation of Inside and Outside Addresses The following manual steps are required: 1. A manager configuration file must be created on the management server and distributed to each node. See "Configuring the Agent for a NAT Environment" (on page 433) for more information. 2. The agent has to be configured using OPC_AGENT_NAT TRUE. See "Setting up the mgrconf File" (on page 434) for more information. Configuring the Agent for a NAT Environment After the installation of the agent software, the agent has to be configured to handle the NAT environment correctly. The following line has to be added to the nodeinfo or opcinfo file of the specified agent. OPC_AGENT_NAT TRUE Restart the agent processes after changing the opcinfo file. The opcinfo file is located in the following location on the managed node: l AIX /usr/lpp/OV/OpC/install/opcinfo l UNIX /opt/OV/bin/OpC/install/opcinfo l Windows n <InstallDir>\InstalledPackages \{790C06B4-844E-11D2-972B- 080009EF8C2A}\bin\OpC\install\opcinfo HP Operations Manager (9.00) Page 433 of 1297 Online Help Setting up the mgrconf File When the HPOMagent receives an action request (application, operator-initiated or remote automatic action), it checks that the originating HPOMmanagement server process is authorized to send action requests. This check uses the IP address that is stored in the action request. Since the NAT firewall cannot change the IP address inside a data structure, the agent refuses to execute the action. To solve this issue, a responsible managers file can be set up to authorize the management servers actual IP address to execute actions. The file must contain the following lines: # # Responsible Manager Configurations for a NAT Management Server # RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Configuration for a NAT Management Server" SECONDARYMANAGERS ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 10.136.120.193 "" DESCRIPTION "Internally known address" Copy this file to each node outside the firewall into the following location: Platform Location of the mgrconf File Windows <InstallDir>\Installed Packages\{790C06B4-844E-11D2- 972B-080009EF8C2A}\conf\OpC\mgrconf UNIX /var/opt/OV/conf/OpC/mgrconf (AIX: /var/lpp/OV/conf/OpC/mgrconf) Location of the mgrconf File Configuring HPOM for Port Address Translation Because of the restrictions in targeting connections over the firewall in both directions (server to DCE agent and DCE agent to server), this is currently not supported in HPOMenvironments. Configuring Server to Console Communication User Interface to Server Communication The communication between a console and the management server is based on DCOMfor remote Microsoft Management Console (MMC) consoles, and HTTP or HTTPS for web consoles. The policy editor uses HTTP to communicate with the agent. It queries performance data fromthe embedded performance component (coda). (If an appropriate certificate is installed on the remote consoled, the policy editor can communicate with the embedded performance component using HTTPS. Management Server to Console Communication HP Operations Manager (9.00) Page 434 of 1297 Online Help Note: If you are connecting to a management server systemrunning Windows Server 2003 SP1 or higher, you must configure certain DCOMaccess rights, regardless of whether a firewall exists or not. See "Using the Console to Connect to Management Server Systems Running on Windows Server 2003 SP1" (on page 437). Remote MMC Console The MMC console uses DCOMextensively to communicate with the management server and therefore can only provide firewall support to the extent Microsoft provides firewall support for DCOM. Windows Firewall If there is a Windows Firewall between the console and the server, the firewall must allow all DCOMtraffic: l Remote console systems with Windows Firewall enabled. See "Using the Console on Systems with Windows Firewall Enabled" (on page 438). l Management server systems with Windows Firewall enabled. See "Using the Console to Connect to Management Server Systems with Windows Firewall Enabled" (on page 440). Web Console By default, the web console uses HTTPS to communicate with the management server. It uses the standard browser settings for HTTPS communication. Therefore communication through firewalls is possible as long as the browser settings are correct and as long as the web and proxy servers are configured accordingly. HP Operations Manager (9.00) Page 435 of 1297 Online Help See "Configuring Firewalls for Secure Web Console Communication" (on page 441) for more information. Changes described in "Using the Console to Connect to Management Server Systems Running on Windows Server 2003 SP1" (on page 437) for the Microsoft Management Console also apply to the web console and must be done on the management server also, even when using only the web console. Policy Editor The policy editor, more specifically, measurement threshold policies browse performance metrics of the embedded performance component on a managed node. By default, the policy editor uses HTTP for this connection. If an appropriate certificate is installed on the remote console, the policy editor can use HTTPS to communicate with the embedded performance component. l Processes on the console system n Communication broker On the console system, the communication broker services are not required so it is not started. n Policy editor The policy editor acts as HTTP or HTTPS client. It uses one port of an assigned range for outgoing connections. The port range can be restricted by the user. See also "Configuring Server to Agent Communication" (on page 386). and "Configuring Server to Agent Communication" (on page 386). l Processes on HTTPS managed nodes n Communication broker On the managed node, the communication broker serves as HTTPS server with the default port 383. See also "Configuring Server to Agent Communication" (on page 386). n Embedded performance component The embedded performance component acts as HTTPS server. l Processes on DCE managed nodes n Local location broker On the console system, the local location broker serves as HTTP server with the default port 383. See also "Changing the Default Port of the Local Location Broker" (on page 425). n Policy editor The policy editor acts as HTTP client. It uses one port of an assigned range for outgoing connections. The port range can be restricted by the user. The assigned port range must be the same for all components that query performance data fromthe embedded performance component (reporting and graphing). See also "Changing the Default Port of the Local Location Broker" (on page 425). and "Configuring HTTP Clients without HTTP Proxies" (on page 426). HP Operations Manager (9.00) Page 436 of 1297 Online Help Configuring a Firewall for Remote Consoles The filter rules for a firewall between remote consoles and managed nodes depend on the communication type of the managed node: l DCE managed nodes The filter rules for firewalls between a remote console and DCE managed nodes are described in the following sections: "HTTP Communication with Two Proxies" (on page 421) "HTTP Communication with One Proxy" (on page 422) "HTTP Communication without Proxies" (on page 423) l HTTPS managed nodes The filter rules for firewalls between a remote console and HTTPS managed nodes are described here: "Configuring a Firewall for HTTPS Nodes without a Proxy" (on page 397) "Configuring a Firewall for HTTPS Nodes with Proxies" (on page 397) "Configuring a Firewall for Outbound-Only Communication" (on page 409) Configuring Remote Consoles Using the Console to Connect to Management Server Systems Running on Windows Server 2003 SP1 Whether the firewall is enabled or not, certain adjustments must be made to the DCOMsettings of a management server systemrunning on Windows Server 2003 SP1 before remote consoles can connect to it properly. You must add DCOMaccess rights for the HP-OVE-OPERATORS and HP- OVE-ADMINS groups in dcomcnfg, which you can launch froma command line or fromthe Start- >Run entry. 1. Navigate to \Console Root\Component Services\Computers\My Computer. 2. Right-click and select Properties fromthe context menu. 3. Select the COM Security tab. 4. Click Edit Limits in the Access Permission section. Add the HP-OVE-ADMINS and the HP- OVE-OPERATORS groups. Give Local Access and Remote Access to both. Click OK. 5. Click Edit Limits in the Launch and Activation Permission section. Add the HP-OVE- ADMINS and the HP-OVE-OPERATORS groups. Give themall available rights (four in total). Click OK. 6. Close the My Computer Properties dialog box by pressing OK. 7. Navigate to \Console Root\Component Services\Computers\My Computer\DCOM Config\ovpmad. Right-click and select Properties in the context menu. 8. Select the Security tab. HP Operations Manager (9.00) Page 437 of 1297 Online Help 9. Change both Launch and Activation Permissions and Access Permissions to Customize. 10. The Launch and Activation Permissions list must contain the Systemaccount, the user groups HP-OVE-ADMINS and HP-OVE-OPERATORS, and the Windows local administrators group. All must have all available rights. All other entries can be removed. 11. The Access Permissions list needs to contain the Systemaccount, the Self account, the user groups HP-OVE-ADMINS and HP-OVE-OPERATORS, and the Windows local administrators group. The Systemaccount needs local access only. All the groups need to have all available rights. All other entries can be removed. 12. Close the dialog by clicking OK. 13. Repeat the steps for the entries OvOWReqCheck, OvOWReqCheckSvr, DNSDiscovery , ovadsprov, ovdnsprov, ovnetprov, ovnnmprov, and ovunmagtprov, using the same configuration as for ovpmad. 14. Open the properties of Windows Management and Instrumentation. 15. Change both Launch and Activation Permissions and Access Permissions to Customize. 16. In addition to the provided defaults, the Launch and Activation Permissions list must contain the user groups HP-OVE-ADMINS and HP-OVE-OPERATORS, and the Windows local administrators group. All must have all available rights. 17. In addition to the provided defaults, the Access Permissions list needs to contain the System account, the Self account, the user groups HP-OVE-ADMINS and HP-OVE-OPERATORS, and the Windows local administrators group. The Systemaccount needs local access only. All the groups need to have all available rights. Using the Console on Systems with Windows Firewall Enabled On all Windows platforms where HPOMremote consoles are supported, the Windows built-in firewall (Windows Firewall) is enabled by default for every network connection. RPCs are not allowed to pass through a systemwith Windows Firewall enabled. This is a problemfor remote consoles, because remote consoles communicate with the management server using DCOM, and DCOMby default uses RPCs as communication method. Therefore, to make the MMC console work on a systemwith Windows Firewall enabled, the following configuration is necessary. Tip: When you install a remote console on a systemwith Windows Firewall enabled, the HPOM installation wizard offers to automatically configure the firewall during the installation. Configure Firewall for HPOM Console Communication Change the default firewall settings on the console systemto allow WMI on the management server to communicate via DCOMto the remote console components as follows: 1. Select Network Connections fromthe Control Panel. 2. Right-click on Local Area Connections and select Properties. 3. Select the Advanced tab and click on Settings. HP Operations Manager (9.00) Page 438 of 1297 Online Help 4. Select the Exceptions tab on the Windows Firewall dialog box. 5. Use the Add Portbutton to add TCP port 135 and UDP port 135 to the exceptions list (as name use TCP 135 and UDP 135 or similar). 6. Use the Add Programbutton to add the following programs to the exceptions list: \Windows\System32\mmc.exe \Windows\System32\wbem\unsecapp.exe %OvBinDir%\OvConnectedConsoles.exe %OvBinDir%\ovunsecapp.exe %OvBinDir%\OvServiceTypeEditor.exe %OvBinDir%\OvServiceEditor.exe %OvBinDir%\OvPmdPolicyEditorFrame.exe %OvBinDir%\OvowServerMonitor.exe %OvBinDir%\OvowNodeEditor.exe %OvBinDir%\OvUserRoles.exe %OvBinDir%\OvSrvConfEditor.exe Note: To make these exceptions more secure click on the Change Scopebutton and select My network (subnet) only (if your management server is in the same subnet). If you specify the management servers address in the Custom list, the ports that are opened up will not be accessible fromother systems. Change Remote Access Furthermore, you have to enable and configure remote DCOMaccess to allow the anonymous account to have remote access as follows: 1. Click Start, click Run, type dcomcnfg. 2. Go to Component Services -> Computers -> My Computer. 3. Right-click MyComputer and select Properties. 4. Open the Default Properties tab. 5. Select Enable Distributed COM on this computer. 6. Select the COM Security tab. 7. Click Edit Limitswithin the Access Permissions box. 8. Enable Remote Access permission for the Anonymous Logon account (by default, Anonymous Logon has Local Access permission). Note: For Windows XP SP2 only: If the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients exists, then it must be set to RPC_RESTRICT_REMOTE_ CLIENT_NONE (0) or RPC_RESTRICT_REMOTE_CLIENT_DEFAULT (1), the default value. It must not be set to RPC_RESRICT_REMOTE_CLIENT_HIGH (2), because this will disable all anonymous RPC calls and with that, the server-to-console communication will not longer work. HP Operations Manager (9.00) Page 439 of 1297 Online Help Using the Console to Connect to Management Server Systems with Windows Firewall Enabled To enable remote consoles to connect to the management server, you need to change the firewall configuration on the management server system. See also sections "Configuring the Management Server with Windows Firewall Enabled" (on page 427), "Package Deployment to Systems with Windows Firewall Enabled" (on page 427), and for changes required for the agent communication "Running the Agent on Systems with Windows Firewall Enabled" (on page 429). Configure Program Exceptions in Firewall Change the default firewall settings on the management server systemto allow the console to connect to server components as follows: 1. Select Network Connections fromthe Control Panel. 2. Right-click Local Area Connections and select Properties. 3. Select the Advanced tab and click Settings. 4. Select the Exceptions tab on the Windows Firewall dialog box. 5. Use Add Port to add TCP port 80 to the exceptions list (as name, use http or similar). 6. Use the Add Portbutton to add TCP port 135 and UDP port 135 to the exceptions list (as name use TCP 135 and UDP 135 or similar). 7. Add a rule that allows inbound ICMPv6 echo requests. 8. Use Add Programto add the following programs to the exceptions list: %OvBinDir%\OvMsmAccessManager.exe %OvBinDir%\OvOWReqCheckSrv.exe %OvBinDir%\ovpmad.exe %OvBinDir%\OvSecurity.exe %OvBinDir%\OvSecurityServer.exe %OvBinDir%\OvowElRemoteAccess.exe Note: To make these exceptions more secure click on the Change Scopebutton and select My network (subnet) only (if your console systems are in the same subnet). If you specify the console systems addresses in the Custom list, the ports that are opened up will not be accessible fromother systems. Check DCOM Remote Access Rights for Programs Furthermore, you have to enable and configure remote DCOMaccess to allow the anonymous account to have remote access as follows: 1. Click Start, click Run, type in dcomcnfg. 2. Go to Component Services -> Computers -> My Computer. 3. Right click My Computer and select Properties. 4. Open the Default Properties tab. 5. Select Enable Distributed COM on this computer. HP Operations Manager (9.00) Page 440 of 1297 Online Help 6. Select the COM Security tab. 7. Click Edit Limits... within the Access Permissions box. 8. Enable Remote Access permission for the Anonymous Logon account (by default Anonymous Logon has Local Access permission). Configure Remote WMI Access in Firewall Change the default firewall settings on the management server systemto allow the console to connect to WMI. As this configuration step cannot be performed using the Windows Firewall dialog, you need to configure the WMI access using a command line tool: 1. Open a command shell by clicking Start and Run, then typing cmd and finally clicking the OK button. 2. In the command shell that is opened, enter the following command: netsh firewall set service RemoteAdmin enable Note: This command opens a gap in your firewall configuration, so you may want to restrict the RemoteAdmin access to the remote console systems only. You can do so by using the following command instead of the command mentioned above. In this example, the remote console systems have the IP addresses 10.1.2.3 and 10.4.5.6; please adapt the IP addresses to your needs. netsh firewall set service RemoteAdmin enable custom 10.1.2.3,10.4.5.6 For more information about the RemoteAdmin configuration options use the command netsh firewall set service help. Configuring Firewalls for Secure Web Console Communication The HPOMweb console is configured by default to listen for HTTPSconnections on port 443. However, the administrator who installs the management server can specify a different port in the installation wizard. If the administrator who installs the management server selects the option to set up Windows Firewall rules, the installer creates a firewall rule that allows TCPconnections to the web console port. If you have any other third-party firewall in your environment, you must configure this firewall to allow TCPconnections to the web console port. Configuring Server to Server Communication An HPOMfor Windows management server can communicate with other HPOMmanagement servers in the environment, also through firewalls. The communciation type depends on the platformand version of the communication partners, but is either DCE or HTTPS. l HTTPS An HPOMfor Windows version8 management server uses HTTPS to communicate with other HPOMfor Windows or UNIX version8 management servers. On the HPOMfor Windows version8 management server, the communication broker (ovbbccb) receives all incoming messages and action responses at port 383. The message and action HP Operations Manager (9.00) Page 441 of 1297 Online Help server (OvEpMsgActSrv) sends messages and action responses to the communication brokers on the other HPOMfor Windows or UNIX version8 management servers. On an HPOMfor UNIX version8 management server, the forward manager (opcforwm) sends messages and action responses to the communication broker of the HPOMfor Windows management server. l DCE An HPOMfor Windows version 8 management server uses DCE to communicate with HPOM for Windows version7.5 and HPOMfor UNIX version7 management servers. On the HPOMfor Windows version8 management server, the endpoint mapper (rpcd) returns the port of the message and action server (OvEpMsgActSrv) when receiving a DCE communication request. The message and action server then receives messages and action responses fromother message and action servers (HPOMfor Windows) or forward managers (HPOMfor UNIX). When forwarding a message or action response, the message and action server (OvEpMsgActSrv) first contacts the endpoint mapper on the target management server to query the port of the receiving message and action server (Windows) or message receiver (UNIX). It then sends messages and action responses to these ports. The HPOMfor UNIX message receiver (opcmsgrd) is an RPC server, the forward manager (opcforwm) is an RPC client. Management Server to Management Server Communication HP Operations Manager (9.00) Page 442 of 1297 Online Help Configuring a Firewall for Server to Server Communication HTTPS Filter Rules for Server-to-Server Communication These rules allow only the forwarding of messages and the synchronization of the two management servers. As soon as actions are executed on an agent systemon the other side of the firewall, the agent rules must be applied to the firewall as described in "Configuring HTTPS Agents" (on page 396). Source Destination Protocol Source Port Destination Port Description HPOM-W SERVER 1 HPOM-W SERVER 2 TCP Any a 383 Message and action server to communication broker HPOM-W SERVER 2 HPOM-W SERVER 1 TCP Anya 383 Message and action server to communication broker HPOM-W SERVER 1 HPOM-U SERVER1 TCP Anya 383 Message and action server to communication broker HPOM-U SERVER1 HPOM-W SERVER 1 TCP Anya 383 Forward manager to communication broker HTTPS Filter Rules for Multiple Management Servers (No Proxies) DCE Filter Rules for Server-to-Server Communication These rules allow only the forwarding of messages and the synchronization of the two management servers. As soon as actions are executed on an agent systemon the other side of the firewall, the agent rules must be applied to the firewall as described in "Configuring DCE Agents" (on page 417). Source Destination Protocol Source Port Destination Port Description HPOM-W SERVER 1 HPOM-W SERVER 2 TCP 62201 135 Message and action server to endpoint mapper HPOM-W SERVER 1 HPOM-W SERVER 2 TCP 62201 62201 Message and action server to message and action server DCE/TCP Filter Rules for Multiple Management Servers a The local port is by default 0 which means that the operating systemallocates the next available port number. You can also configure a specific port number or range of ports, if required. See See "Configuring Local Communication Ports". HP Operations Manager (9.00) Page 443 of 1297 Online Help Source Destination Protocol Source Port Destination Port Description HPOM-W SERVER 2 HPOM-W SERVER 1 TCP 62201 135 Message and action server to endpoint mapper HPOM-W SERVER 2 HPOM-W SERVER 1 TCP 62201 62201 Message and action server to message and action server HPOM-W SERVER 1 HPOM-U SERVER1 TCP 62201 135 Message and action server to endpoint mapper HPOM-W SERVER 1 HPOM-U SERVER1 TCP 62201 62101 Message and action server to message receiver HPOM-U SERVER1 HPOM-W SERVER 1 TCP 62104-62105 135 Forward manager to endpoint mapper HPOM-U SERVER1 HPOM-W SERVER 1 TCP 62104-62105 62201 Forward manager to message and action server Configuring Server to Server HTTPS Communication Configuring server to server HTTPS communication is similar to configuring HTTPS communication between servers and agents. This is described in "Configuring Two Way HTTPS Communication" (on page 397). You can also set up outbound-only communication between two servers, which is described in "Configuring Outbound-Only Communication" (on page 409). Configuring Server to Server DCE Communication To configure server to server DCE communication, you must performthe following tasks: l HPOM for Windows to HPOM for Windows servers See "Configuring the Management Server RPC Server" (on page 420). l HPOM for Windows to HPOM for UNIX servers a. Configure the RPC server on the HPOMfor Windows management servers. You need to configure one port per target management server. See "Configuring the Management Server RPC Server" (on page 420). b. On the HPOMfor UNIX management server, configure the port range for the forward manager and the message receiver. HP Operations Manager (9.00) Page 444 of 1297 Online Help i. Configure the DCE client disconnect time. Enter the following command: ovconfchg -ovrg server -ns opc -set OPC_HPDCE_CLIENT_DISC_ TIME 5 Note: Set connections to five seconds to disconnect the connection for HPOMs management server processes. This setting is recommended to enable all the connections to different systems to be disconnected cleanly. Keeping the connections established for a lengthy period of time will block ports and there are only a few occasions when a connection could be re-used. ii. Configure the port range for the forward manager and the message receiver processes. Enter the following commands: ovconfchg -ovrg server -ns opc.opcforwm -set OPC_COMM_PORT_ RANGE 62104-62105ovconfchg -ovrg server -ns opc.opcmsgrd -set OPC_COMM_PORT_RANGE 62101 iii. Restart the management server processes. Enter the following commands: i. ovstop ovctrl ovoacomm ii. ovstart opc Configuring Integrated Applications Database Application HPOMsupports a remote database which is Microsoft SQLServer. The communication type used between the management server and the database is based on ODBC. If you have a firewall between the management server and the database, you must open the firewall for port 1433, which is the default port of SQLServer. You can also configure SQLServer to use a customport. See the documentation supplied with the database for more information. Reporting and Graphing Applications l HP Reporter l HP Performance Manager l HP Performance Agent Software HP Reporter HP Reporter is an HTTPS client. It connects to the following components in an HPOM environment: l Embedded performance component and HP Performance Agent Software By default, HPReporter first tries to connect with the embedded performance component and HP Performance Agent Software in non-secure mode. If the embedded performance component and HP Performance Agent Software require secure communication (HTTPS), then HP Reporter will switch to HTTPS communication. HP Operations Manager (9.00) Page 445 of 1297 Online Help HPReporter first contacts the communication broker on the remote system. The communication broker then looks up the server port of the embedded performance component and HP Performance Agent Software. If a firewall exists between HPReporter and the embedded performance component and HP Performance Agent Software, the firewall must be opened for communication with the communication broker (default port 383) and the embedded performance component and HP Performance Agent Software (no default port). By default, HPReporter allows the operating systemto allocate the local port for each connection that it opens to the embedded performance component and HP Performance Agent Software. However, HPReporter can be configured to use one port of an assigned range for all communication requests. In addition, you can configure HPReporter to use a proxy instead of directly communicating with the remote systems. l Web browser and HPOM remote consoles The default port of the HPReporter web server is port 80. HPReporter can also be configured to use HTTPS for communication with web browsers and the HPOMremote console: a. Configure the HPReporter web server to provide reports using the HTTPS protocol. See the HPReporter documentation for details. b. Configure HPOMto request reports using the HTTPS protocol: i. In the Server Configuration dialog box, select the namespace HPReporter Integration. ii. Change the value for Port to the HTTPS port of the HPReporter web server. iii. Select Expert Mode and change the value for List reports URL to HTTPS, for example: https://<$SERVERNAME>:<$PORT>/HPOV_Reports/reports.xml iv. To enable secure communication, make sure the appropriate certificates are available. v. If you are using a proxy connection, make sure to configure the following options for your web browser: o Bypass proxy server for local addresses. o Add your Windows domain to the exception list of the proxy server. For further details, see the corresponding product documentation of HPReporter. HP Performance Manager HP Performance Manager is an HTTPS client. It connects to the following components in an HPOMenvironment: l Embedded performance component and HP Performance Agent Software n By default, HP Performance Manager first tries to connect with the embedded performance component and HP Performance Agent Software in non-secure mode. If the embedded performance component and HP Performance Agent Software require secure communication (HTTPS), then HP Performance Manager will switch to HTTPS communication. HP Operations Manager (9.00) Page 446 of 1297 Online Help n HP Performance Manager first contacts the communication broker on the remote system. The communication broker then looks up the server port of the embedded performance component and HP Performance Agent Software. If a firewall exists between HP Performance Manager and the embedded performance component and HP Performance Agent Software, the firewall must be opened for communication with the communication broker (default port 383) and the embedded performance component and HP Performance Agent Software (no default port). n By default, HP Performance Manager allows the operating systemto allocate the local port for each connection that it opens to the embedded performance component and HP Performance Agent Software. However, HP Performance Manager can be configured to use one port of an assigned range for all communication requests. In addition, you can configure HP Performance Manager to use a proxy instead of directly communicating with the remote systems. l Web browser and HPOM remote consoles The default port of the HPPerformance Manager server is port 8081 for HTTP communication and port 8444 for HTTPS communication. HPPerformance Manager can also be configured to use HTTPS for communication with web browsers and the HPOMremote console. a. Configure the HPPerformance Manager server to provide graphs using the HTTPS protocol. See the HPPerformance Manager documentation for details. b. Configure HPOMto request graphs using the HTTPS protocol: i. In the Server Configuration dialog box, select the namespace HPPerformance Manager Integration. ii. Select Expert Mode and change the value for Base URL to HTTPS, for example: https://<$SERVERNAME>:<$PORT>/OVPM/? iii. To enable secure communication, make sure the appropriate certificates are available. iv. If you are using a proxy connection, make sure to configure the following options for your web browser: o Bypass proxy server for local addresses. o Add your Windows domain to the exception list of the proxy server. For further details, see the corresponding product documentation of HPPerformance Manager. HP Performance Agent Software HP Performance Agent Software is an HTTPS server. HP Performance Agent Software responds to communication requests in HTTP or HTTPS mode depending on the type of request. Before responding to communication requests, the communication broker on the HP Performance Agent Software systemlooks up the server port of HP Performance Agent Software (and the embedded performance component). The server port is then used to transfer performance data to the requestor of the information. If a firewall exists between HP Performance Agent Software (and the embedded performance component) and the performance and graphing tools, the firewall must HP Operations Manager (9.00) Page 447 of 1297 Online Help be opened for communication with the communication broker (default port383) and HP Performance Agent Software (and the embedded performance component) (no default port). By default, HP Performance Agent Software allows the operating systemto allocate a server port to respond to information requests fromperformance reporting and graphing tools. However, HP Performance Agent Software can be configured to use a fixed server port for all communication requests. In addition, you can configure HP Performance Agent Software to use a proxy instead of directly communicating with the remote systems. For further details, see the corresponding product documentation of HPPerformance Agent Software. Network Management Applications HP Network Node Manager See the corresponding product documentation for details about firewall support of this product. HP NNM Adapter The following picture shows the default communication between various NNMAdapter components. HPOM NNM Adapter HP Operations Manager (9.00) Page 448 of 1297 Online Help The NgNnmDwProvider service can operate in two modes: l 0NNM only NgNnmDwProvider gathers information about new nodes fromNNMonly. This is done based on the SNMP description of the Windows nodes. l 1NetWkstaGetInfo NgNnmDwProvider gathers additional information (using WinNet API NetWkstaGetInfo) This information about the nodes (Windows OS and version number) is cached (NetWkstaGetInfo is called only once). The NgNnmDwProvider by default operates in mode 1. The WinNet API calls are blocked by most firewalls and might produce firewall logfile entries and unnecessary traffic. Therefore they can be disabled using mode 0. The mode can be changed using the following registry key on the NNMserver: HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett- Packard\OpenView\NNMAdapter\NgNnmDwProvider\Repl\AdditionalChecking l 0 Gather data only fromNNM. l 1 Additional checking using NetWkstaGetInfo. This registry key is only checked when the NgNnmDwProvider service starts up. Steps to enforce a changed mode: 1. Change the registry key. 2. Stop the service NgNnmDwProvider. 3. Delete the file <InstallDir>\Installed Packages\{c9322d6f-d88c-11d3-98e3- 080009ef5c3b}\data\NgNnmPreviousNodes.bin. 4. Start the service. Using the NNM Adapter on Systems with Windows Firewall Enabled If NNMis running on a systemwith enabled Windows firewall, then the following configuration is necessary for the NNMAdapter: 1. Create dummy files necessary for the firewall configuration. (This step is not necessary if the NNMAdapter is already installed.) As the Windows Firewall does not allow setting up rules for applications that do not yet exist, you have to create a dummy application file before configuring the Windows firewall and installing the NNMadapter. Create the following file on your NNMsystem: %OvInstallDir%\Installed Packages\{c9322d6f-d88c-11d3-98e3- 080009ef5c3b}\bin\NgNnmDwProvider.exe HP Operations Manager (9.00) Page 449 of 1297 Online Help You can create a dummy file with the following command: echo abc >NgNnmDwProvider.exe. If %OvInstallDir% is not already set by other HP Software applications (check with echo %OvInstallDir%), then use %Program Files%\HP OpenView as installation directory (typically C:\Program Files\HP OpenView). 2. Configure firewall for NNM Adapter installation. (This step is not necessary if the NNMAdapter is already installed.) The NNMAdapter installation uses similar deployment methods as the HPOMpackage deployment. Furthermore, if not already installed, it will automatically install the HPOMagent on the NNMsystem. Therefore, follow the same configuration guidelines as for the package deployment - see Package Deployment to Windows DCE Nodes on page62, even if an HPOMagent is already installed on the NNMsystem! Follow also the instructions for the HPOMagent - see Running the Agent on Systems with Windows Firewall Enabled on page 116. Additionally, change the computer-wide access to allow the anonymous account to have "remote access" as follows: a. Click on Start, click on Run, type in dcomcnfg. b. Go to Component Services -> Computers -> My Computer. c. Right-click My Computer and select Properties. d. Select the COM Security tab. e. Click Edit Limitswithin the Access Permissions frame. f. Enable Remote Access permission for the Anonymous Logon account (by default Anonymous Logon has Local Access permission). 3. Configure firewall for NNM Adapter communication. 4. Change the default firewall settings as follows: a. Select Network Connections fromthe Control Panel. b. Right-click on Local Area Connections and select Properties. c. Select the Advanced tab and click on Settings. d. Select the Exceptions tab on the Windows Firewall dialog box. e. Use the Add Programbutton to add the programyou created above to the exceptions list:%OvInstallDir%\InstalledPackages\{c9322d6f-d88c-11d3-98e3- 080009ef5c3b}\bin\NgNnmDwProvider.exe 5. Configure the firewall for NNM web tools. Enable the access to the web server: a. Select the Advancedtab on the Windows Firewall dialog box. b. Under NetworkConnectionSettings, select the Local AreaConnection, then select Settings HP Operations Manager (9.00) Page 450 of 1297 Online Help and check WebServer (HTTP). Enable the Network Presenter web tool: a. Select Network Connections fromthe Control Panel. b. Right-click on Local Area Connections. Select Properties. c. Select the Advanced tab and click Settings. d. Select the Exceptions tab on the Windows Firewall dialog box. e. Use the Add Portbutton to add TCP port 2447 to the exceptions list. Service Management Applications HP Service Desk See the corresponding product documentation for details about firewall support of this product. HP ServiceCenter See the corresponding product documentation for details about firewall support of this product. Port Usage Server and Client Port Usage In the HPOMenvironment, there are the following types of communication that use ports: l RPC Servers (DCE only) l RPC Clients (DCE only) l TCP Socket Connections (DCE only) l "HTTP and HTTPS Servers" (on page 452)(DCE and HTTPS) l "HTTP and HTTPS Clients" (on page 452)(DCE and HTTPS) RPC Servers An RPC server is registered at one fixed port. It can handle multiple incoming connections on this one port. A connection stays in ESTABLISHED state for about 20 seconds and can be re-used during this time. Afterwards the connection disappears fromthe RPC server side. RPC Clients An RPC client uses one port of an assigned range for outgoing communication. (However, this is not true on Windows systems. Outgoing ports cannot be restricted with Microsoft RPC.) On UNIX systems, a connection stays in ESTABLISHED state for about 20 seconds and can be re- used for more communication to the same target during this time. Afterwards the connection stays in TIME_WAIT state for about one minute. During this time the port is blocked and cannot be re- used. A new connection at this time will require an additional port. A new connection to another target will require another port in any case. HP Operations Manager (9.00) Page 451 of 1297 Online Help HTTP and HTTPS Servers An HTTP server is registered at one fixed port. It can handle multiple incoming connections on this one port. HTTP and HTTPS Clients An HTTP client integrated into HPOMuses one port of the available range for outgoing communication. A new connection to another HTTP server will normally use another port. However, these source ports can be restricted if needed, so that the HTTP client just uses one specified source port or a specified port range. Port Usage on the Management Server The following notes provide some more background information about which ports are used by which processes. This can be useful if you want to secure individual systems using personal firewall products, which allow you to filter communication based on process names. Certificate Server (ovcs.exe) (HTTPS only) The certificate server (ovcs.exe) creates certificates and private keys for authentication in secure communication. It acts as HTTPS client. The certificate server contacts the communication broker on all agents to distribute certificates. For outgoing communication requests, it uses a randomport assigned by the operating system. It can be bound to a specific port, if needed: ovconfchg -ovrg server -ns bbc.http.ext.sec.cm.ovcs -set CLIENT_PORT 62600 Message and Action Server (OvEpMsgActSrv.exe) (HTTPS and DCE) The message and action server (OvEpMsgActSrv.exe) participates in both HTTPS and DCE communication requests. l HTTPS communication The message and action server registers as HTTPS server to receive messages by way of the communication broker. The message and action server also registers as HTTPS client to do heartbeat polling, launch tools or start operator-initiated commands, and to forward messages to other management servers. For outgoing communication requests, it uses a randomport assigned by the operating system. It can be bound to a specific port, if needed: ovconfchg -ovrg server -ns bbc.http.ext.OvEpMsgActSrv \-set CLIENT_ PORT 62723-62835 l DCE communication The message and action server registers one RPC server with multiple RPC interfaces: n Message receiver interface n Distribution manager interface HP Operations Manager (9.00) Page 452 of 1297 Online Help n Communication manager interface This RPC server can be bound to a specific port and will register there each time it is started. For more information, see "Configuring HTTP Servers" (on page 425) The message and action server also acts as RPC client and sends out communication requests like: n Heartbeat polling n Launch tool and start operator-initiated command The source ports used for the outgoing communication cannot be restricted. Policy Management and Deployment (ovpmad.exe) (HTTPS and DCE) The policy management and deployment component (ovpmad.exe) transfers policies to managed nodes. By default, five concurrent deployments are allowed, but you can change this limit, if needed. The policy management and deployment component participates in both HTTPS and DCE communication: l HTTPS communication The policy management and deployment component acts as HTTPS client. It uses a random port assigned by the operating systemto transfer policies to managed nodes. You can assign a specific port range (minimumfive ports), if needed: ovconfchg -ovrg server -ns bbc.http.ext.ovpmad \-set CLIENT_PORT 62601-62605 l DCE communication The policy management and deployment component acts as RPC client to transfer policies to the managed nodes. The source ports used for the outgoing communication cannot be restricted. Remote Control (opcragt.exe) (HTTPS only) The remote control tool (opcragt.exe) is an HTTPS client. It contacts the communication broker on all agents. For these connections, it uses a randomport (that is, one for each managed node). If you want to a assign a specific port range to this process, choose a port range that is at least as large as the number of managed nodes in your environment: ovconfchg -ovrg server -ns bbc.http.ext.opcragt -set CLIENT_PORT 62621-62720 Service Discovery Server (OvAutoDiscoveryServer.exe) (HTTPS and DCE) The service discovery server (OvAutoDiscoveryServer.exe) participates in both HTTPS and HTTP communication: l HTTPS communication As HTTPS server, it receives synchronization requests fromHTTPS managed nodes by way of the communication broker on the management server. l HTTP communication HP Operations Manager (9.00) Page 453 of 1297 Online Help Service discovery data of DCE managed nodes is sent in plain HTTP format directly to the discovery server. For this kind of communication, the discovery server acts as HTTP server and uses by default port 6602. You can change this port, if needed. For more information, see "Configuring HTTP Servers" (on page 425). Communication Broker (ovbbccb.exe) (HTTPS only) The communication broker (ovbbccb.exe) registers as HTTPS server with default port 383. This is the only server port that is externally visible on the management server system. If you change this default port, you must change it on all systems that use HTTPS communication in your HPOM environment. See "Configuring Communication Broker Ports" (on page 403). Port Usage on the Console System Policy Editor (OvPmdPolicyEditorFrame.exe) This section describes the ports used when the console systemcommunicates with the embedded performance component on a managed node directly, which only happens when measurement threshold policy editors try to gather metrics froma node. The policy editor by default acts as HTTP client and browses performance metrics of the embedded performance component on a managed node. It uses ports of the available source ports. The used source ports can be restricted, if needed: ovconfchg [-ovrg server] -ns bbc.http.ext.OvPmdPolicyEditorFrame -set CLIENT_PORT 62721-62722 If an appropriate certificate is installed on the remote console, the policy editor can use HTTPS to communicate with the embedded performance component. Port Usage on the Managed Node The agent can handle communication issues that are related to the port restriction. It will write a message to the System.txt file and retry the communication. This may cause delays but prevent message loss. Communication Broker (ovbbccb) (HTTPS Only) The communication broker (ovbbccb) registers as HTTPS server with default port 383. This is the only server port that is externally visible on a managed node system. If you change this default port, you must change it on all systems that use HTTPS communication in your HPOMenvironment. See "Configuring Communication Broker Ports" (on page 403). Message Agent (opcmsga) (HTTPS and DCE) The message agent is an RPC and HTTPS client: l DCE communication The RPC client contacts the endpoint mapper and the message receiver interface of the server. These connections need two ports. In case of a flexible manager setup where the agent might report to different management servers the range should be increased so that two ports are available for each server. HP Operations Manager (9.00) Page 454 of 1297 Online Help One more port is needed for a socket connection to the communication manager when bulk transfers are requested, but this is only supported with Operations for UNIX servers. l HTTPS communication The HTTPS client contacts the communication broker of the management server. This connection requires one port. In case of a flexible manager setup where the agent might report to different management servers the range should be increased so that one port is available for each server. Control Agent (opcctla) (DCE Only) The control agent is an RPC server and can be forced to one port. It handles all incoming RPC calls. It receives action requests and new policies fromthe management server. Distribution Agent (opcdista) (DCE Only) The distribution agent is an RPC client. It contacts the endpoint mapper and the distribution manager interface of the server. This is currently only needed when connecting to an HPOMfor UNIX server and needs two ports. If the agent was installed froman HPOMfor Windows management server, then the distribution agent will not contact the server. Embedded Performance Component (coda) The embedded performance component acts as an HTTP or HTTPS server and provides performance data to several clients: l HTTP communication The embedded performance component on DCE managed nodes registers as HTTP server with port 381. You can change this port, if needed. For more information, see "Configuring HTTP Servers" (on page 425). l HTTPS communication The embedded performance component on HTTPS managed nodes registers as HTTPS server. The operating systemassigns a randomport for incoming communication requests. You can assign a fixed port, if needed, or redirect all communication through the communication broker on the HTTPS managed node, so that you do not need to open an additional port in the firewall. For more information, see "Configuring the Embedded Performance Component" (on page 407). Service Discovery Agent (java, agtrep) The service discovery agent acts as HTTP or HTTPS client: l HTTP communication The service discovery agent (java) on DCE managed nodes registers as HTTP client and transfers service discovery data to the management server. It uses a single, randomport. If needed, then the used source port can be restricted. For more information, see "Configuring HTTP Clients without HTTP Proxies" (on page 426). l HTTPS communication HP Operations Manager (9.00) Page 455 of 1297 Online Help The discovery agent (agtrep) on HTTPS managed nodes registers as HTTPS client and synchronizes the agent repository with the management server. It a single, random. The used source port can be restricted, if needed: ovconfchg -ns bbc.http.ext.agtrep -set CLIENT_PORT 62303 Configuration Parameters Management Server Registry Values The following string values can be defined for the HPOMmanagement server under the registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\MsgActSrv] l "COMM_PORT_RANGE" (on page 456) l "DISABLE_ACTIVE_PING_HEALTH_CHECK" (on page 456) l "DISABLE_HEALTH_CHECK" (on page 457) l "DISABLE_ALL_REMOTE_ACTIONS" (on page 457) COMM_PORT_RANGE Description This variable defines the ports that may be used by the server for RPC communication. Example COMM_PORT_RANGE 12001 Default Not set. DISABLE_ACTIVE_PING_HEALTH_CHECK Description TRUE switches off the health check with ping packets. The active check with RPCs will still be done. Note: This increases the network traffic because the server will check the health of the agent each time with an RPC-call. Example DISABLE_ACTIVE_PING_HEALTH_CHECK TRUE Default FALSE. HP Operations Manager (9.00) Page 456 of 1297 Online Help DISABLE_HEALTH_CHECK Description TRUE switches off the complete health check done by the server. Example DISABLE_HEALTH_CHECK TRUE Default FALSE. DISABLE_ALL_REMOTE_ACTIONS Description TRUE disables the execution of automatic actions that do not run on the systemwhere the message was generated (remote automatic actions). HPOMoffers the possibility to start automatic actions on other nodes. This is helpful in case a problemwas detected on a client system, but the automatic action should run on a server systemto collect more data or to solve the problem. Out-of- the-box policies currently do not make use of this feature (as it is difficult to pre-configure on which node the action has to be executed), but custompolicies might use it.In firewall environments, in which enhanced security often plays a role as well, this feature can be disabled. A service provider, managing different client networks behind several firewalls using one management server, might also want to disable this feature, so that nodes of one client cannot start automatic actions on nodes of another client. Example DISABLE_ALL_REMOTE_ACTIONS TRUE Default FALSE. HTTP Communication Parameters The following parameters can be set in the nodeinfo or defaults.txt file for use in a firewall environment that includes HTTP-based communication components, such as HPReporter, HP Performance Manager, service discovery, and the embedded performance component for HPOM DCE agents. l "CLIENT_BIND_ADDR(app_name)" (on page 458) l "CLIENT_PORT(app_name)" (on page 458) l "PROXY" (on page 458) l "SERVER_BIND_ADDR(app_name)" (on page 459) l "SERVER_PORT(app_name)" (on page 459) HP Operations Manager (9.00) Page 457 of 1297 Online Help CLIENT_BIND_ADDR(app_name) Description Sets the address for the specified applications HPSoftware HTTP client. Valid application names are com.hp.openview.CodaClient (on the management server) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the managed node). Example CLIENT_BIND_ ADDR(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 12.123.123.4 Default Not set. CLIENT_PORT(app_name) Description Sets the port number or port range for the specified applications HPSoftware HTTP client. Valid application names are com.hp.openview.CodaClient (on the management server) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the managed node). Example CLIENT_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 12008 CLIENT_PORT(com.hp.openview.CodaClient) 62203-62250 Default Not set. PROXY Description Sets the proxy for any HPSoftware HTTP clients running on the computer. Clients can be HP Reporter or HP Performance Manager (running on the management server) or the service discovery agent (running on a managed node). The format is PROXY proxy:port +(a)-(b); proxy2:port2 +(c)-(d), and so on. The variables a, b, c, and d are comma-separated lists of hostnames, networks, and IP addresses that apply to the proxy. Multiple proxies may be defined for one PROXY key. The minus sign (-) before the list indicates that those entities do not use this proxy, the plus sign (+) before the list indicates that those entities do use this proxy. The first matching proxy is used. HP Operations Manager (9.00) Page 458 of 1297 Online Help Example PROXY web-proxy:8088-(*.veg.com)+(*.lettuce.veg.com) Meaning The proxy 'web-proxy' will be used with port 8088 for every server except hosts that match *.veg.com, for example, www.veg.com. The exception is hostnames that match *.lettuce.hp.com. For example, romaine.lettuce.veg.comthe proxy server will be used. Default Not set. SERVER_BIND_ADDR(app_name) Description Sets the address for the specified applications HPSoftware HTTP server. Valid application names are com.hp.openview.Coda (on the managed node) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the management server). . Example SERVER_BIND_ ADDR(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 12.123.123.4 Default Not set. SERVER_PORT(app_name) Description Sets the port number for the specified applications HPSoftware HTTP server. Valid application names are com.hp.openview.Coda (on the managed node) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the management server). . Example SERVER_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 62202 SERVER_PORT(com.hp.openview.Coda)62010 Default SERVER_PORT(com.hp.openview.Coda) 381 HP Operations Manager (9.00) Page 459 of 1297 Online Help SERVER_PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 6602 HTTPS Communication Parameters Use the command-line tool ovconfchg to set or change parameters for HTTPS-based communication. By setting a parameter in a specific namespace, the parameter affects only the processes that use that namespace. The following namespaces are relevant for HTTPS communication in firewall environments: l bbc.cb l bbc.cb.ports l bbc.rcp (outbound-only communication) l bbc.http l bbc.http.ext.* bbc.cb Namespace The namespace of the communication broker. The following parameters can be set: l "ENABLE_REVERSE_ADMIN_CHANNELS (Outbound-Only Communication)" (on page 460) l "MAX_RECONNECT_TRIES (Outbound-Only Communication)" (on page 461) l "RC_CHANNELS (Outbound-Only Communication)" (on page 461) l "RC_CHANNELS_CFG_FILES (Outbound-Only Communication)" (on page 461) l "RETRY_INTERVAL (Outbound-Only Communication)" (on page 462) l "RC_MAX_WORKER_THREADS (Outbound-Only Communication)" (on page 462) l "RC_MIN_WORKER_THREADS (Outbound-Only Communication)" (on page 462) l "GENERATE_OVEVENT_FOR_FAILED_RC_NODES (Outbound-Only Communication)" (on page 463) l "SERVER_BIND_ADDR" (on page 463) l "SERVER_PORT" (on page 463) ENABLE_REVERSE_ADMIN_CHANNELS (Outbound-Only Communication) Description If set to true, this parameter instructs the communication broker of the systemin the trusted zone to establish a reverse administration channel to the reverse channel proxy. This parameter is required for outbound-only communication. Example ovconfchg -ns bbc.cb -set ENABLE_REVERSE_ADMIN_CHANNELS true HP Operations Manager (9.00) Page 460 of 1297 Online Help Default false. MAX_RECONNECT_TRIES (Outbound-Only Communication) Description Maximumnumber of attempts that the systemin the trusted zone should make to connect to a reverse channel proxy. By default, this is set to -1 (infinite). Example ovconfchg -ns bbc.cb -set MAX_RECONNECT_TRIES 5 Default 1 (infinite). RC_CHANNELS (Outbound-Only Communication) Description List of reverse channel proxies (RCPs) to which the systemin the trusted zone establishes a reverse administration channel. This parameter is required for outbound-only communication. Format: <hostname>:<port>[,<OvCoreId>] If you specify the optional OvCoreID, the systemin the trusted zone validates the RCP against that OvCoreID. If you specify more than one RCP, you must separate the entries with a semicolon (;). Example ovconfchg -ns bbc.cb -set RC_CHANNELS rcp1.example.com,9fcc7062-0472- 751c-1236-84372bec342d Default Not set. RC_CHANNELS_CFG_FILES (Outbound-Only Communication) Description List of reverse channel proxies (RCPs) in a file. The file must be placed in the <data_ dir>/conf/bbc directory. Specify one RCP per line. Format: <hostname>:<port>[,<OvCoreId>] If you specify the optional OvCoreID, the systemin the trusted zone validates the RCP against that OvCoreID. Blank lines and comment lines (# is the first character) are permitted. You must also use the following command if you later change the contents of the file. The system reads the file only after you use ovconfchg: ovconfchg -ns bbc.cb -set RC_CHANNELS_CFG_FILES <filename> HP Operations Manager (9.00) Page 461 of 1297 Online Help Example ovconfchg -ns bbc.cb -set RC_CHANNELS_CFG_FILES RCP.txt Default Not set. RETRY_INTERVAL (Outbound-Only Communication) Description Number of seconds that the systemin the trusted zone should wait before it retries unsuccessful connection attempts. By default, this is set to 60 seconds. Example ovconfchg -ns bbc.cb -set RETRY_INTERVAL 90 Default 60 (seconds). RC_MAX_WORKER_THREADS (Outbound-Only Communication) Description Maximumnumber of worker threads for connections to RCPs. The communication broker uses different threads to enhance the performance of connections to RCPs. Example ovconfchg -ovrg server -ns bbc.cb -set RC_MAX_WORKER_THREADS 5 Default 1. RC_MIN_WORKER_THREADS (Outbound-Only Communication) Description Minimumnumber of worker threads for connections to RCPs. The communication broker uses different threads to enhance the performance of connections to RCPs. Example ovconfchg -ovrg server -ns bbc.cb -set RC_MAX_WORKER_THREADS 5 Default 0. HP Operations Manager (9.00) Page 462 of 1297 Online Help GENERATE_OVEVENT_FOR_FAILED_RC_NODES (Outbound-Only Communication) Description Configures the management server to generate a warning message about failed RCP connections. Example ovconfchg -ovrg server -ns bbc.cb -set RC_ENABLE_FAILED_OVEVENT TRUE Default FALSE. SERVER_BIND_ADDR Description Bind address for the server port. Example ovconfchg -ns bbc.cb -set SERVER_BIND_ADDR 10.10.10.10 Default INADDR_ANY SERVER_PORT Description This is the port used by the communication broker to listen for requests. If a port is set in the namespace bbc.cb.ports, it takes precedence over this parameter. Example ovconfchg -ns bbc.cb -set SERVER_PORT 62999 Default 383. bbc.cb.ports Namespace The port-specific namespace for the communication broker. Only the PORTS parameter can be set in this namespace. This parameter defines the list of ports for all communications brokers in the network that may be contacted by applications on this host. The default port number for all communication brokers is 383. HP Operations Manager (9.00) Page 463 of 1297 Online Help PORTS Description This configuration parameter must be the same on all managed nodes. To change the port number of a communication broker on a particular host, the hostname must be added to this parameter, for example name.hp.com:8000. You can use an asterisk (*) as a wild card to denote an entire network, for example *.hp.com:8001. Note too, that either a comma (,) or a semi-colon (;) must be used to separate entries in a list of hostnames, for example name.hp.com:8000, *.hp.com:8001. In these examples, all hostnames ending in hp.com will configure their communication broker to use port 8001 except host name which will use port 8000. All other hosts use the default port 383. You can also use IP addresses and the asterisk (*) to specify hosts. For example, 15.0.0.1:8002, 15.*.*.*:8003. Example ovconfchg -ns bbc.cb.ports -set PORTS name.hp.com:8000 ovconfchg -ns bbc.cb.ports -set PORTS name.hp.com:8000, *.hp.com:8001 ovconfchg -ns bbc.cb.ports -set PORTS 15.0.0.1:8002, 15.*.*.*:8003 Default 383. CB_PORTS_CFG_FILE Description To organize settings for many communication broker ports, you can specify values on separate lines in a text file instead of setting the PORTS parameter. The values have the same format as values for the PORTS parameter. For example: *.emea.example.com:6000 10.*.*.*:6001 om1.emea.example.com:6002 10.0-127.*.*:6003 Save the file in the folder /var/opt/OV/conf/bbc. Example ovconfchg -ns bbc.cb.ports -set CB_PORTS_CFG_FILE <file_name> Default Not set. bbc.rcp Namespace (Outbound-Only Communication) The namespace for configuring the reverse channel proxy (RCP) for outbound-only communication. Only the SERVER_PORT parameter can be set. HP Operations Manager (9.00) Page 464 of 1297 Online Help SERVER_PORT Description Port number of the reverse channel proxy (RCP). Example ovconfchg -ns bbc.rcp -set SERVER_PORT 62998 Default 9090. bbc.http Namespace bbc.http is the HTTP namespace for node-specific configuration. Note: Application-specific settings in the bbc.http.ext.* namespace override node-specific settings in bbc.http. The following parameters can be set: l "CLIENT_BIND_ADDR" (on page 465) l "CLIENT_PORT" (on page 466) l "PROXY" (on page 466) l "SERVER_BIND_ADDR" (on page 467) l "SERVER_PORT" (on page 467) l "TARGET_FOR_RC (Outbound-Only Communication)" (on page 467) l "TARGET_FOR_RC_CMD (Outbound-Only Communication)" (on page 468) CLIENT_BIND_ADDR Description Sets the IP address for all or only a specified HPSoftware HTTPS client. Example All clients: ovconfchg -ns bbc.http -set CLIENT_BIND_ADDR 10.10.10.1O opcmsga only: ovconfchg -ns bbc.http.ext.opcmsga -set CLIENT_BIND_ADDR 10.10.10.10 Default INADDR_ANY. HP Operations Manager (9.00) Page 465 of 1297 Online Help CLIENT_PORT Description Sets the port number for all or only a specified HPSoftware HTTPS client. This may also be a range of ports, for example 62601-62605. This is the bind port on the originating side of a request. The operating systemwill assign the first available port. Note that Windows systems do not immediately release ports for reuse. Therefore on Windows systems, this parameter should be a large range. Example All clients: ovconfchg -ns bbc.http -set CLIENT_PORT 62723-62835 opcmsga only: ovconfchg -ns bbc.http.ext.opcmsga -set CLIENT_PORT 62301 Default 0 If set to 0, the operating systemassigns the first available port number. PROXY Description Sets the proxy for any HPSoftware HTTPS clients running on the computer. Defines which proxy and port to use for a specified hostname. Format: proxy:port +(a)-(b);proxy2:port2+(a)-(b); ; a: list of hostnames separated by a comma or a semicolon, for which this proxy will be used. b: list of hostnames separated by a comma or a semicolon, for which the proxy will not be used. The first matching proxy is chosen. It is also possible to use IP addresses instead of hostnames so 15.*.*.* or 15:*:*:*:*:*:*:* would be valid as well, but the correct number of periods or colons must be specified. IP version 6 support is currently not available. Example ovconfchg -ns bbc.http -set PROXY proxy1.example.com:8080 ovconfchg -ns bbc.http -set PROXY proxy2.example.com:8080+(*.example.com,*.example.org)-(192.168.*.*) Default Not set. HP Operations Manager (9.00) Page 466 of 1297 Online Help SERVER_BIND_ADDR Description Sets the IP address for the communication broker (ovbbccb) and all other HTTPS RPC servers visible on the network. Because only the communication broker is normally visible on the network, all other RPC servers are connected through the communication broker and are not affected by SERVER_BIND_ADDR setting. Example ovconfchg -ns bbc.http -set SERVER_BIND_ADDR 10.10.10.10 Default localhost SERVER_PORT Description This is the port used by the applications <appName> communication broker to listen for requests. Note that it only really makes sense to explicitly set this parameter in the bbc.http.ext.<appName> namespace, as the parameter is application-specific with any value other than the default value. Example ovconfchg -ns bbc.http.ext.<appName> -set SERVER_PORT <port> Default 0 If set to 0, the operating systemassigns the first available port number. TARGET_FOR_RC (Outbound-Only Communication) Description OvCoreID of the systemin the trusted zone that the RCP should connect the systemin the less- trusted zone to. This is useful if the RCP cannot resolve the hostnames of the systemin the trusted zone, because of firewalls for example. Example ovconfchg-ns bbc.http-set TARGET_FOR_RCd498f286-aa97-4a31-b5c3-806e384fcf6e Default Not set. HP Operations Manager (9.00) Page 467 of 1297 Online Help TARGET_FOR_RC_CMD (Outbound-Only Communication) Description Script or command name. If this parameter is set, the RCP validates against the OvCoreId of the systemin the trusted zone. For this setting to work, the output of the script or command must be a valid OvCoreId. If both TARGET_FOR_RC and TARGET_FOR_RC_CMD are specified, TARGET_ FOR_RC takes precedence. Example ovconfchg -ns bbc.http -set TARGET_FOR_RC_CMD getOvCoreId Default Not set. bbc.http.ext.* Namespace This is the dynamic, external-communication namespace for application-specific settings. Note that application-specific settings in bbc.http.ext.* override managed node-specific settings in bbc.http. For a list of parameters, see the section "bbc.http Namespace" (on page 465). DCE Communication Parameters The following parameters can be set for use in a firewall environment that includes DCE/RPC communication components. The parameters are set in the opcinfo or nodeinfo files. l OPC_AGENT_NAT l OPC_COMM_PORT_RANGE l OPC_RESTRICT_TO_PROCS l OPC_RPC_ONLY OPC_AGENT_NAT Description HPOMconfiguration distribution usually checks if the configured IP address is a valid address on this systembefore accepting configuration data fromthe management server. This causes the distribution in a NAT environment to fail because the configured IP address does not usually exist on the system. By setting the parameter to TRUE, the distribution uses only the data for the IP address as configured in OPC_IP_ADDRESS. Example OPC_AGENT_NAT TRUE Default FALSE. HP Operations Manager (9.00) Page 468 of 1297 Online Help OPC_COMM_PORT_RANGE Description This variable defines the ports that may be used by the process for RPC communication. For RPC server processes, it is sufficient to give exactly one port number. For RPC clients, a range of ports must be given. Example OPC_COMM_PORT_RANGE 62004-62006 Default Not set. OPC_RESTRICT_TO_PROCS Description This parameter marks all following entries in the opcinfo file to be valid only for the given process. This is true for all following lines until the next occurrence of an OPC_RESTRICT_TO_PROCS line or to the end of the file. This is used to set different values for the same configuration parameter like OPC_COMM_PORT_RANGE. Example OPC_RESTRICT_TO_PROCS opcmsga OPC_COMM_PORT_RANGE 62004-62006 Default Not set. OPC_RPC_ONLY Description When initiating communication to the management server, the message agent first checks if the systemis running and if the endpoint mapper is running. This is done using ICMP and simple UDP communication. If the systemis down, this communication is less expensive than a failing RPC call.Since in firewall environments this communication usually is blocked at the firewall, it can be turned off by setting this parameter to TRUE. Example OPC_RPC_ONLY TRUE Default FALSE. HP Operations Manager (9.00) Page 469 of 1297 Online Help Network Tuning Parameters Network Tuning for Windows TCP Time Wait Delay In order to reduce the time that a port is left open and cannot be reused on Windows systems, the TIME_WAIT period can be lowered by modifying the following registry key: HKEY_LOCAL_MACHINE\System\CurrectControlSet\Services\Tcpip\Parameters Value Name: TcpTimedWaitDelay Data Type: REG_DWORD (DWORD Value) Value Data: 30-300 seconds (decimal) Caution: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result fromusing Registry Editor incorrectly. Use Registry Editor at your own risk. For information regarding the modification of the TcpTimedWaitDelay key, see the following documents: http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B314053 http://technet2.microsoft.com/WindowsServer/en/library/38b8bf76-b7d3-473c-84e8- e657c0c619d11033.mspx Troubleshooting Known Issues in NAT Environments In a NAT environment, the following problems can be encountered. Name Resolution Issues in a NAT Environment If the outside systems use the same DNS setup as the inside ones, the agent will resolve the management servers name to an address where no route can be found to. Address Translation of Inside and Outside Addresses Using One DNS Server HP Operations Manager (9.00) Page 470 of 1297 Online Help In this example, the agent would resolve the management servers name (stroppy.bbn.hp.com) to the internal IP address (15.136.120.193) but could not find a route there. A manual overwrite for the DNS lookup can be introduced into the opcinfo file. See Adjusting the Server IP Address on page208. Instead of the setting of the OPC_RESOLVE_IP variable, a network route could also be set up to direct an access to the internal address via the firewall. This only works if the firewall is configured to allow this access. Adjusting the Server IP Address Add a line to the opcinfo file holding the server's IP address to use: OPC_RESOLVE_IP 35.136.120.193 After changing the opcinfo file, the Operations for Windows agent processes have to be restarted to make the change effective: opcagt -kill opcagt -start Troubleshooting Outbound-Only Communication Verifying RCP Communication from an Agent to the Server To verify that the agent systemconfiguration correctly routes agent requests to the management server using a reverse channel proxy (RCP), use the following command: bbcutil -gettarget <management_server_hostname> The output should look something like this: HP Operations Manager (9.00) Page 471 of 1297 Online Help HTTP Proxy: myrcp.example.com:1025 (126.157.135.32) The bbcutil command cannot differentiate between a regular HTTP proxy and an RCP. In this example, the RCP must be running on myrcp.example.comusing port 1025 for RCP communication to work correctly. Verifying RCP-to-Server Communication through a Firewall To verify that reverse administration channel was correctly set up to the reverse channel proxy (RCP), use the following command on the management server: ovbbccb -status Check the last section of the output fromthis command, which is entitled HP OpenView HTTP Communication Reverse Channel Connections. The command output should look something like this: HP OpenView HTTP Communication Reverse Channel Connections Opened: tcpc50.example.com:1025BBC 06.00.041; ovbbcrcp 06.00.041 tcvm1119.example.com:1025BBC 06.00.041; ovbbcrcp 06.00.041 ichthys.example.com:1025BBC 06.00.041; ovbbcrcp 06.00.041 blauber.example.com:1025BBC 06.00.041; ovbbcrcp 06.00.041 Pending: myrcp.example.com:1025 Connection To Host Failed sagar.example.com:1025 Connection To Host Failed tcdhcp1118.example.com:1025 Connection To Host Failed The Opened connections were established successfully. Some connections are pending because communication between the server and the RCP is not working. Such a communication problem can occur if a port is blocked by the firewall for this destination port (outbound, see "Communication Concepts" (on page 366)), another application is listening on the same port, an agent systemhas no route to the server, and so on. Verifying the Connection to the RCP If you run ovbbccb -status, and receive the error message Connection to Host Failed with a status of Error Unknown, verify the connection to the host. (For more information about ovbbccb -status, see "Verifying RCP-to-Server Communication through a Firewall" (on page 472)). To verify the connection to the RCP, check the following: l RCP port number Check the port number to which the communication broker on the management server tries to connect. It is configured in RC_CHANNELS (or RC_CHANNELS_CFG_FILES) on the server. Is :port number attached after the hostname? Correct: myrcp.example.com:1025 Incorrect: myrcp.example.com HP Operations Manager (9.00) Page 472 of 1297 Online Help If the port number is configured correctly, check for the correct spelling of the RCP hostname, the fully qualified name, or the IP address (if you specified an IP address instead of a hostname) configured in [bbc.cb] RC_CHANNELS. (If you used RC_CHANNELS_CFG_FILES, check the RCP name or IP address in the files). l Firewall Is the firewall open for this destination port (outbound, see "Communication Concepts" (on page 366))? l RCP port On the RCP, check the RCP port using ovbbcrcp -status. Check that the output lists the RCP as running on the same port number as configured for the RC_CHANNELS on the server. l DNS setup Depending on your DNS, it is possible that some agents may not be able to establish communication to the server. In this case, you can set TARGET_FOR_RC to the OvCoreId of the server. If the server is a cluster system, use the OvCoreId of the virtual node. For details, see "TARGET_FOR_RC (Outbound-Only Communication)" (on page 467). Verifying the Core ID for Agents Another problemthat causes communication between management server and agent to fail is a null Core ID for the agent systemin the management server database. This null Core ID can occur when the agent software is installed manually or a node is added to the console although it is already configured. To check for an OvCoreId mismatch, follow these steps: If the OvCoreId is all zeroes (000...), you must update the OvCoreId in the management server database using the AdvancedConfiguration dialog box. 1. In the list of managed nodes, select the node whose OvCoreId you want to check. 2. Right-click to open the shortcut menu. 3. Select Properties to open the NodesProperties dialog box, which displays the General tab by default. 4. In the Nodes Properties dialog box, click AdvancedConfiguration. Verifying the Status of Installed Certificates on Agents A systemrunning on the untrusted side of a firewall must have a valid HPOMcertificate for HTTPS communication to work between the agent and the management server. To check the status of installed certificates on the agent, use the following: ovcert -list The output should look something like this: +---------------------------------------------------------+ | Keystore Content | HP Operations Manager (9.00) Page 473 of 1297 Online Help +---------------------------------------------------------+ | Certificates: | | c731ede6-8061-7513-1d42-b85318b1d914 (*) | +---------------------------------------------------------+ | Trusted Certificates: | | CA_03189d8a-d4bd-7510-1c23-90eb20297618 | | CA_3f1aa992-f8d9-750f-1259-91b920df5b5c | | CA_fbc26e82-527b-7514-115b-df5797658102 | +---------------------------------------------------------+ The Certificates section must contain a line with the OvCoreId of the agent system. To see the OvCoreId, use the following command: ovcoreid The Trusted Certificates section must contain a line with the OvCoreId of the management server. If the server is a cluster, the OvCoreId of the virtual node must appear in this list. In a flexible management environment, you will see a certificate authority (CA) certificate for each of the management servers, as shown in the example. For details on how to correctly issue and install certificates on agents, see the online help. Verifying the Certificate Authorities for RCPs and Agents When the agent is on a different systemthan the RCP, and the RCP was installed fromanother management server (flexible management environment), it is possible for communication to fail with SSL-related errors reported in the System.txt error log file. Verify that both certificate authorities (CAs) are among the trusted certificates of the agent and the RCP. To get the Issuer CA of a certificate, use following command: ovcert -certinfo ovcoreid| grep "Issuer CN" Verify that the Issuer CA is listed in the Trusted Certificates section of the ovcert -list output on the other node: If the trusted certificate is not known on one of the two systems, exchange the trusted certificates fromthe agent to the RCP system, and fromthe RCP systemto the agent: 1. To export the trusted certificates fromthe agent to the RCP system, follow these steps: a. Export the trusted certificates fromthe agent: ovcert -exporttrusted -file /tmp/trusted b. Copy the file /tmp/trusted to the RCP systemand import the certificates: c. ovcert -importtrusted -file /tmp/trusted 2. To export the trusted certificates fromthe RCP systemto the agent, follow these steps: HP Operations Manager (9.00) Page 474 of 1297 Online Help a. Export the trusted certificates fromthe RCP system: ovcert -exporttrusted -file /tmp/trusted b. Copy the file /tmp/trusted to the agent and import the certificates: ovcert -importtrusted -file /tmp/trusted For more information about security in flexible management environments, see the online help. Verifying the Trusted Certificates of the Server Verify that the server can communicate with the agent: opcragt myrcp.example.com If you get SSL errors, run this command: ovcert -list Verify that all of the trusted certificates fromthe keystore OVRG: server are also available in the agent keystore (first section). If they are not, update the trusted certificates: ovcert -updatetrusted For a server in a cluster environment, repeat this step on all of the physical nodes of the cluster. HP Operations Manager (9.00) Page 475 of 1297 Online Help Change the name or IP address of the management server You may find it necessary to change the name or IP address of the management server. You can: l Change the IP address of the management server l Change the name of the management server l Change the virtual name or IP address in a cluster l Change the name or IP address in a flexible management environment Change the IP Address of the management server The following procedure describes how to change the IP address of the management server. Note: The management server does not support running with dynamic IP address allocation (DCHP). 1. Optional. If the IP address of the management server is used in server-to-node communication, open the properties of the node and change the IP address in the Network tab. 2. Change the IP address, and reboot if required by your operating system. 3. After you have changed the IP address, the old license cannot be used any more. You must move the old license to the new IP address at http://webware.hp.com. You will need the original HP order number, the old IP address of the management server, the new IP address, and the hostname to successfully order a new license. Install the new license: a. Start the HPOMconsole and click Get License in the License Status dialog box. b. Select the HP Operations Manager for Windows Software component and click OK. c. When the HP AutoPass window opens, use the wizard to install the license key. Change the name of the management server The following procedure describes how to change the fully qualified domain name (FQDN) of the management server. 1. Create and deploy an agent-based flexible management policy to the nodes fromthe current management server to configure the management server's new name as a secondary management server of the nodes. You must add to your policy the core ID of the secondary management server. To get a management server's core ID, open a command prompt on that management server, and then type the following command: ovconfget -ovrg server sec.core CORE_ID For example, the following line specifies manager4.example.comas secondary manager: SECONDARYMANAGER NODE IP 0.0.0.0 "manager4.example.com" ID "e77b4992-5d78-753f-1387-c01230fe2648" HP Operations Manager (9.00) Page 476 of 1297 Online Help Tip: You can edit or copy one of the sample flexible management policies, which are available in Policy management Policy groups Samples Agent-based Flexible Management, for example MultipleActionManagers. 2. Switch the management server name on all managed nodes, go to Tools HP Operations Manager Tools and use the Switch Management Server tool. 3. Switch the certificate server on all managed nodes to the current management server, go to Tools HP Operations Manager Tools Certificate Management and use the Switch Agent's Certificate Server tool. 4. Make sure that each node is able to resolve the new management server name. For details, see the help topic Resolve the IP address of the management server. 5. Stop all agent processes on the management server: ovc -stop 6. Exit all consoles and stop all management server processes: vpstat -3 -r STOP 7. Open a command prompt on the management server and enter: ovconfchg -edit A text editor starts and displays the settings file. 8. Search for all occurrences of the old management server name and replace themwith the new name. Then save your changes and close the text editor. 9. Use regedit to update the following registry keys. Change the old management server name to the new one: n HKLM\SOFTWARE\Hewlett- Packard\OVEnterprise\ManagementServer\DBAccess\OvOWInstance n HKLM\SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\MsgActSrv\MGMT_SERVER n HKLM\SOFTWARE\Hewlett-Packard\OVEnterprise\Management Server\MsgActSrv\NAMESRV_LOCAL_NAME 10. Change the hostname and reboot the system. 11. Start the console and connect to the new management server name. 12. Check the Network tab of the Node Properties dialog box for the management server: If the old name of the management server was specified in the Primary node name field, correct it. Check also the Message Identification tab to see if the old name of the management server was specified there. If yes, correct it. If Domain Name(FQDN) is selected, verify that the new name resolves to the IP address of the management server. Optional. Change the display name of the management server in the General tab. HP Operations Manager (9.00) Page 477 of 1297 Online Help 13. Windows DCE agents only. Update the Windows DCE agent package with the new server name: Open a command prompt and enter: SetMgmtServer The output will be similar to this: setmgmtserver Agent package 'C:\Program Files\HP OpenView\\packages\Windows\OvEpMsgActAgt.FM' Management server name was updated from 'old_serv.rose.hp.com' to 'hpom_serv.rose.hp.com' SYSTEM account installation: enabled Authentication enforcement: disabled Forced user account switch: disabled 14. In the flexible management policy editor, delete all lines that refer to the old management server name fromthe flexible management policy, and redeploy the policy. Change the virtual name or IP address in a cluster The following procedure describes how to change the virtual IP address or virtual server name of the management server in a cluster. 1. DCE agents only. Before performing a change in the IP address, check to see whether any node is using the variable OPC_RESOLVE_IP to get the IP address of the management server. If so, update those nodes before performing the change on the management server. 2. If the virtual server name changes, performthe following steps: a. Create and deploy an agent-based flexible management policy to the nodes with the new virtual server name to configure the management server's new virtual name as a secondary management server of the nodes. You must add to your policy the core ID of the secondary management server. To get a management server's core ID, open a command prompt on that management server, and then type the following command: ovconfget -ovrg server sec.core CORE_ID For example, the following line specifies manager4.example.comas secondary manager: SECONDARYMANAGER NODE IP 0.0.0.0 "manager4.example.com" ID "e77b4992-5d78-753f-1387-c01230fe2648" Tip: You can edit or copy one of the sample flexible management policies, which are available in Policy management Policy groups Samples Agent-based Flexible Management, for example MultipleActionManagers. b. Switch the management server name on all managed nodes, go to Tools HP Operations Manager Tools and use the Switch Management Server tool. c. Switch the certificate server on all managed nodes to the current management server, go to Tools HP Operations Manager Tools Certificate Management and use the Switch Agent's Certificate Server tool. HP Operations Manager (9.00) Page 478 of 1297 Online Help d. Make sure that each node is able to resolve the new virtual server name. For details, see the help topic Resolve the IP address of the management server. e. Update the following registry keys with the new virtual server name on all physical systems: o HKLM\Software\Hewlett-Packard\OVEnterprise\Management Server\MsgActSrv\MGMT_SERVER o HKLM\Software\Hewlett-Packard\OVEnterprise\Management Server\MsgActSrv\NAMESRV_LOCAL_NAME o HKLM\Software\Hewlett-Packard\OpenView\Common\MgmtServerName 3. If the virtual IP address changes, update the following registry key with the new virtual server IP address on all physical systems: HKLM\Software\Hewlett-Packard\OpenView\Common\MgmtServerIP 4. Optional. If HP Reporter is installed, update the virtual server name on all physical systems: a. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. b. Click Namespaces, and then click Reporter Integration. A list of values appears. c. Update the value Server name with the virtual server name. d. Click Apply. 5. Stop the OvServerMonitor service on all physical cluster systems. 6. Open Failover Cluster Management. 7. Select the HPOMgroup and take it offline. 8. Open the IP address resource or the network name resource and change the parameters of the resource accordingly. 9. DCE agents only. If the virtual server name has changed, run the following command: SetMgmtServer.exe /servername <virtual server name> 10. In Failover Cluster Management, take the HPOMgroup online again. 11. Start the OvServerMonitor service on all physical cluster systems. 12. If the virtual IP address has changed, move the old license to the new virtual IP address at http://webware.hp.com. You will need the original HP order number, the old virtual IP address, the new virtual IP address, and the hostname to successfully order a new license. Install the new license: a. Start the HPOMconsole and click Get License in the License Status dialog box. b. Select the HP Operations Manager for Windows Software component and click OK. c. When the HP AutoPass window opens, use the wizard to install the license key. 13. In the flexible management policy editor, delete all lines that refer to the old virtual management server name fromthe flexible management policy, and redeploy the policy. HP Operations Manager (9.00) Page 479 of 1297 Online Help 14. Optional. If not only the virtual server name or IP address changed, but also the name or IP address of the physical hosts changed, follow the steps shown in Change names and IP addresses. Change the name or IP address in a flexible management environment The following procedure describes how to change the fully qualified domain name (FQDN) or IP address of the management server in a flexible management environment. 1. The basic procedures to change the IP address or FQDN of a management server in a flexible management environment are the same as for standalone servers: n Change the IP Address of the management server n Change the name of the management server 2. Update the flexible management policies with the new IP address or FQDN of the management server and deploy themas necessary. 3. Optional. If Notify management server if node communication address changes is not selected in the node's properties, you must manually update the node's properties on all servers in the environment. The easiest way to achieve this is to modify the node properties on one management server, and then use the ovpmutil tool to download and upload the node information. Related Topics: l Change the name or IP address of managed nodes l Configure action-allowed and secondary managers HP Operations Manager (9.00) Page 480 of 1297 Online Help Configuring service types The Configure Service Types dialog box enables you to configure the service types used when an instance of a service is created. A service type is similar to a template; you associate a service type with specific reports, graphs, tools, and deployment packages. That service type is then used when an instance of the associated service is created. Any tools, reports, graphs, and deployment packages associated with the service type are associated with every instance of that service that has been or will be created. The service type ensures that these properties are applied globally to all services of that type. Note: Associating a report with a service type does not create a new report, but allows you to launch a default report (usually the "All Systems" report). To configure a service type 1. Open the Configure Service Types dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the configuration toolbar. The Configure Service Types dialog box opens. Alternatively, right-click to open the shortcut menu and select Configure Service Types. 2. In the Configure Service Types dialog box, select the service type you want to configure. 3. Click Properties to open the Properties dialog box. 4. Specify your settings in these tabs: n General n Reports and Graphs n Tools n Deployment 5. Click Apply to apply your changes without closing the dialog box. 6. Click OK to confirmyour changes and close the dialog box. Note: If you are performing an operation that requires network access to the server at the time of a failure, you will see a message explaining that your changes will be lost. You can return to the Service Type dialog box or exit. Related Topics: l Configuring services Configure a new service type You can create a new service type, rather than select fromthe list of existing service types. Use the Properties dialog to associate icons, reports, graphs, tools, and deployment packages with a specific service type. This service type is used as a template during the creation of individual instances of the associated service. Properties you configure for the service type will be associated with each instance of the service. HP Operations Manager (9.00) Page 481 of 1297 Online Help Configuring service types To configure a new service type 1. Open the Configure Service Types dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the configuration toolbar. The Configure Service Types dialog box opens. Alternatively, right-click to open the shortcut menu and select Configure Service Types. 2. In the Configure Service Types dialog box, right-click to open the shortcut menu. 3. Click New Service Type to open the Properties dialog box. 4. Specify your settings in these tabs: n General n Reports and Graphs n Tools n Deployment 5. Click Apply to apply your changes without closing the dialog box. 6. Click OK to confirmyour changes and close the dialog box. To delete a service type 1. If you want to delete a service type, select it in the Configure Service Types dialog box list. 2. Right-click to open the shortcut menu and click Delete or press the Delete key. A message prompts you to confirmthe delete operation. Related Topics: l Configuring services Configure general properties for service types Configure general information you want to associate with a particular service type using the General tab of the Properties dialog box. Settings you make here apply to every service of this type. A service type is used as a template for individual instances of an associated service. To configure general properties for service types 1. Open the Configure Service Types dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the configuration toolbar. The Configure Service Types dialog box opens. Alternatively, right-click to open the shortcut menu and select Configure Service Types. 2. In the Configure Service Types dialog box, select the service type you want to configure. 3. Click Properties to open the Properties dialog box. HP Operations Manager (9.00) Page 482 of 1297 Online Help Configuring service types 4. Select the General tab. 5. Optional. In the Icon box, enter the name of the icon that you want to represent this service type. Click Browse to open the Choose Icon dialog box, a standard Windows file selection dialog box that lists icon (.ico) files. You can override the icon property of a service type for a specific instance of a service using the Configure Services editor. 6. Optional. Select the icon you want to use and click Open. The icon you select here appears in the General tab. If you change to another directory to select an icon, you will see a message asking you to copy the icon to the proper directory. If you want the same icon to appear in another machine's installation of the console, it must be selected in the same manner on that machine. If the icon is not already present, it must be manually copied to that machine before you can select it. You can also create your own customicon if desired. 7. Optional. In the Display Name box, enter the name you want to display for this service type. 8. Optional. In the Description box, enter information about the service type you are configuring. 9. Optional. If service discovery scripts discover the services, define defaults for the service display name, and description. You can enter both strings and variables. The variables have the format $<AttributeName>$, where <AttributeName> is the name of a service attribute as defined in your service discovery script. When the management server creates a service based on this service type, it replaces $<AttributeName>$ with the value of the attribute. For example, if your service discovery script discovers services with the attribute <Attributename="DatabaseService" value="SQL Server" />, and you enter $DatabaseService$ in the Display Name Format box, then the management server will insert SQL Server in the display name of the service. n In the Display Name Format box, enter the display name of the associated services. It is recommended that you define a display name for your discovered services, otherwise the service ID displays as caption in the console. n In the Description Format box, enter information about the service. The description is only visible when you edit the service and may be left empty. n Leave the Service ID Format box empty. The Service ID Format is reserved for future use. The discovery fields are grayed out if services already exist that are associated with this service type. 10. Click Apply to apply your changes without closing the dialog box. 11. Click OK to confirmyour changes and close the dialog box. Related Topics: l Configure general service properties l "Select customicons for service types" (on page 488) l Configure customservice auto-discovery policies l Design effective service IDs HP Operations Manager (9.00) Page 483 of 1297 Online Help Configuring service types Configure reports and graphs for service types Configure the reports and graphs you want to associate with a particular service type using the Reports and Graphs tab of the Properties dialog box. Settings you make here apply to every service of this type. A service type is used as a template for individual instances of an associated service. The reports and graphs you specify for the service type will be available fromall associated services. If you want to specify additional reports and graphs available for an individual instance of a service, you can use the Configure Services dialog box. Note: Associating a report with a service type does not create a new report, but allows you to launch a default report (usually the "All Systems" report). To configure reports and graphs for service types 1. Open the Configure Service Types dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the configuration toolbar. The Configure Service Types dialog box opens. Alternatively, right-click to open the shortcut menu and select Configure Service Types. 2. In the Configure Service Types dialog box, select the service type you want to configure. 3. Click Properties to open the Properties dialog box. 4. Select the Reports and Graphs tab. 5. Click the Add button to open the Select Report Family or Category dialog box. 6. Select the report family or category you want to associate with this service type and click OK to close the dialog box. If you selected a report category, the name of the family and category will appear in the Reports box. If you selected a report family, only the name of the family will appear. 7. Click the Add button to open the Select Graph Family or Category dialog box. 8. Select the graph family or category you want to associate with this service type and click OK to close the dialog box. If you selected a graph category, the name of the family and category will appear in the Graphs box. If you selected a graph family, only the name of the family will appear. 9. Click Apply to apply your changes without closing the dialog box. 10. Click OK to confirmyour changes and close the dialog box. Related Topics: l Select report family or category for service types l Select graph family or category for service types l Configure reports and graphs HP Operations Manager (9.00) Page 484 of 1297 Online Help Configuring service types Configure tools for service types Configure the tools you want to associate with a particular service type using the Tools tab of the Properties dialog box. Settings you make here apply to every service of this type. A service type is used as a template for individual instances of an associated service. The tools you specify for the service type will be available fromall associated services. If you want to specify additional tools available for an individual instance of a service, you can use the Configure Services editor. To configure tools for service types 1. Open the Configure Service Types dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the configuration toolbar. The Configure Service Types dialog box opens. Alternatively, right-click to open the shortcut menu and select Configure Service Types. 2. In the Configure Service Types dialog box, select the service type you want to configure. 3. Click Properties to open the Properties dialog box. 4. Select the Tools tab. 5. Click the Add button to open the Select Tools dialog box. 6. Select the tools you want to associate with this service type and click OK to close the dialog box. The names of the tools you selected appear in the Tools list of the Tools tab. 7. Click Apply to apply your changes without closing the dialog box. 8. Click OK to confirmyour changes and close the dialog box. Related Topics: l Select tools for service types l Add tools Configure deployment for service types Use the Deployment tab of the Properties dialog box to configure deployment of policy groups that you associate with a particular service type. The policy groups you specify for the service type are those that are deployed to the nodes or node groups on which services of that type are hosted. A service type is used as a template for individual instances of an associated service. Settings you make here apply to every service that is created based on this type. To configure deployment of policy groups for service types 1. Open the Configure Service Types dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the configuration toolbar. The Configure Service Types dialog box opens. HP Operations Manager (9.00) Page 485 of 1297 Online Help Configuring service types Alternatively, right-click to open the shortcut menu and select Configure Service Types. 2. In the Configure Service Types dialog box, select the service type you want to configure. 3. Click Properties to open the Properties dialog box. 4. Select the Deployment tab. Policy groups currently associated with this service type appear in the Policy Group list. 5. Click Add to open the Select Policy Groups dialog box. 6. Select the policy groups you want to associate with this service type and click OK to close the Select Policy Group dialog box. The names of the policy groups you selected appear in the Policy Groups box in the Deployment tab of the Properties dialog box. The Attributes column displays additional information about each policy group, if available. 7. Optional. To remove a policy group fromthe list, select the group name and click Remove. 8. Optional. By default, the listed policy groups are automatically deployed to each newly created service of this service type. To disable automatic deployment of individual policy groups, select the policy group and click Disable. 9. Click Apply to apply your changes without closing the dialog box. 10. Click OK to confirmyour changes and close this dialog box. Related Topics: l Select policy group for service types l Disable policy autodeployment Select report family or category for service types Specify the report family or category you want to associate with a particular service type using the Select Report Family or Category dialog box. The report family or category you choose will be available for all services associated with this service type. To associate a report family or category with a service type 1. Fromthe Reports and Graphs tab of the Properties dialog box, click Add to open the Select Report Family or Category dialog box. 2. Fromthe list displayed, choose the family or category you want to associate with this service type. 3. Click OK to confirmyour choices and close this dialog box. 4. If you selected a report category, the family and category appear in the Reports box of the Properties dialog box Reports and Graphs tab. If you selected a report family, only the family appears. 5. Click Apply to apply your changes without closing this dialog box. 6. Click OK to confirmyour choices and close this dialog box. Related Topics: l Configure reports and graphs for service types HP Operations Manager (9.00) Page 486 of 1297 Online Help Configuring service types Select graph family or category for service types Specify the graph family or category you want to associate with a particular service type using the Select Graph Family or Category dialog box. The graph family or category you choose will be available for all services associated with this service type. To associate a graph family or category with a service type 1. Fromthe Reports and Graphs tab of the Properties dialog box, click Add to open the Select Graph Family or Category dialog box. 2. Fromthe list displayed, choose the family or category you want to associate with this service type. 3. Click OK to confirmyour choices and close this dialog box. 4. If you selected a graph category, the family and category appear in the Graphs box of the Properties dialog box Reports and Graphs tab. If you selected a graph family, only the family appears. 5. Click Apply to apply your changes without closing this dialog box. 6. Click OK to confirmyour choices and close this dialog box. Related Topics: l Configure reports and graphs for service types Select tools for service types Specify the tools you want to associate with a particular service type using the Select Tools dialog box. The tools you choose will be available for all services associated with this service type. To associate tools with a service type 1. Fromthe Tools tab of the Properties dialog box, click Add to open the Select Tools dialog box. 2. Fromthe list of tools displayed, choose those you want to associate with this service type. You can select multiple tools. 3. Click OK to confirmyour choices and close this dialog box. 4. The tools you selected appear in the Tools box of the Properties dialog box Tools tab. 5. To remove a tool fromthe list, select the tool and click Remove. 6. Click Apply to apply your changes without closing this dialog box. 7. Click OK to confirmyour choices and close this dialog box. Related Topics: l Configure tools for service types Select policy group for service types Specify the policy groups you want to associate with a particular service type using the Select Policy Groups dialog box. The policy groups you choose are deployed when services of this type HP Operations Manager (9.00) Page 487 of 1297 Online Help Configuring service types are created. To associate policy groups with a service type 1. Fromthe Deployment tab of the Properties dialog box, click Add to open the Select Policy Groups dialog box. 2. Fromthe list of policy groups displayed, choose those you want to associate with this service type. You can select multiple policy groups. 3. Click OK to confirmyour choices and close this dialog box. 4. The policy groups you selected appear in the Policy Groups box of the Properties dialog box Deployment tab. 5. Click Apply to apply your changes without closing this dialog box. 6. Click OK to confirmyour choices and close this dialog box. Related Topics: l Configure deployment for service types Select custom icons for service types If you prefer not to use the default icon provided for a service type, you can use your own custom icon. To use a custom icon 1. Create your icon in two sizes. You must have a 32 x 32 pixel and a 16 x 16 pixel version of the image in the same .ico file. 2. Manually place this .ico file on every installed console. The location is: %OvDataDir%\conf\OvOW\en\icons\Service 3. If the console is already open, you must close and reopen the console to display the new icon. If the console was closed when you created the icon, the new icon displays immediately when you open the console. Related Topics: l Configure general properties for service types l Configure general service properties HP Operations Manager (9.00) Page 488 of 1297 Online Help Configuring service types Configuring services The Service Editor allows you to define how services in the service hierarchy are dependent on each other, and allows you to define rules that evaluate the severity based on the state of the contributing services. A service hierarchy is a logical organization of the services you provide. Instead of manually building a service hierarchy, you can use service discovery policies to populate the service map in the console. Most HP Operations Manager Smart Plug-ins provide service discovery policies to help you reproduce your service environment. You can then use the Service Editor to fine tune the SPI service hierarchies, for example by adding or removing services. Services are the building blocks of your service hierarchy. A service may be anything froma low- level hardware component to a high-level software application. Use the Service Editor to review or modify the properties of a service. Service maintenance tasks include, for example editing or deleting services, reacting to unplanned outages or scheduling planned outages for services. Related Topics: l Service Auto-Discovery Policies Configure service hierarchies Although you can use the Service Editor to create a basic service hierarchy, it is recommended that you build on and modify the service hierarchies discovered by HP Operations Manager Smart Plug- ins. Service discovery policies automatically populate the service map in the console, based on discovery rules executed within the managed environment. You can then use the Service Editor to, for example, assign reports and graphs or to delete unwanted services. If you want to build a service hierarchy yourself, use the following high-level steps to guide you through the process. To configure service hierarchies 1. Learn about the service hierarchy. 2. Learn how to plan a service hierarchy. 3. Learn about Service IDs. 4. Sketch out a plan for your service hierarchy that includes the high-level services that you want to monitor, for example, printing, e-mail, internet access and so on, noting the service hosting for each service. 5. Make sure that all nodes needed for the service hierarchy are configured managed nodes. 6. Use the Service Editor to add folder-based services for all high-level services in your service hierarchy. Accept the default value propagation and calculation values. You can change these values later if you need to. 7. For each node, add a dependency fromthe Systems Infrastructure SPI hierarchy to all services that reside on that node. 8. Create folder-based services for any special applications or processes are monitored by your HP Operations Manager (9.00) Page 489 of 1297 Online Help Configuring services policies. Include these services in the service hierarchy. Ensure that the service IDs match those in the policies. Related Topics: l Service Auto-Discovery Policies Service hierarchy overview A service hierarchy is a logical organization of the services you provide, each higher level covering a wider or more general service area than the next lower level. The picture below shows a simple service hierarchy. The top level service is E-mail. This service is dependent on two lower level services, America and Europe, which in this case represent e-mail services on two continents. These services depend on other services, down to the lowest level services, in this case, the hard disks and CPUs of specific computers. This sample is small but a service hierarchy can include many more services and relationships. (Move your cursor over the boxes and arrows below for more information about this service hierarchy example.) Service Hierarchy Terms The terms below are used in the help to describe the relationships between the various services in a service hierarchy. l The terms superordinate and subordinate describe the hierarchical relationship between two services in the service hierarchy. A superordinate service depends on one or more subordinate services, and uses the statuses of its subordinates to calculate its own status. All services to which a service propagates its status are considered to be that service's superordinates. A service can be both superordinate and subordinate at the same time. l Dependency describes the relationship between a superordinate service and a subordinate service. The superordinate depends on the services of the subordinate to function properly, and also depends on the status of the subordinate services to calculate its own status. l A contained by link describes the relationship of a subservice which cannot exist without a HP Operations Manager (9.00) Page 490 of 1297 Online Help Configuring services superordinate service. In the example above, the service CPU 1 cannot exist if its superordinate service Computer 1 does not exist. If Computer 1 is removed fromthe service hierarchy, CPU 1 cannot exist in the service hierarchy. l A used by link describes the relationship of a subservice which can exist without the superordinate service. In the example above, the service Computer 1 can exist if its superordinate service Mail Server 1 does not exist. If Mail Server 1 is removed fromthe service hierarchy, Computer 1 will remain in the service hierarchy. Related Topics: l Planning your service hierarchy Plan your service hierarchy It is helpful to draft your service hierarchy before you start using the Service Editor. When planning your service hierarchy, keep the following questions in mind: l Which IT services do you provide? Which ones do you want to monitor? l Who are the customers of your services? Which organizations, departments, or lines of business? l How can you logically group the services you provide? Which services are used by other services? l How do problems in one service affect another? Which status propagation rule should you apply? l How do you evaluate the severity of a problem? Which status calculation rule should you apply? l Which tools should be assigned to each service? Related Topics: l Service hierarchy overview l Design effective service IDs Design effective service IDs Service IDs are unique identifiers or strings that you can choose freely when you define a component service. They are important because you use themwhen defining message attributes to indicate which messages match which services. Note, however, that you don't have to create a new policy or rule for each service that you monitor. You can devise a structured naming schema for your services, and use HP Operations' predefined variables to construct the service IDs. This makes it possible to keep your policies generic, while still specifically identifying each individual service. Consider the following example: your IT company is managing several database installations for different customers. You know that each database installation can have several instances, and that each instance has several tablespaces which you want to monitor. Your service hierarchy draft might look similar to this one: HP Operations Manager (9.00) Page 491 of 1297 Online Help Configuring services When you know this general layout, you can begin think about creating service IDs. You will want to use the same HP Operations policy to monitor all the tablespaces, so you need to come up with a naming schema that allows you to reuse your policies, while still providing service IDs that are unique for every instance of the service. In order to do this, think of what makes each service unique and then compose the service ID with this information. In the example above, the customer name, the instance name, tablespace name, and the systemname where the database is installed would uniquely identify each tablespace service. A service ID that contained exactly this information could look like this: company.instance_name.tablespace_name.system.com Note: Service IDs can contain a maximumof 2048 characters. Service IDs cannot contain leading or trailing spaces, or any of the following characters: ' (apostrophe), " (inch mark), \ (backslash), ` (grave accent), (acute accent). Although you could type this information directly into the service ID box for each policy, you would then need a different copy of the policy for each customer site. Instead of hardcoding this information, you can use the following methods to include this information in the Service ID. HP Operations automatically includes the name of the systemon which the message originated as a property of every Service ID, so it is not necessary for you to include this information in the Service ID. The company name, instance name and tablespace name of the particular service instance can be found by using variables. For example, if the policy was monitoring entries in a database log file, a log file like this might exist: Sample log file entry: Error Number: 110 tablespace_1 for instance_1 full in database Smith_ Inc Error Number: 110 tablespace_2 for instance_1 full in database Jones_ Inc In order to match Error Number 110 and to assign parts of this message to variables, you could type the following in the log file line box for the policy that monitors the log file: ^Error Number: 110 <instance_#.instance> for <tablespace_#.tablespace> full in database <*.customer> Then, in the Message Attributes tab, you would use the following entries in the Service ID and Hosted on boxes: Service ID: <customer>.<instance>.<tablespace> Hosted on: <$MSG_NODE_NAME> For the first line of the sample log file, this would resolve to a service ID that looks like this: Smith_Inc.instance_1.tablespace_1 HP Operations Manager (9.00) Page 492 of 1297 Online Help Configuring services This is the service ID that you would type in the service ID box for the component service that represents this tablespace for customer Smith Inc. The figure below shows a variable-based naming schema for all services in the example service hierarchy. Related Topics: l Pattern matching Service type overview Service type is a property that defines the structure that a particular service hierarchy is allowed to have. For example, the service type storage, is allowed to contain the service type disk, but disk cannot contain storage. You can set the service type only when you are adding a new service. After the service is created, you cannot change it. If you are editing a service hierarchy provided by a Smart Plug-in, you can choose one of several preconfigured service types when you add a new service. If you want to add services that do not fit the predefined types of a Smart Plug-in, or if you are creating your own service hierarchy, you can use the default service type Generic Service. Related Topics: l Service hierarchy overview Add dependency When you assign a service to be the subordinate of another service, you are adding a dependency. After adding a dependency, remember to check the status calculation and propagation rules of the two services to ensure that you get the status that you expect in the service view. To add a dependency 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service which should get a new dependency (that is, the superordinate service). 3. Click Add Dependency. The Add Dependency Relationships dialog box appears. 4. Select the service on which the first service will be dependent (that is, the subordinates). You can select more than one service if you want to create more than one dependency. 5. Click OK. Note: You can also create dependencies with a drag-and-drop operation in the Service Editor. Related Topics: HP Operations Manager (9.00) Page 493 of 1297 Online Help Configuring services l Add component service Add component service Component services are the building blocks of your service hierarchy. They are the names and icons that you see in the service map view. In the service hierarchy example, DISK, CPU, Computer, Mail Server, and so on, are all service components. To add a component service 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select Add Service. 3. Select the Service type. Selections you make here are listed under Services in the Service Editor main dialog box. 4. If you want to see SPI service types in the Service Type list, check the box Show SPI Service Types. 5. Indicate the Service hosting. Service hosting refers to the managed node on which the service runs. n Virtual Services are services that are abstractions. Virtual services do not actually exist on any node. n The managed node you select for Hosted On is the node where the service actually resides. If you select a node group, the service is hosted on all nodes contained in that group. After the service hosting is set for a service, you cannot change it. 6. Type a Display Name. This is the name that you will see in the service map view. 7. Type a Service ID, a string that will uniquely identify this service within the context of the hosting node. This string is the key that maps messages to services. All messages which should be used to calculate the severity of this service must contain this service ID as a part of the message attributes. You can use a GUID to ensure that number is unique, though since GUIDs are somewhat difficult to work with, you can also use any string that you know is unique. See Design effective Service IDs, to learn more about options for creating service IDs. Note: Service IDs can contain a maximumof 2048 characters. Service IDs cannot contain leading or trailing spaces, or any of the following characters: ' (apostrophe), " (inch mark), \ (backslash), ` (grave accent), (acute accent). If you select the Hosted On option, when HPOMcreates the new service ID, the unique ID of the node or node group the service is hosted on is appended to the name you have assigned. For example, if you give your new service the service ID of "service1.testlab" HPOMwill add to that name two at signs (@@) followed by the unique ID of the node or node group hosting the service. You can see this by selecting the new service in the service map and clicking Properties. In the General tab, the Service ID box displays the name you assigned plus the unique ID for the node or node group. HP Operations Manager (9.00) Page 494 of 1297 Online Help Configuring services Caution: Take care when assigning service IDs. After the ID is assigned, it cannot be changed. If you need to change a service ID, you must delete the component service and recreate it with the new ID. 8. Type a Description for this component service. The description is only visible when you edit the service. 9. ClickFinish. Note: You can use cut-and-paste to move a component service if the new parent service type is identical to the old one. Related Topics: l Delete a service l Add dependency Set service hosting If you indicate that a new service is hosted on some node, a selection window opens. Select the node or node group on which the service is hosted, and click OK. After the service hosting is set for a service, it cannot be changed. Related Topics: l Add component service Create or edit shared calculation rules A shared calculation rule can be defined once, and then used throughout the service hierarchy. While shared calculation rules can save you time, take care to use themonly in identical situations, because changes to the rule affect all components that use the rule. To create or edit a shared calculation rule 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Click Calculation Rules. 3. Select the rule you want to edit. 4. Click Newor Edit. 5. Enter the name of the shared calculation rule. This name is visible in all status calculation dialog boxes. 6. Enter the description of the shared calculation rule. This description is visible in all status calculation dialog boxes. 7. Enter the calculation rule. Related Topics: l Configure the status calculation l Introduction to the Service Editor HP Operations Manager (9.00) Page 495 of 1297 Online Help Configuring services Create or edit shared propagation rules A shared propagation rule can be defined once, and then used throughout the service hierarchy. While shared propagation rules can save you time, take care to use themonly in identical situations, because changes to the rule affect all dependencies that use the rule. To create or edit a shared propagation rule 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Click Propagation Rules. 3. Select the rule you want to edit. 4. Click Edit. 5. Edit the name of the rule. 6. Edit the Description for the rule. This description is visible in all Status Propagation dialog boxes. 7. Edit the Propagation rule. Related Topics: l Choose propagation rules l Introduction to the Service Editor Configure services When you build a service hierarchy, you will most often use service discovery policies to create a basic service hierarchy. Use the Service Properties dialog box to fine tune existing services or to review detailed information about a service. To configure a service 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the name of the service you want to configure. 3. Click Properties. The Service Properties dialog box opens and displays the General page by default. 4. In the General page, configure icon, display name, and description of the service. 5. In the Reports and Graphs page, configure the reports and graphs you want to associate with the selected service. 6. In the Status Calculation page, specify the name of the rule that the service uses when performing status calculation. HP Operations Manager (9.00) Page 496 of 1297 Online Help Configuring services 7. In the Superordinates page, you can view the services that depend on the service you are currently editing. For each superordinate service, you can specify the name of the rule that the service uses when propagating its status to the superordinate service. 8. In the Subordinates page, you can view the subservices on which the service you are currently editing depends. For each subservice, you can specify the name of the rule that the subservice uses when propagating its status to the service you are currently editing. In addition, you can change the weight each subordinate is given when calculating the severity of the service you are editing. 9. In the Tools page, you can assign a tool to the service so that you can run a command on the managed node that hosts the service. 10. The Outage page shows whether the service is currently experiencing an unplanned or scheduled outage. It also shows whether incoming messages should be deleted or acknowledged. 11. Click OK to save your changes and close the dialog box. Related Topics: l Add dependency l Add component service l Create or edit shared calculation rules l Create or edit shared propagation rules Configure general service properties You can edit some basic properties of each service using this tab: l You can change the Icon that is used to represent this service in the service map view, or you can click the Default button to refer to the icon assigned to the service type of the service. l You can edit the Display Name. This is the name that is visible in the service map view. l You can edit the Description for this component service. The description is only visible when you edit the service. To configure general service properties 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service that you want to configure. 3. Click Properties. 4. Click General. Related Topics: l Add component service l Customicons for service types HP Operations Manager (9.00) Page 497 of 1297 Online Help Configuring services Configure reports and graphs Configure the reports and graphs you want to associate with a particular service using the Reports and Graphs tab of the Service dialog box. Settings you make here apply to the specific instance. Note: Associating a report with a service type does not create a new report, but allows you to launch a default report (usually the " All Systems" report). To configure reports and graphs for service types 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service for which you want to configure reports or graphs. 3. Select Properties. 4. Select the Reports and Graphs tab. 5. Click the Add button to open the Select Report Family or Category dialog box. 6. Select the report family and category you want to associate with this service and click OK to close the dialog box. The name of the family and category you selected appear in the Reports box. 7. Click the Add button to open the Select Graph Family or Category dialog box. 8. Select the graph family and category you want to associate with this service and click OK to close the dialog box. The name of the family and category you selected appear in the Graphs box. 9. In the Filter Value box, you can type a filter string if you want to filter all but a specific instance of the metric being graphed. For example, if you were graphing the metric BYCPU_ID, you could graph only CPU 1 with the filter value BYCPU_ID = @@PARAMETER1. Refer to the Metric Selection window of the Graph Configuration dialog box to see a list of valid metrics. 10. Click Apply to apply your changes without closing the dialog box. 11. Click OK to confirmyour changes and close the service editor. Related Topics: l Configure reports and graphs for service types Configure the status calculation The status calculation refers to the calculation that is performed to determine the status that is assigned to a service. This status is calculated fromthe severity of the messages assigned to that service, and fromthe statuses of any subservices on which the service is dependent. For every status calculation you need to define: l The Description of the rule is a short sentence that identifies the rule. The description is important, because it is what you will see in the rule list. l Calculation rule HP Operations Manager (9.00) Page 498 of 1297 Online Help Configuring services It is important to understand the principles of status calculation to understand how the propagation rules and weight factors that you select will affect the status of a service. See How is severity calculated for an interactive tutorial. To configure status calculation 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service that you want to configure. 3. Click Properties. 4. Click Status Calculation. 5. In the Rule name box, set the rule that the service you are editing uses when performing status calculation. Note: To edit a calculation rule or create a new rule, select Calculation Rules in the Service Configuration editor. Related Topics: l Configure general service properties l Choose propagation rules Configure calculation rules The Calculation Rule lets you indicate the threshold value that is used to determine the status of a service. You can choose either most critical, single threshold, or multiple threshold. All three rules have the same functional principle: the highest level severity with a rating that crosses a threshold which you specify is the severity of the service. l Most critical calculation rule In the case of most critical, the threshold for all severities is zero (0). l Single threshold calculation rule Single threshold allows you to choose one threshold for all severities. Note: If you want, you can use the Set-to Value to set the severity to a specific level when the threshold is crossed, instead of accepting the severity that crossed the threshold. l Multi-threshold calculation rules Multiple thresholds allow you to set a different threshold for each severity. For the single and multi-threshold calculation rules, you can choose to performthe calculations as a percentage or a value. If you choose a percentage, then the threshold's values will be evaluated as percentages. A value threshold interprets the thresholds as integers. In most cases, a percentage threshold type is recommended because it is less rigid than a value threshold type, and therefore allows you to make changes in the number of subservices without having to change the calculation rule. HP Operations Manager (9.00) Page 499 of 1297 Online Help Configuring services To configure calculation rules: 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service you want to edit. 3. ClickProperties. 4. ClickStatus Calculation. 5. Edit the calculation rule in the Calculation Rule functionality group. Related Topics: l An introduction to status calculation Configure superordinates The services shown in the Superordinate tab are services which depend on the service you are editing. Here, you can change the way that the service you are editing propagates its status to each superordinate. To configure superordinates 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service that you want to configure. 3. Click Properties. 4. Click Superordinates. 5. Double-click the superordinate service that you want to edit to view the General, Rule, and Association tabs. In the General tab, you can select the rule that will applied to the status of the service when it is included in the calculation of the superordinate. The Rule tab is read-only and displays the Propagation Rule that the service you are editing uses when propagating its status to a particular superordinate. In the Association tab, you can examine some of the superordinate and subordinate service properties. 6. By right-clicking in the Weight column, you can change the weight that the service you are editing has for each superordinate. By changing the weight you make the service more or less important than the other services that contribute to the superordinate. See the severity calculation tutorial for an interactive example of how weight affects the status calculation. Note: To edit a rule or create a new rule, select Propagation Rules in the Service Configuration editor. Related Topics: HP Operations Manager (9.00) Page 500 of 1297 Online Help Configuring services l Configure subordinates l Propagation association General shared status propagation rule properties In the General properties dialog for shared status propagationrule, you type the name of the rule, and a short description of the rule, both of which are visible in all status propagation dialog boxes. Related Topics: l Edit shared propagation rules Choose propagation rules The statuses of most services in the service hierarchy are calculated fromthe messages associated with the service and fromthe subservices on which the service is dependent. Status propagation refers to how a service represents its status to its superordinate services. Rule Type You can choose to create a Simple Rule, where the propagation is always the same, regardless of the status of the service, or a Severity Based Rule, where the propagation changes, depending on the status of the service. Simple/Default Rule You can create a Simple/Default Rule regardless of which rule type you choose. If the propagation rule type is Simple, then this rule will be used in all cases with two exceptions (noted below). Use a severity-based rule if you want to propagate normal as some other status. If the propagation rule type is Severity Based, then this rule will be used as the default for any severity levels for which you have not specified another rule. You can choose one of four Simple/Default Rules: l Unchanged: Propagate the status with no change. For example, a status of Warning equals Warning. (This is a reasonable default value to use. If you are new to status calculation, consider starting with this value and editing it later, if necessary.) l Ignore: The status of the subservice is not considered when calculating the status of the dependent service. This status propagation allows you to include a service in the service hierarchy without allowing it to influence the status calculation. l Propagate Fixed As: The status of the subservice is always considered to have a certain status, regardless of the actual status. For example, with statuspropagation set to fixed:warning, a subservice with a status of minor is interpreted as warning. If the status of the subservice changes to critical, the status will still be interpreted as warning. Exception: the status normal is always propagated as normal and will not be change by this setting. l Propagate Relative: To propagate the status at a fixed level higher or lower than what the status really is. For example, if you select INCREASE BY 2, then when the subservice has a status of warning, a status of major is propagated. Exception: the status normal is always propagated as normal and will not be change by this setting. Severity Based Rule Propagation Severity Based Rule Propagation allows you to override the Simple/Default rule for specific severities. For example, if your Simple rule is INCREASE BY 2, and the Severity Based Rule Propagation for all severities is set to use default, all severities (except normal) will be increased by two. If, however, you change the Severity Based Rule Propagation for Warning to Critical, then a HP Operations Manager (9.00) Page 501 of 1297 Online Help Configuring services severity of warning will be propagated as critical, normal will be propagated as normal and all others will be increased by two. Use default overrides the Simple/Default rule and allows the unchanged severity to be propagated. To configure propagation rules 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service that you want to configure. 3. Click Properties. 4. Click Superordinates or Subordinates. 5. Double-click the service where you want to change the propagation rule. 6. Click Rule. Related Topics: l Configure the status calculation Propagation association This tab provides an overview of the propagation between the current service and the selected superordinate service. For both services, the systemdisplays service type, service id, display name, hosted on and description information. This summary provides information only; the properties cannot be changed in this tab. To view the propagation association 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the subservice where you want to view the propagation association. 3. Click Properties. 4. Click Superordinates 5. Double-click the service where you want to view the propagation association. 6. Click Association. Related Topics: l Edit shared propagation rules Configure subordinates The services shown in the Subordinate tab are services on which the service you are editing depend. Here, you can change the way that all subordinates propagate their status to the service you are editing. HP Operations Manager (9.00) Page 502 of 1297 Online Help Configuring services To configure subordinates 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service that you want to configure. 3. Click Properties. 4. Click Subordinates. 5. Double-click the subordinate service that you want to edit to view the General and Rule tabs. In the General tab, you can select the rule that will applied to the status of the subservice when it is included in the calculation of the superordinate. The Rule tab is read-only and displays the Propagation Rule that the service you are editing uses when propagating its status to a particular superordinate. 6. By right-clicking in the Weight column, you can change the weight each subordinate is given when calculating the severity of the service you are editing. By changing the weight you make the subservice more or less important than the other subservices that contribute to the service you are editing. See the severity calculation tutorial for an interactive example of how weight affects the status calculation. Note: To edit a rule or create a new rule, select Propagation Rules in the Service Configuration editor. Related Topics: l Configure superordinates l Propagation association Add tools Assigning tools to services lets you run commands on the managed node that hosts the service. By assigning tools to services, you do not need to first locate the node in the node tree before running the command. To add a tool 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service to which you want to assign a tool. 3. Click Properties. 4. Click Tools. 5. Click Add. 6. When the Tools window appears, select the tool groups, or specific tools that you want to HP Operations Manager (9.00) Page 503 of 1297 Online Help Configuring services assign to the service. 7. Click OK. Related Topics: l Configuring tools View outage information Use the Outage tab of the Service Editor to view outage information for a service. This read-only tab displays the settings established for both unplanned and scheduled outages. A scheduled outage meets these criteria: l Planned to happen l Recurs at regular intervals for maintenance l Configured by a policy An unplanned outage is unexpected and can occur randomly. Only administrators and privileged users can put a service into maintenance mode. Services in maintenance mode by default do not affect the status of their parent services. To viewoutage information for a selected service 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service for which you want to view outage information. 3. Select Properties. 4. Select the Outage tab to view the following information: n Current Outage State: Displays the outage status of the selected service. This status will be "UNPLANNED", "SCHEDULED", or "OFF". n Unplanned Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage. Messages can be either deleted or acknowledged. n Scheduled Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage. Messages can be either deleted or acknowledged. 5. Click OK. Related Topics: l Schedule an outage for a service l Put services into unplanned outage mode HP Operations Manager (9.00) Page 504 of 1297 Online Help Configuring services Maintain services Service maintenance tasks include, for example editing or deleting services, reacting to unplanned outages or scheduling planned outages for services. Related Topics: l Edit a service l Delete a service l View service inventory l Put services into unplanned outage mode l Schedule an outage for a service l Configure status calculation options l Change status display mode Edit a service When you edit a service, you can change the propagation rules of the service to its superordinates, or of any of this service's subordinates. You can also associate tools with the service or adjust the status calculation. To edit a service 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service that you want to edit. 3. Right-click to open the context menu. 4. Select Properties. 5. Make the changes you want to make in one of these tabs. See the individual help topics for details on what can be edited and what is read-only information. n General n Status Calculation n Superordinates n Subordinates n Tools 6. After making the changes, click OK. Related Topics: l Introduction to the Service Editor HP Operations Manager (9.00) Page 505 of 1297 Online Help Configuring services Delete a service When you delete a service, all component services contained by the service you delete are also deleted. Subordinates that are dependencies will remain. To delete a service 1. Open the Configure Services dialog box if it is not already open. a. Select your top-level services folder in the console tree. b. Click on the configuration toolbar to open the Configure Services dialog box. 2. Select the service that you want to delete. 3. Click Delete. Related Topics: l Edit a Service l Add component service View service inventory Use the tool Service Report to get information about the service hierarchy configuration on the management server. To create and viewa service hierarchy report 1. In the console tree, select Tools, Reporting. 2. To view the entire service hierarchy, right-click General Service Report and select All Tasks Launch Tool. If you want to view only a portion of the service hierarchy, right-click Specialized Service Report, select All Tasks Launch Tool, and select the a portion of the hierarchy in the selection window that appears. 3. Wait for the XML report to be generated (this takes about 20 seconds, or longer, depending on the speed of your computer and the size of your managed environment). To display the report in the web browser, you must manually launch the tool "View Service Report." You can choose one of the following four views for the service data fromthe pull-down menu in the top-right corner of the browser: n View all services n View services by name n View services by caption n View selected service hierarchy For information about additional ovconfreporter options, type ovconfreporter -? at a command prompt. Put services into unplanned outage mode Use the Unplanned Service Outage dialog box to specify how you want to handle incoming messages in the event that a service experiences a failure. As the name suggests, an unplanned HP Operations Manager (9.00) Page 506 of 1297 Online Help Configuring services outage is unexpected and might occur due to power failure, hardware failure, network problems, and similar situations. To put a service into unplanned outage mode 1. In the console tree, right-click the service that you want to put into outage mode. This opens the shortcut menu. 2. Select All Tasks Set unplanned outage On. The Unplanned Service Outage dialog box opens. 3. Select one of the following options: n Select Delete to remove any incoming messages during the outage. n Select Acknowledge to place the messages in the acknowledged messages browser for later consideration. 4. Click the check box to also put all subservices into maintenance mode. 5. Click OK to confirmyour choices and close this dialog box. Tip: You can also put a service into unplanned outage mode froma map view. In a map view, right- click the service that you want to put into outage mode. Select Set unplanned outage On on the shortcut menu. Related Topics: l Schedule an outage for a service l View Outage Information Schedule an outage for a service A scheduled outage is planned to happen and recurs at regular intervals for maintenance. You can define a scheduled service outage using two scheduled task policies: l The first scheduled task policy defines the following: n Start date and time n Service to put into scheduled outage n Whether to delete or acknowledge messages during outage l The second scheduled task policy defines the following: n End date and time n Service to move out of scheduled outage Both policies use the ovowserviceutil command line tool. To schedule an outage for a service 1. Create a scheduled task policy. 2. In the Task tab, choose Command as task type. 3. Select the %OvBinDir%\ovowserviceutil.cmd command line tool with the following options: HP Operations Manager (9.00) Page 507 of 1297 Online Help Configuring services -outage_service Sets the outage state for the service. -service_name <service_name> The name of the service to move into scheduled outage. -scheduled Sets the scheduled outage state. -on Enables the outage state for the service. -delete_msgs Specifies that messages fromthe service are deleted during the scheduled outage. 4. In the Schedule tab, specify the start date and time for the outage. 5. Save the policy. 6. Create a second scheduled task policy. 7. In the Task tab, choose Command as task type. 8. Select the %OvBinDir%\ovowserviceutil.cmd command line tool with the following options: -outage_service Sets the outage state for the service. -service_name <service_name> The name of the service to move into scheduled outage. -scheduled Sets the scheduled outage state. -off Disables the outage state for the service. 9. In the Schedule tab, specify the end date and time for the outage. 10. Save the policy. 11. Deploy both policies to the management server node. Related Topics: l Put services into unplanned outage mode l ovowserviceutil l View Outage Information Configure status calculation options The status of a service is determined by the status of its subordinate services and by the status of the messages for that service. By default, services in maintenance mode do not affect the status of their parent services. You can, however, configure HPOMto consider the status of subservices in maintenance mode when calculating the status of the parent service. If so configured, the highest severity of the subordinate services (including subordinate services in maintenance mode) and of the messages for the parent service are used when calculating the status of the parent service. HP Operations Manager (9.00) Page 508 of 1297 Online Help Configuring services 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Status Engine. A list of values appears. 3. Use elements in maintenance in threshold calculation is by default set to False. Choose True if you want HPOMto also consider the status of subservices in maintenance mode when calculating the status of parent services. 4. Click Apply, and then OK to save your changes and close the dialog box. 5. Restart the OvEpStatusEngine service. Related Topics: l Schedule an outage for a service l Put services into unplanned outage mode Change status display mode You can use the following methods to influence the display of status information in the console: l Disable user-specific status calculation l Enable operational status calculation Disable user-specific status calculation You can disable user-specific status calculation to ensure that all users see the same status for the services that are assigned to them. If user-specific status calculation is disabled, all users see the global service status, even if not all messages that contribute to that status are available to them. A user's map view displays only the services that are assigned to the user through user roles. User roles also determine the nodes, and therefore the messages a user is responsible for. Because the status of the services in a user's map view is calculated based on the user's subordinate services and messages, it is user-specific. Another user with a different set of responsibilities may see a different status for the same services. If you want all users to see the same status for all assigned services, you can disable user-specific status calculation. Note: When you disable user-specific status calculation for services, you also change the way the status of node groups is calculated and displayed. To disable user-specific status calculation 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Status Engine. A list of values appears. 3. Set the value for Enable user-specific status calculation to False. 4. Click Apply, then OK to save your changes and close the dialog box. 5. Restart the OvEpStatusEngine service. HP Operations Manager (9.00) Page 509 of 1297 Online Help Configuring services Enable operational status calculation Use operational status calculation to see how a service hierarchy would look if all owned messages were acknowledged; in other words, if the problems were solved. The status of a service is determined by the status of its subordinate services and by the status of the messages for that service. In general, when you acknowledge all messages for a service, the status of the service changes to reflect the status of its subordinate services. You can change the role of messages in status calculation by enabling operational status calculation. In operational status calculation, the ownership state of messages determines how the messages influence status calculation, so that owned messages are considered acknowledged and do not affect the severity status of a service. Note: Enabling operational status calculation affects all consoles that connect to that management server. Console users may not notice that operational status calculation is enabled because there is no visual indication in the console, only the behavior changes. To enable operational status calculation 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Status Engine. A list of values appears. 3. Set the value for Show operational status to Global. 4. Click Apply, then OK to save your changes and close the dialog box. 5. Restart the OvEpStatusEngine service. Related Topics: l Configuring services HP Operations Manager (9.00) Page 510 of 1297 Online Help Configuring services Configuring tools The Configure Tools dialog box allows you to create the tools that operators can apply to managed nodes and services. By applying the available tools, operators resolve problems and perform routine tasks to maintain systems and services that have critical business impact. Tools can be executed on nodes or services. For services, a tool is executed on nodes configured in the Service Configuration editor as nodes on which the tool runs. If no such nodes have been configured, the tool runs on the node where the service is hosted. You can assign tools to specific user roles so that only users assigned to that role can apply the tools you specify. By assigning tools to a specific service type, only the tools you assign to that service type are available fromthe associated service. The tools that you create are listed in tool groups in the HP Operations Manager for Windows Tools folder of the console tree, which also displays the default tool groups supplied with HP Operations Manager for Windows. You can create subfolders for sets of tools so that tools can be organized according to type of problem, operating system, function, or other convenient category. For example, you might group editing tools in one folder and performance tools in another. One tool can be included in several folders. If you edit the tool, the changes go to all instances of the tool. To delete a tool, you must remove it fromevery location where it occurs. You must configure each tool individually. An asterisk (*) indicates required information. To configure a tool or tool group 1. Open the Configure Tools dialog box, if it is not already open. a. Select the Tools folder in the console tree. b. Click on the configuration toolbar to open the Configure Tools dialog box or right-click to open the shortcut menu and select Configure Tools. 2. Select the name of the tool or tool group you want to configure and right-click to open the shortcut menu. 3. Select Properties to open the Properties or Group Properties dialog box. Use the tabs to configure: n General: information that identifies and describes the tool. n Details:Tool Properties dialog box only. Provide details about the type of tool, its parameters, where it will be executed, and whether operators have permission to change the tool parameters. If the tool is a script, enter the script text. n Target:Tool Properties dialog box only. Specify the node you want to associate with this tool. (Optional). n Nodes:Tool Properties dialog box only. Displays lists of the nodes and node folders associated with this tool. 4. When you finish your configuration, click Apply to see the effects of your changes. 5. Click OK to confirmyour changes, close the Tools Properties dialog box, and return to the HP Operations Manager (9.00) Page 511 of 1297 Online Help Configuring tools Configure Tools dialog box. The tool you configured appears in the list of tools in the details pane. 6. Click OK to confirmyour changes and close the Configure Tools dialog box. The new tool or folder appears in the list of tools in the console tree. To specify tools for services, use the Service Configuration Editor. Note: If you are performing an operation that requires network access to the server at the time of a failure, you will see a message explaining that your changes will be lost. You can return to the Tool Configuration dialog box or exit. Related Topics: l Create a new tool or tool group l Configure general information for tools l Configure tool details l Configure targets for tools l Configure tools for user roles l Select tools for service types Create a new tool or tool group You can create a new tool or tool group, rather than select fromthe list of existing tools. Perhaps the tool you want to add is not included in the Tools list and so is not available for selection. In that case, you can add a new tool or group of tools manually. To add a new tool or tool group 1. Open the Configure Tools dialog box, if it is not already open. a. Select the Tools folder in the console tree. b. Click on the configuration toolbar to open the Configure Tools dialog box or right-click to open the shortcut menu and select Configure Tools. 2. Right-click to open the shortcut menu. 3. Select either New Tool or New Tool Group. The Tool Properties dialog box automatically opens. 4. Configure the new tool or tool group as necessary using the tabs in the Tool Properties or Tool Group Properties dialog box: n General: information that identifies and describes the tool. n Details:Tool Properties dialog box only. Provide details about the type of tool, its parameters, where it will be executed, and whether operators have permission to change the tool parameters. If the tool is a script, enter the script text. n Target:Tool Properties dialog box only. Specify the node you want to associate with this tool. (Optional). HP Operations Manager (9.00) Page 512 of 1297 Online Help Configuring tools n Nodes:Tool Properties dialog box only. Displays lists of the nodes and node folders associated with this tool. 5. Click OK to confirmyour changes, close this dialog box, and return to the Configure Tools dialog box. Your new tool or tool group appears in the list of tools. 6. Click OK to confirmyour changes and close the Configure Tools dialog box. The new tool or folder appears in the list of tools in the console tree. To delete a tool 1. If you want to delete a tool, select it in the Configure Tools dialog box list. 2. Right-click to open the shortcut menu and select Delete or press the Delete key. A message prompts you to confirmthe delete operation. Related Topics: l Configure tools for user roles l Select tools for service types Configure general information for tools Use the General tab in the Tool Properties dialog box to specify details that identify each tool. An asterisk (*) identifies required information. To configure general information for tools 1. Open the Configure Tools dialog box, if it is not already open. a. Select the Tools folder in the console tree. b. Click on the configuration toolbar to open the Configure Tools dialog box or right-click to open the shortcut menu and select Configure Tools. 2. Fromthe tools displayed in the selection tree, select the tool you want to configure. 3. Right-click to open the shortcut menu. 4. Select Properties to open the Tool Properties dialog box. Properties include: n General information about the selected tool, such as the display name of the tool. n Details about the specific tool you selected, such as the type of tool, the executable name, and script details, if any. n Target nodes on which the tool will run. n Nodes and node folders associated with this tool. The General tab displays by default. 5. In the Display Name box, enter the name for the tool as you want it to appear in the Tools list. This information is required. 6. Enter any comments or additional information in the Description box. This information is optional. 7. Select Show tool in message context to make this tool available in the context of all HP Operations Manager (9.00) Page 513 of 1297 Online Help Configuring tools messages. 8. Select the Details tab to continue configuring this tool. You will see a message prompting you for required information. Related Topics: l Configure Tools l Configure tool details l Configure targets for tools l Configure tools for user roles l Select tools for service types Configure tool details Use the Details tab of the Tool Properties dialog box to record information about the new tool. You must separately configure details for each new tool you create. To configure tool details 1. Open the Configure Tools dialog box, if it is not already open. a. Select the Tools folder in the console tree. b. Click on the configuration toolbar to open the Configure Tools dialog box or right-click to open the shortcut menu and select Configure Tools. 2. Right-click the tool you want to configure to open the shortcut menu. 3. Select Properties to open the Tool Properties dialog box. 4. Select the Details tab. 5. In the Command Type list box, select a tool type. A tool type can be an executable, a URL, a VB script, a Jscript, Perl script, or a Windows Scripting Host (WSH) script. Note: VB scripts, Jscripts, Perl scripts, and WSHscripts run only on the management server or on a managed node. If .vbs has already been associated with the scripting engine, you can run the executable without a preface. For example: filename.vbs. 6. Your selection of a command type determines the options available within the rest of the dialog box. Click the down arrows for details on configuring each command type. Executable Command Type a. Check the Command Generates Output check box to see the results of your tool or command in the Tool Status dialog box. The results are shown as standard output. Error messages always appear in the text box, even if Command Generates Output is not checked. Note: A tool applied fromthe console is local and does not communicate with the action server. b. If you want operators to be able to change the parameters you set, check the Allow HP Operations Manager (9.00) Page 514 of 1297 Online Help Configuring tools operator to change parameters box. The Allow operator to change parameters box is unavailable if the Parameters box contains characters that allow multiple commands to be specified on one line (for example, &&). c. If you want operators to be able to change the login you specify, check the Allow operator to change the login box. If the tool executes on the console, this option is unavailable and appears dimmed. d. Check the Password Required box if you want users to have to enter a password to run the tool. e. In the Command box, enter the executable for the tool. For example, type: cmd.exe /k DIR If you configure a tool which has directory names containing spaces in the path, you must place the command within quotation marks, as shown in this example: "c:\Program Files\Hewlett-Packard\Examples\filename.exe" Use Browse if needed to locate the executable. Note: Internal DOS commands such as copy, rename, and dir use a command interpreter that must be launched before the command can be executed. For commands of this type, precede the command with cmd/k, followed by any other parameters required. For example, for the executable dir, you could have the parameter: cmd/k dir C:\temp\*, in which cmd/k opens the command interpreter. For more details, see the Microsoft Windows documentation for cmd. f. In the Parameters box, enter any parameters that apply to the executable. You can apply several variables here, if desired. Separate parameters using the syntax required by the executable you entered in the Command box. URL Command Type a. The Command generates output, Allow operator to change parameters, Allow operator to change the login, and Password Required options appear dimmed because they are unavailable for the URL command type. b. In the URL box, type the URL you want to launch or use Browse to locate it. For example, type: http://www.hp.com You can enter any URL type, as shown in these examples: files://c:\openmail.log mailto:firstname_lastname@hp.com ftp://ftp.hp.com The only time http: is required is if you do not put any delimiter at the start of the command. For example, www.rose.hp.com would be changed to http://www.rose.hp.com. HP Operations Manager (9.00) Page 515 of 1297 Online Help Configuring tools VB script, JScript, Perl script, or WSHscript Command Type a. Check the Command generates output check box to see the results of your tool or command in the Tool Status dialog box. The results are shown as standard output. Error messages always appear in the text box, even if Command generates output is not checked. Note: A tool applied fromthe console is local and does not communicate with the action server. b. The Allow operator to change parameters box appears dimmed because it is unavailable for the VB Script, JScript, and WSHscript command types. c. If you want operators to be able to change the login you specify, check the Allow operator to change the login box. If you configured the tool to execute on the console, this option is unavailable and appears dimmed. d. Check the Password Required box if you want users to have to enter a password to run the tool. e. Click Edit Script to open a resizable editing window in which to work. The following perl script example raises two questions: Is there a need to exit fromembedded or external scripts?Is the exit 0; line needed? #!/usr/bin/perl print "hello"; exit 0; If you are writing scripts that will be used by the Operations agent, then do not use "exit" to end the script if the script is embedded inside the policy for this reason: Whenever a VB or Perl script is embedded (Task type=VB Script or Perl Script) in a Monitor/Scheduled Task policy such as the example above, script execution is handled by the Advanced Monitor Agent. This agent gives the embedded script to the embedded "VB/Perl Script Engine" for processing. Because this happens in the same process as the monitor agent, any "exit" call fromthe script causes the process itself (opcmona) to abort. If the script is called by a Scheduled Task policy (Task type=Command) or Monitor policy (source type=Program), then the action agent (or monitor agent) creates a separate process for the external script. In this case, the exit which is called inside the external script is not propagated to the calling process, because the script runs in a different process, not in a thread in the same process. Consequently, exit should only be used when the script is called externally, not when the script is embedded inside a policy. 7. Click Apply to apply your changes. 8. Click OK to apply your changes and close the Tools Properties dialog box. 9. Click Cancel to close this dialog box without saving your changes. 10. Select the Target tab to continue configuring this tool. Related Topics: l Configure Tools l Configure general information for tools HP Operations Manager (9.00) Page 516 of 1297 Online Help Configuring tools l Configure targets for tools l Configure tools for user roles l Select tools for service types Configure target nodes for tools The tools you create can be used in several ways. Tools can be: l Run only on the nodes you specify. l Configured to permit users to choose the nodes on which the tool will run. l Run in the context of a service (execute on the node that hosts that service). l Restricted to user roles to which specific users are assigned. l Restricted to a specific service type for which only the tools you assign to that service type are available fromthe associated service. To specify nodes, use the Target tab in the Tool Properties dialog box to select the nodes on which you want the tools to run. You must also specify Node List in the Execute On list. This configures the tool to run on all the nodes on the Predefined Node List. If you prefer to allow your users to determine where a tool is to be run, you must choose Selected Node in the Execute On list. When the tool is executed, a list appears fromwhich users choose the location (service or node) where the tool will run. To configure nodes for tools 1. Open the Configure Tools dialog box, if it is not already open. a. Select the Tools folder in the console tree. b. Click on the configuration toolbar to open the Configure Tools dialog box or right-click to open the shortcut menu and select Configure Tools. 2. Right-click the tool to be configured to open the shortcut menu. 3. Select Properties to open the Tool Properties dialog box. 4. Select the Target tab. 5. In the Execute On list, select the target node or nodes on which the tool will run. Execute on management server Select management server if you want the tool to run only on the server. As administrator, you can specify a user name, password, or both be required fromthe user. Execute on node list Select node list if you want the tool to run on the list of managed nodes specified in the Nodes tab. As administrator, you can specify a user name, password, or both be required fromthe user. Execute on console Select console if you want the tool to run only on the console. In this case, the tool runs as the HP Operations Manager (9.00) Page 517 of 1297 Online Help Configuring tools user logged on to that console. You cannot specify a user name or password. Execute on selected node Choose selected node if you want the tool to run on a node selected by your users. As administrator, you can specify a user name, password, or both be required fromthe user. 6. In the User Name box, specify the ID under which the tool executes. For example, you might enter root. 7. Check the Run as Agent User check box if you want to set the User Name to $AGENT_ USER. This parameter is later replaced with the name of the agent user account specified on the server. The account on the management server is initially set to Local System. 8. If a password is required, specify in the Password box the password for the special user authorized in Step 6. The administrator specifies these passwords during the process of tool configuration. 9. In the Verify Password box, retype the specified password to confirmit. 10. To add nodes to the Predefined Node List, you must have Node List selected in the Execute on box. Click Add to open the Add nodes or node groups dialog box. Select one or more nodes or node groups to associate with the tool you are configuring. Click OK to close the Add nodes or node groups dialog box and add your selections to the Predefined Node list in the Target tab. Click Remove to delete selected systems fromthe Target tab. 11. When you finish configuring the tool, click Apply in the Tool Properties dialog box to apply your changes. 12. Click OK to close the Tool Properties dialog box and save your changes. 13. Click Apply in the Configure Tools dialog box to save your new tool configuration. Click OK to save your changes and close the dialog box. Related Topics: l Configuring tools l Configure general information for tools l Configure tool details l Configure tools for user roles l Select tools for service types l Tool security View nodes and node groups associated with this tool The Nodes tab of the Properties dialog box for tools displays a list of the node groups and nodes associated with the selected tool. This information is read-only. HP Operations Manager (9.00) Page 518 of 1297 Online Help Configuring tools Add nodes or node groups You can select the nodes on which a tool runs by adding one or more selected nodes or node groups to the Predefined Node List in the Tool PropertiesTarget tab. The advantage of adding a node group is that the Predefined Node List is updated automatically whenever the node group changes. Note: You must also specify Node List in the Execute On list in the Target tab. To add nodes or node groups 1. In the Tool Properties dialog box Target tab, click Add to open the Add nodes or node groups dialog box. 2. Select one or more nodes or groups of nodes. 3. Click OK to close the Add nodes or node groups dialog box. The nodes and node groups you selected appear in the Predefined Node List in the Target tab. 4. Click Cancel to close the dialog box without saving any changes. Variables for tools The following variables can be used in the Parameters box in the Configure Tools dialog box, Details tab. l Management server variables l Message variables l Node variables l Node group variables l Service variables l Environment variables Management server variables l $OPC_MGMTSV Returns the name of the management server. $OPC_MGMTSV can also be used in automatic and operator-initiated commands. Availability: Fromall actions except automatic and operator-initiated commands. Message variables Some variables return TRUE or FALSE, depending on the existence of a specific message attribute. For example, if an automatic action is defined, TRUE is returned. Otherwise FALSE is returned. If an attribute is empty, an empty string is returned. If you use an attribute that does not exist, it is treated like part of a normal string, which means no evaluation happens and the string remains unchanged. The data returned fromvariables is exactly the same type as that shown in the Message Properties dialog box. The indexing for word extraction fromstrings and for access to specific annotations starts with 1, not with 0. HP Operations Manager (9.00) Page 519 of 1297 Online Help Configuring tools All message variables are replaced per message. This means that if you select two messages, you will receive two requests; each of themmight have different values for the parameters. l $OPC_CUSTOM[name] The same as $OPC_MSG.CMA[name]. Returns the value of the custommessage attribute name. For example, the $OPC_CUSTOM[device] variable could return the value Lan. l $OPC_MSG.ACTIONS.AUTOMATIC Indicates whether an automatic action is defined. Sample output: TRUE l $OPC_MSG.ACTIONS.AUTOMATIC.COMMAND Returns the script or program, including its parameters, performed as an automatic action for the selected message. Sample output: dist_del.sh 30 warning l $OPC_MSG.ACTIONS.AUTOMATIC.NODE Returns the node on which an automatic action has been performed for the selected message. Sample output: kernighan.c.com l $OPC_MSG.ACTIONS.AUTOMATIC.STATUS Returns the current status of the message's automatic action. The variable can return running, failed, or successful. Sample output: successful l $OPC_MSG.ACTIONS.OPERATOR Indicates whether an operator-initiated action is defined. Sample output: TRUE l $OPC_MSG.ACTIONS.OPERATOR.COMMAND Returns the script or program, including its parameters, performed as an operator-initiated action for the selected message. Sample output: ps -ef l $OPC_MSG.ACTIONS.OPERATOR.NODE Returns the node on which an operator-initiated action has been performed for the selected message. Sample output: kernighan.c.com l $OPC_MSG.ACTIONS.OPERATOR.STATUS Returns the current status of the message's operator-initiated action. The variable can return running, failed, or successful. Sample output: successful l $OPC_MSG.ANNOTATIONS Indicates whether annotations exist for a message. Returns TRUE if at least one annotation exists for a message. Otherwise FALSE is returned. Sample output: TRUE l $OPC_MSG.ANNOTATIONS[n] Returns the nth annotation. Sample output: Performed Message Correlation; Message Key Relation: Message 59d06840-ac4f-71d5-1f67-0f887e320000 with condition id fe00fa34-9e34-71d5-143e-0f887e320000 ackn'ed 0 messages. HP Operations Manager (9.00) Page 520 of 1297 Online Help Configuring tools l $OPC_MSG.APPLICATION Returns the name of the application related to the selected message. Sample output: /usr/bin/su(1) Switch User l $OPC_MSG.CMA[name] Same as $OPC_CUSTOM[name]. l $OPC_MSG.CREATED Returns the date and time the message was created on the managed node. Sample output: 09/18/01 18:08:08 l $OPC_MSG.DUPLICATES Returns the number of duplicate messages that have been suppressed. Sample output: 17 l $OPC_MSG.GROUP Returns the message group to which the selected message belongs. Sample output: Security l $OPC_MSG.INSTRUCTIONS Returns the text of the instruction. Sample output: Available space on the device holding the (root) filesystem is less than the configured threshold. This may lead to ... l $OPC_MSG.LAST_RECEIVED Returns the date and time when the last duplicate message was received on the management server. Sample output: 09/16/01 03:17:23 l $OPC_MSG.MSG_KEY Returns the message key that is associated with a message. Sample output: my_appl_ down:kernighan.c.com l $OPC_MSG.MSG_ID Returns the unique identification number for the selected message. Sample output: 217362f4- ac4f-71d5-13f3-0f887e320000 l $OPC_MSG_IDS Returns the message IDs (UUIDs) of all the messages currently selected. IDs are separated by space. Sample output: 85432efa-ab4a-71d0-14d4-0f887a7c0000 a9c730b8-ab4b- 71d0-1148-0f887a7c0000 l $OPC_MSG.NO_OF_ANNOTATIONS Returns the number of annotations of a message. Sample output: 3 l $OPC_MSG.NODE Returns the managed node fromwhich the selected message was issued. Sample output: kernighan.c.com l $OPC_MSG_NODES HP Operations Manager (9.00) Page 521 of 1297 Online Help Configuring tools Returns the names of all nodes on which the events that generated currently selected messages took place. The names are separated by spaces. Duplicate nodes are ignored. Sample output: kernighan.c.com richie.c.com l $OPC_MSG.OBJECT Returns the object which was affected by, detected, or caused the event. Sample output: CPU l OPC_MSG.ORIG_TEXT Returns the original text of the selected message. Sample output: SU 09/18 18:07 + 6 root-spooladm l $OPC_MSG.ORIG_TEXT[n] Returns the nth word in the original text of the message. Sample output: the l $OPC_MSG.OWNER Returns the owner of the selected message. Sample output: opc_op l $OPC_MSG.RECEIVED Returns the date and time the message was received on the management server. Sample output: 09/18/01 18:08:10 l $OPC_MSG.SERVICE Returns the service name that is associated with the message. Sample output: VP_ SM:Agent:ServicesProcesses@@kernighan.c.com l $OPC_MSG.SEVERITY Returns the severity of the message. This can be Unknown, Normal, Warning, Minor, Major, or Critical. Sample output: Normal l $OPC_MSG.SOURCE Returns the name of the application or component that generated the message. Sample output: Message:opcmsg(1|3) l $OPC_MSG.TEXT Returns the complete text of the selected message. Sample output: The following configuration information was successfully distributed: Templates (OpC30-814) l $OPC_MSG.TEXT[n] Returns the nth word in the text of the message text. Sample output: following l $OPC_MSG.TIME_OWNED Returns the date and time when the message was acknowledged. Sample output: 09/18/01 18:11:10 l $OPC_MSG.TYPE Returns the message type of the message. Sample output: ECS View Details HP Operations Manager (9.00) Page 522 of 1297 Online Help Configuring tools Examples of message variables You can use the following examples of messages variables and parameters to performdaily tasks. Accessing message attributes You can access all message attributes with the following variable: $OPC_MSG.ATTRIBUTES You will need to add an attribute name. For example, to get the text of a message, use this: $OPC_MSG.TEXT When working with attributes that represent strings, you can access a specific word. For example, to get the fourth word in the text of a message, use this: $OPC_MSG.TEXT[4] Annotations are an exception to this rule. In annotations, an index specifies the annotations that are returned. For example, you would access the seventh annotation of the current selected messages this way: $OPC_MSG.ANNOTATIONS[7] Finding duplicate messages If you need information about the number of message duplicates for an application, use this: $OPC_MSG.DUPLICATES Extracting creation time and severity If you want to do some statistical calculations, specify the message creation time and the severity, as follows: $OPC_MSG.CREATED $OPC_MSG.SEVERITY Extracting message text If you have defined a policy rule that creates a message text with some status as the third word, and you want to extract this status easily and forward it to an application called evaluate_status, use this: evaluate_status $OPC_MSG.TEXT[3]. Evaluating action attributes If you want to use and evaluate action attributes, you could write shell scripts that check for automatic and operator-initiated actions. You can get more information about their status and whether they are annotated: script_name $OPC_MSG.ACTIONS.AUTOMATIC HP Operations Manager (9.00) Page 523 of 1297 Online Help Configuring tools The first parameter would be TRUE if an automatic action was defined for the message. This script would be useful only if there are more attributes used afterwards, but not to check for every attribute if it is an empty string. Accessing annotations To access the second annotation of a selected message in an application, use this: $OPC_MSG.ANNOTATIONS[2] Node variables l $OPC_NODES Returns the primary node name. Availability: Fromall actions except automatic and operator-initiated commands. n If the tool is launched fromthe Nodes folder in the console tree, this variable is replaced with the primary node name of the nodes that are selected at the time the tool runs. n If the tool is launched fromthe Service folder in the console tree, this variable is replaced with the primary node name of the nodes that have been associated with the selected service and the selected action. If this list is empty, the primary node name of the node the service is hosted on is used. n If the tool is launched fromthe Tools folder in the console tree, a node and service selector displays, allowing you to select the nodes and services to use to replace this variable. l $OPC_NODEID Returns the node identifier (GUID) of a node. Availability: Fromall actions except automatic and operator-initiated commands. n If the tool is launched fromthe Nodes folder in the console tree, this variable is replaced with the GUIDs of the nodes that are selected at the time the tool runs. n If the tool is launched fromthe Service folder in the console tree, this variable is replaced with the GUIDs of the nodes that have been associated with the selected service and the selected action. If this list is empty, the GIUID of the node the service is hosted on is used. n If the tool is launched fromthe Tools folder in the console tree, a node and service selector displays, allowing you to select the nodes and services to use to replace this variable. Node Group variables l $OPC_NODEGROUP_ID Returns the identifier (GUID) of a node group. l $OPC_NODEGROUP_LABEL Returns the display name of a node group. Service variables l $OPC_SERVICE_NAME Returns the ServiceName of a service. HP Operations Manager (9.00) Page 524 of 1297 Online Help Configuring tools Availability: Supports and fills in the name of the selected service. If a service is not selected, or an action is launched froma Node or Node Group, then these values will be NULL. l $OPC_SERVICE_LABEL Returns the Caption of a service. Availability: Supports and fills in the caption of the selected service name. If a service is not selected, or an action is launched froma Node or Node Group, then these values will be NULL. Environment variables l $OPC_ENV(variable name) Used to retrieve environment variables fromthe console that launched the action. Example: $OPC_ENV(PATH): substitutes the variable with the PATH environment variable fromthe console machine. Availability: Fromthe actions launched fromconfigured tools. Not available fromthe automatic or operator-initiated commands running on the console. Tool security Security for tools focuses on the user account under which a tool is launched. When you configure a tool, you can specify if a user account will be used or not and if a password is required or not. The following sections explain the requirements and consequences of such configurations: l User accounts for tools l Security authentication module l Allow tools to run on Windows 2003 Server nodes l Change the password for multiple tools User accounts for tools As an HPOMadministrator, you can specify the account a tool runs under when it executes, according to the following requirements. Requirements may vary depending on the target location. HPOM management server, managed node, or node list If the target location for the tool is the management server, a managed node, or the node list, you can: l Specify both the user name and password. Note: On target nodes with a UNIX operating system, the agent checks only the first eight characters of the password before it runs the tool. If you specify a password that is longer than eight characters, the agent ignores the extra characters. l Specify a user name and leave the password blank. This uses the security authentication module opcauth.dll (part of the HP Operations agent package) to authenticate the login for the tool. This formof authentication has the following advantages: HP Operations Manager (9.00) Page 525 of 1297 Online Help Configuring tools n Because no password is required, you do not have to update the configuration of tools using the specified account if the password changes. For example, an administrator can create an account (opc_op), but if opc_op changes its password, the administrator might not know the new password. In this case, HPOMallows the administrator to launch the tool as opc_op using the security authentication module (opcauth.dll). However, the administrator would not be able to interactively log in using this account. The administrator can start the tool using the opcauth.dll, but he cannot log on to the systemas opc_op, because this would require a password which he does not know. n Supplying the user name but not a password allows an administrator to set up a tool to run under a special account without needing to know the account's actual password. n If you are using a local account that has a different password on each node, a single tool definition works for all of them. l Leave both the user name and password blank. If you leave the user name blank, you must also leave the password blank. n All limitations mentioned above for an empty password also apply when both the user name and password are blank. n On Windows nodes, the tool runs as the user logged in to the console. The user you are logged in as must be a domain user. The machine on which you want to run the tool must recognize the account name. This takes place if the machine you are logged in on is in the same domain as the target node. If not, the domain of the target node must trust the domain of the user account used when executing the tool. n On UNIX nodes, the tool runs under the user account that the agent itself is currently running under. HPOM management console If the target location for the tool is the HPOMmanagement console, the tool runs as the user logged on to that console. l User name: cannot specify l Password: cannot specify Related Topics: l Security authentication module l Allow tools to run on Windows 2003 server nodes l Change the password for multiple tools l Change the default user for commands Security authentication module The security authentication module (opcauth.dll) can be used to authenticate the login for a tool. This is automatically used for all tools that have a user name but no password specified. When you launch a tool and specify only the user, HPOMdoes not ask for a password or check for one. HP Operations Manager (9.00) Page 526 of 1297 Online Help Configuring tools The security authentication module is installed by default on a node as part of the HP Operations agent package. Deploy the security authentication module to domain controllers If the tool uses domain accounts, then you must configure the domain controllers of the target node s domain as managed nodes and deploy the HP Operations agent package to the domain controllers. The agent installation makes the security authentication module available on the domain controllers. If there are several domain controllers in a domain, and depending on the availability of these domain controllers, the Windows authentication systemwill contact different domain controllers. For this reason the security authentication module must be available on all domain controllers of that domain. The security authentication module on the domain controllers authenticates the login for any machine when the tool launches. However, in this case, the account that the tool runs as does not have network credentials. Note: You cannot run tools using domain accounts without passwords if none of the domain controllers are available. If the tool uses local accounts, no further action is necessary because the security authentication module is automatically deployed together with the HP Operations agent package, which is required to execute tools on the managed node. Exclude the security authentication module from the agent installation To exclude the security authentication module fromthe agent installation: l HTTPS agents In the HTTPS agent installation defaults file, set the INSTALL_OPCAUTH option to false, for example: [eaagt] INSTALL_OPCAUTH = false Note: When you install an HTTPS agent manually, the HTTPS agent installation defaults file is not used and therefore the security authentication module is not registered. l DCE agents Use the SetMgmtServer tool with the /auth /on option, for example: SetMgmtServer /auth /on Disable the security authentication module after the agent installation To disable the security authentication module after the agent has been installed: l HTTPS agents a. Manually remove the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_ 0\Auth130 b. Reboot the systemafter the key has been removed. l DCE agents HP Operations Manager (9.00) Page 527 of 1297 Online Help Configuring tools Manually remove the opcauth.dll file on the node where the tool user is authenticated: %SYSTEMROOT%\opcauth.dll If you remove this DLL, then a password will always be required to run a tool under the specified account. If you remove this DLL on all domain controllers, you cannot do a switch user without a password for domain accounts. Related Topics: l Allow tools to run on Windows 2003 server nodes l Configure HTTPS agent installation defaults l Configure DCE agent installation defaults Allow tools to run on Windows 2003 Server nodes With Windows 2003 Server, Microsoft introduced a new security feature using a local security policy called "Allow log on locally." This logon right determines which users can interactively log on to a system. On the Windows 2003 server, the Domain Users group and the Domain Admins group are not included in this new policy. Existing tools that ran correctly on Windows 2000 might fail on Windows 2003 Server. This means that a tool set up to run as a domain user will fail with the following error message: Logon attempt for user (ov-excl\joec) failed. The account name may be unknown or the password was wrong. To allowtools to run on Windows 2003 Server nodes The problemcan be solved in one of the following ways: l Add the domain user to the Windows 2003 local security policy "Allow log on locally." Go to Start Administrative Tools Local Security Policy. Then select Local Policies User Right Assignment and right-click Allow log on locally to open the properties of the Allow log on locally setting. l Add the user to the local Administrators group. Change the password for multiple tools As administrator, you may configure many tools to run under a particular account, with a password specified for security reasons. When it becomes necessary to change that password, you can use the Change Password utility to change the password for all the tools that use that account name. You can also change the name of the account the tool runs under. The utility is available fromthe HP Operations Manager Tools tools group in the Tools folder in the console tree. To change the user name, password, or both for all instances of a tool 1. In the console tree, select the tool for which you want to change the user name, password, or both. 2. Open the Tool Configuration editor and be sure these settings are correct: Details pane: The Parameters box must contain the parameter $OPC_MGMTSV. When you run the tool, the name of the management server is supplied for this variable. HP Operations Manager (9.00) Page 528 of 1297 Online Help Configuring tools Target pane: The Execute on: box must specify console. 3. Fromthe console tree, select Tools HP Operations Manager Tools. In the Details pane, select the tool Modify Tools login/password. 4. Double-click the tool name or right-click to open the shortcut menu and select All Tasks Launch Tool to open the Update User/Password dialog box. 5. In the Update User/Password dialog box, enter the old user name and the new user name. 6. Enter the new password and confirmit. 7. Click Apply to confirmyour changes. 8. Click OK to confirmyour changes and close this dialog box. 9. To test the changed user name, return to the Tool Properties dialog box Target pane. The new user name should appear in the User Name box. HP Operations Manager (9.00) Page 529 of 1297 Online Help Configuring tools Configuring user roles As an administrator, you can configure an operator's view of the environment to focus on specific assigned tasks and responsibilities. By defining roles for specified users, you control the operator's view of your enterprise and the range of activities which that user has permission to perform. By assigning users to well-defined, specific roles, you can distribute monitoring and maintenance tasks across a group of individuals with their own particular areas of expertise and experience and customize each operator's console view. User roles can include both administrative and operator tasks and allow operators to focus on their primary tasks without the distraction of information that is not relevant to their assigned responsibilities. Only those items for which the operator has permissions are visible in that operator's console view. You can configure roles in two ways in HPOM: l Preconfigured user roles: HPOMprovides a number of preconfigured user roles which you can use as they are or edit to change tasks and permissions allowed for specified users. The list of preconfigured roles appears when you open the User Roles configuration editor. To edit, click Properties and edit the information. l Customized user roles: To create your own customized user roles, open the User Roles configuration editor and click Newto open the New User Role dialog box. Specify the user or users for this role and define the tasks and permissions associated with it, then save your changes. To specify permission for: l Policies and Packages: Specify which users can read, deploy, edit, or delete policies and packages. You might give one user role permission to view policies and packages and give another user role permission to edit and delete policies or packages. You can specify any combination of allowable actions. l Services, Nodes, and Tools: Specify which services, nodes, and tools will be available to specific user roles. Only those services, nodes, and tools will be visible in the console for users assigned to that user role. You can specify any combination of services, nodes, and tools. l Messages: Specify which message groups will be available to operators. This setting controls which messages are visible and which actions operators can performon a selected message. You can also specify whether users can view messages that are not in assigned message groups. Message operations for which you can set permissions include: n View n Own/Disown n Acknowledge/Unacknowledge n Change severity n Change text n Assign HP Operations Manager (9.00) Page 530 of 1297 Online Help Configuring user roles n Relaunch automatic command n Launch operator-initiated command l Users: Select users or groups of users fromthe HP-OVE-OPERATORS local group to add to this role. You can also delete users fromthis user role. Related Topics: l Assigning user roles l Configure a new user role Assign user roles User roles can contain both administrative and operator tasks, but they are assigned to operators only. An operator should not be assigned to more than one user role. Administrators can access all operator and administrative functions. Before operators can be assigned a user role, they must belong to the user group HP-OVE- OPERATORS. If a user is assigned to the HP-OVE-ADMINS groups, that user has unrestricted administrative access. Note: As an administrator, you can remove yourself fromany assigned user roles. This allows access to all operational views and tasks. Operators who belong to the HP-OVE-OPERATORS group but have not been assigned any user roles can access all service, node, and tool instances and any associated messages. However, you can change this behavior by setting the value Specify operator lockdown in the User Roles namespace in the Server Configuration dialog box. When this value is set to true, an operator who is not assigned to any user role cannot view or do anything. Operators cannot access any administrative tasks, such as service, node, tool, user role, or policy configuration and deployment. Administrative tasks are explained in detail in the Configuring HPOM section of the help. To assign an operator to a user role, use the User Roles configuration editor. Configure a new user role Use the User Roles configuration editor to define the services, nodes, tools, and messages you want to assign to a particular user role. You then assign a user, several users, or Windows group to this role. The settings you specify for the user role determine what the assigned users can see in their console views and which tools are available to them. Operators assigned to a role are able to view and operate on the instances of services, nodes, and tools you assign to their roles. For example, all service components and dependencies below the Exchange service that you select can be seen in the console Scope pane and map. All messages pertaining to those services appear in the message browser. If you modify a user role or assign or delete an operator while that operator is working in the console, your changes do not take effect until the operator's console has been closed and restarted. To configure a new user role 1. Fromthe Scope pane, select a service, node, or tool. 2. Right-click to open the shortcut menu. HP Operations Manager (9.00) Page 531 of 1297 Online Help Configuring user roles 3. Select Configure User Roles to open the User Roles dialog box. 4. Click Newto open the New User Role dialog box. Alternatively, select an existing user role and click Duplicate to create a copy for you to edit. 5. Use the tabs to configure: n General information about the user role, such as name and description. n Services that will be visible to operators assigned to this user role. n Nodes that will be visible to operators assigned to this user role and can be acted upon. n Tools that will be visible to operators assigned to this user role. n Messages defined for message groups for this user role and permissions allowed for these messages. n Policies defined for this user role, permissions specified for these categories, and policies and packages that contain these categories. n Users, Windows groups, or Active Directory groups to be added or deleted fromthis user role. 6. Click Apply to see the effects of your changes. 7. Click OK to confirmyour changes and close this dialog box. 8. Click Close to close the User Roles dialog box and configuration editor. Configure general information for user roles Each user role you create must be identified by specifying properties for that user role. Use the General tab in the New User Role dialog box to name and describe this user role. To configure general information for user roles 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the User Role Properties dialog box. The General tab displays by default. 3. In the Role Name box, type a unique name for this user role. The name cannot be changed after the role is saved. This information is required. 4. In the Description box, type an optional description of the user role you are creating. 5. Specify the reports and graphs viewing rights for this role by selecting Reports can be viewed, Graphs can be viewed, or both. 6. Select Change unplanned outage state to allow the user to change the unplanned outage state of a node or service. 7. Select Create message filters to allow the user to create personal message filters. HP Operations Manager (9.00) Page 532 of 1297 Online Help Configuring user roles 8. Click Apply to apply your changes. 9. Click OK to confirmyour choices and close this dialog box. 10. Select the Services tab to continue configuring this user role. Configure services for user roles Use the Services tab in the New User Role dialog box to specify the services you want to associate with this user role. Operators assigned to this user role will be able to view only those services you specify here. Assigning different operators to a different service or group of services has several benefits: l Focuses the operator view on a particular area of responsibility l Restricts access to information that is not needed by that operator To configure services for user roles 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the New User Role dialog box. The General tab displays by default. 3. Click the Services tab. 4. Fromthe tree view of services, select one or more services that you want to associate with this user role. When you select a check box, the selection automatically includes all the service's superordinates and subordinates. You can then clear check boxes for individual subordinates if necessary. You cannot, however, select a service without its superordinates. Note: Operators cannot view dependent services in the map unless you include those services in their user role. 5. Click Apply to apply your changes. 6. Click the Nodes tab to continue configuring this user role. Configure nodes for user roles Use the Nodes tab in the New User Role dialog box to specify the managed node groups you want to associate with this user role. Operators assigned to this user role can view and operate on only those managed nodes contained in the node group that you specify here. When you assign responsibilities to operators for a specific group of nodes, your operators can develop in-depth knowledge of a specialized area. For example, you might designate one user role to manage Windows nodes and another to manage UNIX nodes, or assign nodes hosting various database servers to different user roles. HP Operations Manager (9.00) Page 533 of 1297 Online Help Configuring user roles To configure nodes for user roles 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the New User Role dialog box. The General tab displays by default. 3. Select the Nodes tab. 4. Fromthe tree view of nodes, select one or more node groups that you want to associate with this user role. When you select a check box, everything below that entry is also selected. The selection includes the nodes as well as the node groups of the selected node group. It is not possible to select a parent node group without the node groups it contains. 5. Click Apply to apply your changes. 6. Click OK to confirmyour choices and close this dialog box. 7. Select the Tools tab to continue configuring this user role. Configure tools for user roles Use the Tools tab in the New User Role dialog box to specify the tools you want to associate with this user role. Operators assigned to this user role will be able to apply only those tools you specify here. Any tool contained in the tool group that you assign to a role can be launched fromthe scope pane, map, or message browser. Tools associated with a service or node, but not found in an operator's assigned role are disabled. You cannot launch actions on services not assigned to this user role. If Service A and Service B are defined in a role, and Service A is dependent on Service B, and Service B is dependent on Service C, the actions contained in the assigned tools can be launched on Services A and B but not on Service C (the service on which A and B depend.) To configure tools for user roles 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the New User Role dialog box. The General tab displays by default. 3. Select the Tools tab. 4. Fromthe tree view of tools, select one or more tool groups that you want to associate with this user role. When you select a check box, everything below that entry is also selected. The selection includes the tools as well as the tool groups of the selected parent tool group. It is not HP Operations Manager (9.00) Page 534 of 1297 Online Help Configuring user roles possible to select a parent tool group without the tool groups it contains. 5. Click Apply to apply your changes. 6. Click OK to confirmyour choices and close this dialog box. 7. Select the Messages tab to continue configuring this user role. Configure messages for user roles Use the Messages tab in the New User Role dialog box to specify the message groups you want to associate with this user role. Operators you assign to this role can view and performpermitted operations on messages that contain the message groups you assign to this role. Operators can view messages frommessage groups not assigned to their user role, but cannot performmessage operations on them. You can restrict an operator's view to just those message groups specified for this user role if you prefer. Different user roles can permit access to the same message group but have different message operation permissions assigned to the message group. For example, one role could allow an operator to own, disown, and launch operator-initiated actions for all messages for a particular message group, but not allow the operator to acknowledge, change severity, or launch automatic actions again. Another operator could be assigned a different user role that permits all message operations for the same message group. If an operator is in two message groups, with two different permissions, the user is given the permissions and not restricted. A default message group will be assigned to each role and cannot be removed fromthe list of message groups in the Messages tab. This default group allows you to grant permission to perform operations on messages that do not belong to any of the message groups assigned to this user role. To configure messages for user roles 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Select the Messages tab. 3. Type the name of the message group you are creating in the Enter message group box or select fromthe list, which shows the available values for this message group. Click Add to add the message group to the Message Groups assigned this Role box. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). 4. To set permissions for this message group, select the message group name. The Remove and Permissions buttons become available. 5. Click Permissions to open the Permitted Operations for Msg Group dialog box. The title of the dialog box reflects the name of the message group you selected. 6. Specify the permissions you want to associate with this message group and click OK to confirmyour choices and close the Permitted Operations for Msg Group dialog box. HP Operations Manager (9.00) Page 535 of 1297 Online Help Configuring user roles 7. Click Apply to apply your changes. 8. Select the Policies tab to continue configuring this user role. Set permitted operations for message groups When you configure a message group for a user role, you must specify which operations your operators are permitted to performon messages that belong to this group. You can specify one or more of these operations for this message group: l View l Own l Disown l Acknowledge l Unacknowledge l Change Severity l Change Text l Assign l Launch operator-initiated command l Relaunch automatic command To specify permitted operations for this message group 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the New User Role dialog box. 3. Select the Messages tab. 4. Enter the message group name or select an available message group fromthe list and click Add to add the name to the Message Groups assigned this Role box. 5. Select the message group name and click Permissions to open the Permitted Operations for Msg Group dialog box. 6. Select the operations you want to associate with this message group. 7. Click OK to confirmyour choices, close this dialog box, and return to the New User Role dialog box. Available operations are indicated by abbreviations across the top of the Message Groups assigned this Role box. The operations you associated with this message group are indicated by Xs beneath the abbreviations. 8. Click Apply to apply your changes. 9. Click OK to confirmyour choices and close this dialog box. Related Topics: HP Operations Manager (9.00) Page 536 of 1297 Online Help Configuring user roles l Configure messages for user roles Configure policies for user roles Use the Policies tab in the New User Role dialog box to specify the permitted operations you want to associate with the policies and packages containing categories assigned to this role. A category is set in the policy editor for each particular policy type. Operators you assign to this role can view specified policies and performpermitted operations on them, such as configuring or modifying the policies. A default policy category will be assigned to each role and cannot be removed fromthe list of policy categories in the Policies tab. This default group allows you to grant permission to perform administrative tasks on policies that do not contain any of the categories assigned to this user role. Default rights apply unless different rights have been assigned to a particular object. In addition, you can also assign general administrative rights to a user role. These are independent of policy categories. Think of these as global rights that you can set for a particular user role. You can use these permissions to provide levels of security by assigning different rights to different operators so that powerful features are not controlled by one user. To configure policies for user roles 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the New User Role dialog box. The General tab displays by default. 3. Select the Policies tab. 4. Type or select the name of the policy category you are assigning to this user role in the Enter Category box. 5. Click Add to add the policy category to the Categories assigned to this Role box. 6. To set permissions for this policy category, select the policy category name. The Remove and Permissions buttons become available. 7. Click Permissions to open the Policy Permissions for Category dialog box. The title of the dialog box reflects the name of the policy category you selected. 8. Specify the permissions you want to associate with this policy category and click OK to confirmyour choices, close the Policy Permissions for Category dialog box, and return to the Policies tab in the New User Role dialog box. The permissions you associated with this policy category are indicated by Xs beneath the abbreviations. 9. Specify any general administrative rights you want to assign to this user role: HP Operations Manager (9.00) Page 537 of 1297 Online Help Configuring user roles n View Policy Management: You must select this check box in order for operators to be able to view the policy management selections in the scope pane. Unless you set this check box, operators will see nothing relating to policy management in the console. n Administer Policies and Packages: The operator can configure the Policy Management server. This includes operations such as add/remove packages/policy types, deployment of packages and instrumentation, reinstall all, and uninstall all. n Ignore Policy Owner: The operator can deploy policies even if a version of these policies has already been deployed by another management server. n Policy Group Handling: The operator can create, rename, delete, copy, and move policy groups. The operator can also assign and unassign policies to and fromgroups. n Job Handling: The operator can start, suspend, and cancel deployment jobs. 10. Click Apply to apply your changes. 11. Select the Users tab to continue configuring this user role. Related Topics: l Set permissions for policy categories l User roles and levels of security l Add categories to a policy Set permissions for policy categories When you configure a policy category for a user role, you must specify which operations your operators are permitted to performon policies that belong to this category. You can specify one or more of these operations for this policy category: l Read: The operator can view the policy stream, but cannot modify or create policies. l Deploy: The operator can deploy and undeploy policies and policy groups. l Edit: The operator can create and modify policies. l Delete: The operator can delete policy versions. To specify permitted operations for this policy category 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Select the Policies tab. 3. Type or select the name of the policy category you are assigning to this user role in the Enter Category box. 4. Click Add to add the policy category to the Categories assigned to this Role box. 5. Select the policy category name and click Permissions to open the Policy Permissions for HP Operations Manager (9.00) Page 538 of 1297 Online Help Configuring user roles Category dialog box. 6. Select the permissions you want to associate with this policy category by selecting the check box for the item. 7. Click OK to confirmyour choices, close this dialog box, and return to the New User Role dialog box Policies tab. You can also specify general administrative rights for user roles which are independent of policy categories. See Configure policies for user roles for details. Related Topics: l Configure policies for user roles l Add categories to a policy Configure users and groups for user roles Use the Users tab in the New User Role dialog box to specify the users and groups that you want to associate with this user role, and to remove users and groups fromthis role. Operators assigned to this user role can view only those services, nodes, tools, messages, and policies you configure and can performonly the operations permitted for this role. To configure users and groups for a user role 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the New User Role dialog box. The General tab displays by default. 3. Select the Users tab. 4. Click Add to open the Select Users or Groups dialog box, in which you associate users and groups with the user role you are configuring. 5. In the Select Users or Groups dialog box, use the Add button to add users or groups to this role. Use the Members button to add members of groups to this role. 6. Complete your settings in the Select Users or Groups dialog box and click OK to close the dialog box. The users or groups you have added appear in the list of users in the New User Role dialog box. 7. Click Apply to apply your changes. 8. Click OK to confirmyour choices and close the New User Role dialog box. 9. The name of the new user role you have created appears in the User Roles dialog in the Name box. Select users and groups for user roles After you have defined a user role by specifying the services, nodes, tools, message groups, and policy categories that you want to associate with this user role, you then assign users and groups to HP Operations Manager (9.00) Page 539 of 1297 Online Help Configuring user roles the role. Operators belonging to the assigned group see the services, nodes, tools, messages, and policies that you specified and can carry out the tasks you have given thempermission to perform. The only users and groups displayed in this dialog box are those found in the HP-OVE- OPERATORS group on the management server. Users and groups must be added to the HP-OVE- OPERATORS group before they are available here. A group can be a local Windows group account or Windows domain group account. When you change the membership in the group, the user role is automatically updated to reflect this change. To select users and groups for user roles 1. Open the User Roles dialog box if it is not already open. a. Select a node, service, or tool in the console tree. b. Click on the Configuration toolbar to open the User Role Configuration Editor and display the User Roles dialog box, or right-click to open the shortcut menu and select Configure User Roles. 2. Click Newto open the New User Role dialog box. 3. Select the Users tab. 4. Click Add to open the Select Users or Groups dialog box, in which you associate users or groups with the user role you are configuring. 5. The names of the users and groups belonging to this domain display in the Name box: n To add individual users or groups, select the name of a user or group and click Add. The selected name is added to the list at the bottomof the dialog box. n To add members of groups, select the name of a group and click Members. The Select Users dialog box opens, which lists all the members of the group you selected. Select users fromthe list and click Add to add these users to the list at the bottomof the Select Users or Groups dialog box. 6. Click OK to confirmyour choices and close the Select Users or Groups dialog box. The users or groups you have added appear in the list of users in the Users tab of the New User Role dialog box. 7. Click Apply to apply your changes. 8. Click OK to confirmyour choices and close the New User Role dialog box. 9. The name of the new user role you have created appears in the User Roles dialog box in the Name box. Select users from groups You can select individual members of groups to add to a user role. To select users from a group 1. Select a group fromthe Name list in the Select Users or Groups dialog box. 2. Click Members to open the Select Users dialog box and display a list of the group members. HP Operations Manager (9.00) Page 540 of 1297 Online Help Configuring user roles 3. Select one or more members of the group as users in the user role you are configuring. 4. Click Add to add the selected names to the list of selected users in the Select Users or Groups dialog box. Specify operator lockdown Operators who belong to the HP-OVE-OPERATORS group but have not been assigned any user roles can access all service, node, and tool instances and any associated messages. You can block these operators access to all services, node and tool instances and any associated messages displayed in the console. To specify operator lockdown 1. In the console tree, right-click Operations Manager, and then click Configure Server. The Server Configuration dialog box opens. 2. Click Namespaces, and then click User Roles. 3. Set the value Specify operator lockdown. When set to True, the console is locked. Members of the HP-OVE-OPERATORS group without assigned user roles will be unable to see any services, node, and tool instances and any associated messages in the console. When set to False, the lockdown is disabled. Operators without assigned user roles can still see everything in the console. 4. Click Apply. User roles and levels of security As the administrator who assigns user rights to various operators, you will want to spend some time determining a strategy for making these assignments. By carefully diversifying these rights among your operators, you can be sure that the power to make key changes is not concentrated in just a few individuals. For example, you might give one user permission to edit policies and a different user permission to deploy policies. By distributing the editing and deployment rights between two users, you make it difficult for an unscrupulous user to create and deploy a harmful policy. For even greater security, you could give user A edit rights, user B group rights, and user C deployment rights. This is more secure because anyone who has group rights can change a group so that it is an auto-deploy group, thus circumventing the lack of deployment permission. Additionally, the operator lockdown feature allows you to prevent users fromaccessing any console functionality. The table shows three user roles. Users 1 and 2 are assigned to role 1. User 3 is assigned to role 2, and user 4 is assigned to role 3. l Role 1 users can: n Deploy policies of category a n Read, create, modify, and delete policies of category b n Read and deploy all other policies HP Operations Manager (9.00) Page 541 of 1297 Online Help Configuring user roles n View Policy Management n PerformPolicy Group and Job handling l The Role 2 user can: n Read n View Policy Management l The Role 3 user cannot view policy management at all. Role User Category Category-based Rights Global Rights Role 1 User 1 a Deploy View Policy Management, Job Handling, Group Handling User 2 b Edit, Delete, Read View Policy Management, Job Handling, Group Handling Default Read, Deploy View Policy Management, Job Handling, Group Handling Role 2 User 3 Default Read View Policy Management Role 3 User 4 Default / / Note: The predefined Default denotes all categories for which no special rights have been defined. HP Operations Manager (9.00) Page 542 of 1297 Online Help Configuring user roles Managing messages The view you see in your console has been preconfigured by your administrator to display information received frommanaged nodes and services about conditions in your environment. Your administrator-configured view allows you to performmany tasks froma single location: l Detect the problem A message indicating a problemappears in your active messages browser. Use the messages browser as a starting point to review and respond to each message. Here you can see what has happened, the severity level of the message, and whether there are preconfigured actions you can take to resolve the problem. By setting filters you can further customize the message browser to show only those messages that match the criteria you set. For more information, see Browsing messages and Filtering messages. l Evaluate the problem Examine the problemto determine what the problemis and where it occurred. Your administrator may have predefined instructions associated with the message to help you diagnose the problem. Problems you are alerted to in the message browser can often best be solved using the perspective provided by the map view of your environment. The map view presents a graphical view of your entire service or node hierarchy, including any subsystems or subservices. For more information, see Using map views. l Resolve the problem Your administrator may have preconfigured automatic actions to correct the problem. If so, the action will automatically occur. Other kinds of actions must be initiated by you. You can choose when to start these operator-initiated actions, depending on what your administrator has configured for you. When the action is completed, review to see whether the actions you started corrected the problem. For example, the initial message about the problemwill no longer appear in the message browser and a new message describing the new status will appear. You can also check to see whether a tool succeeded by looking at the Tool Status dialog box. For more information, see Acting on messages. l Document the problem When the problemis resolved, make note of your results using annotations to the message and acknowledge the message. Acknowledging moves the message to the history database. HP Operations Manager (9.00) Page 543 of 1297 Online Help Managing messages Browsing Messages HP Operations Manager for Windows provides two message browsers in which you can view messages that result fromevents occurring on managed nodes. Active Messages: The active messages browser displays active (unacknowledged) messages that can be acted on by operators to resolve problems in the managed environment. Operators can review information about a selected message, display maps that show the root cause of a problem or services impacted by the problem, and take action to resolve problems and improve performance. Acknowledged Messages: The acknowledged messages browser displays messages that have been acknowledged. Typically, a message is acknowledged when the problemthat caused that message to appear has been resolved. As in the active messages browser, you can display maps that show the root cause of a problemor services impacted by the problem. You cannot launch any actions to correct the problemfromthis browser. If you need to performtasks that are unavailable in the acknowledged messages browser, you can unacknowledge the message to move it back to the active messages browser. More options are available to you for problemresolution in the active messages browser. Within the selected browser, the headline displays a number of message details in one view. You can also view message attributes, severity, and status levels at a glance. Browsing active messages When first launched, the active message browser displays all active (unacknowledged) messages for an operator's managed environment. At a glance, you can see status and severity for managed nodes and services and take action to resolve problems that impact critical services. The active message browser is your administrator-configured view of all the active messages received at your console. HP Operations Manager for Windows receives events frommanaged nodes and services and displays themas messages in your view. To see acknowledged messages (messages that have been resolved), switch to the acknowledged message browser. Using the active message browser, you can: l Evaluate all current messages according to color-coded status. l Read message text. l Review instructions. l View a map in context of a selected message. Show uses/contains relationships, root cause, or impacted services or nodes, depending on your selections. l Add, delete, and modify annotations for selected messages. l Determine impacted services for a selected message. l Find the root cause of a message's severity. l Initiate corrective actions. l Review status of operator-initiated actions. l Display a graph or report in the context of a selected message. HP Operations Manager (9.00) Page 544 of 1297 Online Help You can simplify the message display by showing only messages fromnodes or services of special interest to you. The browser headline displays the message attributes in a condensed format that you can interpret quickly. You can customize the appearance of your active messages browser by arranging columns in the order you prefer and specifying the sort order of information in the columns. These settings are maintained fromsession to session. By default, unowned messages have a background color according to their status. Messages that other users own have a light gray background. You can customize message coloring by changing the message browser properties (in the Console Properties dialog box). Related Topics: l "Browsing acknowledged messages" (on page 545) l "Message browser headline" (on page 546) l "Message properties" (on page 578) l "View messages for selected nodes or services" (on page 545) l "Specify console message browser properties" (on page 1031) Browsing acknowledged messages The acknowledged messages browser displays all messages that have been acknowledged in the active messages browser. Acknowledged messages are moved fromthe active messages browser to the acknowledged messages browser. Using the acknowledge messages browser, you can: l Unacknowledge a message and return it to the active messages browser. l Read message text. l Review instructions. l Add, delete, and modify annotations for selected messages. l View message properties. If you need to performtasks that are unavailable in the acknowledged messages browser, you can unacknowledge the message to move it back to the active messages browser where more options are available to you. Related Topics: l Browsing active messages l Browsing messages View messages for selected nodes or services When first opened, the active messages browser displays all active messages. To focus more precisely on areas of interest to you, you can specify those nodes or services for which you want to view messages. HP Operations Manager (9.00) Page 545 of 1297 Online Help To viewmessages from a selected node, node group, or service 1. Fromthe console tree, select the node, node group, or service for which you want to view messages. 2. Right-click to open the shortcut menu. 3. Select View Active Messages to open the browser in the details pane. The browser displays active messages fromthe selected node or service and its subcomponent nodes or services. To view acknowledged messages, see the acknowledged messages browser. Related Topics: l Browsing active messages overview l Browsing acknowledged messages Mass operations on messages Some operations can be performed on many messages at once, saving you time and effort when performing repetitive actions. Mass operations you can performon messages are as follows: l Own and disown l Acknowledge and unacknowledge l Change severity l Save message to file l Start an operator-initiated command Note: To stop an operator-initiated command, you must stop it one message at a time. To perform a mass operation 1. Select a block of messages or the desired set of messages in the messages browser. Note: The messages browser's status bar displays the number of selected messages. 2. Right-click to open the shortcut menu. 3. Select the command for the operation you want to perform. Related topics l Specify console message browser properties Message browser headline The browser headline is a banner across the top of the message browser that labels the columns of information the browser displays. Use the headline to quickly identify these message details: Column Description Severity Color-coded icons give at-a-glance message status. The console displays six levels of message severity. HP Operations Manager (9.00) Page 546 of 1297 Online Help Duplicates Message counters are displayed in the Duplicates column by default. You can configure their display using the Options dialog box which you can open by clicking in the browser headline. SUIAON The status column displays attributes for message states. The flags in the columns indicate state and the availability of instructions, annotations, and actions for each message. Received Specifies the date and time the message was received on the management server. Created Specifies the date and time the message was created. Service Specifies the service that issued the message. For example, a server or node name. Node Specifies the name of the node that issued the message. Application Specifies the application that detected the message or was affected by it. Object Specifies the object that caused the message or was affected by it. Group Specifies the message group to which the message belongs. You can get more detailed information about a message and change some message attributes using the Message Properties dialog box. Related Topics: l View and edit message properties Message attributes key Message attributes are described in the Message Properties dialog box and displayed graphically in the message browser headline. The SUIAON column in the message browser shows which attributes are available for a selected message. Flags in the columns provide further information. If an attribute is not available for a message, the column for that attribute displays a hyphen (-). Value Flag S Owned Message State. A flag in this column indicates that a user has taken note (Marked) or ownership (Owned) of a message. The flags you might see in this column indicate that a message is: l O: owned by operator l X: owned by others l -: unowned l A: acknowledged U Unmatched Message. A message that does not match either a message condition or a suppress condition. An X in this column indicates an unmatched message. I Help Instructions. The administrator provides instructions for messages to help with problemresolution. If available, you can view these instructions in the Instructions tab HP Operations Manager (9.00) Page 547 of 1297 Online Help of the Message Properties dialog box. A Automatic Command. Indicates that an automatic command has been configured for the message and gives the status of the command. The attribute value shows whether a command: l X: Available l S: Successful l F: Failed l R: Running l N: Not started l D: Discarded l C: Console command O Operator-Initiated Command. Indicates that an operator-initiated command has been configured for the message and gives the status of the command. The attribute value shows whether a command is: l X: Available l S: Successful l F: Failed l R: Running l N: Not started l D: Discarded l C: Console command N Annotations: Indicates if annotations exist for this message. You review the annotations to find procedures that resolved similar problems in the past. Message severity and status levels The console displays six levels of message severity, color-coded so you can assess their importance at a glance. Severity levels are assigned to messages by your administrator, based on their importance in your environment. The numbers beside the severity level show the corresponding severity level as it appears in WMI messages. Severity Level Icon Meaning Critical (32) A condition affecting a service or node has occurred and immediate corrective action is needed. Major (16) Problemseverity is high and normal use of the affected object is likely to be impeded. Minor (8) Problemseverity is relatively low and should not impede normal use of the object. HP Operations Manager (9.00) Page 548 of 1297 Online Help Warning (4) A potential or impending service-affecting fault has occurred. Take action to diagnose and correct the problem. Normal (2) Message output is as expected. A process might be starting or completing or status information displayed. Unknown (0) A severity level was not defined in the policy running on the managed node for the event that generated the message. The following table shows the possible states of the message and the values as they map to WMI message values. State Numeric Value Undefined 1 Unowned 2 Owned 3 Acknowledged 4 Node Deleted 5 Deleted 6 HP Operations Manager (9.00) Page 549 of 1297 Online Help Filtering messages The messages that appear in your active messages browser are received fromthe nodes managed by the management server, as configured by your administrator. However, by setting filters you can further customize this display to show only those messages that match the criteria you set. Messages can be filtered by one or more of these criteria: l Message text: Filter messages containing specific text. l Severity: Filter messages of the selected severity. l Ownership: Filter messages of various ownership. l Unmatched: Filter messages that either do or do not match any of the message conditions or suppressed conditions defined in the policies deployed on the managed nodes. l Time: Filter messages created at particular dates and times. l Message attributes: Filter messages on the application, object, or message group message attribute. l Message source: Filter messages of the selected service, node, or node group. l Custom message attribute (CMA): Filter messages on custommessage attributes. Because you can select multiple properties for a filter, you can create a filter to display just those messages that matter most to you. For example, you could create a filter that would display only messages froma particular service on a particular node, created between specified dates and times. There are two types of filters: l Public filters: Public filters are available to all users, but only HPOMadministrators can create, modify, save, and delete them. l Private filters: Any user can create, modify, save, and delete private filters for their own, personal use, if they have been granted the right to do so. Related Topics: l Apply filters l Create filters l Set General filter properties l Set Time filter properties l Set Message Source filter properties l Set Message Properties filter properties l Set Message CMA Properties filter properties Apply filters When you apply a message filter, the set of messages in the active or acknowledged messages browsers changes to display only those messages that match the criteria you set. In addition, the message browser status line shows the name of the filter that is currently applied. One filter can be applied to each selected node or service available in the console tree. HP Operations Manager (9.00) Page 550 of 1297 Online Help To apply a filter You can apply a filter in one of two ways: l Toolbar menu a. Select a node, service, or message in the console. b. Click on the console toolbar. If one or more message filters are already defined, a menu opens. If no filters are defined yet, create a filter first. c. In the toolbar menu, select Activate Message Filter and the name of the filter that you want to apply. l Filter Messages dialog box a. Select a node, service, or message in the console. b. Click on the console toolbar. If one or more message filters are already defined, a menu opens. If no filters are defined yet, create a filter first. c. In the toolbar menu, select Configure Message Filter to open the Filter Messages dialog box. d. In the Filter Messages dialog box, select the filter that you want to apply and click Activate. The filter icon changes in the Message Filter dialog box to indicate that the filter is currently applied. To remove a filter You can remove a filter in one of two ways: l Toolbar menu a. Select a node, service, or message in the console. b. Click on the console toolbar. c. Select Activate Message Filter and deselect the name of the filter that you remove. l Filter Messages dialog box a. Select a node, service, or message in the console. b. Click on the console toolbar. c. Select Configure Message Filter to open the Filter Messages dialog box. d. In the Filter Messages dialog box, select the filter that you want to remove and click Deactivate. The filter icon changes in the Message Filter dialog box to indicate that the filter is turned off. The filter criteria are no longer applied to incoming messages. Related Topics: l Create filters l Edit filters HP Operations Manager (9.00) Page 551 of 1297 Online Help Create filters Filters control the display of messages within your console by matching incoming messages to the criteria you set. One filter can be applied to each selected node or service available in the console tree. You can filter messages by one or more of these properties: l Severity l Ownership l Matched conditions l Date and time l Message source (service, node, or node group) l Message properties (application, object, or message text) l Custommessage attributes To create a newfilter 1. Open the Filter Messages dialog box if it is not already open. a. Select a node, service, or message in the console. b. Click on the console toolbar to open the Filter Messages dialog box. If one or more message filters are already defined, the Message Filter dialog box does not open immediately. Select Configure Message Filter in the menu. 2. Click Newto open the Filter Properties dialog box and specify filter properties in these areas: n General n Time n Message Source n Message Properties n Message CMA Properties 3. In the Filter Properties dialog box, click Apply to apply your changes. 4. Click OK to apply your changes and close the Filter Properties dialog box. The filter name appears in the list of available filters in the Message Filter dialog box. If a filter is being used, its icon changes in the Message Filters list and its name is selected. 5. If you want to apply the filter to the active messages browser, click Activate. 6. In the Message Filter dialog box, click Close to return to your console view. If you already have a message browser open, you should see only those messages that match the applied filter. The message browser status line shows which filter, if any, is applied. Related Topics: l Apply filters l Edit filters HP Operations Manager (9.00) Page 552 of 1297 Online Help Set General filter properties Use the General tab of the Message Filter dialog box to specify general information about a filter. All information is optional. You can combine several filtering criteria in one filter. For example, you could select both critical severity and an unmatched criteria. To specify General information for a filter 1. Open the Filter Messages dialog box if it is not already open. a. Select a node, service, or message in the console. b. Click on the console toolbar to open the Filter Messages dialog box. If one or more message filters are already defined, the Message Filter dialog box does not open immediately. Select Configure Message Filter in the menu. 2. Click Newto open the Filter Properties dialog box. The General tab displays by default. 3. Enter a name for the filter in the Name box. 4. Select Public filter if you are an HPOMadministrator and want the filter to be available to all users. 5. If you want to filter by message text, enter the text in the Message Text Includes: box. Only messages that contain this specified text will display in the browser. For example, if you enter "error" in the Message Text Includes box, messages will be filtered on message text that contains the word "error," regardless of case. 6. To filter on severity criteria, check one or more check boxes in the Severity group. 7. To filter on ownership criteria, check one or more check boxes in the Ownership group. 8. In the Policy Condition criteria, check one or both the Unmatched and Matched check boxes to filter for messages that either match or do not match any of the message conditions or suppressed conditions defined in the policies deployed on the managed nodes. Informyour administrator of any unmatched messages so that the corresponding message can be improved or corrective action provided. 9. Click Apply to apply your changes. 10. Click OK to apply your changes and close this dialog box. Related Topics: l Set Time filter properties l Set Message Source filter properties l Set Message Properties filter properties l Set Message CMA Properties filter properties l Create filters l Apply filters HP Operations Manager (9.00) Page 553 of 1297 Online Help Set Time filter properties Use the Time tab of the Message Filter dialog box to filter messages created on a particular date, at a particular time, or during a specified time period. To filter by time, date, or time period 1. Open the Filter Messages dialog box if it is not already open. a. Select a node, service, or message in the console. b. Click on the console toolbar to open the Filter Messages dialog box. If one or more message filters are already defined, the Message Filter dialog box does not open immediately. Select Configure Message Filter in the menu. 2. Select the Time tab. 3. Select All Messages to display messages regardless of the time they were created. 4. If you prefer to filter messages created at a specific time, on a specific date, or during a specific interval of time, select Message Received. n Select specific start and end dates by clicking the down arrows in the To and From date boxes to open the calendar. In the calendar, click the start date you want. The calendar closes and the date you selected appears in the To field. Repeat using the From date box to open the calendar again. Select an end date. n Select specific start and end times by clicking the down arrows in the To and From time boxes. n Specify start and end times using the up and down arrows in the time fields. Place your cursor in area of the time that you want to change (hours, minutes, or seconds) and use the arrows to increase or decrease the time and change fromamor pm. n To filter by a time period such as months or days, rather than specific dates, click Within: and enter the number of months or days you prefer. 5. Click Apply to apply your changes. 6. Click OK to apply your changes and close this dialog box. Related Topics: l Set Message Source filter properties l Set Message Properties filter properties l Set Message CMA Properties filter properties l Set General filter properties l Create filters l Apply filters HP Operations Manager (9.00) Page 554 of 1297 Online Help Set Message Source filter properties Use the Message Source tab of the Message Filter dialog box to filter for messages received from specified message sources such as services and nodes. Only messages fromthe services and nodes you select will display in the message browser. To set message source filter properties 1. Open the Filter Messages dialog box if it is not already open. a. Select a node, service, or message in the console. b. Click on the console toolbar to open the Filter Messages dialog box. If one or more message filters are already defined, the Message Filter dialog box does not open immediately. Select Configure Message Filter in the menu. 2. Select the Message Source tab. 3. Select one or more services or nodes fromthe Select Services, Nodes, or Node Groups tree to display only messages fromthose nodes or services in the message browser. Services can be selected independently of their position in the tree's hierarchy. If you select a node group, all nodes included in the group are also selected. To deselect an item, click the check box. 4. Click Apply to apply your changes without closing this dialog box. 5. Click OK to apply your changes and close this dialog box. Related Topics: l Set Message Properties filter properties l Set Message CMA Properties filter properties l Set General filter properties l Set Time filter properties l Create filters l Apply filters Set Message Properties filter properties Use the Message Properties tab of the Filter Properties dialog box to filter on application, object, and message group properties. Only messages with those properties will display in the message browser. An application is defined as the name of the application which was affected by or detected the problem. An object is defined as a specific object which was affected by, detected, or caused the message. A message group is defined as a group of messages that belong to the same task or have some logical connection (for example, messages frombackup tasks or messages having a common policy). Attributes you can filter on include: HP Operations Manager (9.00) Page 555 of 1297 Online Help l Applications, such as XP, Oracle, Exchange, or OpC. l Objects, such as a print server or device manager, a graph template name, or a metric such as cpu_utilization. l Message groups, such as OpenView, OpC, or VP_SM. To set Message Properties filter properties 1. Open the Filter Messages dialog box if it is not already open. a. Select a node, service, or message in the console. b. Click on the console toolbar to open the Filter Messages dialog box. If one or more message filters are already defined, the Message Filter dialog box does not open immediately. Select Configure Message Filter in the menu. 2. Select the Message Properties tab. 3. Fromthe Browser Property dropdown list, select the attribute for which you want to filter (application, object, or message group). 4. In the Value box, type the application, object, or message group name, or select it fromthe dropdown list. Message filters in the console limit the message group length to 32 characters (the same length limit of the Field box in messages). 5. Click Add to add the property to the Property list. 6. If you selected a message in step 1, Get Values is available. Click Get Values to add attributes to the Property list. If multiple messages were selected, the Value column shows a unique value for each attribute. For example, a SAP application might show values for: SAP DB server#1 SAP APP server#2 7. To add more properties to the Property list, repeat the previous steps. 8. To remove a property fromthe list being filtered for, select the property and click Delete. 9. Click Apply to apply your changes without closing this dialog box. 10. Click OK to apply your changes and close this dialog box. Related Topics: l Set Message CMA Properties filter properties l Set General properties l Set Time properties l Set Message Source properties l Create filters l Apply filters Set message CMA filter properties Use the Message CMA Properties tab of the Filter Properties dialog box to filter for messages that match specified custommessage attributes (CMA) properties. Only messages that match the HP Operations Manager (9.00) Page 556 of 1297 Online Help names and values that you select will display in the messages browser. To set message CMA filter properties 1. Open the Filter Messages dialog box if it is not already open. a. Select a node, service, or message in the console. b. Click on the console toolbar to open the Filter Messages dialog box. If one or more message filters are already defined, the Message Filter dialog box does not open immediately. Select Configure Message Filter in the menu. 2. Select the Message CMA Properties tab. 3. Select the CMA Name and Value pair for which you want to filter. The list contains all the known CMA names. CMAs are available only if they have been received on the server and are already attached to messages in the database. 4. Click Add to add your selections to the Property list. 5. To add more properties to the Property list, repeat the previous steps. 6. To remove a property fromthe list, select the property and click Delete. 7. Click Apply to apply your changes without closing this dialog box. 8. Click OK to apply your changes and close this dialog box. Related Topics: l Set General filter properties l Set Time filter properties l Set Message Source filter properties l Set Message Properties filter properties l Create filters l Apply filters Edit filters You can easily edit any filter you have created. To edit a filter 1. Open the Filter Messages dialog box if it is not already open. a. Select a node, service, or message in the console. b. Click on the console toolbar to open the Filter Messages dialog box. If one or more message filters are already defined, the Message Filter dialog box does not open immediately. Select Configure Message Filter in the menu. 2. Fromthe Filter Name list, select the name of the filter that you want to edit. 3. Click Edit to open the Filter Properties dialog box. HP Operations Manager (9.00) Page 557 of 1297 Online Help 4. Edit the existing information in the following tabs: n General n Time n Message Source n Message Properties n Message CMA Properties 5. When you finish editing the filter, click Apply to save your changes. 6. Click OK to save your edited filter and close the Filter Messages dialog box. 7. In the Filter Messages dialog box, click Close. Related Topics: l Apply filters l Create filters HP Operations Manager (9.00) Page 558 of 1297 Online Help HP Operations Manager (9.00) Page 559 of 1297 Online Help Acting on messages Fromwithin the active messages browser, you can performa number of operations on existing messages. For example, you can acknowledge, annotate, edit, own, and disown messages, edit message text attributes, and launch commands and policies, as well as performother functions. More limited options are available to you fromwithin the acknowledged messages browser. In this browser, you can unacknowledge the message, view message properties, text, and instructions, and act on annotations for selected messages. Related Topics: l Using the message browser interface l View and edit message properties Own a message Owning a message means that you take responsibility for performing the actions associated with that message. As the owner, you have read-write access to the message. Other users may see this message in their browsers but have limited access to it. For example, only the owner of a message can performthe following tasks: l Restart an automatic command related to the message l Start an operator-initiated command l Disown the message l Modify the message text l Acknowledge the message l Change message severity You do not have to be the owner of a message to annotate it or modify custommessage attributes. An administrator can change the ownership of messages that other users currently own. If you performthe following actions on an unowned message, you automatically become the owner of the message: l Restart an automatic command related to the message l Start an operator-initiated command l Change the message severity l Change the message text You also become the owner of any message that you unacknowledge. To own a message 1. In the message browser, select the message you want to own. 2. Right-click the message to open the shortcut menu and select Own. 3. An owned message displays as orange in the message browser and the browser headline HP Operations Manager (9.00) Page 560 of 1297 Online Help displays a letter Oin the S column to indicate that the message is owned. Other operators will see an X in that column. Related Topics: l Disown a message l Annotate a message l Modify message text l Acknowledge a message l Rerun automatic commands l Performoperator-initiated commands Disown a message Only the owner of a message or the administrator can disown a message. To disown a message 1. In the active messages browser, select the message or messages you want to disown. 2. Right-click the message to open the shortcut menu and select Disown. The browser headline displays a hyphen in the S column to indicate that the message is disowned. Related Topics: l Own a message Assign messages Administrators can assign ownership of messages to other users. Administrators can also give operators the right to assign ownership of messages for particular message groups. The owner of a message is responsibile for performing the actions associated with that message. This ability to assign ownership of messages enables managers, for example, to delegate work to other users. To assign messages 1. In the messages browser, select one or more messages. 2. Right-click the messages and then click Assign.... The Select User dialog box opens. 3. Click the user to whomyou want to assign the messages, and then click OK. Related Topics: l Own a message l Disown a message l Set permitted operations for message groups HP Operations Manager (9.00) Page 561 of 1297 Online Help Acknowledge a message You acknowledge a message when the problems causing that message to appear are resolved. Typically, you acknowledge messages when you finish working with them. Acknowledging a message removes it fromthe active messages browser view and places it in the acknowledged messages browser. You might acknowledge a message because: l You have resolved any problems and completed work on the message. l Another message in the browser describes the same event. l Message severity is low and no action is required. To acknowledge a message 1. In the details pane, select one or more messages that you want to acknowledge. 2. Right-click to open the shortcut menu. 3. Select Acknowledge. The message you acknowledged no longer appears in the active messages browser view. You can move acknowledged messages back into the active messages browser by unacknowledging themin the acknowledged messages browser. Related Topics: l Unacknowledge a message Unacknowledge a message Unacknowledge messages when you want to return themto the active messages browser for further investigation. Unacknowledging a message removes it fromthe acknowledged messages browser and returns it to the active messages browser. You might revisit acknowledged messages to: l Read message annotations. l Use the acknowledged messages browser as a resource for solving problems. To unacknowledge a message 1. In the console tree, select the node or service you are interested in to display only those messages in the details pane. 2. Fromthe console tree, right-click to open the shortcut menu. 3. Select Acknowledged to open the acknowledged messages browser in the details pane. 4. In the details pane, select the message you want to unacknowledge. Right-click to display the shortcut menu. 5. Select Unacknowledge. The message you unacknowledged is removed fromthe history database and returned to the active messages browser. Related Topics: HP Operations Manager (9.00) Page 562 of 1297 Online Help l Acknowledge a message Launch commands If the administrator has configured automatic or operator-initiated commands for a message, you can rerun the automatic commands and run the operator-initiated commands as part of your problem-solving strategy. You can determine whether commands are available for a selected message by glancing at the message browser headline status column, which also displays the status for the command. More information about the commands configured for a message is available fromthe Message Properties dialog Actions tab, which shows the type of command, the command itself, and the location where the command runs. There are two types of commands; each message can be associated with one action of each type: l Automatic commands are configured to run automatically when certain conditions are met (as soon as an event is detected). If you detect that the command has failed, you can rerun it. l Operator-initiated commands can be launched by an operator and may require some user input. For example, actions requiring too much CPU should not be started without first evaluating systemload and requirements. To launch a command 1. In the details pane, select the message for which you want to run a command. 2. Right-click to open the shortcut menu. 3. To rerun an automatic command, select Commands Start Automatic. You can verify that the command was successful by looking in the message browser status column. The A column displays an S if the command was successful. 4. To run an operator-initiated command, select Commands Start Operator Initiated. You can verify that the command was successful by looking in the message browser status column. The Ocolumn displays an S if the command was successful. Related Topics: l Stop commands Stop a command You can easily stop any command you have launched. To stop a command 1. Fromthe details pane, select the message for which you want to stop a command. 2. Right-click to open the shortcut menu. 3. To stop an automatic command, select Commands Stop Automatic. You can verify that the command was successful by looking in the message browser status column. The A column displays an S if the command was successful, an F if the command failed. 4. To stop an operator-initiated command, select Commands Stop Operator Initiated. You can verify that the command was successful by looking in the message browser status HP Operations Manager (9.00) Page 563 of 1297 Online Help column. The Ocolumn displays an S if the command was successful, an F if the command failed. Annotate a message You can add annotations to a message at any time while you are working on it. Typically, after you complete work on a message, you document your actions using annotations, which record how a problemwas resolved. An annotation is a short note that summarizes important points about the actions you took and can be used by others to resolve similar situations. You can review annotations for procedures used to resolve similar problems by using the acknowledged messages browser. Annotations typically explain: l Actions performed to resolve the problem. l Status information for the action performed. l Start and finish times for the action. To annotate a message 1. In the details pane, select the message you want to annotate. 2. Right-click to open the shortcut menu. 3. Select Annotations to open the Annotations tab of the Message Properties dialog box. Existing annotations for the selected message are listed here, along with the originator of the annotation and the time it was created. 4. To create an annotation, click Newto open the New Annotation dialog box. 5. Enter your comments and click OK. The annotation appears in the Text box in the Annotations tab of the Message Properties dialog box. 6. Click OK to save the annotation. The annotation count is incremented in the message browser. 7. Click Cancel to close the dialog box without saving your annotation. 8. To delete an annotation, click Delete. The annotation is removed fromthe message in the active messages browser. Note: Annotations added by the systemas a result of an automatic action specified by a policy cannot be deleted. If you try to delete a SYSTEMannotation, a message displays telling you that the delete operation failed. Edit annotation text You can edit annotation text and resize the text window where the text appears. To edit annotation text 1. In the details pane, right-click a message in the messages browser to open the shortcut menu. 2. Select Properties to open the Message Properties dialog box. The Text tab displays by default. 3. Select the Annotations tab. HP Operations Manager (9.00) Page 564 of 1297 Online Help 4. Select a message and click Edit to open the Edit Annotations dialog box. 5. Make any edits to the text and drag the window to resize it, if desired. You can also double- click a message name to open the Edit Annotations dialog box. 6. Click OK to save your changes. 7. To view your changes, select the annotation. The annotation you edited appears in the text box. Related Topics: l View and edit message properties l View message annotations Edit message text You can change message text as long as no one else owns the message. If you change the message text of an unowned message, you become the owner of the message. You might modify a message because: l You want to clarify the message. l You want to add additional details. To edit message text 1. In the details pane of the message browser, select the message you want to edit. 2. Right-click to open the shortcut menu. 3. Select Message Text to open the Text tab of the Message Properties dialog box. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. 4. In the Message box, enter the new message information. 5. Click OK. The dialog box closes and your changes appear in the message browser for others HP Operations Manager (9.00) Page 565 of 1297 Online Help 6. Click Cancel to close this dialog box without saving your changes. Related Topics: l "Own a message" (on page 560) Modify message attributes You can modify the text of the message that appears in your message browser. Some attributes are modified fromthe Properties dialog box and some only fromthe shortcut menu. After you modify an unowned message, you become the owner of the message. Attributes you can modify include: l Annotation l Message text l Severity To modify message attributes 1. In the message browser, select the message you want to modify. 2. Right-click the message to open the shortcut menu. To modify severity, select Change Severity to open a shortcut menu. Select Critical, Major, Minor, Warning, or Normal to change the severity of the selected message. To modify annotation or message text for a selected message, select Properties fromthe shortcut menu to open the Message Properties dialog box. If you prefer, you can select the attribute you want to change fromthe shortcut menu and go directly to that tab in the Properties dialog box. 3. Modify one or more attributes using the tabs in the dialog box. 4. Click OK to close the dialog box. Your changes are immediately applied to the selected message and are visible to other users. 5. Click Cancel to close the dialog box without saving your changes. Related Topics: l View message properties Configure policies HPOMconsolidates a number of tasks related to the policies that generate messages to one convenient interface accessible fromthe message browser itself. By launching the policy editor directly fromthe message generated by the policy itself, you can fine tune a new policy to monitor a new application, isolate and modify a policy that is generating messages during message storms, and reconfigure a policy to recognize an unknown message. Specifically, fromthe message browser, you can: l Quickly suppress message generation l Edit the policy condition that generated a message with a mouse click l Quickly match unknown messages HP Operations Manager (9.00) Page 566 of 1297 Online Help l Deploy policies directly fromthe policy editor l Deploy a policy based on version already deployed. Related Topics: l Policy editing options l Edit policies l Create a suppress condition l Create a match condition Edit policies You can edit the policy that generates a specific message directly fromthe message browser, saving steps and time. To edit policies 1. In the message browser, select the message for which you want to edit the policy. 2. Right-click to open the context menu. 3. Select Policy Edit Policy to open the policy editor. 4. Edit the policy as necessary. Related Topics: l Developing agent policies l "Policy editing options" (on page 569) l "Create a match condition" (on page 568) l "Create a suppress condition" (on page 567) Create a suppress condition Fromwithin the message browser, you can create a new condition for a message that suppresses future generation of the message. When you select a message to create a suppress condition, as described below, the systemcreates a policy condition that instructs the agent to suppress generation of messages that match the selected message's original event text. In this way, you can control the type and number of messages that appear in the message browser and can respond quickly to message storms by suppressing messages generated froma particular policy. To create a suppress condition 1. Fromwithin the message browser, select the message for which you want to create the suppress condition and right-click to open the context menu. 2. Select Policy Create Suppress Condition fromthe menu to open the appropriate policy editor, which displays the New Rule dialog with the Condition tab active and the generated default displayed. Accept the defaults. HP Operations Manager (9.00) Page 567 of 1297 Online Help 3. Select the Actions tab. The default setting for here for suppress conditions is Do nothing: stop evaluation. 4. If you prefer, you can change the default to suppress the message based on some criteria other than the message text. Provide a description of the rule and specify its conditions. 5. Click OK. Your new rule will appear on the Rules tab of the policy editor dialog box. Incoming messages matching the criteria in this rule will be suppressed and will not appear in the message browser. Note: Not all policy types offer the Create message suppression menu option.because they do not have condition IDs. Scheduled policy type is an example. For these policy types, the Policy Edit Policy menu option opens the appropriate policy editor to the specific policy that generated the message. Related Topics: l Developing agent policies l Policy editing options l Create a match condition l Edit policies Create a match condition Fromwithin the message browser, you can create a new condition for a message or modify the condition that matches a generated message. When you select a message to create a match condition, as described below, the systemcreates a new condition that matches on the selected message's original event text. After you save and deploy the policy containing the new condition, the agent on the managed node generates a message when an event it receives matches the new condition. The message generated by the event can be preconfigured to have specific properties, such as severity, instruction text, and the like. The message can also be configured to launch automatic and operator-initiated commands. To create a match condition 1. Fromwithin the message browser, select the message for which you want to create the match condition. 2. Right-click to open the context menu. 3. Select Policy Create Match Condition fromthe menu to open the appropriate policy editor, which displays the New Rule dialog with the Condition tab active and the generated default displayed. Accept the defaults. 4. To modify the default, select the Actions tab and provide a description of the rule and specify its conditions. 5. Click OK. Your new rule will appear on the Rules tab of the policy editor dialog box. Incoming messages matching the criteria in this rule will appear in the message browser. The Actions tab default setting for match conditions is Send Message.... 6. To modify the actions associated with this message, double-click the rules description on the HP Operations Manager (9.00) Page 568 of 1297 Online Help Rules tab to open the Rule dialog. Select the Actions tab, then select the location where the message should be sent and indicate any associated automatic or operator-initiated actions. 7. Click OK to confirmyour changes and close the dialog box. Note: Not all policy types offer the Create Match Condition menu option because they do not have condition IDs. Scheduled policy type is an example. For these policy types, the Policy Edit Policy menu option opens the appropriate policy editor to the specific policy that generated the message. Related Topics: l Developing agent policies l Policy editing options l Create a suppress condition l Edit policies Policy editing options The editing options available for various policies are shown in the following table. Users working in the message browser can modify the policy that generated a selected message by choosing one of the following menu options. Menu options vary depending on the message selected. l Edit Policy (if no conditions were set in the policy, only this menu option is available) l Create Suppress Condition l Create Match Condition The ConfigFile, Service Auto-Discovery, Flexible Management, and Node Info policy types do not generate messages, so are not included in this table. Edit policy (Opens Policy Editor to policy only) Edit policy condition (Opens Policy Editor to policy and condition) Create match condition Create suppress condition Open Message Interface no yes yes yes Log File Entry no yes yes yes Windows Event Log no yes yes yes Measurement Threshold no yes no no SNMP Interceptor no yes yes yes Scheduled Task yes no no no Windows no yes no no HP Operations Manager (9.00) Page 569 of 1297 Online Help Management Interface Service/Process Monitoring yes no no no Related Topics: l Edit policies l Create a suppress condition l Create a match condition HP Operations Manager (9.00) Page 570 of 1297 Online Help HP Operations Manager (9.00) Page 571 of 1297 Online Help Using map views Problems you are alerted to in the messages browser can often best be solved using the perspective provided by the map view of your environment. The map view presents a graphical view of your entire service or node hierarchy, including any subsystems or subservices. Nodes, services, and their components are represented as icons, color-coded to indicate the current state of the node or service. When changes occur in the environment, HP Operations Manager automatically updates the map view to present the latest configuration and status. Opening the map view fromthe message browser displays a map in a new window. You can tile the windows horizontally to view both the message browser and the map view at the same time. For a closer look at a specific area of concern, you can select a node or service on the map and left- click to redraw the map with the selected itemat the center of the map. All subcomponent details such as subservices or managed devices are displayed below your selection. Selecting any itemin the map view displays messages fromthat itemand any subcomponents below it in the hierarchy. Left-click an object in the map view to place that object in the center of the map. If you click in a blank area of the map, the point where you clicked becomes the center of the map and objects are repositioned accordingly. If your administrator has provided descriptions of the items in the map, they display as ToolTips. Captions can contain up to 500 characters. The map view offers specialized views that help you diagnose problems: l Root cause analysis performs a top-down investigation of the hierarchy of your selected service or node and stops at the hierarchical level of the service or node that caused the status to change. There may be more levels below that, which are not displayed because the services or nodes on those levels did not contribute to the problem. l Impacted analysis works in the other direction, fromthe bottomup, by searching through the service hierarchy to display all other services or nodes that are impacted by the change in status. The nature of the impact is determined by the status propagation and calculation rules configured by your administrator. The impact path of a service or node also displays in the console tree. Because the impact analysis only considers negative impacts (status changes fromgood to bad) the impact graph does not necessarily display the top-level service or node, but stops where impact occurred. Note: Map views are only available on console systems running a 32 bit version of HPOM. Related Topics: l Show root cause l Show impacted services or nodes l Open a map view of nodes or services Open a map view of nodes or services The map view presents a graphical view of your entire service or node hierarchy, including any subsystems or subservices. Use the map view to drill down to the level in your node or service hierarchy where a problemis occurring. HP Operations Manager (9.00) Page 572 of 1297 Online Help You can open the map view fromthe console tree, active and acknowledged message browsers, or fromanother map view. Depending on your original selection fromthe console tree and the type of map you select to view, your map view will show different results: l If you select a node group fromthe Nodes folder in the console tree, your map view show a node hierarchy starting with the selected node at the top of the view and show nodes only. l If you select a specific node, you can view a hosting services map that shows both nodes and services, or a root cause or impacted services map, which show only nodes. l If you select a service fromthe Services folder in the console tree, your map view displays a service hierarchy, beginning with the service you selected. You can select a message in either the active or acknowledged message browsers and right-click to choose a root cause, impacted, or uses/contains map for the selected message. Fromthe resulting map view, you can right-click again to make further selections of contained By or Hosting Services map views. The icons and lines in your map are color-coded to indicate the severity levels of items in the map and to show status propagation. Black lines in the map indicate that status is not propagated up froma subservice or node. Solid lines show containment relationships. Dotted lines show dependency relationships and are also used to indicate a service hosted on a node. To open a map viewfrom the message browser 1. Right-click a message to open the shortcut menu. 2. Select Map Service or Nodes to display a map of the service or node you selected. 3. To further investigate the problem, right-click the icon for a node or service to open the shortcut menu and view further details. 4. Select Root Cause or Impacted to view another map that pinpoints the location where status changed or other services are impacted. 5. To locate a specific node or service in a crowded map view, use the Find option. a. Within the map, right-click to open the shortcut menu. Select Find to open the Search dialog box. b. Type in the name of the node or service you want to locate in the Search for Caption box. c. Click OK. A red arrow appears beside the caption in the map and the map is redrawn to center the node or service you searched for. Open a map view fromthe console tree 1. Fromthe console tree, right-click an itemin the Nodes or Services folder to open the shortcut menu. 2. Select Map to open a new window that displays a map of your selected service or node and any related subcomponents or subservices. 3. To further investigate the problem, right-click the icon for a node or service to open the shortcut menu. 4. Select Root Cause or Impacted to view another map that pinpoints the location where status HP Operations Manager (9.00) Page 573 of 1297 Online Help changed or other services are impacted. 5. To locate a specific node or service in a crowded map view, use the Find option. a. Within the map, right-click to open the shortcut menu. Select Find to open the Search dialog box. b. Type in the name of the node or service you want to locate in the Search for Caption box. c. Click OK. A red arrow appears beside the caption in the map and the map is redrawn to center the node or service you searched for. Related Topics: l Using map views l Show root cause l Show impacted services Show root cause Many factors contribute to the severity status of a node or service. In a complex environment with many hierarchical levels, it can be difficult to determine whether the service or node itself or one or more subservices or nodes has caused a severity change. To help you determine the source of a problem, HP Operations Manager provides root cause analysis to take you quickly to the service or node that is not performing. Root cause analysis starts at the level of your selected node or service, stops at the level where the cause of the problemlies, and draws a map that shows the source of the problemand the nodes or services affected. You can view a root cause map fromwithin the console tree, a map view, or the active and acknowledged messages browsers. To showthe root cause of a problem from the console tree 1. Fromthe console tree, click the service, node, or node group that you want to investigate. 2. Right-click the service, node, or node group to open the shortcut menu. 3. Click View Root Cause to display a top-down map view of the selected node or service in the current details pane. Click the + sign to expand the map to show its subservices or subsystems. The last itemin the hierarchy represents the root cause of the problem. Show the root cause of a problemfromthe map view 1. Fromthe map view, right-click the service, node, or node group that you want to investigate. 2. Click Root Cause to display a top-down map view of the selected node in a new window. The last itemin the hierarchy represents the root cause of the problem. Related Topics: l Show impacted services l Using map views HP Operations Manager (9.00) Page 574 of 1297 Online Help Show impacted services or nodes In a complex environment with many hierarchical levels, it can be difficult to determine how a severity change on one node or service may impact other nodes or services or their subcomponents. Because a subservice or subsystemcan be contained in a node or service and also be used by another service or node, a severity change affects: l The immediate parent service or node l All other services that use that subservice To help you resolve problems more efficiently, HP Operations Manager for Windows provides a map view of services or nodes that are impacted by a change in severity. You can see at a glance the services or nodes that are affected. The Show Impacted Services analysis tool starts at the level of the selected service or node and searches upward to display all other services or nodes affected by the status change. You can view an impacted services map fromwithin the console tree, a map view, or the active and acknowledged messages browsers. When opened fromthe console tree, the map displays in the details pane. When opened fromthe message browser or map view, the map displays in a new window. To showthe services impacted by a problem 1. Fromthe console tree, map view, or active and acknowledged messages browsers, select the service or node you want to investigate. 2. Right-click the service or node to open the shortcut menu. 3. Select View Impacted to show a map view of the selected service or node. 4. The map displays the service or node you selected and all services or nodes affected by the problem. Related Topics: l Show root cause l Using map views Uses and contains relationships You can change your map view to show only certain relationships among the services or nodes in your environment, which can help you to resolve problems. Views fall into two main categories; each category offers further customization of your map view: l Uses: A service that is used by another service is indicated on the map by a dotted line relationship. A service can be used by several other services, but is contained by only one service. l Contains: A service or node that is contained by another service or node group is indicated on the map by a solid line relationship. A service can only be contained by one service; a node can be contained by more than one node group. To display a submap showing a selected relationship, you must start fromwithin an open map. Right-click to open the shortcut menu and select the relationship you want to display fromthe menu. The submap appears in a new window. HP Operations Manager (9.00) Page 575 of 1297 Online Help Map Description Contains/Uses This map provides the most complete view because it shows both uses and contains relationships. Contained By/Used By This map shows the hierarchical relationship of services or nodes above the selected item. Uses This map shows only the services using the selected itemand does not display containment relationships. Used By This map shows only the services that are being used by the selected itemand does not display containment relationships. Contains This map shows only the services or nodes contained by the selected item, which would be children of the selected parent. Contained By This map shows only the parent relationship of the selected item. Service Hosted On This map shows the node the service is hosted on. Map view keyboard commands Customkey commands provide the following functionality within a map view. Key or Key Sequence Function Home Selects and centers the root node of the map. Left Arrow Selects and centers the sibling map node to the left of the currently selected node. Right Arrow Selects and centers the sibling map node to the right of the currently selected node. Down Arrow Selects and centers the first (leftmost)child map node, relative to the currently selected node. Up Arrow Selects and centers the parent map node, relative to the currently selected node. Shift+Up Arrow Collapses the children of the currently selected node, if expanded. Shift+Down Arrow Expands the children of the currently selected node, if collapsed. Ctrl+Up Arrow Moves the currently selected node toward the top of the window. Ctrl+Down Arrow Moves the currently selected node toward the bottomof the window. Ctrl+Left Arrow Moves the currently selected node to the left. Ctrl+Right Arrow Moves the currently selected node to the right. HP Operations Manager (9.00) Page 576 of 1297 Online Help HP Operations Manager (9.00) Page 577 of 1297 Online Help Viewing properties The services, nodes, and tools your administrator configures to display in the console tree have properties that you can view when you want more information about a selected item. Properties are set when the administrator configures the item. To view properties 1. Select a service, node, tool, or group in the console tree. 2. Right-click to open the shortcut menu. 3. Select Properties to open a read-only dialog box that displays properties for the selected item. Related Topics: l View and edit message properties l View services properties l View node properties l View external node properties l View node group properties l View tool group properties l View tool properties Message properties You can view message properties and edit certain message attributes using the Message Properties dialog box, which displays information about a message in greater detail than is shown in the message browser headline. Only one Message Properties dialog box displays at a time per each message browser view. To viewmessage properties Double-click the message in the messages browser or follow the steps below. 1. In the details pane, right-click a message in the message browser to open the shortcut menu. 2. Select Properties to open the Message Properties dialog box. The Text tab displays by default. 3. Review general information, annotations, instructions, message text, state, custommessage attributes, and actions for the selected message. To edit the annotations and text message properties, select the appropriate tab in the Message Properties dialog box and enter your changes. Use the Previous (up arrow), Next (down arrow), and Acknowledge buttons to move the focus back and forth in the acknowledged or unacknowledged messages browsers to make and apply changes. The icon on the Acknowledge button changes, depending on which message browser you are working from. HP Operations Manager (9.00) Page 578 of 1297 Online Help If you leave the message browser up, you can work fromwithin the Message Properties dialog box to modify the instructions, state, text, commands, annotations, duplicates, and custommessage attributes for a selected message, acknowledge and unacknowledge a selected message, and see your changes immediately take effect in the browser window. Related Topics: l View general message properties l View and edit message annotations l Edit annotation text l View duplicate messages l View message instructions l Edit message text l View message state l View commands l View and edit custommessage attributes Viewgeneral message properties Use the General tab in the Message Properties dialog box to view details about a selected message. Properties are read-only, with the exception of status. You can change severity fromthis tab. l ID: The unique identifier for this message. l Dropdown list and status icon: The list allows you to change the severity of the selected message. The icon indicates the severity of the selected message. l Time First Created on Node: The date and time the message was generated on the agent system. This time always displays using the time zone of the agent at creation time (for example, 11:30 (CET/winter). This means that this time always displays in this fixed time zone. l Time First Received on Server: The date and time the (first) message was received on the server. This time always displays using the current time zone of the management server (for example, 02:30 (PST/winter). This means that the time zone in which this time displays may change if the management server time zone changes (for daylight savings time, for example). During daylight savings time, the time fromthe example would be recalculated to 03:30 (PST/summer). l Number of Duplicates: The number of duplicates for the selected message. l Time Last Received on Server: The date and time the (last duplicate) message was received on the server. This time always displays using the current time zone of the management server (for example, 02:30 (PST/winter). This means that the time zone in which this time displays may change if the management server time zone changes (for daylight savings time, for example). During daylight HP Operations Manager (9.00) Page 579 of 1297 Online Help savings time, the time fromthe example would be recalculated to 03:30 (PST/summer). l Sender: The name of the management server that forwarded the message to this management server. l Origin: The name of the management server that originally received this message, and then forwarded it to one or more other management servers. l Primary Node Name: The name of the node generating the message, if any. l Service Id: Uniquely identifies a service and maps messages to that service. All messages contributing to the severity calculation of this service contain this service's Service ID as a message attribute. l Message Group: The name of the group this message was assigned to by the administrator. l Message Type: Shows the subgroup a message has been assigned to (for example, to show the occurrence of a specific problem). l Message Key: The identifier assigned to all messages produced by a particular policy rule. The same message key might be assigned to messages produced by different rules in different policies. l Acknowledge Message with Message Key: A message key that this message searches for. This message has acknowledged any messages with this message key that were in the active messages browser when this message was received. l Policy: The name of the policy originating the message. l Policy Type: The policy type the originating policy belongs to. l Application: The name of the application generating the message, if any. l Object: The name of the object generating the message (for example, CPU). l Unmatched: If checked, this check box indicates that the message does not match any known conditions and does not belong to any policy type. To view general message properties 1. Fromthe details pane, select a message and right-click to open the shortcut menu. 2. Select Properties to open the Message Browser dialog box. The General tab displays by default. 3. If desired, change the severity of the selected message. 4. When you finish looking at this tab, you can select another tab to view more details about the message you selected. 5. Click OK to close this dialog box. 6. Click Cancel to close this dialog box without saving your changes. Viewand edit message annotations Annotations are short notes that summarize the actions taken to resolve problems and can be used by others to resolve similar situations. You can add annotations to a message at any time and can review existing annotations using the Annotations tab in the Message Properties dialog box. HP Operations Manager (9.00) Page 580 of 1297 Online Help Messages that have annotations associated with themdisplay an X in the N column of the message browser. To create, edit, and delete annotations 1. In the active messages browser, select a message. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Message Properties dialog box and click the Annotations tab. You can also open the Annotations tab directly fromthe shortcut menu. 4. Annotations associated with the selected message are listed in order of their creation. The text of the annotation appears in the Text box and can be edited. Select an annotation fromthe list to see its complete text in the Text box. 5. To create a new annotation, click New... to open the New Annotation dialog box. 6. Enter your comments and click OK. The annotation appears in the Text box in the Annotations tab of the Message Properties dialog box. You can edit your annotation now or at a later date by selecting the message on the Annotations tab and clicking Edit. This displays a text box containing your message, which can be edited. 7. Click OK to save the annotation and close this dialog box. The annotation count is incremented in the message browser. 8. To delete an annotation, select it and click Delete. The annotation is removed fromthe message in the active messages browser. Note: Annotations added by the systemas a result of an automatic action specified by a policy cannot be deleted. If you try to delete a SYSTEMannotation, a message displays telling you that the delete operation failed. 9. Click Cancel to close this dialog box without saving your annotation. Viewduplicate messages The number of duplicate messages appears in the Duplicates column of the message browsers. Stored duplicates (duplicate messages) are listed in the Duplicates tab of the Message Properties dialog box. The list is read-only; you cannot add, delete, or edit the list. The list displays the message ID and time the duplicate was created. You can view the text, severity, object, application, message group, and node for the message by clicking on the items in the list. The information displays in the Text area at the bottomof the list. The first itemin the list contains the information for the original message. Subsequent listings contain the information for duplicate messages. Use the Up and Down arrows to scroll through the messages listed in the browser. You can acknowledge a selected message by clicking the Acknowledge button located below the Down arrow. Viewmessage instructions Message instructions are configured by your administrator to help you solve common problems. They might include details describing: HP Operations Manager (9.00) Page 581 of 1297 Online Help l Automatic actions. l Operator-initiated actions. l Manual steps to follow for problemresolution. Instructions are read-only and cannot be edited. To view message instructions 1. In the details pane, select the message for which you want to view instructions. 2. Right-click the message to open the shortcut menu. 3. Select Properties to open the Message Browser dialog box. 4. Select the Instructions tab to view instructions configured by your administrator for this message. 5. When you finish viewing the instructions, click OK to close this dialog box. Viewmessage state Use the State tab in the Message Properties dialog box to view or change the state of a selected message. Details include: l Owned: If checked, indicates the message is owned by the person shown in User of Last State Change: box. If you are the owner of the message, and you want to disown it, clear the Owned: check box. Results of the change appear in the browser. l Acknowledged: If checked, indicates that the message was acknowledged by the person shown in the User of Last State Change: If you are the owner of this message and you want to unacknowledge it, clear the Acknowledged: check box. Results of the change appear in the browser. l User of Last State Change: box. Displays the node name and user ID for the last user to own or acknowledge the message. l Time of Last State Change: Displays the time the state last changed. This time is always displayed using the current time zone of the HPOMfor Windows server and is similar to the handling of the Received box in the General tab. l Click OK to confirmyour changes and close this dialog box. Viewcommands Commands to resolve problems are associated with messages by your administrator. There are two types of commands; each message can be associated with one command of each type: l Automatic commands: run automatically when certain conditions are met (as soon as an event is detected). l Operator-initiated commands: launched by an operator and may require some user input. The Commands tab of the Message Properties dialog box displays any automatic and operator- initiated commands configured by the administrator for the selected message and also shows the node on which the command runs and the status of the command. You can start or stop the HP Operations Manager (9.00) Page 582 of 1297 Online Help configured automatic or operator-initiated command using the Start and Stop buttons. Commands are launched fromthe active messages browser. To view automatic and operator-initiated commands 1. In the details pane of the active messages browser, select the message for which you want to view commands. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Message Properties dialog box. 4. Select the Commands tab to view the commands configured for the selected message, the location where the command runs, and the status of the command. 5. To start or stop a command, use the Start and Stop buttons for automatic and operator- initiated commands. Click Refresh to see the status of the command you launched. If the command runs on the console, you will not see a status change; status displays as Available. Commands running on the console are not launched fromthe management server, which reports the status information. 3. Click OK to close the dialog box. You can also check the success or failure of a command by looking at the message attributes in the Status column of the message browser headline. Related Topics: l Launch commands Viewand edit custom message attributes Use the Custom Message Attributes tab in the Message Browser Properties dialog box to create, edit, and remove additional attributes for messages that you have selected. For example, you might add a company name, contact information, or a city location to a message; a custom message attribute (CMA) can be any information that is meaningful to you and you can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. You can choose fromthe list of static attributes and currently available CMAs to display in the message browser. CMAs will be available only if they have been received on the server and are already attached to messages in the database. After you modify the CMAs of an unowned message, you do not automatically become the owner of the message. By default, you can create, edit, and remove CMAs even if other users own the message. The HPOMadministrator may configure HPOMto prevent CMA changes on owned messages. 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespace and then click Message Action Server General. A list of values appears. 3. Set the value of Allow CMA changes on owned messages to false. HP Operations Manager (9.00) Page 583 of 1297 Online Help 4. Click OK to save the changes and close the dialog box. To create a custom message attribute: 1. In the details pane, select the message for which you want to create a custommessage attribute. 2. Right-click the message to open the Message Properties dialog box. 3. Select the Custom Message Attributes tab. 4. Click Newto open the New CMA dialog box. 5. Type a name for the new CMA in the Name box. 6. Type the CMA attribute to associate with this name in the Value box. 7. Click OK. The new CMA attribute displays in the browser in the CMA column you have previously created using the Options dialog box. To edit a custom message attribute 1. In the details pane, select the message for which you want to edit the custommessage attributes. 2. Right-click the message to open the Message Properties dialog box. 3. Select the Custom Message Attributes tab. 4. Select the CMA you want to edit and click Edit to open the Edit CMA dialog box. 5. Edit the attribute in the Value box. The new value appears on the Custom Message Attributes tab. 6. Click Apply, then OK to confirmyour choice and close this dialog box. The edited attribute appears in the message browser column you previously created. To delete a custom message attribute 1. In the details pane, select the message for which you want to edit the custommessage attributes. 2. Right-click the message to open the Message Properties dialog box. 3. Select the Custom Message Attributes tab. 4. Select the name of the attribute you want to delete. 5. Click Delete to remove the attribute fromthe Custom Message Attributes tab. 6. Click Apply, then OK to remove the attribute fromthe message browser column. Related Topics: l Change message browser column display options Service properties Properties for items in the Services area of the console tree are administrator-configured and can be viewed in a read-only dialog. The Services folder is located in the console tree directly beneath HP Operations Manager (9.00) Page 584 of 1297 Online Help the HP Operations Manager entry. Note: Your administrator may rename the Services folder to something that is more meaningful in your specific environment. However, the folder location remains the same. To viewservice properties 1. Right-click a service in the console tree to open the shortcut menu. 2. Select Properties to open the Services Properties dialog box, which displays the following information: n General n Reports and Graphs n Tools n Outage Related Topics: l View service general properties l View service reports and graphs properties l View service tools properties l View service outage properties Viewservice general properties Properties for Services items in the console tree are administrator-configured and can be viewed in a read-only dialog box. The Services folder is located in the console tree directly beneath the HP Operations Manager entry. Note: Your administrator may rename the Services folder to something that is more meaningful in your environment. However, the folder location remains the same. To view service general properties 1. Right-click the service in the console tree to open the shortcut menu. 2. Select Properties to open the Services Properties dialog box, which displays the General tab by default. n Icon: Displays the name of the icon that represents the service. n Display Name: Displays the name of the selected service. n Description: Displays a description of the selected service if your administrator has provided one. n Service ID: Displays the unique ID for the service. n Service Type: Displays the name of the service type for the selected service. n Service Hosting: Specifies a virtual or hosted on service. Displays the name of the node or HP Operations Manager (9.00) Page 585 of 1297 Online Help 3. Cick OK to close the dialog box. Related Topics: l View service reports and graphs properties l View service tool properties l View service outage properties Viewservice reports and graphs properties Properties for Services items in the console tree are administrator-configured and can be viewed in a read-only dialog box. The Services folder is located in the console tree directly beneath the HP Operations Manager entry. NOTE: Your administrator may rename the Services folder to something that is more meaningful in your environment. However, the folder location remains the same. To view service reports and graphs properties 1. Right-click the service in the console tree to open the shortcut menu. 2. Select Properties to open the Services Properties dialog box, which displays the General tab by default. 3. Select the Reports and Graphs tab, which displays the family and category of any reports and graphs configured by your administrator to be launched for the service. Related Topics: l View service general properties l View service tools properties l View service outage properties Viewservice tools properties Properties for Services items in the console tree are administrator-configured and can be viewed in a read-only dialog box. The Services folder is located in the console tree directly beneath the HP Operations Manager entry. Note: Your administrator may rename the Services folder to something that is more meaningful in your environment. However, the folder location remains the same. To view service tools properties 1. Right-click the service in the console tree to open the shortcut menu. 2. Select Properties to open the Services Properties dialog box, which displays the General tab by default. 3. Select the Tools tab, which displays the name and description of any tools configured by your administrator to run on the node the service is hosted on. Related Topics: HP Operations Manager (9.00) Page 586 of 1297 Online Help l View service general properties l View services reports and graphs properties l View service outage properties Viewservice outage properties Properties for services in the console tree Services folder are configured by your administrator and can be viewed in a read-only dialog box. The Outage tab displays the settings established for both unplanned and scheduled outages. A scheduled outage meets these criteria: l Planned to happen l Recurs at regular intervals for maintenance l Configured by a policy An unplanned outage is unexpected and can occur randomly. Note: Your administrator may rename the Services folder to something that is more meaningful in your environment. However, the folder location remains the same. To siew service outage properties 1. Right-click the service in the console tree to open the shortcut menu. 2. Select Properties to open the Services Properties dialog box, which displays the General tab by default. 3. Select the Outage tab to view the following information: n Current Outage State: Displays the outage status of the selected node. This status will be "UNPLANNED", "SCHEDULED", or "OFF". n Unplanned Outage Configuration: Displays the action that should be taken for Incoming Messages During Scheduled Outage. Messages can be either deleted or acknowledged. n Scheduled Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage. Messages can be either deleted or acknowledged. Related Topics: l View service general properties l View service tools properties l View service reports and graphs properties Node properties Properties for nodes in the Console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog. HP Operations Manager (9.00) Page 587 of 1297 Online Help To viewnode properties 1. Right-click the name of the node in the Console tree to open the shortcut menu. 2. Select Properties to open the Node Properties dialog for the selected node, which displays the following information: n General n Network n Message Identification n System n Tools n Node Groups n Outage n Virtualization Related Topics: l View node general properties l View node network properties l View node systemproperties l View node tools properties l View node outage properties l View node virtualization properties Viewnode general properties Properties for nodes in the console tree Nodes folder are configured by your administrator. HPOM administrator rights are required to modify the general properties of nodes. To view node general properties 1. Right-click the name of the node in the console tree to open the shortcut menu. 2. Select Properties to open the properties dialog box for the selected node, which displays the General tab by default. n Unique ID: Displays the automatically generated unique ID for the selected node. n Display Name: Displays the name of the selected node. n Description: Displays a description of the selected node if your administrator has provided one. n Owner Name: Displays the name of the critical contact, usually the node owner or administrator. n Contact Details: Phone number, pager number, or email address for the person entered in HP Operations Manager (9.00) Page 588 of 1297 Online Help the Owner Name box. n Manufacturer: Displays the hardware maker's name, as configured by your administrator. n Model: Displays the model name or number of the selected node (for example, Kayak XA for an HP system. n Advanced Configuration: Opens the Advanced Configuration dialog box, which displays the following information: o Modify Agent ID: The GUID of the agent that resides on this node. o Modify Certificate State: Shows whether the HTTPS node has the certificates it requires to communicate securely with the management server. View certificate states Installed The certificate is installed on this node. Denied The management server received a certificate request and has informed the node that it is not going to grant it. Failed The management server tried to grant or deny the request, but was not able to do it (because the node could not be reached, for example). Pending A certificate request has been received for this node, but not yet granted, denied, or discarded. Granted The certificate request has been granted on the management server, but the node does not have the certificate yet. You may see this state if you are granting many certificate requests at once. Undefined No certificate request has been received for the node. Related Topics: l View node network properties l View node systemproperties l View node tools properties l View node outage properties l View node virtualization properties Viewnode network properties Properties for nodes in the console tree Nodes folder are configured by your administrator and can be viewed in the Properties dialog box. Some of the information on the tabs for this dialog box is configurable and some is read-only. HP Operations Manager (9.00) Page 589 of 1297 Online Help To view node network properties 1. Right-click the name of the node in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node, which displays the General tab by default. 3. Select the Network tab. 4. In the Primary Node Name box, enter a unique node name. This information is required and is automatically entered if you selected the node to be managed by dragging and dropping the node name fromthe Discovered Nodes list to the Nodes list in the Configure Managed Nodes dialog box. When this information is entered or changed, the System Type, OS Type, and OS Version are automatically modified in the System tab. 5. Specify your preferences in the Server To Node Communications box. Check Node IP address obtained automatically (DHCP) if you do not want to use a static IP address. The server will not cache an IP address it once received for a system, but will do a name resolution every time a systemis contacted. This means that if you specify the name of a systemas the communication path value, and you have checked this box, the given name is always resolved (using an external name resolution service like DNS) if the node is contacted. Note: If you do not check this box, the server caches the first IP address it received for a node froma name resolution service. On subsequent contacts, the server uses the cached IP address instead of doing another external name resolution. This increases performance for nodes using a static IP address. Check Notify management server if node communication address changes if you want the server to be aware of IP address changes. The agent checks each time you start the systemto see if the IP address of the systemyou are running on has changed. If the answer is yes, this information is sent to the management server, where the communication path of the corresponding node is updated with the new IP address. Note: If the address space of the managed node is different fromthe address space of the management server (because they are located in different subnets), it is possible that the management server cannot use the new IP address it received froman agent. In this case, to prevent errors, do not check the Notify management server if node communication address changes check box. If you check this box, selections below it in the dialog box appear dimmed and are unavailable. 6. If you did not make a selection in the Server to Node Communications box, click either the IP Address or Domain Name FQDN button to specify a communications path. If you select IP Address, you must enter the IP address manually. By default, the Domain Name (FQDN) box displays the primary node name. If you change the primary node name, the change is reflected in the Domain Name (FQDN) box. You can also enter the domain name for the node you are configuring in the space provided. This information is optional. HP Operations Manager (9.00) Page 590 of 1297 Online Help If you have multiple IP addresses for a particular node and the communications path would differ fromthe Primary Node Name, specify the particular IP address or DNS name that you want. 7. Heartbeat Polling sends a signal to the managed node or contacts the agent on the node to check whether the node is offline. System Default means that the management server uses the heartbeat polling setting from the Server Configuration dialog box. This setting is valid for all managed nodes and is by default "ICMP & Agent". To override the systemdefault for a managed node, set Polling to Custom, then specify the Ping Protocol you want to use: n ICMP & Agent With this option, the server first attempts to contact the node using ICMP Internet Control Message Protocol packages to find out if the node is reachable. If this succeeds, it will contact the agent on the node to find out if the agent processes are running. When this fails, it will use ICMP packages again to find out if, at least, the systemis alive. As soon as this succeeds, the agent is contacted again. This option is not recommended for nodes outside of a firewall because ICMP calls are usually blocked by firewalls. n Agent Only The management server does not actively contact the node with ICMP pings, but still contacts the agent on the node. This is the recommended setting for nodes outside of a firewall. The disadvantage is that in the event of a systemoutage, the network load is higher than with normal heartbeat monitoring because the agent connection is still being tried. n ICMP Only The management server sends ping packages (using ICMP) to verify the availability of the agent. This option is not recommended for nodes outside a firewall because ICMP calls are usually blocked by firewalls. 8. Set the polling Interval in seconds. This is the interval at which the management server checks whether the managed node is offline. The minimumis polling interval is 60 seconds, and the maximumis 28800 (8 hours). 9. Clear Enable Auto Deployment if you do not want HPOMto automatically deploy policies to the node. HPOMautomatically deploys policies to a node when the agent is correctly installed. For HTTPS agents, a correctly installed certificate is also required; otherwise the deployment job fails. By default, HPOMautomatically deploys certain core policies to nodes. The core policies include autodiscovery policies that gather service information on nodes. This information is sent back to the management server to generate a service tree. (You can also automatically deploy additional groups of policies by associating policy groups with node groups and service types.) 10. Click OK to apply your changes and close this dialog box. 11. Click Cancel to close this dialog box without saving your changes. Related Topics: l View node general properties l View node systemproperties HP Operations Manager (9.00) Page 591 of 1297 Online Help l View node tools properties l View node outage properties l View node virtualization properties l Agent health checks l Disable policy autodeployment Viewnode system properties Properties for nodes in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. To view node system properties 1. Right-click the name of the node in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node, which displays the General tab by default. 3. Select the System tab, which displays the following information: n System Type: Displays the systemtype for the selected node. If the node is of a type that is not supported by HP Operations Manager, this box will display a systemtype of Other. n Agent Comm Type: Displays the agent commtype configured for this system. Possibilities include DCE and HTTPS. The communication type DCE is deprecated on management servers running a 64 bit version of HPOM. n Operating System: Displays the operating systemtype. If the value cannot be determined, this box displays an operating systemof Unknown. n Bit Length: Displays the configured bit length for this system. Possibilities include 32 and 64 bit. n Agent Binary Format: Displays the agent binary format configured for this system. n Version: The information has been automatically entered. If the value cannot be determined or is unsupported, this box remains blank. The list box shows the available versions for the selected operating system. You can select fromthe list or type in a version not available fromthe list (for example, a newly released version). n Allow automatic granting of certificate: The HTTPS agent requires certificates, which enable it to communicate securely with the management server. The node can request these certificates fromthe management server. Check this box if you want the management server to automatically grant certificate requests for this node. For this property to take effect, you must also configure the management server to grant certificate requests automatically. n Certificate State: Shows whether the HTTPS node has the certificates it requires to communicate securely with the management server. View certificate states HP Operations Manager (9.00) Page 592 of 1297 Online Help Installed The certificate is installed on this node. Denied The management server received a certificate request and has informed the node that it is not going to grant it. Failed The management server tried to grant or deny the request, but was not able to do it (because the node could not be reached, for example). Pending A certificate request has been received for this node, but not yet granted, denied, or discarded. Granted The certificate request has been granted on the management server, but the node does not have the certificate yet. You may see this state if you are granting many certificate requests at once. Undefined No certificate request has been received for the node. n Prerequisite check: Shows whether the node has passed the prerequisite check. If Passed is not selected, the prerequisite check has not yet run or has failed. Related Topics: l View node general properties l View node network properties l View node tools properties l View node outage properties l View node virtualization properties Viewnode tools properties Node properties for items in the console tree Tools folder are configured by your administrator and can be viewed in a read-only dialog box. To view node tools properties 1. Right-click the name of the node in the console tree to open the shortcut menu. 2. Select Properties to open the properties dialog box for the selected node, which displays the General tab by default. 3. Select the Tools tab, which displays the name and description of any tools configured by your administrator for this node. Related Topics: l View node general properties l View node network properties l View node systemproperties HP Operations Manager (9.00) Page 593 of 1297 Online Help l View node outage properties l View node virtualization properties Viewnode outage properties Properties for nodes in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. The Outage tab displays the settings established for both unplanned and scheduled outages. A scheduled outage meets these criteria: l Planned to happen l Recurs at regular intervals for maintenance l Configured by a policy An unplanned outage is unexpected and can occur randomly. To view node outage properties 1. Right-click the name of the node in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node, which displays the General tab by default. 3. Select the Outage tab to view the following information: n Current Outage State: Displays the outage status of the selected node. This status will be "UNPLANNED", "SCHEDULED", or "OFF". n Unplanned Outage Configuration: Displays the action that should be taken for Incoming Messages During Scheduled Outage and Heartbeat Polling During Outage. Messages can be deleted or acknowledged. Heartbeat polling will be set either to "ON" or "OFF". n Scheduled Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage and Heartbeat Polling During Outage. Messages can be deleted or acknowledged. Heartbeat polling will be set either to "ON" or "OFF". Related Topics: l View node general properties l View node network properties l View node systemproperties l View node tools properties l View node virtualization properties HP Operations Manager (9.00) Page 594 of 1297 Online Help Viewnode virtualization properties Properties for nodes in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. To view node virtualization properties 1. Right-click the name of the node in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node, which displays the General tab by default. 3. Select the Virtualization tab to view the following information: n Virtual Node If selected, the node is defined as a virtual node and represents a cluster resource group. n Hosted Virtual Nodes If the node is a physical node, the list shows the virtual nodes that are hosted on this physical node. n Hosted on Physical Nodes If the node is a virtual node, the list shows the physical nodes that host this virtual node. n Resource Group Displays the name of the cluster resource group. Related Topics: l View node general properties l View node network properties l View node systemproperties l View node tools properties l View node outage properties l Monitoring cluster-aware applications External node properties Properties for external nodes in the Console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog. To viewexternal node properties 1. Right-click the name of the external node in the Console tree to open the shortcut menu. 2. Select Properties to open the External Node Properties dialog for the selected node, which displays the following information: HP Operations Manager (9.00) Page 595 of 1297 Online Help n General n Details n Order n Outage Related Topics: l View external node general properties l View external node details properties l View external node order properties l View external node outage properties Viewexternal node general properties Properties for external nodes in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. To view General properties for a selected external node 1. Right-click the name of the external node in the console tree to open the shortcut menu. 2. Select Properties to open the External Nodes Properties dialog box, which displays the General tab by default. 3. The automatically generated unique ID (GUID Global Unique Identifier) for the selected node appears at the top of the dialog box. 4. The Display Name box displays the label (display name) for the external node. 5. The Description box displays any comments or additional information that your administrator has entered. Related Topics: l View external node details properties l View external node order properties l View external node outage properties Viewexternal node details properties Properties for external nodes in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. To view Details properties for a selected external node 1. Right-click the name of the external node in the console tree to open the shortcut menu. 2. Select Properties to open the External Nodes Properties dialog box, which displays the General tab by default. 3. Select the Details tab. HP Operations Manager (9.00) Page 596 of 1297 Online Help 4. The Owner Name box displays the name of the critical contact, usually the node owner or administrator. 5. The Contact Details box displays information how to contact the owner (the phone number, for example). 6. The Pattern box displays the pattern that a message must match so that it is associated with this external node. The pattern acts as a filter that defines the external node. For example, if the pattern is ROS* then all messages with node IDs that match this pattern will be associated with the external node and will only appear in the browser for that node. The first match found determines to which node the message belongs. When an incoming message matches a node pattern, the evaluation stops and the message appears in the browser for that node. 7. The Check pattern against group box defines what the pattern should match. This selection clarifies any possible ambiguity in the pattern. For example, a pattern like *15* could refer to an IP address like 15.1.2.2, or to an FQDN like ROS15test.example.com. By selecting IP Address or Fully Qualified Domain Name, any confusion about the meaning of the pattern is avoided. n Fully Qualified Domain Name: the filter ignores the IP address for this pattern. n IP Address: the filter evaluates only valid IP strings for this pattern. Related Topics: l View external node order properties l View external node outage properties l View external node general properties Viewexternal node order properties Properties for external nodes in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. To view order properties for a selected external node 1. Right-click the name of the external node in the console tree to open the shortcut menu. 2. Select Properties to open the External Nodes Properties dialog box, which displays the General tab by default. 3. Select the Order tab. 4. If the Check Before Managed Nodes check box is selected, external nodes are evaluated before managed nodes. This can be faster, because it avoids some of the checking that occurs with configured node names. When this box is checked, messages with node IDs that match the pattern specified in the Details tab are associated with the external node. If this box is not checked, the managed node takes precedence. 5. The two lists display all external nodes that have been created. The order of the two list shows the order of evaluation set for incoming messages. Nodes are evaluated in descending order; the node at the top of the list has the highest priority and will be evaluated first. After the first HP Operations Manager (9.00) Page 597 of 1297 Online Help node has matched, the message is assigned to that node and no further evaluation takes place. Related Topics: l View external node outage properties l View external node general properties l View external node details properties Viewexternal node outage properties Properties for external nodes in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. Use the Outage tab of the External Node Properties dialog box to view outage information for an external node. This read-only tab displays the settings established for both unplanned and scheduled outages. A scheduled outage meets these criteria: l Planned to happen l Recurs at regular intervals for maintenance l Configured by a policy An unplanned outage is unexpected and can occur randomly. Only administrators and privileged users can put an external node into maintenance mode. To view Outage properties for a selected external node 1. Expand the Nodes folder in the console tree, then select HP Defined Groups External to display a list of any external nodes that have been configured for your environment. 2. Right-click the name of the external node for which you want to display properties; this opens the context menu. 3. Click Properties to open the Properties dialog box for the selected external node, which displays the General tab by default. 4. Select the Outage tab to view the following information: n Current Outage State: Displays the outage status of the selected external node. This status will be "UNPLANNED", "SCHEDULED", or "OFF". n Unplanned Outage Configuration: Displays the action that should be taken for Incoming Messages During Outage. Messages can be either deleted or acknowledged. n Scheduled Outage Configuration: HP Operations Manager (9.00) Page 598 of 1297 Online Help Displays the action that should be taken for Incoming Messages During Outage. Messages can be either deleted or acknowledged. Related Topics: l View external node general properties l View external node details properties l View external node order properties Node group properties Properties for node groups in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. Properties are set when the administrator configures the node group. If you are an administrator, you can make configuration changes for certain commonly used tasks by opening the Properties dialog box for a selected node group fromthe scope pane. To viewnode group properties 1. Right-click the node group in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node group, which displays the following information: n General n Tools n Reports and Graphs n Deployment To view properties for an individual node, right-click the node name in the console tree, then select Properties fromthe shortcut menu. Related Topics: l View node group general properties l View node group tools properties l View node group reports and graphs properties l View node group deployment properties Viewnode group general properties General properties for node groups in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box. Properties are set when the administrator configures the item. If you are an administrator, you can make configuration changes for certain commonly used tasks by opening the Properties dialog box for a selected node group fromthe scope pane. You can configure all items if you open this dialog box fromthe node configuration editor. HP Operations Manager (9.00) Page 599 of 1297 Online Help To view General information for node group properties 1. Right-click a node group in the Nodes folder in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node group, which displays the General tab by default. If you are an administrator, the fields of the dialog box will be available for editing. n Unique ID: Displays the unique ID for the selected node group. n Display Name: Displays the name of the selected node group. n Description: Displays a description of the selected node group if your administrator has provided one. 3. Select the Tools tab for more information about assigned tools. Related Topics: l Node group properties l View Tools information for node group properties l View Reports and Graphs information for node group properties l View Deployment information for node group properties Viewnode group tools properties Tools properties for node groups in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box opened fromthe scope pane. Properties are set when the administrator configures the item. If you are an administrator, you can make configuration changes for certain commonly used tasks by opening the Properties dialog box for a selected node group fromthe scope pane. As administrator, you can configure all items if you open this dialog box fromthe node configuration editor. To view node group tools properties 1. Right-click a node group in the Nodes folder in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node group, which displays the General tab by default. 3. Select the Tools tab to display the name and description of any tools configured by your administrator for this node group. Related Topics: l View node group general properties l View node group reports and graphs properties l View node group deployment properties Viewnode group reports and graphs properties Reports and graph properties for node groups in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box opened fromthe scope pane. HP Operations Manager (9.00) Page 600 of 1297 Online Help Properties are set when the administrator configures the item. If you are an administrator, you can make configuration changes for certain commonly used tasks by opening the Properties dialog box for a selected node folder fromthe scope pane. As administrator, you can configure all items if you open this dialog box fromthe node configuration editor. To view node group reports and graphs properties 1. Right-click a node group in the Nodes folder in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node group. 3. Select the Reports and Graphs tab. If you are an administrator, the Graphs section of the dialog box will be available for editing. 4. In the Graphs section, click Select to open the Graph Selector dialog box. Use it to choose a family or category of graphs that can be generated for every node in your selected node group. The top level entries are families; the subordinate level entries are categories. 5. To remove a graph family or category, click Remove. 6. If you opened this dialog box fromthe scope pane, the Reports section will be read-only. Open this dialog box fromwithin the node configuration Editor to select reports. 7. To add a report family or category, click Add to open the Report Selector dialog box. Use it to choose a family or category of reports that can be generated for every node in your selected node group. 8. To remove a report family or category, click Remove. 9. Click OK to confirmyour choices and close this dialog box. Related Topics: l View node group general properties l View node group tools properties l View node group deployment properties Viewnode group deployment properties Deployment properties for node groups in the console tree Nodes folder are configured by your administrator and can be viewed in a read-only dialog box opened fromthe scope pane. Properties are set when the administrator configures the item. If you are an administrator, you can make configuration changes for certain commonly used tasks by opening the Properties dialog box for a selected node group fromthe scope pane. As administrator, you can configure all items if you open this dialog box fromthe Node Editor. To view node group deployment properties 1. Right-click a node group in the Nodes folder in the console tree to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected node group. The General tab opens by default. 3. Select the Deployment tab to display the names and paths of policy groups your administrator HP Operations Manager (9.00) Page 601 of 1297 Online Help configured for deployment to each node in the selected node group. If you opened this dialog box fromthe scope pane, the Deployment fields will be read-only. Open this dialog box from within the Node Editor to add or remove policy groups. 4. Click Add to add policy groups to the list of those you want to deploy. The Associate Policy Groups with Node Group dialog box opens. 5. Select one or more policy groups and click OK. The policy groups you selected appear in the Policy Groups box in the Deployment tab. 6. Optional. To remove a listed policy, select the policy group name and click Remove. 7. Optional. By default, the listed policy groups are automatically deployed to each node in the selected node group. To disable automatic deployment of individual policy groups, select the policy group and click Disable. 8. Click OK to confirmyour choices and close this dialog box. Related Topics: l View node group general properties l View node group tools properties l View node group reports and graphs properties l Disable policy autodeployment HP Operations Manager (9.00) Page 602 of 1297 Online Help HP Operations Manager (9.00) Page 603 of 1297 Online Help Launching Tools Tools are applications, scripts, and commands that help you performnecessary tasks in your environment, such as launching corrective actions or diagnostic tools. HPOMprovides many such out-of-the-box tools to make managing your environment easier. The tools available to you are determined by your administrator and are contained in tool groups in the Tools folder in the HP Operations Manager console tree. To view tools, select a tools folder to display the tools it contains in the details pane. Note: Predefined tools in HPOMhave no versioning. If you modify one of the predefined tools, and later performan upgrade to your current product version, this upgrade will overwrite any modifications you made to the tool. Only tools that you created will be saved and will reappear after the upgrade. You can apply tools to selected managed services, nodes, or messages. In some cases, you can view the results of the tool application to see if it failed or succeeded using the Tool Status dialog box. If the tool was configured to run on your console, status is not displayed. For tools running in locations other than the console, you can see the output of a tool application if Command Generates Output was specified when your administrator configured the tool. For example, you might specify that a report be generated for a selected service, then launched to run on the node where the service is running. You would then view the results of the launch and take further action, such as stopping or rerunning the tool, if necessary. You can apply tools using either of these methods: l Select a node, service, or message, then apply a tool l Select a tool, then select a node or service Note: To use HP Operations Manager tools for UNIX nodes, you must first deploy instrumentation to those nodes. Related Topics: l View tool application status Select nodes, services, or messages to apply tools Tools are applications, scripts, or commands that you can run on selected nodes, services, and messages. A tool can be an application such as Notepad, a script that performs some automatic action, or a command, such as ping. The tools available to you are configured by your administrator and are contained in tool groups in the Tools folder in the HP Operations Manager console tree. To view tools, select a tools folder to display the tools it contains in the details pane. You can apply one or more tools to one or more selected nodes, services, or messages. To apply tools by selecting nodes, services, or messages 1. Select a node, service, or message: n Fromthe console tree Services or Nodes folder, select one or more nodes or services to which you want to apply tools. n In the message browser, select one or more messages to which you want to apply tools. HP Operations Manager (9.00) Page 604 of 1297 Online Help Launching Tools 2. Right-click to open the shortcut menu. 3. Select All Tasks Launch Tool to open the Select the Tool to Execute dialog box, which displays a list of available tools. The list shows the tools as configured by your administrator for the selected node, service, or message. Details about each tool display when the tool is selected. These details are part of the configuration the administrator specifies when creating the tool, including a description of the tool and its function. If you are unable to see the tool you want, you can search for it. Right-click to open the shortcut menu and select Find to open the Find Item dialog box. Enter the tool name in the Search Text box and click Search. The tool name will be selected in the list of available tools. You can also search within the console tree by typing in the name of the node you want to find. As you type, the systemlocates the node for you. 4. Select the tool or group of tools that you want to apply to the selected node, service, or message. 5. Click Launch to apply the tool to your selected nodes, services, or messages. The Select the Tool to Execute dialog box closes. If the administrator has specified that operators can change parameters or login information, the Parameters or the Login dialog box opens. Make any necessary changes here and click Launch. If you need to configure both, parameters and login information, click Next in the Parameters page to go to the Login page. Then click Launch. 6. If the tool was applied to a remote node, the Tool Status dialog box opens to display the results of the launch operation. The Tool Status dialog box does not display if the tool has been configured to run on your console. 7. Click Cancel to close the Select Tool to Execute dialog box without launching a tool. Note: If you are in the process of running a tool when the server connection is lost, any tools that are currently running will stop. You will see a "server down" message in the Tool Output details pane and the Rerun button will be unavailable. When the server connection is restored, the Rerun button will again be available. Related Topics: l Edit parameters l Edit login l View tool application status l Apply tools by selecting tools Select tools to apply Tools are applications, scripts, or commands that you can run on selected managed nodes or services. A tool can be an application, a script that performs some action, or a command, such as ping. The tools available for a managed node or service are configured by your administrator and are contained in tool groups in the Tools folder in the HP Operations Manager console tree. HP Operations Manager (9.00) Page 605 of 1297 Online Help Launching Tools To select tools to apply 1. Fromthe console tree Tools folder, select the folder that contains the tool you want to apply. Available tools are listed in the details pane. Tip: To search the console tree for tools, right-click Tools in the console tree, and then click All Tasks Find Tool.... The Find Tool dialog box appears, which enables you to search for tools according to the display name, description, or command. 2. You can launch a tool in the following ways: n Drag the tool and drop it onto a node, node group, or service. If the administrator allows you to select target nodes for this tool, the tool launches on these nodes. If you drop a tool onto a service, the tool launches on the node that hosts the service. (You cannot launch a tool on a virtual service.) n Right-click the tool that you want to apply, and then click All Tasks Launch Tool.... If the administrator allows you to select target nodes for this tool, the Select Where to Launch This Tool dialog box opens, which contains a tree of nodes and services. Select the check box for each target node, node group, and service. If you select a service, the tool launches on the node that hosts the service. (You cannot launch a tool on a virtual service.) If you are unable to see the managed node or service that you want, you can search for it. Right-click the tree, and then click Find.... The Find dialog box opens. Enter the node or service name you want to locate in Search for, and then click Find Next. Click OK to close the Find dialog box. The node or service is selected. Click Launch... to apply the tool to your selected nodes or services. The Select Where to Launch This Tool dialog box closes. 3. If the administrator allows you to specify or change parameters or login information, the Parameters or the Login dialog box opens. Make any necessary changes in these dialog boxes and click Launch... to launch the tool. If you need to configure both, parameters and login information, click Next in the Parameters page to go to the Login page. Then click Launch.... 4. If the tool was applied to a node, the Tool Status dialog box opens to display the status of the tool launch and any output. This dialog box also enables you to restart tools, by selecting one or more tools in the list, and then clicking Rerun. You can also save the results in a text file, by select one or more tools in the list, and then clicking Save. The Tool Status dialog box does not appear if the tool runs on your console. Note: If you are in the process of running a tool when the server connection is lost, any tools that are currently running will stop. You will see a "server down" message in the Tool Output details pane and the Rerun button will be unavailable. When the server connection is restored, the Rerun button will again be available. Related Topics: l Edit login/parameters l View tool application results l Apply tools by selecting nodes or services HP Operations Manager (9.00) Page 606 of 1297 Online Help Launching Tools Edit parameters When configuring a tool, your administrator can configure the tool so that users can pass parameters to the tool. When you launch the tool, the Parameters dialog box opens for you to make your changes. The buttons in the dialog box vary depending on the options checked. The dialog box may show Back and Next buttons if both parameters and login information must be supplied. If you do not need to enter login information, the dialog box shows the Launch button. The dialog box displays the name of the tool as it appears in the console tree. If you select a node or service in the scope pane, or a message in a message browser, and right- click to Launch Tool, the Select the Tool to Execute dialog box opens so that you can select the tool you want to launch. Select the tool and click Launch. The Parameters dialog box opens, where you can enter parameters. To edit parameters Note: This example explains how to edit parameters. The availability of this option depends on how the tool was configured by the administrator, how the tool was selected, and which options were checked in the Details tab of the Tool Properties dialog box. 1. The Command box displays the name of the command, script, or application to be executed. 2. In the Parameters: box, type in the parameters you want to associate with this tool. Double angle brackets (<< >>) enclose variables that will be replaced by your selection in the Select the nodes or services to replace box. 3. In the Select the nodes/services to replace box, select the check box beside the node or service name that you want to have replace the parameter you specified. For example, the parameter $OPC_NODEID will be replaced with the selected node or the node the selected service is hosted on. 4. If you also need to enter login information, the Parameters dialog box displays a Next button, which you need to click to go to the Login page. 5. Click Launch to apply the tool. The Tool Status dialog box appears when Parameters closes and displays the status of the tool application. Possible scenarios Behavior and available options of the Parameters dialog box vary depending on selections you make in the Details tab of the Tool Properties dialog box, for example: l Check Password Required: When you launch the tool, the Login dialog box opens. The User Name field is read-only, but a password is required. l Check Allow Operator to Change Parameters and Allow Operator to Change Login: When you launch the tool, the Parameters page opens first. Change the parameters and click Next to go to the Login page, where you can change the user name. l Check all checkboxes: HP Operations Manager (9.00) Page 607 of 1297 Online Help Launching Tools When all check boxes are checked, the Parameters page opens first. Change the parameters and click Next to go to the Login page, where you can change the user name and enter the password. Related Topics: l Edit login l View tool application status l Select nodes, services, or messages to apply tools l Apply tools by selecting tools Edit login When configuring a tool, your administrator can configure the tool so that users can: l Change the login. l Enter a password. With one or both of these options configured, when you launch the tool, the Login dialog box opens for you to make your changes. The buttons in the dialog box vary depending on the options checked. The dialog box may show a Back button if both parameters and login information must be supplied. If you do not need to enter parameters, the dialog box shows only the Launch button. The dialog box displays the name of the tool as it appears in the console tree. If you select a tool folder in the scope pane and a tool fromthat folder in the details pane, when you right-click to launch this tool, the Select where to launch this tool dialog box opens if the administrator has configured the tool to execute on Selected Node. Use the dialog box to select the node or nodes on which to run the tool. After you select the node or nodes, the Login dialog box opens, where you can specify login information. To specify login information If the administrator has specified a user name, password, or both for this tool, enter themin the Login dialog box. The fields are dimmed if this information is not required. If you need to change the password for this launch of this tool, you can change it in the Login dialog box. 1. The Execute On: box displays the location where the tool will run. Depending on the target location, a correct user name, password, or both as specified by the administrator may be required. Security information and behavior are the same for the management server and for the managed node. 2. In the User Name: box, enter the correct user ID if required. If you are logged in as a local user, you may need to preface your user name with your domain name to run the tool. You can use either of these formats: domain\user user@domain If you change the user name, you must enter a password before the tool can be launched. 3. In the Password: box, enter the correct password if required. HP Operations Manager (9.00) Page 608 of 1297 Online Help Launching Tools Note: On target nodes with a UNIX operating system, the agent checks only the first eight characters of the password before it runs the tool. If you specify a password that is longer than eight characters, the agent ignores the extra characters. 4. If you also need to enter parameters, click Back to go to the Parameters page, where you can change the parameters before launching the tool. 5. Click Launch to launch this tool. The Tool Status dialog box appears when the Login dialog box closes and displays the status of the tool application. For information about passwords, logins, and their behavior with the Local Systemaccount, see the topic, Agent Users and Actions. Possible scenarios Behavior and available options of the Login dialog box vary depending on selections you make in the Details tab of the Tool Properties dialog box. Some examples follow. l Check Allow Operator to Change the Login: If you change the user name fromthe one that was configured for the tool, you will see the message "Since User Name has changed, Password is required." l Check Allow Operator to Change the Login and Password Required: If both check boxes are checked, enter the new user name in the Target tab. Return to the Details tab, apply your changes, and close the Tool Properties dialog box. When you launch the tool, the Login dialog box opens; the new user name is in the User Name box. If you launch the tool without entering a password, you will receive an error message stating that a password is required. You must enter a valid password to continue. l Check Password Required: When you launch the tool, the Login dialog box opens. The User Name field is read-only, but a password is required. l Check Allow Operator to Change Parameters and Allow Operator to Change Login: In this configuration, when you launch the tool, the Parameters page opens first. Change the parameters and click Next to go to the Login page, where you can change the user name. l Check all checkboxes: When all check boxes are checked, the Parameters page opens first. Change the parameters and click Next to go to the Login page, where you can change the user name and enter the password. Related Topics: l Edit parameters l View tool application status l Select nodes, services, or messages to apply tools l Apply tools by selecting tools HP Operations Manager (9.00) Page 609 of 1297 Online Help Launching Tools Agent users and actions Tools can either run as the agent user ($AGENT_USER), or an alternative user. In either case, the user must have permission to launch the tool. Operators can interact with tools in the following ways: l If an operator does not modify the user of a tool, the tool runs with the user configured by the administrator. l An operator cannot modify the user of a tool without specifying a password. l An operator can only run a tool with a changed login if he knows the user name and password of a user who is allowed to run the tool on the managed node. l An operator cannot change the user to $AGENT_USER. l If the administrator leaves both the user name and password blank, and the operator does not specify a user: n On Windows nodes, the tool runs with the operator's account. The operator must be a domain user. (In addition, the security authentication module must be available on the domain controller.) n On UNIX nodes, the tool runs under the user account that the agent itself is currently running under. Related topics: l Security authentication module View tool application status When you launch a tool, HP Operations Manager automatically displays the outcome in the Tool Status dialog box if the tool was configured to run on a node other than the console. The dialog box gives information about the apply tool operation: l Status: Success or failure of the apply tool operation. l Action: Tool name. l Start/Finish Time: Initially the time when the tool was started. Changes to finish time when the tool has completed. l Node: Name of the node or service to which the tool was applied. l Command: The executed command. Messages about the apply operation appear in the Tool Output box. To stop or rerun a tool You can cancel the application of a tool by clicking Stop. If the application fails to complete, the Stop button changes to the Rerun button, which you can click to reapply the tool. Note: When stopping a tool launch on a node that is not responding, you may see a "Server Busy" message and be unable to select another node in the list. This condition clears in a few minutes. HP Operations Manager (9.00) Page 610 of 1297 Online Help Launching Tools To save tool output You can also save the results of the apply tool operations. Select one or more lines in the Launched Tools box and click Save. The output is saved in text format. Tool properties Properties for tools and tool groups in the console tree Tools folder are configured by your administrator and can be viewed in a read-only dialog box. Properties are set when the administrator configures the item. If you are an administrator, you can make configuration changes for certain commonly used tasks by opening the Properties dialog box for a selected tool or tool group from the console tree. You can view properties for tool groups and for individual tools. To view properties for a tool 1. Right-click the name of the tool in the Console tree to open the shortcut menu. 2. Select Properties to open the Tool Properties dialog for the selected tool, which displays the following information: n General n Details n Target n Nodes To view properties for a tool group 1. Right-click the name of the tool group in the Console tree to open the shortcut menu. 2. Select Properties to open the tool group properties dialog box for the selected tool, which displays General tab. Related Topics: l View tool general properties l View tool details properties l View tool target properties l View tool nodes properties l View tool group general properties View tool general properties General properties for tools in the details pane are administrator-configured and can be viewed and modified, depending on the user roles and permissions assigned to you by your administrator. To viewtool general properties 1. Right-click the name of the tool in the details pane to open the shortcut menu. 2. Select Properties to open the Properties dialog box for the selected tool. Properties include: HP Operations Manager (9.00) Page 611 of 1297 Online Help Launching Tools n General information about the selected tool, such as the display name of the tool. The General tab displays by default. n Details about the specific tool you selected, such as the type of tool, the executable name, and script details, if any. n Target nodes on which the tool will run. n Nodes and node folders associated with this tool. 3. The Display Name box shows the name for the tool as it appears in the Tools list. 4. The Description box shows any comments or additional information the administrator wants you to have available. 5. If Show tool in message context is selected, the tool can be launched in the context of all messages. Related Topics: l Configure Tools View tool details properties Details properties for tools in the details pane are administrator-configured and can be viewed in a read-only dialog box. To view properties for an individual tool, right-click the tool name in the details pane, then select Properties fromthe shortcut menu. To viewtool details properties 1. Right-click the name of the tool in the console tree to open the shortcut menu. 2. Select Properties to open the Tools Properties dialog box, which displays the General tab by default. 3. Select the Details tab to view the following information: n Command Type: Displays the command type configured by your administrator. Command types include executable, URL, VBScript, JScript, Perl, and Windows Scripting Host (WSH). n Command Generates Output: If this box is checked, you can see the results of applying your tool or command in the Tool Status dialog box. n Allow Operator to Change Parameters: If this box is checked, you have permission to change tool parameters. n Allow Operator to Change the Login: If this box is checked, you have permission to change the user for this launch of this tool. n Password Required: If this box is checked, you must enter a password for this launch of this tool. n Command: Displays the name of the executable (for example, notepad.exe). n Parameters: Displays any parameters for the tool as configured by your administrator. Related Topics: HP Operations Manager (9.00) Page 612 of 1297 Online Help Launching Tools l View tool general properties l View tool target properties l View tool nodes properties View tool target properties Target properties for tools in the details pane are configured by your administrator and can be viewed in a read-only dialog box. To viewtool target properties 1. Right-click the name of the tool in the details pane to open the shortcut menu. 2. Select Properties to open the properties dialog box for the selected tool. 3. Select the Target tab to view the following information: n Execute On: Displays the administrator-configured target location where the tool will run. Locations include console, management server, node list, and selected node. n User Name: Indicates whether a user name is required to execute this tool. n Run As Agent User indicates that the user name is set to $AGENT_USER. This parameter is later replaced with the name of the agent user account specified on the server. The account on the management server is initially set to Local System. n Password: Indicates whether a password is required to execute this tool. 4. Predefined Node List: Displays a list of predefined nodes or node groups. The contents of this list will vary, depending on the target location specified in the Execute On: box. Related Topics: l View tool general properties l View tool details properties l View tool nodes properties View tool nodes properties Nodes properties for tools in the details pane Tools are administrator-configured and can be viewed in a read-only dialog box. To viewtools nodes properties 1. Right-click the name of the tool in the details pane to open the shortcut menu. 2. Select Properties to open the properties dialog box for the selected tool. 3. Select the Nodes tab, which displays the name and description of any nodes or node groups associated with this tool. Related Topics: l View tool general properties l View tool details properties l View tool target properties HP Operations Manager (9.00) Page 613 of 1297 Online Help Launching Tools View tool group general properties General properties for tool groups in the details pane are administrator-configured and can be viewed and modified, depending on the user roles and permissions assigned to you by your administrator. To viewtool group general properties 1. Right-click the tool group in the Tools folder in the console tree to open the shortcut menu. 2. Select Properties to open the Tool Group Properties dialog box, which displays the General tab. n Unique ID: Displays the unique ID for the selected tool group. n Display Name: Displays the name of the selected tool group. n Description: Displays a description of the selected tool group if your administrator has provided one. Related Topics: l View tool general properties l View tool details properties l View tool target properties l View tool nodes properties HP Operations Manager (9.00) Page 614 of 1297 Online Help Launching Tools Managing Policies and Deployment Policies are collections of configuration information used to control the agent on a managed node. Using HPOM, administrators can deploy policies on various computers to provide consistent, automated administration across a network. Policies fall into two broad classifications: monitor policies and configuration policies. With monitor policies, you decide what kinds of events to monitor, how often to monitor, what to look for in the events, and what to do if certain events are detected. With configuration policies, you can change settings that determine which management server the agent reports to, how large buffer files should be, which proxy should be used for communication through a firewall, and so on. This portion of the help explains the organizational tools that HPOMprovides to help you manage the policies that you create, and explains how to deploy the policies to a managed node. Note: You must have the appropriate user rights to work with policies. See Configure policies for user roles for more information. The policy management and deployment functionality runs as service (OvPmad), which you can stop and start by means of the standard Windows services manager. This is particularly advantageous if the management server runs in a high-availability environment, where the cluster software needs to be able to stop and start services on demand in the event of a systemfailover. It is also essential to be able to stop and start HPOM-related Windows services manually when you enable or disable the security-audit feature on the management server, for example if you want to audit which policies have been renamed, copied, or modified and, in addition, which policies or packages have been deployed to the managed nodes, when, and by whom. Related Topics: l Developing agent policies l Developing server policies l Developing event correlation policies l Deploy a policy or policy group l Audit policy management and deployment l Enable and disable security audits HP Operations Manager (9.00) Page 615 of 1297 Online Help Managing Policies and Deployment Deploying policies You can install policies on a management server as part of a Smart Plug-in, or develop them yourself. You can then use the policies to configure or monitor nodes by deploying the policies to the nodes. For each node, the management server maintains a policy inventory, which enables you to see which policies you have already deployed to each node. This helps you to decide when to update, redeploy, or remove policies. You can also disable policies on individual nodes temporarily, and enable themagain later. When you deploy policies fromthe management server to nodes, the management server creates deployment jobs. You can follow the progress of these jobs to ensure that the deployment is successful. By default, HPOMautomatically deploys certain core policies to nodes. You can also automatically deploy additional groups of policies by associating policy groups with node groups and service types. If you prefer to manually deploy your policies, you can disable automatic deployment. Related Topics: l Deploy a policy or policy group l Manually install policies l Remove policy fromnode l Delete policies manually froma node l View installed policies l Create a policy inventory report l Synchronize policies and packages l Reinstall policies l Update policy on node l Enable and disable policies l Disable policy autodeployment Deploy a policy or policy group You can install policies on a management server as part of a Smart Plug-in, or develop them yourself. You can then use the policies to configure or monitor nodes by deploying themto the nodes. You can deploy individual policies or groups of policies to any number of nodes at the same time. To deploy a policy or policy group 1. Open Policy management in the console tree and select the policies that you want to deploy: n To select one policy, click the policy in the details pane. You can also select multiple policies by pressing SHIFT or CTRL. If you cannot see the version of a policy that you want to deploy, change the policy view filter. HP Operations Manager (9.00) Page 616 of 1297 Online Help n To select one policy group, click the policy group in the console tree or details pane. You can also select multiple policy groups by pressing SHIFT or CTRL. Tip: You can see the number of selected policies and policy groups in the status bar. If you select a policy group that contains subgroups (a policy group tree), the management server deploys policies fromthe parent policy group first, and then deploys policies fromthe subgroups. If a policy group tree contains different versions of the same policy, the management server deploys only the latest policy. 2. Right-click your selection, and then click All Tasks Deploy on.... The Deploy policies on... dialog appears. 3. Select the nodes that you want to deploy the policies to by selecting check boxes for the nodes and node groups in Managed nodes. If you selected only one policy, the following extra options appear, which enable you to automatically select nodes based on policy inventory: n Select all nodes on which the current version of the policy is deployed. n Select all nodes on which any version of the policy is deployed. If you need to modify the automatic selections, click Select nodes from the tree. 4. Optional. If you want to deploy the policies to nodes that already have a more recent version of the policy, clear deploy policy only if version is newer. Note: For virtual nodes, the management server always deploys all policies, even if a more recent version of the policy already exists on the virtual node. Selecting this check box has no effect when deploying policies to a virtual node. 5. Optional. If another management server has already deployed a version of a policy to a node, that management server owns the policy on that node. If you want to redeploy the policy from this management server, and transfer the ownership, select the ignore policy owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. 6. Optional. If you want to deploy event correlation policies to the management server itself (not to the local agent on the management server), select the management server in Managed nodes and select the configure server event correlation check box. If you select only the management server and not the check box, HPOMdeploys the policy to the agent on the management server. 7. Optional. Choose the status of the policy after deployment. If you want to deploy the policies, but immediately disable them, select disable. By default, when you deploy a policy for the first time and select Keep existing, the policy is enabled. When redeploying existing policies, the previous status of the policy is kept. 8. Click OK. The management server creates deployment jobs, which deploy the policies to the nodes. If a policy requires a newer version of the agent than is currently installed on the node, the job also deploys the latest agent packages to the node. Tip: You can also deploy policies and policy groups by drag and drop. Select policies or policy groups and then drag and drop themonto a node or node group in the console tree. This deploys the policies with the following settings: HP Operations Manager (9.00) Page 617 of 1297 Online Help l The management server does not deploy policies to nodes that have a newer version. For virtual nodes, the management server always deploys all policies, regardless of the version. l The management server enables the policies that it deploys, unless an older version of the policy already exists on the node in the disabled state. l The management server does not ignore policy ownership. If another management server already owns a policy on a node, the job that deploys the policy to that node fails. To transfer policy ownership, use the Deploy policies on... dialog and select the ignore policy owner check box. l The management server always deploys event correlation policies to the agent on the target node. Related Topics: l Set a policy filter l Enable and disable policies l Manually install policies l Deployment jobs Manually install policies You can manually install policies on nodes that have the HTTPS agent, instead of deploying them to a node using the management server. For example, you may not be able to deploy policies to a remote systembecause of security measures such as firewalls. To manually install policies 1. On the management server, use ovpmutil to download the policies that you want to install manually. If the node already exists on the management server and the node's systemproperties are correct, use the following parameters: ovpmutil cfg pol dnl <download directory> [/p <policy group path>] /node <FQDN of target node> Otherwise, you must specify the systemproperties on the command line, using the following parameters: ovpmutil cfg pol dnl <download directory> [/p <policy group path>] /ost <OS type> /osv <OS version> /abf <agent binary format> The parameter /p <policy group path> is optional. It specifies the path to the policy as shown in the console tree, starting under Policy groups. The path must begin with a backslash (\). Policy groups within the path are separated with a backslash (\). If the name of a policy group contains spaces, the entire path must be enclosed in quotation marks. If you do not specify the path, all policy groups are downloaded. For example, the following commands download all policies in the Samples policy group to the directory c:\temp\Samples: HP Operations Manager (9.00) Page 618 of 1297 Online Help ovpmutil cfg pol dnl c:\temp /p \Samples /node node100.example.com ovpmutil cfg pol dnl c:\temp /p \Samples /ost Solaris /osv 9 /abf SPARC 2. Log on to the node as a user with administrative rights. 3. Create a temporary directory on the node and copy the directory with the downloaded policies fromthe management server to this temporary directory. For example, copy the directory c:\temp\Samples fromthe management server to the node with the host name node100.example.com. 4. Install the policies on the managed node with the following command: ovpolicy -install -enabled -dir <directory> For example, to install the policies in the Samples policy group on the node node100.example.com, use the following command: ovpolicy -install -enabled -dir /tmp/Samples 5. Synchronize the node's policy inventory on the management server. Related Topics: l ovpmutil l Synchronize policies and packages l Deploy a policy or policy group Remove policy from node If you have previously deployed policies to nodes, but no longer require the monitoring or configuration that the policy provides, you can remove the policies fromthe nodes using the console. To remove policies from nodes 1. Open Policy management in the console tree and select the policies that you want to remove: n To select one policy, click the policy in the details pane. You can also select multiple policies by pressing SHIFT or CTRL. If you cannot see the version of a policy that you want to remove, change the policy view filter. n To select one policy group, click the policy group in the console tree or details pane. You can also select multiple policy groups in the details pane by pressing SHIFT or CTRL. Tip: You can see the number of selected policies and policy groups in the status bar. 2. Right-click your selection, and then click All Tasks Uninstall from .... The Uninstall policies on... dialog box opens. (If this menu itemis not available, you selected a version of a policy that is not installed on any nodes.) 3. Select the nodes that you want to remove the policies fromby selecting check boxes for the nodes and node groups in Managed nodes. If you selected only one policy, the following extra options appear, which enable you to automatically select nodes based on policy inventory: HP Operations Manager (9.00) Page 619 of 1297 Online Help n Select all nodes on which the current version of the policy is deployed. n Select all nodes on which any version of the policy is deployed. If you need to modify the automatic selections, click Select nodes from the tree. 4. Optional. If you know that the job to remove the policy will fail (for example, because the node is unreachable), but you still want to remove the policy fromthe inventory on the management server, select the force policy removal check box. 5. Optional. If you want to remove the policies fromnodes that have a different version of the policy than your selection, select remove all versions. This check box is automatically cleared if you select Select all nodes on which the current version of the policy is deployed and automatically selected if you select Select all nodes on which any version of the policy is deployed. 6. Optional. If another management server owns a policy on a node, this management server will not uninstall it by default. If you want to this management server to remove the policies that other management servers own, select the ignore policy owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. 7. Click OK. The management server creates deployment jobs, which uninstall the policies. Tip: You can also remove a policy froma node in the policy inventory view: 1. In the console tree, right-click the node fromwhich you want to remove a policy, and then click View Policy Inventory. 2. In the details pane, right-click the policy that you want to remove, and then click All Tasks Remove from node. The Confirmpolicy removal dialog appears. 3. Optional. Select the ignore policy owner check box if you want to remove a policy that is owned by a different management server. 4. Optional. If you know that the job to remove the policy will fail (for example, because the node is unreachable), but you still want to remove the policy fromthe inventory on the management server, select the force removal of policy check box. 5. Click Yes. The management server creates a deployment job, which uninstalls the policy. Related Topics: l Set a policy filter l Enable and disable policies l Delete a policy fromthe management server l Remove package fromnode l Deployment jobs Delete policies manually from a node Under certain circumstances, it is possible for the policy inventory on the management server to get out of synch with the actual managed nodes. HP Operations Manager (9.00) Page 620 of 1297 Online Help For example, when a SPI is uninstalled fromthe management server, a forced undeployment for all SPI policies is executed. That is, the SPI policies are removed fromthe policy inventory on the management server, even if the managed node is currently not running or just not reachable. After the node is up and running again, however, the policies (which where not removed) may still generate lots of messages. These policies are no longer in the policy inventory on the server, it is not possible to remove them fromthe managed node using the console. If the node has the HTTPS agent, you can synchronize the inventory, and then remove the policy using the console. Alternatively, you can remove the policy manually. If the node has the DCE agent, you must remove the policies manually fromthe managed node. The procedure to delete policies manually differs, depending on whether the node has a HTTPS agent or a DCE agent. Note: A forced policy undeployment can also be started using the PMAD API. To delete policies manually from a node that has the HTTPS agent 1. Log in to the node as a user with administrative rights, and open a command or shell prompt. 2. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands. n On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter. n On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter. n On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter. 3. Type ovpolicy -list, and then press Enter. A list of policies appears. 4. Use ovpolicy -remove to delete individual policies, or all policies. n To remove one policy, type ovpolicy -remove -polname <name>, and then press Enter. n To remove all policies, type ovpolicy -remove -all, and then press Enter. 5. Optional. In the console, right-click the node, and then click All Tasks Synchronize policies. This updates the current policy inventory with up-to-date details of installed policies fromthe node. Tip: You can also remove a policy remotely fromthe management server by adding the -host option. For example: ovpolicy -remove -all -host <hostname>. To delete policies manually from a node that has the DCE agent 1. Log in on the remote managed node. 2. Shut down the agent with the following command line: opcagt -kill 3. Delete all files in directory "%OvAgentDir%\conf\ConfigFile\policies" to remove all ConfigFile policies fromthe node. If this directory does not exist, no ConfigFile policies are currently deployed on the node. HP Operations Manager (9.00) Page 621 of 1297 Online Help Delete all files in directory "%OvAgentDir%\conf\svcdisc\policies" to remove all Service Auto- Discovery policies fromthe node. If this directory does not exist, no Service Auto-Discovery policies are currently deployed on the node. Delete all files in directory "%OvAgentDir%\conf\nodeinfo\policies" to remove all Node Info policies fromthe node. If this directory does not exist, no Node Info policies are currently deployed on the node. Delete all files in directory "%OvAgentDir%\conf\mgrconf\policies" to remove all Flexible Management policies fromthe node. If this directory does not exist, no Flexible Management policies are currently deployed on the node. Delete all files in directory "%OvAgentDir%\conf\OpC\vpwin" to remove all other policies from the node. 4. Restart the agent with the following command line: opcagt -start 5. Open the console, connect to the server, and click the managed node in the console tree. Start the operation "Redeploy policies and instrumentation." Calling this operation ensures that the policy inventory on the server gets in synch with the managed node again. Special care must be taken for the node info and flexible management policies, which define the content of the following two configuration files on the managed node: - %OvAgentDir%\conf\OpC\nodeinfo - %OvAgentDir%\conf\OpC\mgrconf If you manually delete policies of the Node Info or the Flexible Management policy type on the managed node, you must make sure that the content of the above two files is still valid before you restart the agent. If this is not the case, the agent may not work properly. Related Topics: l Synchronize policies and packages l Remove policy fromnode View installed policies The management server keeps an inventory of the policies that are currently installed on the node. You can see which policies are installed on a node by viewing this policy inventory. If you have an environment in which multiple management servers manage the same nodes, you can see which management server owns each policy. Alternatively you can request a list of policies directly fromthe node. This does not check or update the policy inventory, which the management server stores in its database. To viewinstalled policies in the policy inventory 1. In the console tree, right-click the node for which you want to view the installed policies. 2. Click View Policy Inventory. The policies installed on the node are visible in the details pane. HP Operations Manager (9.00) Page 622 of 1297 Online Help To request policy lists from nodes 1. In the console tree, click Tools HP Operations Manager Tools. 2. In the details pane, double-click List policies installed on agent. A dialog appears that lists nodes and services. 3. Select Nodes and click Launch.... The Tool Status dialog appears and shows progress. 4. After an itemin the Launched Tool list succeeds, click it. A list of policies for that node appears in Tool Output. Note: If the management server you are using is not a node's primary management server, the node must allow this management server to run actions for this tool to succeed. You can specify action allowed managers using flexible management policies. Related Topics: l Synchronize policies and packages l Configure action-allowed and secondary managers l Remove policy fromnode l Enable and disable policies Create a policy inventory report With the tools for inventory reporting, you can view information about the policies and packages that are installed on every node managed by one management server. To create and viewa policy and package inventory report 1. In the console tree, select Tools Reporting Inventory Reporting to display the reporting tools available: n Generate and view inventory report (creates and displays report in web browser) n Generate inventory report (creates report) n View inventory report (displays in the web browser the report previously generated) 2. Right-click the tool you prefer and select All Tasks Launch Tool.... 3. Wait for the xml report to be generated (this takes about 20 seconds, or longer, depending on the speed of your computer and the size of your managed environment). If you selected one of the view options, the report appears in the web browser. You can choose one of three views for the inventory data fromthe pull-down menu in the top-right corner of the browser. For information about additional ovconfreporter options, type ovconfreporter -? at a command prompt. Synchronize policies and packages The management server keeps an inventory of the policies and packages that are currently installed on the node. It is possible for this inventory to become inaccurate in the following situations: HP Operations Manager (9.00) Page 623 of 1297 Online Help l After an administrator manually installs or removes the policies or packages on the node. l After an administrator or programdisables or enables a policy locally on a node. l In an environment with multiple management servers, after a different management server changes the policies or packages on a node. l After an administrator removes a policy or package using the force option, but the policy or package remains on the node. You can update the inventory information on the management server by synchronizing. The management server replaces the current inventory with up-to-date details of installed policies and packages fromthe node. If a node has a policy or package that does not exist on the management server, the management server adds a placeholder to the inventory. The management server does not receive the contents of the policy or package, so you cannot change it or deploy it to other nodes. Note: You can synchronize policies and packages on nodes that have the HTTPS agent. On nodes that have the DCE agent, you can only synchronize packages. If a node has no agent (because, for example, an administrator removed it manually), it is not possible to synchronize policies or packages at all. To synchronize policies and packages 1. In the console tree, right-click the node or node group that you want to synchronize. 2. Click one of the following menu items: n All Tasks Synchronize inventory Packages n All Tasks Synchronize inventory Policies n All Tasks Synchronize inventory Policies and packages The management server creates a deployment job to retrieve the inventory fromeach node. Related Topics: l View installed policies l View installed packages and subpackages l Configuring agents l Synchronize packages l Deployment jobs Reinstall policies You can reinstall the same versions of all the policies that are currently deployed to selected nodes and node groups. In addition, this deploys the instrumentation required by the categories to which the policies belong. This option is useful to restore policies and instrumentation after you manually reinstall an agent on a node. If you reinstall policies and instrumentation on a node, the deployment job first removes all existing policy-related instrumentation fromthe selected managed nodes. Any instrumentation previously that you deployed using the Deploy instrumentation dialog box is not redeployed unless it belongs HP Operations Manager (9.00) Page 624 of 1297 Online Help to a category that is shared by one of the redeployed policies. The default instrumentation categories for the DCE agent (action, command, and monitor) are not usually linked to policies and, as a result, the reinstallation job does not remove or redeploy them. If you reinstall policies on managed nodes where only policies with no category exist, then the reinstallation job does not remove or redeploy any instrumentation. Note: If you reinstall policies, the management server does not reinstall the agent or any other packages. To reinstall policies and instrumentation 1. In the console tree, select the nodes or node groups on which you want to reinstall policies and instrumentation. 2. Right-click your selection, and then click All Tasks Reinstall/Update.... The Reinstall/Update Node dialog box opens. The reinstall option is already selected. 3. In the list under Scope, select Policies. 4. Optional. Select the Ignore missing policies/packages check box. If the node inventory contains policies that are not available on this management server, the management server creates a warning in the event log and the job succeeds. Otherwise, if you clear this check box, the job succeeds only if all the policies in the node inventory are available on this management server. 5. Optional. If another management server has already deployed a version of a policy to a node, that management server owns the policy on that node. If you want to redeploy the policy from this management server, and transfer the ownership, select the Ignore policy owner check box. You must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. If you do not select this check box, the management server reinstalls only the policies that it owns. 6. Click OK. The management server creates a deployment job, which reinstalls the policies and instrumentation. 7. In the console tree, click Deployment jobs and use the details pane to verify that the deployment job has completed successfully. Note: Small deployment jobs sometimes complete so quickly that you do not get the chance to observe them. In addition, the list of deployment jobs which remain visible in the details pane for any length of time have typically failed, or are either pending or suspended. Related Topics: l Configure instrumentation l Deploy a policy or policy group l Reinstall all Update policy on node You can ensure that the latest version of all policies are deployed to a managed node, or update an individual policy on a node. HP Operations Manager (9.00) Page 625 of 1297 Online Help To update policies on a node 1. In the console tree, select the nodes or node groups for which you want to update policies. 2. Right-click your selection, and then click All Tasks Reinstall/Update.... The Reinstall/Update Node dialog box opens. 3. Select Update. 4. In the list under Scope, select Policies. 5. Optional. Select the Ignore missing policies/packages check box. If the node inventory contains policies that are not available on this management server, the management server updates only the policies that are available. Otherwise, if you clear this check box, the job succeeds only if all the policies in the node inventory are available on this management server. 6. Optional. If another management server has already deployed a version of a policy to a node, that management server owns the policy on that node. If you want to update the policy from this management server, and transfer the ownership, select the Ignore policy owner check box. You must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. If you do not select this check box, the management server updates only the policies that it owns. 7. Optional. If you want to deploy the policies to nodes that already have a more recent version of the policy, clear the Update only if version is newer check box. If you do this, the management server deploys the latest version of the policy that is available on the management server, even if the node already has the same version or a newer version. 8. Click OK. The management server creates deployment jobs, which update the policies. To update an individual policy 1. In the console tree, click Policy management Policies grouped by type Agent policies. Click a policy type. 2. In the details pane, right-click the policy and select All Tasks Deploy on.... The Deploy policies on... dialog box opens. 3. Select the nodes that you want to deploy the policies to by selecting check boxes for the nodes and node groups in Managed nodes. The following options appear, which enable you to automatically select nodes based on policy inventory: n Select all nodes on which the current version of the policy is deployed. n Select all nodes on which any version of the policy is deployed. If you need to modify the automatic selections, click Select nodes from the tree. 4. Click OK. The management server creates deployment jobs, which update the policies. Related Topics: l Change policy version l Deployment jobs HP Operations Manager (9.00) Page 626 of 1297 Online Help Enable and disable policies You can enable a policy that you disabled. If you enable a previously disabled policy, it begins to function again on the node where it is installed. If you disable a policy the policy remains installed on the node but does not function until it is enabled. To enable a previously disabled policy 1. In the console tree, select the node where you want to enable a policy. 2. Fromthe menu bar, select View Policy Inventory. 3. In the details pane, right-click the installed policy that you want to enable. 4. Select All Tasks Enable. 5. Optional. If another management server owns the policy on that node, a dialog box opens for confirmation. To enable the policy using this management server, click Yes. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. Click No to cancel the enable task. To disable a policy 1. In the console tree, select the node where you want to disable a policy. 2. Fromthe menu bar, select View Policy Inventory. 3. In the details pane, right-click the installed policy that you want to disable. 4. Select All Tasks Disable. 5. Optional. If another management server owns the policy on that node, a dialog box opens for confirmation. To disable the policy using this management server, click Yes. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. Click No to cancel the enable task. Related Topics: l Remove policy fromnode l Configure action-allowed and secondary managers l Restart job with new options l Cancel job Disable policy autodeployment By default, HPOMautomatically deploys certain core policies to nodes. You can also automatically deploy additional groups of policies by associating policy groups with node groups and service types. If you prefer to manually deploy your policies, you can disable automatic deployment for all nodes and services. Alternatively, you can disable autodeployment for individual nodes in the Network tab of the Node Properties dialog box. In addition, you can disable autodeployment for individual policy groups in the Deployment tab of node group and services type properties. HP Operations Manager (9.00) Page 627 of 1297 Online Help To disable policy autodeployment for all nodes and services 1. In the console tree, right-click Operations Manager, and then click Configure Server. The Server Configuration dialog box opens. 2. Click Namespaces, and then click Policy Management and Deployment. A list of values appears. 3. Set the value for Disable autodeployment for all nodes and services to True. 4. Click Apply, and then click OK to save your changes and close the dialog box. Related Topics: l Node group deployment properties l Configure deployment for service types l Configure network information for managed nodes HP Operations Manager (9.00) Page 628 of 1297 Online Help Managing policy groups Policy groups are sets of policies that share some common attribute or logical connection. They enable you to more easily work with multiple policies simultaneously. For example, you can deploy all the policies in a group to managed nodes together. HPOMand some Smart Plug-ins create policy groups automatically, which you can see in the console tree under Policy management. You can also create your own policy groups, and change the groups that policies belong to. Related Topics: l View policies by group l Find policies in policy groups l Create new policy group l Delete policy group l Add a policy to a policy group l Remove policy frompolicy group l Deploy a policy or policy group l Update to latest View policies by group You can view policies by selecting a policy group in the console tree. The policies in this group are visible in the details pane. Related Topics: l View installed policies l View policy properties Find policies in policy groups You can search the policy groups to find a specific policy within a group. This helps you to locate policies more quickly (for example to remove themfromthe group or update them). To find policies in policy groups 1. In the console tree, right-click the policy group that you want to search, and then click All Tasks Find Policy. The Find Policy dialog box opens. 2. Type a search string in either or both Name and Description. 3. Optional. Select a policy type if you want to limit your search to a specific policy type. 4. Optional. Select Case sensitive if you want your search results to match exactly the characters that you typed in the Name and Description box. 5. Click OK. The Find Policy Results dialog box opens, which shows the policies that match your criteria. HP Operations Manager (9.00) Page 629 of 1297 Online Help 6. Double-click a policy, or click a policy in the list and then click Select. The policy group is selected in the console tree, and the policy is selected in the details pane. Related Topics: l View policy properties Create new policy group You can create policy groups. under the Policy groups icon in the console tree. 1. Select Policy groups in the console tree. (To create a nested policy group, select an existing policy group.) 2. Right-click the selected group. 3. Select New Policy Group. A policy group with the name New Group is created. 4. Type a meaningful name for the new policy group. Related Topics: l Add a policy to a policy group l Delete policy group Delete policy group You can delete any policy group under Policy groups. If the policy group that you delete contains policies or other policy groups, they are also deleted. Note that the policies are not deleted fromthe management server and can be accessed again under Policies grouped by type Agent policies or Policies grouped by type Server policies. To delete a policy group 1. Right-click the policy group in the console tree and select Delete. Related Topics: l Delete a policy fromthe management server l Remove policy fromnode Add a policy to a policy group 1. Right-click the policy type or policy group that contains the policy you want to add to a group. 2. Right-click the policy and select Copy. 3. Right-click the policy group to which you want to add the policy and select Paste. Note: You can also use drag-and-drop to add policies to policy groups. Policies dragged froma policy type will be copied. Policies dragged froma policy group will be moved if the shift key is pressed while dragging, they will be copied. Related Topics: l Assign the latest policy version to a group l Remove policy frompolicy group HP Operations Manager (9.00) Page 630 of 1297 Online Help Remove policy from policy group You can remove a version of a policy fromone of your policy groups. The policy will not be removed fromother groups, and will not be deleted fromthe management server. To remove a policy from a policy group 1. Select the policy group fromwhich you want to delete the policy. 2. Right-click the policy you want to delete fromthe group and select Delete. A warning dialog appears. 3. Click Yes to delete the policy. Related Topics: l Delete a policy fromthe management server Assign the latest policy version to a group By default, a policy group contains the specific policy version that you add to the group, even if newer versions of the policy exist. You can change this behavior so that the policy group always contains the latest version of the policy. However, if you do not always want the policy group to contain the latest version, you can force an update by right-clicking the policy and choosing All Tasks Update to latest. To assign the latest policy version to a group 1. Open the policy group that contains the policy. 2. Right-click the policy, and then click Properties. 3. Select or clear Always Use Latest Policy Version. 4. Click OK. Related Topics: l Update to latest Update to latest To ensure that all policies in a policy group contain the most current versions, update the policies in the group to the latest version. Remember that the most current version of a policy is the policy with the highest version number. To update to latest 1. Right-click the policy group. 2. Select All Tasks Update to latest. You can also use this procedure on a specific policy, instead of on a policy group. The policy will be updated to the latest version in the policy group where you accessed it. Tip: You can see the number of selected policies and policy groups in the status bar. Related Topics: HP Operations Manager (9.00) Page 631 of 1297 Online Help l Assign the latest policy version to a group l Change policy version HP Operations Manager (9.00) Page 632 of 1297 Online Help Maintaining policies HPOMprovides two vehicles for maintaining and organizing policies, policy types and policy groups. Policy type A policy type is a set of configuration information that defines what a policy can manage. Every policy belongs to one policy type. In the console tree, Policies grouped by type Agent policies contains the types of policies that you can deploy to nodes. Policies grouped by type Server policies contains the types of policies that you can deploy to management servers. Note that you can filter the policies that are visible by adjusting the policy view filter. Policy group A policy group is a collection of any policies that you create. Any policy can be placed in a policy group, though two versions of the same policy cannot exist in the same group. You can create as many policy groups as you need. Policy groups can contain policies and other policy groups, though two policy groups cannot contain each other. One version of a policy can exist in more than one group. Policy groups allow you organize your policies, but how you organize themis up to you. You might group policies by the kind of systemthat they manage (workstation or server), by operating system (Windows or UNIX), or by function (network management or service management). If you edit a policy by clicking on its icon in a policy group, that group will contain the new version of the policy. Other policy groups may still contain the old version of the policy, although you can assign the latest policy version to a group, or use the update to latest command to quickly update the polices in other policy groups. (The policy type icon will display the new version if the new version has the newest version number.) Policies can be deleted fromthe systemonly if they are not currently deployed on any managed node. Note: You may not be able to edit some policies, because the policy data is not available on the management server. When you synchronize a node, the management server adds the node's policies to the inventory, even if the policy data does not exist on the management server. Policy data may be missing for one of the following reasons: l Another management server deployed the policy, and there are different policies and policy versions available on that management server. l The policy exists on a node, but was removed fromthe management server using the force option. To modify a policy 1. Find the policy in the console tree under Policies grouped by type or Policy groups. 2. Right-click the policy and select All Tasks Edit.... 3. When the policy editor appears, make your changes. 4. When you are done editing the policy, select Save and Close. Related Topics: l Change policy version l Delete a policy fromthe management server HP Operations Manager (9.00) Page 633 of 1297 Online Help l View installed policies View policy properties Every policy has a set of properties. Policy properties can only be accessed frompolicies displayed in the policy management portion of the console tree. Properties are not available fromthe policy inventory view. To viewpolicy properties 1. Right-click the policy in the details pane. 2. Select Properties. A dialog box opens and displays the following properties for the selected policy: The policy name appears in the title bar of the dialog box. This is the name under which the policy was saved. n General o Version The version that was assigned to this version of the policy when it was saved. If you open the policy properties fromwithin a policy group, the number displays the version of the policy that is assigned to the policy group. If multiple versions of a policy exist on the management server, you can select another version of the policy to be included in the policy group. o Always Use Latest Policy Version If you open the policy properties fromwithin a policy group, you can select this checkbox to ensure that always the latest version of the policy is included in the policy group. Otherwise the policy group includes the version displayed. o Version ID The GUID that was assigned to this version of the policy when it was saved. Each version of a policy has a unique ID. o Policy ID The GUID that was assigned to the policy when it was created. Different policies have unique policy IDs, while different versions of one policy have the same policy ID. o Last Modification The date that this version of the policy was saved. o Last Modified By The domain and user name active when this version of the policy was saved. o Category A comma-separated list of strings. You can use categories to associate policies with instrumentation and user roles. o Description A description of the policy. o Product Name Name of the product that provides this policy. o Product Description Description of the product that provides this policy. n Policy Type o Name The name of the policy type to which this policy belongs. o Version The version of the policy type. HP Operations Manager (9.00) Page 634 of 1297 Online Help o Policy Type ID The GUID assigned to the policy type. o Description Description of the policy type. n Policy Groups o Policy Groups A list of policy groups that contain this policy. The list shows the policy group name and version of the policy associated with each policy group. o Only show for current version Enables you to restrict the list of policy groups to show only the groups that contain this particular version of the policy. n Deployed on nodes o Deployed on nodes A list of nodes to which this policy is currently deployed. The list shows the name of the node, and the version and state (enabled or disabled) of the policy on the node. Tip: Right-click a node to open a shortcut menu that enables you to performbasic policy tasks on each node (for example, open the policy properties, enable or disable the policy on the node, or remove the policy fromthe node. o Only show for current version Enables you to restrict the list of nodes to show only the nodes that have this particular version of the policy. Related Topics: l Change a policy description l Change policy version l Add categories to a policy Set a policy filter The policy view filter lets you determine what kinds of policies are visible in the details pane when you select a policy type in the console tree. You can choose to see only the latest versions of each policy, or all versions. You can also filter on the deployment state, or on whether the policy is assigned to a policy group. Tip: Displaying all versions of a policy is useful if you want to edit an older version of a policy. To set a policy filter 1. In the console tree, under Policies grouped by type Agent policies or Policies grouped by type Server policies, right-click a policy type, for which you want to filter the policy view. 2. Select Set Filter. The Filter Settings dialog box opens. 3. Choose the selection criteria: n Latest version of all policies This selection will show only the highest version number of each policy. n All versions of the policy belowThis selection allows you to show all versions of one specific policy that you choose. 4. If you choose All versions of the policy below, you can also indicate which policies should HP Operations Manager (9.00) Page 635 of 1297 Online Help be shown, based on whether they are deployed on some managed node, or whether they are assigned to any policy group under Policy groups. 5. Click OK to set the filter. Related Topics: l View installed policies l View installed packages and subpackages Save a policy Policies are saved fromthe policy editor. Saving a policy creates a new version ID to distinguish between different versions of the policy. The policy ID and the policy name remain identical. l Name: Type a name that will identify the policy. You can use spaces in policy names. The equal sign (=) is not allowed. l Version: The version number will automatically increment unless you specifically change it. See also Change policy version. l Description: Type a description of what the policy does. You might also add other notes, for example data sources that are used, dependent policies, and so on. l Category: You can use categories to associate policies with instrumentation and with user roles. For more information, see Associate instrumentation with policies and Configure policies for user roles. To save a policy l Fromthe File menu of the policy editor, select Save.... Note: When you click the Save and Close or the Save toolbar button, the policy version number is automatically incremented. Use the Save dialog box to change the version number before saving. (The Save dialog box opens when you click File Save....) Related Topics: l Save policy as Save policy as If you save a policy under a new name, you will have two policies with two versioning schemes. You must choose a name that does not already exist for a policy of that type. Save a policy under a newname 1. Right-click the policy. 2. Select All Tasks Edit... to open the policy editor. 3. Click File, and point to Save As.... 4. Type a new name for the policy and click OK. You can use spaces in policy names. The equal sign (=) is not allowed. Related Topics: l Save a policy HP Operations Manager (9.00) Page 636 of 1297 Online Help Change policy version When a policy is newly created, or is saved under a new name, that policy is saved as version 1.0. Each time a policy is saved under the same name, a new version number is suggested by the policy editor, with the number to the right of the period automatically incremented (1.1, 1.2, and so on). You can change this number before saving. The number to the left of the period can also be changed by the user, but is never automatically incremented. The largest number available is 9999.9999. The policy with the largest version number is considered to be the newest version of the policy. Other factors, such as creation date, are not considered. You cannot save a policy with a version number that already exists for that policy name. Note: The numbers to the right and left of the period are both regarded as integers, and any leading zeros are ignored. This means that 0.10 is a more recent version than 0.9, and that 0.01 is identical to 0.1. Because each saved version of a policy has a different version number, you can access any previously saved version of a policy. These older versions can be edited or deployed just as any other policy. Caution: If you change the number to the left of the period when saving a new version of a policy, for example, 4.5. to 5.0, the policy editor prompts you to confirmthis choice. This prompt is designed to avoid conflicts with version numbers in future releases of HPOM. To avoid your changes being overwritten by future installations, try to use only the numbers to the left of the period to distinguish policy versions. For example, change 4.5 to 4.6. To change the policy version 1. Right-click the policy. 2. Select All Tasks Edit... to open the policy editor. 3. Click File, and then click Save.... The Save dialog box opens. 4. Change the version number. 5. Click OK. Related Topics: l Save policy as l Set a policy filter l View policy properties l Add a policy to a group Change a policy description The properties of a policy include data such as the version ID, policy ID, category and description. Most of these properties are set when the policy is created or changed, but you can change category and description in the Policy Management Properties dialog. This change does not create a new policy version. HP Operations Manager (9.00) Page 637 of 1297 Online Help To change a policy description 1. In the console tree, open Policy management and click the policy group or policy type that the policy belongs to. 2. In the details pane, right-click the policy, and then click All tasks Edit. 3. Click File Properties. 4. Change the Description as appropriate. 5. Click OK. 6. Click File Exit . Related Topics: l Change policy version l Add categories to a policy l Save a policy Add categories to a policy Categories are logical classifications of policies. You can use categories to associate policies with instrumentation and with user roles: l You can create corresponding instrumentation categories to ensure that the management server deploys certain instrumentation along with the policy. l You can configure user roles to control the activities that users can performon policies that belong to a category. To add categories to a policy 1. In the details pane, right-click a policy and then click Properties. The policy properties dialog box appears. 2. Type a category name in Category. To add multiple categories, separate each category with a comma. 3. Click OK. Tip: HPOMand some Smart Plug-ins add categories automatically, which you can see in the console tree under Policy management Policies grouped by category. Related Topics: l Associate instrumentation with policies l Configure policies for user roles Delete a policy from the management server You can delete policies fromthe server only if they are not installed on any managed node. HP Operations Manager (9.00) Page 638 of 1297 Online Help To delete a policy from the management server 1. In the console tree, under Policies grouped by type Agent policies or Policies grouped by type Server policies, right-click the policy you want to delete. 2. Select All Tasks Delete from server. Note that this menu itemwill only be available if the policy is not deployed on any managed node. Note: You can use Ctrl-click to select multiple policies to delete, but if any of the policies are installed on a managed node, the command cannot be carried out. Related Topics: l Remove policy frompolicy group l View installed packages and subpackages l Remove policy fromnode Mass operations on policies Some policy operations can be performed on many nodes at once, thus saving you time and preventing errors that can happen when performing repetitive actions. You can move, copy or delete multiple polices, as well as deploy multiple policies. Related Topics: l Deploy a policy or policy group l Add a policy to a policy group Import OVO for UNIX templates The tool ImportPolicies imports templates downloaded fromOVOfor UNIX version 8.xx and lower into HPOMfor Windows. To import HPOM9.xx on UNIX or Linux policies into HPOMfor Windows, use the ovpmutil command-line utility. Usage ImportPolicies /f <policy file> [/g <policy group>] [/r | /d] [/x] [/c ASCII|/c UTF8|/c ISO81|/c ISO82|/c ISO85|/c ISO815| /c ROMAN8|/c SJIS|/c EUCJP|/c GB2312|/c BIG5|/c EUCTW| /c EUCKR] All imported policies are stored in subdirectories of the policy directory Policy Management\Policy Groups\Imports From File . Policy File (/f) The policy file contains one or more templates that will be imported as policies into HPOMfor Windows. This file is created by the config download command (opccfgdwn) on an OVOfor UNIX server. For every template contained in the file a new policy will be added. Note: Refer to the OVOfor UNIX Administrator's Reference for information about downloading template files. HP Operations Manager (9.00) Page 639 of 1297 Online Help The table below shows the OVOfor UNIX message source types and shows the policy type to which they are converted: Message Source Type Policy Type Logfiles Logfile Entry or Windows Event Log SNMP Trap SNMP Interceptor Message Interface Open Message Interface Threshold Monitor Measurement Threshold Scheduled Action Scheduled Task Other OVOfor UNIX message source types cannot be imported. Policy Group (/g) If this optional parameter is given, the policies of the file are stored in the policy group "...\Imports FromFile\<policy group>". If the given group does not exist, it will be created. If the /g option is omitted a new policy group named with the current date and time will be created and used. Replace (/r) Flag Use this option if you want to replace any existing policies within <policy group> that have the same name as any template that you are importing. Caution: The old policy is replaced and cannot be recovered. If none of the /r, /d, or /x flags are used, policies that have the same name as an existing policy contained in <policy group> will not be imported. Duplicate (/d) Flag Use this option if you want to import policies that have the same name as existing policies in the same <policy group> without overwriting them. The policies will have different GUIDs. If none of the /r, /d, or /x flags are used, policies that have the same name as an existing policy contained in <policy group> will not be imported. Delete (/x) Flag Use this option if you want to delete policies that have the same name as existing policies in the same <policy group> before importing OVOfor UNIX templates into HPOMfor Windows. If none of the /r, /d, or /x flags are used, policies that have the same name as an existing policy contained in <policy group> will not be imported. Codeset (/c) This parameter must be set if the policy file contains non-ASCII characters (for example, a download file froman English OVOfor UNIX server is encoded in iso8859-1, a download file froma Japanese OVOfor UNIX server is encoded in Shift-JIS). In this case the policies will be converted to the multi-byte Unicode encoding UTF8. (This is necessary because within HPOMfor Windows all polices are stored in a Unicode encoding.) If omitted, it is assumed that the given file (<policy file>) only contains ASCII data. It can accept the following values: ASCII, UTF8, ISO81 (for ISO88591), ISO82 (for HP Operations Manager (9.00) Page 640 of 1297 Online Help ISO88591), ISO85 (for ISO88595), ISO815 (for ISO885915), ROMAN8, SJIS, EUCJP, GB2312, BIG5, EUCTW, EUCKR, and UNICODE (for Windows Unicode). Convert OVOfor UNIX Operations templates to HPOM for Windows policies 1. Download the templates fromthe OVOfor UNIX management server using the command opccfgdwn (see OVOfor UNIX documentation) to a config download package. 2. Copy the download package to the HPOMfor Windows management server. 3. If any template names contain any special characters, open the config download package and remove them. Special characters are not allowed in policy file names. 4. Upload the templates to the HPOMfor Windows management server, where they become policies. Use the command ImportPolicies, as described above. 5. Customize the policies as required. Related Topics: l ovpmutil HP Operations Manager (9.00) Page 641 of 1297 Online Help Managing deployment packages A deployment package usually contains agents, programs, or instrumentation that are ready for installation on nodes. A package can contain individual files and also subpackages, which are collections of files. Deployment packages are provided by HPOMand Smart Plug-ins to enable you to manage various services and nodes. In some cases the management server automatically deploys packages when you discover nodes and deploy policies to them. You can also explicitly deploy and remove packages using the console. For each node, the management server maintains a package inventory, which enables you to see which packages exist on each node. This helps you to decide when you need to redeploy or remove packages. Related Topics: l Deploy deployment package l View details of available packages l View installed packages and subpackages l Synchronize packages l Reinstall packages l Reinstall all l Update packages l Update all l Remove package fromnode l Uninstall all Deploy deployment package A deployment package is a set of files, usually containing agents, programs, or instrumentation, that is ready for deployment. To deploy a deployment package 1. Click Deployment packages in the console tree. 2. Select the packages you want to deploy. (For more details about deploying an agent package, see Install agents remotely.) 3. Right-click the selected packages and select All Tasks Deploy on... 4. Select the managed nodes to which you want to deploy the packages. 5. Click OK. You can also install deployment packages by dragging themonto a node or node group. You can watch the progress of the deployment by clicking Deployment jobs in the console tree. Only pending, active, failed, or suspended deployment jobs appear. Note: You can also install deployment packages using a drag-and-drop operation. HP Operations Manager (9.00) Page 642 of 1297 Online Help Related Topics: l View installed packages and subpackages View details of available packages When you click Deployment packages in the console tree, the details pane shows a list of the packages that are available on the management server. If you need more information about the packages, you can view the deployment packages report. To viewdetails of available packages 1. In the console tree, right-click Deployment packages, and then click View Package details. The Deployment Packages report appears. 2. Optional. In the report, select View including subpackages or View without subpackages. The report shows or hides details of subpackages accordingly. Related Topics: l View installed packages and subpackages View installed packages and subpackages You can see which packages and subpackages are installed on any node. Each package can contain individual files and also subpackages, which are collections of files. Packages and subpackages both have version numbers. A package version number corresponds to a major release of the software. Subpackage version numbers correspond to minor releases and patches. Therefore, if you want to check whether patches are installed on a node,check the version numbers in the subpackage inventory. Note: The subpackage inventory is only available for nodes that have the HTTPS agent. To viewinstalled packages 1. In the console tree, right-click the node where you want to check the installed packages. 2. Click View Package Inventory. A list of installed packages appears in the details pane. To viewinstalled subpackages 1. In the console tree, right-click the node where you want to check the installed subpackages. 2. Click View Subpackage Inventory. A list of installed subpackages appears in the details pane. Related Topics: l View installed policies Synchronize packages The procedure below will update the inventory of all packages deployed to managed nodes. The inventory is kept on the management server. Reinstall all if you want to reinstall the policies and packages on the node. HP Operations Manager (9.00) Page 643 of 1297 Online Help To update the package inventory on the management server 1. In the console tree, right-click the node or node group where you want to query the installed packages. 2. Select All Tasks Synchronize inventory Packages. Related Topics: l Deploy deployment package Reinstall packages You can reinstall all the packages that are currently deployed to selected nodes and node groups, including the agent package. This first uninstalls the packages before installing themagain. However, you cannot reinstall the DCE agent package on UNIX and Linux nodes fromthe console. The agent must be reinstalled manually. You cannot reinstall the agent package on the management server node. To reinstall packages 1. In the console tree, select the nodes or node groups on which you want to reinstall packages. 2. Right-click your selection, and then click All Tasks Reinstall/Update.... The Reinstall/Update Node dialog box opens. The reinstall option is already selected. 3. In the list under Scope, select Packages. 4. Optional. Select the Ignore missing policies/packages check box. This enables you to reinstall the packages that are available on this management server. If the node inventory contains packages that are not available on this management server, the management server creates a warning in the event log and the job succeeds. 5. Click OK. The management server creates a deployment job, which reinstalls the packages. Related Topics: l Deployment jobs Reinstall all You can reinstall all the packages and policies that are currently deployed to selected nodes and node groups. This overwrites the existing policies on the node. When using this command, note the following points: l This command does not upgrade any policies that are installed on the node. Even if more current versions of a policy exist, the installed versions are redeployed according to the inventory. Refer to Update policy on node to deploy the most current policies. On other nodes, this command always deploys the newest agent version that is available on the management server. l On UNIX and Linux nodes that have the DCE agent, this command only removes and redeploys policies the agent must be reinstalled manually. If the node does not host the newest compatible agent version, you will receive an error message to informyou. Note: DCE agent installation packages are only available on management servers running a 32 bit version of HPOM. HP Operations Manager (9.00) Page 644 of 1297 Online Help l You cannot reinstall the agent package on the management server node. l The default instrumentation categories for the DCE agent (action, command, and monitor) are not usually associated with policies and, as a result, are not removed or redeployed. If instrumentation still exists in the action, command, and monitor categories, you can redeploy it to nodes that have DCE agents using the Deploy instrumentation command. l If a policy in the node's inventory has associated instrumentation, this command removes all instrumentation fromthe node. This includes any instrumentation that you deployed to the node manually. (It does not include instrumentation that belongs to the action, command, and monitor categories on the DCE agent.) The command redeploys only the instrumentation that is associated with the policies in the node's policy inventory. l If none of the policies in the node's inventory have associated instrumentation, then no instrumentation is removed or redeployed. To reinstall all policies and packages 1. In the console tree, select the nodes or node groups on which you want to reinstall all policies and packages. 2. Right-click your selection, and then click All Tasks Reinstall/Update.... The Reinstall/Update Node dialog box opens. The reinstall option is already selected. 3. In the list under Scope, select All. 4. Optional. Select the Ignore missing policies/packages check box. If the node inventory contains policies and packages that are not available on this management server, the anagement server creates a warning in the event log and the job succeeds. Otherwise, if you clear this check box, the job succeeds only if all the policies and packages in the node inventory are available on this management server. 5. Optional. If another management server has already deployed a version of a policy to a node, that management server owns the policy on that node. If you want to reinstall the policy from this management server, and transfer the ownership, select the Ignore policy owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. If you do not select this check box, the management server reinstalls only the policies that it owns. 6. Click OK. The management server creates a deployment job, which reinstalls the policies, packages, and instrumentation. You can follow the progress of the redeployment by clicking Deployment jobs in the console tree. Related Topics: l Configure instrumentation l View job l Deploy a policy or policy group Update packages You can update all the packages that are currently deployed to selected nodes and node groups, including the agent package. HP Operations Manager (9.00) Page 645 of 1297 Online Help To determine whether a package update is necessary, the management server compares the version number of the latest available packages to the version number of the packages that are currently deployed to the nodes. If a newer package version is available, the management server updates the packages without removing the current version fromthe node first. Note: The management server does not check subpackage version numbers before a package update. If you have installed a newer subpackage on a node using a hotfix, it is therefore possible for a package update to replace the newer subpackage with an older version. To update packages 1. In the console tree, select the nodes or node groups on which you want to update packages. 2. Right-click your selection, and then click All Tasks Reinstall/Update.... The Reinstall/Update Node dialog box opens. 3. Select Update. 4. In the list under Scope, select Packages. 5. Optional. Select the Ignore missing policies/packages check box. If the node inventory contains packages that are not available on this management server, the management server removes themand does not redeploy them. Otherwise, if you clear this check box, the job succeeds only if all the packages in the node inventory are available on this management server. 6. Optional. If you want to deploy packages to nodes that already have a newer version of the package, clear the Update only if version is newer check box. If you do this, the management server deploys the latest version of the package that is available on the management server, even if the node already has the same version or a newer version. 7. Click OK. The management server creates a deployment job, which updates the packages. Related Topics: l Deployment jobs l Migrate fromDCE to HTTPS Update all You can update all the policies and packages that are currently deployed to selected nodes and node groups, including the agent package. The management server updates all the policies on the node to the latest version. To determine whether a package update is necessary, the management server compares the version number of the latest available packages to the version number of the packages that are currently deployed to the nodes. If a newer package version is available, the management server updates the packages without removing the current version fromthe node first. Note: The management server does not check subpackage version numbers before a package update. If you have installed a newer subpackage on a node using a hotfix, it is therefore possible for a package update to replace the newer subpackage with an older version. HP Operations Manager (9.00) Page 646 of 1297 Online Help To update all 1. In the console tree, select the nodes or node groups on which you want to update policies and packages. 2. Right-click your selection, and then click All Tasks Reinstall/Update.... The Reinstall/Update Node dialog box opens. 3. Select Update. 4. In the list under Scope, select All. 5. Optional. Select the Ignore missing policies/packages check box. If the node inventory contains policies and packages that are not available on this management server, the management server updates only the policies and packages that are available. Otherwise, if you clear this check box, the job succeeds only if all the policies and packages in the node inventory are available on this management server. 6. Optional. If another management server has already deployed a version of a policy to a node, that management server owns the policy on that node. If you want to update the policy from this management server, and transfer the ownership, select the Ignore policy owner check box. You must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. If you do not select this check box, the management server updates only the policies that it owns. 7. Optional. If you want to deploy policies and packages to nodes that already have a newer version of the policy or package, clear the Update only if version is newer check box. If you do this, the management server deploys the latest version of the policy or package that is available on the management server, even if the node already has the same version or a newer version. 8. Click OK. The management server creates a deployment job, which updates the policies and packages. Related Topics: l Deployment jobs l Migrate fromDCE to HTTPS Remove package from node If you have previously deployed packages to nodes, but no longer require them, you can remove the packages fromthe nodes using the console. You can only remove an agent package froma node after you remove any other packages on the node. You cannot remove the agent package fromthe management server node. To remove packages from nodes: 1. Open Policy management Deployment packages in the console tree and select the packages that you want to remove. You can select multiple packages by pressing SHIFT or CTRL. 2. Right-click your selection, and then click All Tasks Uninstall from .... The Uninstall package from... dialog box opens. HP Operations Manager (9.00) Page 647 of 1297 Online Help 3. Select the nodes that you want to remove the packages fromby selecting check boxes for the nodes and node groups in Managed nodes. 4. Optional. If you know that the job to remove the package will fail (for example, because the node is unreachable), but you still want to remove the package fromthe inventory on the management server, select the Force removal of package check box. 5. Click OK. 6. If you are removing an HTTPS agent package, the Node Credentials dialog box opens. Specify the credentials that the management server uses to uninstall the package. Click one of the following options: n PMAD user. The management server attempts to uninstall the agent as the user under which the policy management and deployment (PMAD) service runs (called HP-OVE- Deleg-User by default). You can only use this for nodes with a Windows operating system. The nodes can belong to the same domain as the management server, a trusted domain, or a workgroup. Note: The PMAD user does not by default have administrative access to the node. For more information, see Start Windows node security setup. n Impersonate user. The management server attempts to uninstall the agent using the credentials that you are currently logged in to Windows with. You cannot use impersonation for nodes in untrusted domains or workgroups. You can use impersonation only if the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server. For more details on delegation, refer to the Active Directory documentation that Microsoft provides. n User/Password. Type the Username of a user who has permission to uninstall software on the node and their Password. For nodes with a UNIX or Linux operating system, this is the only command available. You can also use this command to uninstall the HTTPS agent fromWindows nodes that belong to the same domain as the management server, a trusted domain, or a workgroup. Click OK. The management server uses the same credentials for each node. 7. The management server creates deployment jobs, which remove the packages. If a job fails, you can restart it with advanced options to change the credentials. Tip: You can also remove a package froma node in the package inventory view: 1. In the console tree, right-click the node fromwhich you want to remove a package, and then click View Package Inventory. 2. In the details pane, right-click the package that you want to remove, and then click All Tasks Remove from node.... The Remove Package dialog box opens. 3. If you are removing an HTTPS agent package, specify the credentials that the management server uses to uninstall the package. 4. Optional. Select the Force removal of package(s) check box. Related Topics: HP Operations Manager (9.00) Page 648 of 1297 Online Help l Deployment jobs l Remove policy fromnode l Restart job with new options Uninstall all If you have previously installed policies, instrumentation, and packages to nodes, you can remove themall using the console. This includes uninstalling the agent. (You cannot uninstall the agent package on the management server node.) You must specify the credentials credentials of a user who has administrative access to the node. To uninstall all 1. In the console tree, right-click the node or node group, and then click Uninstall all.... The Uninstall All dialog box opens. 2. If you are removing an HTTPS agent package, specify the credentials that the management server uses to uninstall the agent package. Click one of the following options: n PMAD user. The management server attempts to uninstall the agent as the user under which the policy management and deployment (PMAD) service runs (called HP-OVE- Deleg-User by default). You can only use this for nodes with a Windows operating system. The nodes can belong to the same domain as the management server, a trusted domain, or a workgroup. Note: The PMAD user does not by default have administrative access to the node. For more information, see Start Windows node security setup. n Impersonate user. The management server attempts to uninstall the agent using the credentials that you are currently logged in to Windows with. You cannot use impersonation for nodes in untrusted domains or workgroups. You can use impersonation only if the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server. For more details on delegation, refer to the Active Directory documentation that Microsoft provides. n User/Password. Type the Username of a user who has permission to uninstall software on the node and their Password. For nodes with a UNIX or Linux operating system, this is the only command available. You can also use this command to uninstall the HTTPS agent fromWindows nodes that belong to the same domain as the management server, a trusted domain, or a workgroup. 3. Optional. If you know that the uninstallation job will fail (for example, because the node is unreachable), but you still want to remove the policies and packages fromthe inventory on the management server, select the Force removal of packages and policies check box. 4. Optional. If another management server owns a policy on a node, this management server will not uninstall it by default. If you want to this management server to remove the policies that other management servers own, select the Ignore Owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. HP Operations Manager (9.00) Page 649 of 1297 Online Help 5. Click OK. The management server creates a remove all job for each of the nodes that you selected. To view the progress of these jobs, click Deployment jobs in the console tree. If an agent installation job fails, right-click the job, and then click Error description. Related Topics: l Deployment jobs l Remove package fromnode HP Operations Manager (9.00) Page 650 of 1297 Online Help Managing deployment jobs Deployment refers to the process of transferring agents, policies, and other software fromthe management server to one or more managed node. Whenever you deploy a package, a policy or policy group to (or delete a policy from) a managed node, a deployment job is created. You can view all pending jobs by clicking on the job icon in the console tree. When a job has completed, it is deleted fromthe details pane. Note: You must have the appropriate user rights to performthese operations. Refer to Configure policies for user roles for more information. The deployment jobs help you to monitor the actions you have requested. If a job remains in the details pane longer than you expect, you should investigate the cause of the delay. If some problem has prevented the execution of the deployment job, it will be displayed in the details pane with an error status. Jobs that are waiting show the status suspended. After correcting the cause of the problem, you can restart the job by right-clicking on the node and selecting All Tasks Restart all deployment jobs. You can also restart a failed job without performing a prerequisite check on the target node. This feature allows you to force the deployment of components to managed nodes, even if one or more of the target nodes does not meet the standard requirements for a managed node. If you create a job that deploys agent packages, you must provide the credentials of a user who has access to the node. Also, if you restart a failed or suspended job that deploys agent packages, you must provide the credentials again. You may also need to provide credentials to deploy other packages to nodes that have the DCE agent. Related Topics: l Deploy a policy or policy group l Deploy deployment package l Deploy instrumentation View job You can view all unfinished deployment jobs in the console. To viewunfinished jobs Select the Deployment jobs icon in the console tree. The details pane displays all unfinished jobs. When a job completes, it is no longer visible. Related Topics: l Restart job l Cancel job Suspend job You can suspend all pending deployment jobs. HP Operations Manager (9.00) Page 651 of 1297 Online Help To suspend a specific job 1. Click the Deployment jobs icon in the console tree. 2. Right-click the job you want to suspend. 3. Select Suspend job. To suspend all jobs for all managed nodes 1. Right-click the Deployment jobs icon in the console tree. 2. Select All Tasks Suspend all jobs. Related Topics: l Restart job l Cancel job Restart job If a deployment job is not successfully carried out due to a network problem, you can start the job again. Note: If the job deploys an agent, the management server attempts to deploy the agent using the credentials that you are currently logged in with. You must have permission to install software on the node. If the node has a UNIX or Linux operating system, or you want to use different credentials, restart the job with new options instead. To restart a specific job 1. Click the Deployment jobs icon in the console tree. 2. Right-click the job you want to restart. 3. Click Restart job. To restart all pending jobs for one managed node 1. Right-click the managed node icon in the console tree. 2. Click All Tasks Restart all deployment jobs. To restart all jobs for all managed nodes 1. Right-click the Deployment jobs icon in the console tree. 2. Click All Tasks Restart all jobs. Related Topics: l Restart job with new options l Cancel job l Suspend job HP Operations Manager (9.00) Page 652 of 1297 Online Help Restart job with new options If a deployment job fails, you can try to correct the error by restarting the job with new options. The options available vary, depending on the type of job you are restarting. To restart a deployment job with newoptions 1. In the console tree, click Deployment jobs. A list of deployment jobs appears. 2. Right-click the job you want to restart, and then click All Tasks Restart job with new options. The Advanced deployment options dialog appears. 3. Optional. If the job installs or uninstalls packages, you can specify the credentials that the management server uses to access the node. This is necessary if the original credentials were invalid. It is also necessary if the job fails for another reason, and you do not want to restart it using impersonation. Click one of the following options: n PMAD user. The management server attempts to access the node as the user under which the policy management and deployment (PMAD) service runs (called HP-OVE-Deleg-User by default). You can only use this for nodes with a Windows operating system. The nodes can belong to the same domain as the management server, a trusted domain, or a workgroup. Note: The PMAD user does not by default have administrative access to the node. For more information, see Start Windows node security setup. n Impersonate user. The management server attempts to access the node using the credentials that you are currently logged in to Windows with. You cannot use impersonation for nodes in untrusted domains or workgroups. You can use impersonation only if the PMAD user is trusted for delegation in Active Directory, unless your console runs directly on the management server. For more details on delegation, refer to the Active Directory documentation that Microsoft provides. n User/Password. Type the Username of a user who has permission to install software on the node and their Password. For nodes with a UNIX or Linux operating system, this is the only command available. You can also use this command to install the HTTPS agent to Windows nodes that belong to the same domain as the management server, a trusted domain, or a workgroup. 4. Optional. Select the Skip node prerequisites check check box. By default, the management server checks that each node meets the requirements for the deployment and installation of the agent. This check is designed to reduce deployment errors and assist administrators in the performance of regular maintenance tasks. You can restart a failed job without performing a prerequisite check on the managed node. This enables you to deploy the agent, even if the node does not meet the standard requirements, or a known problemis likely to prevent a deployment fromcompleting successfully. Caution: If the node prerequisite check fails, it usually indicates that there is a problemwith the managed node, and it is not recommended to continue with the deployment of the HP Operations Manager (9.00) Page 653 of 1297 Online Help agent. Only use this option if you know exactly why the prerequisites check failed on the managed node and are sure that it is safe to install the agent anyway. 5. Optional. Select the Allow older packages check box. This check box enables you to deploy the latest available version of a package if the version on the node is newer than the version available on a management server. 6. Optional. Select the Update to latest policy/package version check box. This check box enables you to deploy the latest available versions of policies and packages instead of the redeploying the versions currently on the node. 7. Optional. Select the Ignore errors check box. This check box enables you to force a job that removes policies or packages to complete, even if errors occur. For example, if you try to remove a package froma node, but the node is unreachable, the management server removes the package fromthe node's package inventory anyway. 8. Optional. Select the Ignore package/policy version check box. This check box enables you to deploy a policy or a package even if a newer version already exists on the node. 9. Optional. Select the Enable policy check box. This enables the policy after the management server deploys it to the node. 10. Optional. Select the Disable policy check box. This disables the policy after the management server deploys it to the node. 11. Optional. Select the Ignore owner of policies on the node check box. If another management server has already deployed a version of a policy to a node, that management server owns the policy on that node. This check box enables you to deploy the policy fromthis management server, and transfer the ownership. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. 12. Click OK. The management server restarts the job with the new options. Related Topics: l Check prerequisites for managed nodes l Restart job l Cancel job l Suspend job Cancel job You can cancel any pending deployment job. To cancel a specific job 1. Click the Deployment jobs icon in the console tree. 2. Right-click the job you want to cancel. 3. Select Cancel Job. HP Operations Manager (9.00) Page 654 of 1297 Online Help To cancel all pending jobs for one managed node 1. Right-click the managed node icon in the console tree. 2. Select All Tasks Cancel all deployment jobs. To cancel all jobs for all managed nodes 1. Right-click the Deployment jobs icon in the console tree. 2. Select All Tasks Cancel all jobs. Related Topics: l Suspend job l Restart job Change maximum parallel jobs By default, the management server starts a maximumof five parallel deployment jobs. In some cases, you may want to increase or reduce this number: l If the management server is too weak (for example, slow processor, not enough RAM), then too many parallel jobs can produce an unacceptable load on the server. In this case, reduce the maximumnumber of jobs. l If the management server is very powerful and you want to reduce the time required for mass operations such as policy deployment, then increase the maximumnumber of jobs. To change maximum parallel jobs 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box appears. 2. Click Namespaces, and then click Policy Management and Deployment. A list of values appears. 3. Change the value of Number of concurrent deployment threads. The value should be between 5 and 10 in most cases. Related Topics: l Change server configuration values Send message when job completes successfully If some problemhas prevented the execution of the deployment job, the job displays in the details pane with an error status and a message appears in the message browser. In some cases, you may also want to receive a message when a job completes successfully. You can choose between sending a success message to the active messages browser or to the acknowledged messages browser, or writing the information to the Windows event log. If you choose the Windows event log, you may want to enhance the event log policy VP_SM-Server_ EventLogEntries, which evaluates events in the event log, to send messages for each deployment job, or for failed or successful jobs only. HP Operations Manager (9.00) Page 655 of 1297 Online Help To send message when job completes successfully 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box appears. 2. Click Namespaces, and then click Policy Management and Deployment. A list of values appears. 3. Click Expert Mode. 4. Change the value of Send message when deployment job completes successfully. Choose one of the following values: n NONE (default) n ACTIVE n ACKNOWLEDGED n EVENTLOG 5. Click OK to save your changes and close the Server Configuration dialog box. Related Topics: l Change server configuration values l Server self-management policies Deployment troubleshooting In the event that you cannot deploy policies or instrumentation to a particular node, use these troubleshooting instructions to try to fix the problem. If the solution below does not fix the problem, click the check box to display the next suggested solution. l If the node was recently configured, wait a few minutes until the security changes take effect, then restart the job. l Several minutes have passed since the node was configured, but deployment still fails. Check the node properties of the node where deployment fails to ensure that they are correct. n Systemproperties; are they correct for the node? n Primary Node Name; is it set correctly? n In case that the node name cannot be resolved (for example, due to missing DNS entry of the managed node): specify IP address directly. See Configure network properties for more information about setting these parameters. l The network information for the node is correct, but deployment still fails. If the deployment job fails with an "Access Denied" and you chose the impersonation option, double-check that the fully qualified domain name (FQDN) is correct in the node's network properties. Delegation mechanisms depend on end-to-end Kerberos authentication fromthe remote console, through the management server, and onwards to the node. This may only work HP Operations Manager (9.00) Page 656 of 1297 Online Help correctly if the FQDN of the node is correct in the node's network properties. The FQDN in the node's network properties must be exactly the same as the node's full computer name, which you can configure in the systemproperties of the Windows operating system. The FQDN must also be configured correctly in the dnsHostName and servicePrincipalName attributes of the computer object in Active Directory. Start the command nslookup <shortname of agent system> on the node. This command should return the same FQDN as the full computer name in the node's Windows systemproperties. If you are running a disjoint namespace, your nodes may have different FQDN domain suffixes, and the FQDNs may not all be registered correctly on the computer accounts. For more details about disjoint namespaces, see the following Microsoft Knowledge Base Article http://support.microsoft.com/default.aspx?scid=kb;EN-US;258503 If the FQDNs differ, you have to change your computer configuration so that DNS suffixes match in the Active Directory domain and on the node, or correct the DNS records to be present and computer account attributes. l The deployment job does not fail with an "Access Denied" error and the FQDN is correct in the node properties. Starting with OVO7.20, the Windows node Security Setup dialog box is no longer called when you move a managed node fromthe folder "Unmanaged Nodes with agent" fromthe left side to the right side of the node configuration editor after you have manually installed the agent on the node. Because the security dialog is not called in this case, the PMAD user (called HP-OVE- Deleg-User by default) is not automatically added to the local administrator group of the remote Windows node. However, this user must be a part of the local administrators group of the remote node if you want to trigger any package deployment operation (deployment, undeployment, Redeploy all, or Uninstall) using the PMAD user. You will get a deployment error in these circumstances: a. Install the Windows agent manually. b. Add the node to the managed environment by moving it fromthe folder "Unmanaged nodes with agent" on the left side to the right side of the node configuration editor, then clicking OK. c. Start any package deployment or undeployment operation. To correct this situation, you can add the PMAD user manually to the local administrators group of the remote managed node of a domain environment. Any packaged deployment operation should work then, providing the remote node is not behind a firewall. For more details, see Start Windows node security setup. l Unmanaged node brought under management, but deployment still fails. Be sure that the node is not offline. Open a command prompt and use the ping command to see if the node responds. l The node responds to the ping command, but deployment still fails. If the error message, "Error granting privileges" appears in the Windows Node Security Setup window when attempting to add a node, it means that the node security setup failed. This can HP Operations Manager (9.00) Page 657 of 1297 Online Help happen if you don't have administration rights for the node that you want to add. You can gain administrative rights for the remote node in the following ways: n In a domain environment, add the PMAD user (called HP-OVE-Deleg-User by default) to the Local Administrators group of the remote node. n In a workgroup environment, you create a local account on the remote managed node. The account must have the identical name and password as the PMAD user account specified during product installation. Add this newly added account into the Local Administrators group. l The account permissions are correct, but deployment still fails. If the managed node runs a Windows operating system, make sure that there are no errors reported in the Windows event log. To do this, you can use Event Viewer, which is provided with Windows. l The Windows Event Log on the managed node does not contain errors that would affect deployment, but deployment still fails. If you are deploying a package to a Windows node, make sure that there are no errors reported in the agent installation log file. Open the file inst.log in \Temp or <install_ dir>\Installed Packages\Temp on the managed node. l The inst.log file contains no errors, but deployment still fails. If a deployment job fails with an error message like "Unable to check Agent registry key..." or "Unable to connect to registry..." it means that the policy management server cannot access the registry of the remote managed node which is necessary to deploy packages. Besides checking your network connection, you should also verify whether the policy management server has administrative rights on the remote managed node. Administrative rights are provided for the policy management server in a Windows domain environment by adding the domain group HP-OVE-Group to the local administrator group of the managed node. If the managed node is not in the domain, but only in a Windows workgroup, administrative rights are provided by creating the local user HP-OVE-User on the remote managed node. This account must have the same password as the HP-OVE_User account specified during management server installation (see passthrough authentication.) Additionally, the user HP-OVE-User must also be part of the local Administrator group of the managed node. If you have specified another user account for the server during product installation, you should create this account instead of HP-OVE-User on the managed node. l The network connections and administrative rights are correct, but deployment still fails. Check to ensure that the managed node meets all hardware and software requirements. Update the node as necessary before continuing. The requirements for all nodes can be found in the HP Operations Agent Release Notes. l The hardware and software requirements are complete, but deployment still fails. The initial node deployment or a redeploy all deployment job fails with one of the following error messages: HP Operations Manager (9.00) Page 658 of 1297 Online Help n (AGENTADAPTER) Error: OvEpItoAdapter: (MS207) RPC resolve binding failed for ... n AGENTADAPTER) Error: OvEpItoAdapter: (MS202) opc_comm_connect() failed for ... (null). (MS203) RPC server on ... not registered. n (AGENTADAPTER) Error: OvEpItoAdapter: (MS208) RPC call to get character set from... failed. RPC service 'Control Agent' on system... returns an error: The RPC server is too busy to complete this operation. The reason for these problems is that the installation of the agent software takes so long that the retries for the policy deployment time out. To solve this problemright-click Operations Manager in the console tree, and then click Configure Server.... In Namespaces, select Policy Management and Deployment, and then set the following values: n Connect to managed node retry, which specifies the number of connection attempts (the default is 3) n Time between connection attempts, which determines the delay in seconds between the individual connection attempts (the default is 5 seconds). On slow machines the default values will not suffice and need to be increased accordingly. l All conditions appear to be met, but deployment still fails. Check to ensure that the control agent is running on the managed node by typing the command opcagt -status. If not, restart the agent with the command opcagt -start. l The agent is running, but deployment still fails. Check the opcinfo file on the managed node to ensure that the name of the management server is correct. n Nodes with a UNIX or Linux operating system: /opt/OV/bin/OpC/install/ n Nodes with a 32 bit Windows operating system: %OvAgentDir%\bin\OpC\install n Nodes with a 64 bit Windows operating system: %OvAgentDir%\bin\win64\OpC\install If the computer listed as OPC_MGMT_SERVER is not the management server for the node, change it, save the opcinfo file, stop the agent with the command opcagt -kill, start the agent with the command opcagt -start. l The management server is correct in opcinfo, but deployment still fails. Ensure that the name of the management server (that you checked in the opcinfo file) can be resolved on the managed node. Refer to Resolve the IP address of the management server for instructions to verify this. If the server node name cannot be resolved add the following statement to the nodeinfo file: OPC_RESOLVE_IP <ip address of server> Refer to Node info policy parameters for more information about this parameter. l The name of the management server can be resolved on the managed node, but deployment still fails. Ensure that the agent ID for the managed node is identical on the node and on the server. Refer HP Operations Manager (9.00) Page 659 of 1297 Online Help to Agent ID on server and node mismatch for instructions. l The agent ID matches, but deployment still fails. Ensure that a firewall configuration is not preventing the connection between server and agent (for example, standard installation for Red Hat 7.1 installs firewall). If you need more information about connection through a firewall, contact your HP representative for a copy of the HP Operations Manager for Windows Firewall Concepts and Configuration Guide. l The firewall configuration is correct, but deployment still fails. If deployment still does not work, you should contact your HP representative for more assistance. To help troubleshoot the problem, supply the error output log for the agent on the node where deployment fails. Error output for the agent can be found: n UNIX: var/opt/OV/log/OpC/opcerror n Windows: %OvAgentDir%\log\OpC\opcerror Configuring instrumentation Instrumentation refers to programs that are deployed to a managed node. The programs are scripts or executables that can be used by tools, automatic or operator-initiated commands, or policies. If you develop policies that require custominstrumentation, you can associate the policies and instrumentation using categories. This ensures that the management server automatically deploys the instrumentation when it deploys the policy. You can also deploy categories of instrumentation independently frompolicies. In addition, you can redeploy policies and instrumentation that already exist on a node to ensure their integrity. You store instrumentation in folders on the management server, ready for deployment to nodes. OVO7.50 uses a different structure for instrumentation folders. If you upgraded fromOVO7.50 you could still have your own custominstrumentation in folders that follow the deprecated structure. You may need to migrate this instrumentation to the new folder structure, particularly if you want to deploy it to nodes that have the HTTPS agent. Related Topics: l Associate instrumentation with policies l Migrate existing instrumentation l Deploy instrumentation l Reinstall policies Associate instrumentation with policies If you develop policies that require custominstrumentation, you can associate the policies and instrumentation using categories. This ensures that the management server automatically deploys the instrumentation when it deploys the policy. To associate instrumentation with a policy, you must first add a category to the policy. You then copy the instrumentation to a specific folder on the management server. All instrumentation is in the following folder on the management server: <share_dir>\Instrumentation HP Operations Manager (9.00) Page 660 of 1297 Online Help The default path of the shared folder is C:\ProgramData\HP\HP BTO Software\shared. If the management server is in a cluster, this folder is on the cluster's shared storage. This folder contains the "Categories" folder, within which you create a new folder with the same name as the category that you added to the policy. You can copy your instrumentation directly into this category folder. Note: The name of the category folder that you create must have no more than 32 characters. However, you may also need to deploy specific instrumentation to nodes that run on different platforms. To do this, you use a hierarchy of folders under the category folder. You then copy the platformspecific instrumentation into these folders, use the same file name for each instance. The following figure shows the structure of the instrumentation folders. (Brackets show optional levels in the hierarchy.) The instrumentation folder structure enables you to distinguish between nodes according to the following attributes: OSFamily The only supported OS family is UNIX. If you copy instrumentation to the UNIX folder, the management server deploys it to nodes that run any of the following operating systems: AIX, HP-UX, Linux, Solaris, Tru64. OSType Example names for OS type folders are AIX, HP-UX, Linux, OpenVMS, Solaris, Tru64, and Windows. You can create OS type folders directly under category folders, or also under an OS family folder. AgentBinaryFormat Example names for agent binary format folders are Alpha, IPF32, IPF64, PA-RISC, PowerPC, Sparc, x86, x64. Within an OS type folder, you can create one folder for each agent binary format. The agent binary format folder can be either directly under the OS type folder or under an OS version folder. For example, you must not create two folders called Instrumentation\ExampleCategory\Windows\IPF64\6.1 and Instrumentation\ExampleCategory\Windows\6.1\IPF64 on the same management server, because IPF64 appears twice under Windows. OSVersion Supported names for OS version folders correspond to version numbers of operating systems on which the agent is currently supported. For each OS type, you can create only one OS HP Operations Manager (9.00) Page 661 of 1297 Online Help version folder, but it can be either directly under the OS type folder or under an agent binary format folder. For more information on supported operating systems and agent binary formats, see the support matrix at HP Software Support Online. The following figure shows an example hierarchy of folders for a category called ExampleCategory. You can copy instrumentation to any folder in the hierarchy, and you only have to create the folders that you need. A good strategy is to create the most general folders possible. For example, if you can develop platformindependent instrumentation, which is compatible with all nodes, you can create just the category folder and copy the instrumentation into it. This means that you only have to maintain one instance of the instrumentation on your management server. If you have instrumentation files with the same name more than once within a category, the management server always deploys the most platformspecific instrumentation. For example, if you have two instances of the same instrumentation in different folders: l Instru- men- tation\Categories\ExampleCategory\Windows\6.1\IPF64\ExampleInstrumentation.vbs The management server deploys this instance if the node runs Windows 6.1 (Windows Server 2008 R2) and has the IPF64 architecture. l Instru- men- tation\Categories\ExampleCategory\Windows\ExampleInstrumentation.vbs The management server deploys this instance to any other node that runs a Windows operating system. Note: Up to OVOversion 7.50, the structure for instrumentation folders was different. Therefore, if the management server was upgraded froma previous version, you could have HP Operations Manager (9.00) Page 662 of 1297 Online Help instrumentation folders that follow the deprecated structure. For more information, see Migrate existing instrumentation. Caution: The management server deploys all instrumentation to the same folder on managed nodes. Ensure that you do not inadvertently use duplicate file names for different instrumentation anywhere in the instrumentation folder hierarchy. (Only use duplicate file names for platformspecific instances of the same instrumentation.) Related Topics: l Add categories to a policy Migrate existing instrumentation You store instrumentation in folders on the management server, ready for deployment to nodes. HPOM8.00 introduced a different structure for instrumentation folders. If you upgraded fromOVO 7.50 you could still have your own custominstrumentation in folders that follow the deprecated structure. Note: If you have not yet upgraded a Smart Plug-in (SPI), this could also have placed instrumentation in folders that follow the deprecated structure. However, when you upgrade the SPI it will automatically migrate its instrumentation to the new folder structure. In OVO7.50, the instrumentation folders have the following structure: <data_dir>\shared\Instrumentation\<OS Name>\<OSVersion>\<Category> For example: <data_dir>\shared\Instrumentation\WindowsXP\5.1\ExampleCategory In HPOM9.00, the equivalent folder is: <data_ dir>\shared\Instrumentation\Categories\ExampleCategory\Windows\5.1 OVO7.50 also creates the following default instrumentation categories: l <data_dir>\shared\Instrumentation\<OS Name>\<OS Version>\Action may contain instrumentation for automatic- and operator-initiated commands, or scheduled task policies. l <data_dir>\shared\Instrumentation\<OS Name>\<OS Version>\Command maycontain scripts or programs used by tools. l <data_dir>\shared\Instrumentation\<OS Name>\<OS Version>\Monitor may contain monitoring scripts or programs used by measurement threshold or log file policies. In the current instrumentation folder structure, there is no equivalent of the Action, Command, and Monitor folders. You must create alternative categories. HPOM9.00 still supports the deprecated instrumentation folder structure for nodes that have a DCE agent: l If you deploy a policy with a category that exists in only the OVO7.50 instrumentation folder structure, the management server deploys the instrumentation fromthis folder to nodes that have the DCE agent. HP Operations Manager (9.00) Page 663 of 1297 Online Help l If you deploy a policy with a category that exists in both the OVO7.50 and HPOM9.00 instrumentation folder structures, the management server deploys the instrumentation fromthe OVO7.50 folders to nodes that have DCE agents. l If you deploy a policy with a category that exists in only the HPOM9.00 instrumentation folder structure, the management server deploys the instrumentation fromthis folder to all nodes. If you have your own custominstrumentation in the deprecated folder structure, consider migrating it to the new folder structure. This is essential if you want to deploy the instrumentation to nodes that have an HTTPS agent. To migrate existing instrumentation, create folders according to new folder structure, and move the instrumentation files into them. For more information on the new instrumentation folder structure, see Associate instrumentation with policies. Related Topics: l Configuring agents Deploy instrumentation You can associate instrumentation with policies using categories. This ensures that the management server automatically deploys the instrumentation when it deploys the policy. You can also explicitly deploy categories of instrumentation using the console. Note: You create categories of instrumentation by copying the instrumentation to specific folders on the management server. (See Associate instrumentation with policies.) The instrumentation is deployed to the following directories on the various agent platforms: Platform Agent Instrumentation directory Windows HTTPS <data_dir>\bin\instrumentation Windows DCE <install_dir>\Installed Packages\{790C06B4-844E- 11D2-972B-080009EF8C2A}\bin\Instrumentation HP-UX HTTPS/DCE /var/opt/OV/bin/instrumentation Solaris HTTPS/DCE /var/opt/OV/bin/instrumentation AIX HTTPS /var/opt/OV/bin/instrumentation Linux HTTPS/DCE /var/opt/OV/bin/instrumentation Tru 64 HTTPS /usr/var/opt/OV/bin/instrumentation Tru 64 DCE /var/opt/OV/bin/instrumentation If you deploy the default instrumentation categories (Agent, Command, and Monitor) to DCE agents, the instrumentation is deployed to the following directories: Platform Instrumentation directory Windows <install_dir>\Installed Packages\{790C06B4-844E-11D2-972B- 080009EF8C2A}\bin\OpC\vpwin\<actions|cmds|monitor> HP Operations Manager (9.00) Page 664 of 1297 Online Help HP-UX /var/opt/OV/bin/OpC/vpwin/<actions|cmds|monitor> Solaris /var/opt/OV/bin/OpC/vpwin/<actions|cmds|monitor> Linux /var/opt/OV/bin/OpC/vpwin/<actions|cmds|monitor> Tru 64 /var/opt/OV/bin/instrumentation Note: You can only deploy instrumentation to nodes on which the agent is installed. If the agent is not installed, running this command will deploy it. To deploy instrumentation explicity 1. Right-click the node or node group in the console tree. 2. Select All Tasks Deploy Instrumentation. 3. In the Deploy Instrumentation dialog box, select the category of instrumentation that you want to deploy. Press CTRL-SHIFT to select multiple directories. Note: OVO7.50 uses a different structure for instrumentation folders. If you upgraded from OVO7.50 you could still have your own custominstrumentation in folders that follow the deprecated structure. If any of the nodes that you select have the DCE agent, the Deploy Instrumentation dialog box enables you to select instrumentation categories fromboth folder structures. However, the management server does not deploy instrumentation fromcategories in the OVO7.50 instrumentation folders to nodes that have an HTTPS agents. To deploy instrumentation to a node that has an HTTPS agent, the instrumentation must exist in the current instrumentation folder structure. 4. If you want to remove all instrumentation fromthe node before deploying the new instrumentation, select Remove all existing instrumentation before deploying new instrumentation. Caution: If you select any category other than a default category (Agent, Command, or Monitor), all instrumentation fromall categories is removed fromthe node. This includes any categories of instrumentation that are associated with policies. Therefore, errors may occur if you remove instrumentation that a policy requires. 5. Click OK. This creates new deployment jobs, which deploy the instrumentation to the nodes. Note: If you select a single node, the Deploy Instrumentation dialog box shows only the categories that contain instrumentation for the node's platform. If you select a node group that contains less than 20 nodes, the dialog box shows all the categories that contain instrumentation for any of the nodes' platforms. If you select a node group that contains more than 20 nodes, the dialog box shows all categories, without checking whether the categories contain instrumentation for the nodes' platforms. In all cases, the management server checks a node's platformbefore it deploys HP Operations Manager (9.00) Page 665 of 1297 Online Help instrumentation. If a category that you select does not contain instrumentation for a node's platform, the management server does not instrumentation fromthat category to the node. Related Topics: l Migrate existing instrumentation l Add categories to a policy l Deployment jobs l Deploy a policy or policy group Instrumentation with multiple management servers You can configure an environment in which multiple management servers deploy policies to nodes that have the HTTPS agent. Every policy on a node is owned by the management server that deployed it. The same ownership concept does not exist for instrumentation. Management servers all deploy instrumentation to the same folder on managed nodes. You must ensure that one management server does not make inappropriate changes to instrumentation that another management server deployed. If you need to deploy the same instrumentation frommultiple management servers, ensure that all management servers have the same version of the instrumentation. Otherwise, it is possible for one management server to overwrite instrumentation that already exists on a node. For example: l If you deploy a policy that belongs to a category, the management server deploys the associated instrumentation for that category. If another management server deploys a different policy that belongs to the same category, this management server overwrites the existing instrumentation. l If you deploy instrumentation explicitly using the console, this can overwrite instrumentation that another management server deployed. You must also ensure that one management server does not remove instrumentation that is required by another management server's policies. For example: l If you deploy instrumentation explicitly using the console and set the option to remove all existing instrumentation first, you remove instrumentation that other management servers deployed. l If you redeploy all policies to a node without setting the ignore owner option, you could remove or replace instrumentation that other management servers deployed. Related Topics: l Server-based flexible management policies HP Operations Manager (9.00) Page 666 of 1297 Online Help Developing agent policies In HPOM, a policy is a set of configuration information that enables you to automate network and systemadministration. HPOMadministrators can deploy policies to computers in a managed network to provide consistent, automated administration across the network. HPOMprovides several different policy types. Each type of policy enables you to performa different monitoring or configuration task. HPOMprovides policy editors, which enable you to create new policies, or modify existing policies to suit your requirements. There is a different policy editor for each policy type. The following policy types enable you to performmonitoring or configuration tasks on agents: "Config File Policies" (on page 669) ConfigFile policies provide a consistent way to configure managed node instrumentation. Smart Plug-ins (SPIs) use ConfigFile policies to enhance the management capabilities for specific enterprise applications like SAP and Microsoft Exchange. ConfigFile policies indirectly perform monitoring through another instrumentation component. "Flexible Management Policies" (on page 671) Flexible management policies configure agent-based flexible management. Flexible management policies can configure nodes to send messages to different management servers based on the attributes of the message, or the date and time. Note: You can deploy only one policy of this type to a node. "Logfile Entry Policies" (on page 691) Logfile entry policies monitor log files and can start actions when specified character patterns appear in those log files. "Measurement Threshold Policies" (on page 718) Measurement threshold policies monitor performance data and can start actions if the data does not remain within specified threshold levels. Measurement threshold policies can monitor performance data that is constantly changing (for example, CPU load, disk space, and so on). "Node info policies" (on page 770) Node Info policies configure parameters that control some aspects of agent behavior, for example, buffer sizes, IP addresses, and port numbers for client-server communication. "Open Message Interface Policies" (on page 780) Open message interface policies monitor messages that scripts or programs generate using the command opcmsg. Open message interface policies can filter the messages and send themto the management server. "Scheduled Task Policies" (on page 802) Scheduled task policies start commands on managed nodes, and can send messages to the management server to indicate the success or failure of these commands. Scheduled task policies can start commands either once or according to a schedule. "Service Auto-Discovery Policies" (on page 814) Service auto-discovery policies are supplied by Smart Plug-ins (SPIs) to discover services in your managed environment and display themon a service map. Usually there is no need to modify the SPI service auto-discovery policy. However, certain SPIs may require that you configure this policy by adding parameter data such as a user name or password to allow access and discovery of specific applications on a managed node. "Service/Process Monitoring Policies" (on page 827) HP Operations Manager (9.00) Page 667 of 1297 Online Help Developing agent policies Service/process monitoring policies monitor Windows services or processes (on any supported operating system) that are running on on managed nodes. Service/process monitoring policies can define the service or process status to monitor and can start actions when the status changes. "SNMP Interceptor Policies" (on page 871) SNMP interceptor policies monitor SNMP events, and can start actions when an SNMP event contains a specified character pattern. "Windows Event Log Policies" (on page 897) Windows event log policies monitor Windows event logs and can start actions when specified character patterns appear in the event logs. "Windows Management Interface Policies" (on page 921) Windows Management Interface (WMI) policies monitor the properties of WMI classes and instances, and can start actions when a property matches a specified value you select, or when an specified instance is created. HP Operations Manager (9.00) Page 668 of 1297 Online Help Developing agent policies Config File Policies Config File policies are used by HP Operations Smart Plug-ins (SPIs) to enhance the management capabilities for specific enterprise applications like SAP and Microsoft Exchange. These applications may require advanced monitoring and management capabilities that are not available through the standard set of HPOMpolicy types. Therefore many SPIs include complex instrumentation that must be configured after deployment to nodes. Config File policies performthis configuration task. They consist of configuration files that contain a set of rules or instructions for the SPI instrumentation. You can deploy Config File policies like all other policy types. Note: Config File policies for DCE agents cannot be enabled and disabled. This is only possible for HTTPS agents. Config File policy General tab When a SPI is installed, one or more so-called ConfigFile varieties are also installed. ConfigFile varieties consist of the application, subgroup, and file name attributes. These three attributes determine the path and file name of the configuration file that is associated with the policy. When a policy is newly created, the fields in the General tab can be changed. When an existing policy is edited, the fields cannot be changed. l Application: Specifies the name of the managed application. This usually equals the name of the SPI itself, for example dbspi or sapspi. l Sub-Group: Additional grouping mechanismthat helps the SPI to manage configuration files by grouping themaccording to customcategories. For example, sapspi uses the subgroup attribute to differentiate between global and local scope of the configuration. dbspi has one subgroup for every supported database vendor. l File name: Specifies the file name of the configuration file. For example, sapspi's monitor instrumentation configuration files have r3monxxx.cfg names, where xxx is the abbreviation of the particular monitor. Note: Some SPIs may allow you to specify your own configuration file in the File name field. If this is the case, make sure to use only alpha-numeric characters in the file name. Special characters are not allowed. Config File policy Data tab Use the Data tab to modify the configuration file that is written to the node when the corresponding Config File policy is deployed. The Config File text appears in the Config File Content edit field. Syntax and keywords The syntax and keywords used in configuration files is determined by the SPIs and described in the SPI documentation. The following generic keywords can be used at the beginning of all configuration files to notify external applications, for example HP Performance Agent Software, when a Config File policy is added to or removed froma directory that is of particular interest to that application. Keyword Description HP Operations Manager (9.00) Page 669 of 1297 Online Help #$Installcommand=<command> #$Deinstallcommand=<command> <command> contains the command to be run, including all required parameters. If necessary, use quotation marks to handle all platforms. #$Commandtype=<value> <value> specifies the type of command to be used: 1 Executable (default) If you do not specify the command type, the Config File policy assumes that the command is an executable. 2 VBScript or shell script You do not need to add a .vbs or .sh extension to the command. HPOMautomatically appends the appropriate extension so that a single policy can be run on both Windows and UNIX nodes. 3 Perl script Note: Although the Config File policy editor supports non-ASCII characters, you will receive an error message when you deploy such policies to DCE agents. Only HTTPS agents accept Config File policies with non-ASCII characters. Template files SPIs can install one template file for each Config File variety. If a template is present, the Load Template and Save as Template buttons are available. To load a template 1. Click Load Template to load a template into the edit field. If the edit field already contains text, you are asked if you want to replace the data with the template or cancel. Click Yes to replace the data in the edit field with the template information. You can modify the existing template and save your changes. 2. Click Save as Template to save the data to the template file. You are asked if you want to replace the existing template. 3. Click OK to replace the original template with the modified template. Syntax validation SPIs can install a validation mechanismthat lets you verify the text in the Config File Content field to ensure the syntax used is correct. Click Check Syntax to start the validation tool. Help information SPIs install help information with each Config File variety. The help topic usually provides information about configuration options and syntax. Click Help on Config File to view the help topic. Tip: You can split the text area vertically and horizontally by dragging the split controls. (The split controls are at the top of the vertical scroll bar and at the left of the horizontal scroll bar.) HP Operations Manager (9.00) Page 670 of 1297 Online Help Flexible Management Policies Agent-based flexible management enables you to configure managed nodes to send messages to different management servers based on time and message attributes. This functionality enables you to manage your worldwide network more effectively across time zones (for example, by using follow-the-sun control). It also enable you to increase efficiency (for example, by creating competence centers). Competence centers If you operate in a large enterprise with multiple management servers distributed over a wide area, specialist knowledge relating to a specific subject is not always available locally. For example, your organization might have a center responsible for all operating system-related problems. In addition, another center of expertise may be responsible for a database, which is used company-wide. A competence center hierarchy distributes responsibility for managed nodes. Regional management servers are not solely responsible for managed nodes. Instead, messages about specific subjects go to a competence center management server, where expertise exists to solve similar problems for all managed nodes. You can configure competence centers using agent-based or server-based flexible management, or both. Agent-based flexible management enables you to configure managed nodes to communicate directly with servers other than the primary management server. You can configure your managed nodes to communicate with the management servers of your choice anywhere in your network. In the figure below all managed nodes send all database messages to the database competence center management server. The advantage of configuring competence centers with agent-based flexible management is that you can also include follow-the-sun capabilities by adding time conditions to the relevant competence center conditions. Follow-the-sun control If your distributed operations take place over several time zones (see the figure below), you can use HP Operations Manager for Windows to rotate management responsibilities by implementing follow-the-sun control. Depending on the time of day, managed nodes report to different management servers. The same capability enables you to set up specific management servers for HP Operations Manager (9.00) Page 671 of 1297 Online Help weekend or holiday operations. Worldwide Management Domain The follow-the-sun concept is based on the idea of sending messages to different management servers, according to predefined time attributes. HP Operations Manager for Windows enables you to configure managed nodes to send messages to different management servers according to rules defined in a time template. For example, the figure below shows how you can configure an agent so that all messages generated between 06:00 and 18:00 are sent to management server M1 frommanaged nodes C and D. Messages generated between 18:00 and 06:00 are sent to management server M2. With follow- the-sun functionality, you can control your entire environment throughout the day by assigning daylight operating shifts to the corresponding regional areas. HP Operations Manager (9.00) Page 672 of 1297 Online Help Using Time or Message Attributes to Forward Messages For example, if your enterprise has implemented a 24-hour support desk at a central location, you can send messages fromthe regional nodes directly to the central management server during regional department off-hours. Implementing follow-the-sun policies requires the addition of two entries in the agent-based flexible management policy. These two entries might take the following form: CONDITION TIME 6am-6pm SEND TO $OPC_PRIMARY_MGR CONDITION TIME 6pm-6am SEND TO Central Management Server The follow-the-sun concept is not restricted to rules based on the time of day. You can also configure the sending of messages to different management servers based on the day of the week, a specific date or dates, or frequency. Key features of agent-based flexible management are summarized below. l You can configure agents to communicate with both HPOMfor Windows and HPOMfor UNIX management servers, regardless of the platformfromwhich the agent was installed. Agent- based flexible management allows you to manage your environment in several important ways: n Configure agents to send messages to different management servers based on criteria in the message. See Message target rules for more information. n Configure agents to allow actions fromseveral management servers. See Configure action- allowed and secondary managers for more information. n Switch primary management server function to another server to manage an expanding network environment, and reduce primary server bottlenecks. l You can deploy policies or templates to any agent (regardless of which management server installed the agent) fromthe management server configured to be the agent's primary management server. For nodes that have an HTTPS agent, you can also deploy policies from secondary management servers. l Even though some policies or templates are specific to a particular management server, the messages that result fromthe policies or templates can be sent to any management server. HP Operations Manager (9.00) Page 673 of 1297 Online Help Create an agent-based flexible management policy An agent-based flexible management policy, enables you to configure the following: l Action-allowed and secondary management servers that define which management servers can run actions on the managed node. l Date-and-time rules that define when the managed node sends messages to which management server. l Message-attribute rules that define when the managed node sends messages to which management server. If you want the configuration to apply to all nodes in a given environment, you would develop one policy for all nodes. If you want varying configuration on different nodes, you would develop one policy for each configuration type. To create an agent-based flexible management policy 1. In the console tree, under Policy management Policies grouped by type Agent policies, right-click Flexible Management and then click New Policy. The flexible management policy editor appears. Alternatively, create a copy of one of the sample policies, which are provided in Policy groups Samples Agent-based Flexible Management. 2. In the General tab, type the agent-based flexible management policy. The following topics provide more information on the policy syntax: n "Syntax of agent-based flexible management policies " (on page 674) n "Keywords for flexible management policies " (on page 677) n "Time templates" (on page 679) n "Message target rules" (on page 682) n "Configure action-allowed and secondary managers" (on page 683) Tip: You can split the text area vertically and horizontally by dragging the split controls. (The split controls are at the top of the vertical scroll bar and at the left of the horizontal scroll bar.) 3. Optional. To check the policy's syntax, click Check Syntax. A message appears, which gives details of any errors. 4. Save the policy, and then deploy it to the nodes that you want to configure. Syntax of agent-based flexible management policies You can use the syntax described in the followingsections as a basis for configuring agent-based flexible management features. Special Characters in agent-based Flexible Management Templates: The syntax examples below use the following special characters: Symbol Description HP Operations Manager (9.00) Page 674 of 1297 Online Help e Empty string. Note that "e" is used only in the examples. In the actual template, an empty string should, in fact, be used. # Comment. If you want to include a comment in a template, include a number sign (#) before every line of the comment. Every character in the line is treated as part of the comment. Example: # This is a comment \ Escape character. If you want to use quotation marks in a syntax string, escape the quotation marks with a backslash (\). Example: \"quotation\" Syntax for Responsible Management Server Configuration policies Use the following syntax for responsible management server configuration policies: respmgrconfigs ::= <respmgrconfigs> RESPMGRCONFIG DESCRIPTION <string> <respmgrconds> | e respmgrconds ::= SECONDARYMANAGERS <secondmgrs> ACTIONALLOWMANAGERS <actallowmgrs> [MSGTARGETRULES <msgtargetrules>] secondmgrs ::= <secondmgrs> SECONDARYMANAGER NODE <node> [DESCRIPTION <string>] | e actallowmgrs ::= <actallowmgrs> ACTIONALLOWMANGER NODE <node> [DESCRIPTION <string>] | e msgtargetrules ::= <msgtargetrules> MSGTARGETRULE DESCRIPTION <string> <msgtargetrule> | e msgtargetrule ::= MSGTARGETRULECONDS <mtrconditions> MSGTARGETMANAGERS <msgtargetmgrs> | MSGTARGETRULECONDS <mtrconditions> MSGTARGETMANAGERS <msgtargetmgrs> ACKNONLOCALMGR mtrconditions ::= <mtrconditions> MSGTARGETRULECOND DESCRIPTION <string> <mtrcond> | e mtrcond ::= <mtrcond> SEVERITY <severity> | <mtrcond> NODE <nodelist> | <mtrcond> APPLICATION <string> | <mtrcond> MSGGRP <string> | <mtrcond> OBJECT <string> | <mtrcond> MSGTYPE <string> | <mtrcond> TEXT <string> | <mtrcond> SERVICE_NAME <string> | <mtrcond> MSGCONDTYPE <msgcondtype> | e severity ::= Unknown | Normal | Warning | Critical | Minor | Major msgcondtype ::= Match | Suppress nodelist ::= <node> | <nodelist> <node> node ::= IP <ipaddress> | IP <ipaddress> <string> | IP <ipaddress> <string> ID <string> string ::= "any alphanumeric string" ipaddress ::= <digits>.<digits>.<digits>.<digits> Syntax for Time Templates HP Operations Manager (9.00) Page 675 of 1297 Online Help Use the following syntax for time templates: timetmpls ::= <timetmpls> TIMETEMPLATE <string> DESCRIPTION <string> <conditions> | e conditions ::= TIMETMPLCONDS <timetmplconds> | e timetmplconds ::= <timetmplconds> TIMETMPLCOND <timetmplcond> timetmplcond ::= [TIMECONDTYPE <timecondtype>] [TIME FROM <time> TO <time>] [WEEKDAY <weekday>] [DATE <exact_date>] | e timecondtype ::= Match | Suppress time ::= <hh>:<mm> weekday ::= ON <day> | FROM <day> TO <day> exact_date ::= ON <date> | FROM <date> TO <date> day ::= Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Sunday date ::= <mm>/<dd>/<yyyy> |<mm>/<dd>/* Note: The time template is compared with the creation time of the message on the managed node. Message creation time is always defined in GMT. Syntax for Management Responsibility Switching Use the following syntax for templates that switch management server responsibility: configfile := [TIMETEMPLATES <timetmpls>] RESPMGRCONFIGS <respmgrconfigs> Syntax for Message Target Rules Use the following syntax for templates that define message target rules: msgtargetmgrs ::= <msgtargetmgrs> MSGTARGETMANAGER TIMETEMPLATE <string> OPCMGR <node> | <msgtargetmgrs> MSGTARGETMANAGER TIMETEMPLATE <string> OPCMGR <node> MSGCONTROLLINGMGR | <msgtargetmgrs> MSGTARGETMANAGER TIMETEMPLATE <string> OPCMGR <node> NOTIFYMGR | e Note: You can replace the <string> variable with $OPC_ALWAYS to specify that the time condition is always true. To specify that the current primary management server is always used as the message target server, replace the <node> variable with $OPC_PRIMARY_MGR. Note also that pattern matching is only available in <string>. HP Operations Manager (9.00) Page 676 of 1297 Online Help Keywords for flexible management policies Keyword Definition RESPMGRCONFIG Responsible manager configuration. DESCRIPTION Short description of the manager. SECONDARYMANAGERS Secondary managers of an agent. Each of these management servers have permission to take over responsibility and become the primary manager for an agent. l SECONDARYMANAGER: Name of the secondary manager. l NODE <node>: Node name of the secondary manager. For management servers in clusters, specify the host name of the virtual management server. l DESCRIPTION: Description of the secondary manager. ACTIONALLOWMANAGERS Management servers that are allowed to execute actions on the managed node. The action response (for example, command broadcast) is sent to this manager. Only the primary manager can configure action-allowed managers for an agent. l ACTIONALLOWMANAGER: Name of the manager allowed to execute actions on the managed node. l NODE: Node name of the action-allowed manager. You can use the variable $OPC_PRIMARY_MGR to specify that this node name is always the node name of the primary manager. For management servers in clusters, specify the host name of the virtual management server. l DESCRIPTION: Short description of the action-allowed manager. MSGTARGETRULES Message target rules. l MSGTARGETRULE: Rule to configure the message target conditions and the message target manager. l DESCRIPTION: Description of the message target rule. HP Operations Manager (9.00) Page 677 of 1297 Online Help MSGTARGETMANAGERS Message target managers. Management server to which the agents send messages, as well as the action responses to those messages. The result of a message is sent to only one management server. The keyword is also used to escalate messages fromone management server to another. l MSGTARGETMANAGER: Message target manager. Management server to which you forward a message. Always specify the IP address of the target management server as 0.0.0.0. The real IP address is then resolved by the domain name server (DNS). l TIMETEMPLATE: Time template. Name of the time template corresponding to the target manager. If the time condition is always true, you can use the variable $OPC_ALWAYS. If you use this keyword, message transfers to the target manager will not depend on the time. l OPCMGR: Node name of the target manager. You can use the keyword $OPC_PRIMARY_MGR to indicate that this will always be the primary manager. l MSGCONTROLLINGMGR: Message-controlling manager. Enables message target manager to switch control of a message. l NOTIFYMGR: Notify manager. Enables the message target manager to notify itself. This attribute is set by default if no attribute is defined for the message target manager. l ACKNONLOCALMGR: Enables a message rule to force a direct acknowledgment of a notification message on a source management server. HP Operations Manager (9.00) Page 678 of 1297 Online Help MSGTARGETRULECONDS Message target rule conditions. l MSGTARGETRULECOND: Condition that tells the agent to which management server to send specific messages. Messages are sent based on message attributes or time. The message agent evaluates the message target conditions by reading the file mgrconf. If the mgrconf file does not exist, the messages are sent to the management server name stored in the primmgr file. If the primmgr file does not exist, messages are sent according to instructions set using the ovconfchg command-line tool. l DESCRIPTION: Description of the message target rule condition. l SEVERITY: Severity level of the message. Can be Unknown, Normal, Warning, Minor, Major, Critical. l NODE <node>: One or more node names, separated by spaces. You can specify a node in different ways (for example, NODE IP 0.0.0.0 hpbbn). If the node is defined using the format IP <ipaddress> or IP <ipaddress> <string>, you should use the IP address "0.0.0.0." The real IP address is then resolved by the domain name server (DNS). l APPLICATION: Application name. l MSGGRP: Message group name. l OBJECT: Object name. l MSGTYPE: Description of the message type. l MSGCONDTYPE: Message condition type: n Match Condition is true if the specified attributes are matched. n Suppress Condition is true if the specified attributes are not matched. TEXT A string containing all or part of the message text. Pattern- matching may be used. l SERVICE_NAME: A string containing the unique identifier of the service. Pattern-matching may be used. l MSGOPERATION: Message operation: n Suppress n Log-only n Inservice Time templates A time template is a set of conditions (or rules) that tells the agent to which management server and at what time a given managed node should send specific messages. You create time conditions and save themin time templates. You can combine simple rules to set up more complex HP Operations Manager (9.00) Page 679 of 1297 Online Help constructions (for example, "on Monday, Wednesday and Thursday from10 amto 11:35 amfrom January to March"). Time conditions are defined using the 24-hour clock notation (for example, for 1:00 p.m., you would enter "13:00"). Setting Time Intervals You can set several different time intervals as follows: l No Time If you specify no particular time, day of the week, or year, HP Operations Manager for Windows assumes you want the condition to be true from00:00 to 24:00 every day of the year, every year. If you specify a condition, HP Operations Manager for Windows assumes the condition should apply continually for the time and day specified. For example, specifying "Tuesdays" triggers a condition every Tuesday from00:00 to 24:00 throughout the year, every year. l Span of Time Specify a time range (for example, "from7:00 to 17:00"). l Wildcard (*) Date or Period Use wildcards (*) in dates or periods of time (for example, to set a condition for January 31 every year, you would enter "1/31/*"). Configuring Time-indifferent Templates HP Operations Manager for Windows requires that you set up a time template for the message target rules even if your scheduled action is time-indifferent. HP Operations Manager for Windows provides the variable $OPC_ALWAYS to configure time-indifferent templates. Time template examples and keywords Time templates are a part of the agent-based flexible management policy syntax. They allow you to configure the agent to send messages to different management servers based on the time and day. A time template consists of the following: l Template name l Time conditions Each time condition defines a specific time period. This time period contains definitions of the time, day, date, or any combination of the three. The local time zone is always used to evaluate the template. NOTE: When specifying a time, use 24-hour clock notation. For example, for "1:00 p.m." type 13:00. Examples of Time Templates The following examples show various ways to specify time formats in the time templates: l No Time If you do not specify a particular time, day of the week, or year, then the condition will be true for 24 hours, from00:00 to 24:00 every day of the year. HP Operations Manager (9.00) Page 680 of 1297 Online Help You have to set up a time template for the message target rules even if the scheduled action does not depend on time. You can use the variable $OPC_ALWAYS to configure time templates when the condition is always true. l Specific Dates or Dates If you specify a condition, the conditions exist continually for the day or date specified: n Day If you specify only Tuesday, the condition will evaluate as true every Tuesday from00:00 to 23:59 throughout the year, every year. Use the syntax: WEEKDAY ON Tuesday n Date Specifying January 1 and nothing else will match a condition every January 1st of every year. Use the syntax: DATE ON 01/01/* l Time Periods You can set time periods: n Time To set a time period from7:00 to 17:00, use the syntax: TIME FROM7:00 TO17:00 n Day To set a time period fromMonday to Friday, use the syntax: WEEKDAY FROMMonday TOFriday n Date To set a time period fromthe year 1995 to 2000, use the syntax: DATE FROM01/01/1995 TO12/31/1999 n Date and Time To set a time on December 31 1998, from23:00 to 23:59, use the syntax: TIME FROM23:00 TO23:59 DATE ON 12/31/1998 If you include the day of the week (for example, Monday April 1, 1997), the day and date will be cross-checked to make sure that they match the calendar. l Wildcards (*) You can set dates or periods using a wildcard character (*): n Specific Dates To set a condition for December 1st every year, use the syntax: DATE ON 12/01/* n Time Periods To set a condition fromAugust 6th to September 10th every year, use the syntax: DATE FROM08/06/* TO09/10/* Keywords for Time Templates To define the various elements required in an agent-based flexible management configuration, the following keywords and definitions are used: TIMETEMPLATE <string> Template name is contained in <string>. DESCRIPTION Short description of the time template. TIMETMPLCONDS HP Operations Manager (9.00) Page 681 of 1297 Online Help TIMETMPLCOND TIMECONDTYPE Condition defining a single time interval. Several time conditions together make up a time period. A time condition allows you to use combinations of day, date, and time to define a time period. At least one of the following parts must be used for the definition: 21. Match 22. Suppress If the current time is within the defined time period, match is true and suppress is false. TIME FROM<time> TO<time> Specifies a time period. Set the variable <time> using the format: <HH>:<MM> The FROM<time> variable must be before the TO<time> variable (for example, FROM18:00 TO 24:00 or FROM0:00 TO6:00). WEEKDAY You can specify every day of the week: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, or Sunday: 23. ON <day> Day of the week (for example, ON Sunday). FROM<day> TO<day> Time period (for example, FROMMonday TOWednesday). DATE Date must have one of the following formats: <MM>/<DD>/<YYYY> <MM>/<DD>/<YY> <MM>/<DD>/* Invalid time periods are not recognized. For example, 10/35/* is not recognized as an invalid date. You specify the date as follows: ON <date> FROM<date> TO<date> Message target rules You can use a list of message target rules to determine to which management server a message should be sent to. Parts of a Message Target Rule A message target rule consists of three parts: l Message attribute rule l Time template l Defined management server Example of a Message Target Rule for Printing Group A message target rule for a printing group would have the following conceptual structure: message group = "printing" current time fits time template 2 ............(message) --> mgr 2 current time fits time template 1 ............(message) --> mgr 1 current time fits time template 3 ............(message) --> mgr 3 HP Operations Manager (9.00) Page 682 of 1297 Online Help In this example, HP Operations forwards all messages with the message group "printing" that meet the time conditions in template 1 to the management server 1. All messages that meet the time conditions in template 2 will be forwarded to management server 2. Time template 3 functions the same. Example of a Message Target Rule for a Database Group A message target rule for a database group would have the following conceptual structure: message group = "database" current time fits time template 1 ............(message) --> mgr 2 current time fits time template 2 ............(message) --> mgr 3 current time fits time template 3 ............(message) --> mgr 1 In this example, HP Operations forwards all messages with the message group "database" that meet the time conditions in template 1 to the management server 2. All messages that meet the time conditions in template 2 are sent to the management server 3. And so on. Configure action-allowed and secondary managers By default, only a node's primary management server can start actions on the node. To enable other management servers to start actions on a node, you must specify action-allowed management servers in a flexible management policy and deploy it to the node. This policy is important if you forward messages that have automatic and operator-initiated actions to other management servers. The primary management server is initially set during the agent installation. To enable other management servers to become a node's primary management server, you can specify secondary management servers in the same policy. If a node has the HTTPS agent, the secondary management servers can also deploy policies and packages to the node, without first becoming the primary management server. A flexible management policy that configures action-allowed and secondary managers must contain the following statements: RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Policy description" SECONDARYMANAGERS ACTIONALLOWMANAGERS You can add to this minimal policy as many secondary managers and action-allowed managers as you need. You can specify either the IP address or host name of each management server. To specify only a host name, use the IP address 0.0.0.0. For example, the following policy specifies manager1.example.comand manager2.example.com as secondary and action-allowed managers. It also specifies that the management server with IP address 192.168.1.3 is an action-allowed manager. RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Enable manager1, manager2, and 192.168.1.3" SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "manager1.example.com" SECONDARYMANAGER NODE IP 0.0.0.0 "manager2.example.com" ACTIONALLOWMANAGERS HP Operations Manager (9.00) Page 683 of 1297 Online Help ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager1.example.com" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager2.example.com" ACTIONALLOWMANAGER NODE IP 192.168.1.3 If you use agent-based flexible management, you can add the secondary and action-allowed managers to an existing flexible management policy. For management servers in clusters, specify the IP address or host name of the virtual management server. In addition, you must add the core ID of the virtual management server. You must also add the core ID for standalone management servers if you have not set up a node to represent these management servers on the management server fromwhich you intend to deploy the policy. To get a management server's core ID, open a command prompt on that management server, and then type the following command: ovconfget -ovrg server sec.core CORE_ID If the management server is in a cluster, make sure that you start the above command on the cluster node that is currently active. For example, the following policy specifies manager3.example.comand manager4.example.com as secondary and action-allowed managers. You intend to use manager3.example.comto configure and deploy the policy, but you do not want to set up manager4.example.comas a node on manager3.example.com. RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Enable manager3, and manager4" SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "manager3.example.com" SECONDARYMANAGER NODE IP 0.0.0.0 "manager4.example.com" ID "e77b4992-5d78-753f-1387-c01230fe2648" ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager3.example.com" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager4.example.com" ID "e77b4992-5d78-753f-1387-c01230fe2648"" To configure action-allowed and secondary managers 1. In the console tree, open Policy management Policies grouped by type Agent policies. Right-click Flexible Management, and then click New Policy. The flexible management policy editor appears. 2. In the General tab, type a flexible management policy that specifies secondary and action- allowed managers. 3. Optional. Click Check Syntax. A message appears, which gives details of any errors. Correct any syntax errors. 4. Save the policy, and then deploy it to the nodes that you want to configure. Alternatively, you can copy one of the sample flexible management policies, which are available in Policy management Policy groups Samples Agent-based Flexible Management. HP Operations Manager (9.00) Page 684 of 1297 Online Help Configure DCE agents to communicate with HP Operations Manager for UNIX The instructions below explain how to configure an DCE agent that was deployed by HP Operations Manager for Windows, so that it sends messages to, and carries out actions from, an HP Operations Manager for UNIX management server. (HP Operations Manager for UNIX will not be able to deploy policies to this node.) Depending on the agent-based flexible management template that is used, all messages, or a subset of messages can be sent to the HP Operations Manager for Windows management server. In this example, messages are sent to different management servers based on their message group. (For more information about agent-based flexible management configuration, see the HP Operations Manager for UNIX documentation.) NOTE: Beginning with the 7.20 release of HP Operations, the DCE agent package is installed by default as a Local Systemaccount. The HP ITOaccount and opc_op account that were used in previous versions of the agent are no longer created. If, in a previous installation you configured tools or policies to run as opc_op user, these tools and policies are not automatically mapped to the Local Systemaccount. You must either create the opc_op account manually or reconfigure such tools and policies to specify another user, such as Local System. (See Agent users and Change the password for multiple tools. To configure DCE agents to communicate the HPOM for UNIX 1. Prepare the HP Operations Manager for UNIX server: a. Set up the node in the HP Operations Manager for UNIX interface as 'controlled' (see the HP Operations Manager for UNIX documentation for details). b. Update the HP Operations Manager for UNIX configuration and start heartbeat polling for this node manually, using the following commands: i. /opt/OV/bin/OpC/opcsw -installed <node> ii. /opt/OV/bin/OpC/opchbp -start <node> c. As user root, copy the template below to the working directory: /etc/opt/OV/share/conf/OpC/mgmt_sv/work_respmgrs/ # This template sets the following configuration: # # - send messages with message group OpC to Unix management server # - send messages with message group VPW to Windows management server # - allow both servers to run actions on the node # TIMETEMPLATES # none RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "responsible mgrs for messages and agents" SECONDARYMANAGERS HP Operations Manager (9.00) Page 685 of 1297 Online Help SECONDARYMANAGER NODE IP 0.0.0.0 "unix.bbn.hp.com" DESCRIPTION "HP Operations Manager for UNIX management server" SECONDARYMANAGER NODE IP 0.0.0.0 "windows.bbn.hp.com" DESCRIPTION "HP Operations Manager for Windows management server" ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 0.0.0.0 "unix.bbn.hp.com" DESCRIPTION "HP Operations Manager for UNIX management server" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "windows.bbn.hp.com" DESCRIPTION "HP Operations Manager for Windows management server" MSGTARGETRULES MSGTARGETRULE DESCRIPTION "Unix responsibility" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "Unix messages" MSGGRP "OpC" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "unix.bbn.hp.com" MSGTARGETRULE DESCRIPTION "Windows responsibility" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "Windows messages" MSGGRP "VPW" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "windows.bbn.hp.com" MSGTARGETRULE DESCRIPTION "Rest of News" MSGTARGETRULECONDS MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "$OPC_PRIMARY_MGR" Rename the file either allnodes, if the file applies to all nodes, or the IP address of an individual managed node in Hex notation, generated using the command HP Operations Manager (9.00) Page 686 of 1297 Online Help /opt/OV/bin/OpC/install/opc_ip_addr (use opc_ip_addr -h for more information). e. Modify the file with the names of the HP Operations Manager for UNIX and HP Operations Manager for Windows management servers. d. Run the HP Operations Manager for UNIX template validation tool opcmomchk(1) on the finished configuration file to ensure that your changes are correct: /opt/OV/bin/OpC/opcmomchk <file_name> See the man page opcmomchk(1) for more information. c. As user root, copy the validated file to the configuration directory: cp <file_name> /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs/ NOTE: If several, but not all, managed nodes have the same configuration, you can apply a symbolic link to the Hex file name of the related managed node. In addition, the same configuration directory can contain both an allnodes file and files for specific managed nodes. If configuration files for specific nodes are present, they are used in preference to the allnodes file for those nodes. HP Operations Manager for UNIX distributes the management responsibility configuration file fromthis directory as part of the standard template distribution process. 2. Change the management server that is responsible for the agent: a. Fromthe HP Operations Manager for UNIX management server, open a terminal window for the node. b. Execute /var/opt/OV/conf/OpC/mgmt_sv.sh (on a UNIX node) or Program Files\HP\HP BTO Software\Installed Packages\{790C06B4-844E-11D2- 972B-080009EF8C2A}\bin\OpC\install\mgmt_sv.vbs (on a Windows node) to make the HP Operations Manager for UNIX management server responsible for this node. The script has no parameters, it will ask for the complete name of the HP Operations Manager for UNIX management server. 3. Distribute the agent-based flexible management template(s) to the appropriate managed nodes: a. On the HP Operations Manager for UNIX server, select the nodes in the Node Bank window or other submap, then select Actions:Agents Install/Upgrade SW & Config... b. Select the Templates check box in the Install/Update Software and Configuration window. c. Click OK. Or use the command line: opcragt -distrib -templates -force <name of HP Operations Manager for Windows managed node> 4. To switch agent back to HP Operations Manager for Windows: Execute above script again, now with the name of the HP Operations Manager for Windows management server. NOTE: To start an HPOMfor Windows tool on an HPOMfor UNIX managed node, the corresponding HPOMfor Windows scripts have to be available on the HPOMfor UNIX managed node. When you want to start an HPOMfor UNIX application on an HPOMfor Windows managed node, the HP Operations Manager (9.00) Page 687 of 1297 Online Help corresponding HPOMfor UNIX instrumentation files must be available on the HPOMfor Windows node. Communicate with DCE agents installed by HP Operations Manager for UNIX The instructions below explain how to configure a DCE agent installed by HP Operations Manager for UNIX so that it will send messages to, and accept instruction from, an HP Operations Manager for Windows management server. (HP Operations Manager for Windows will not be able to install policies on the managed node.) Depending on the template that is used, all messages, or a subset of messages can be sent to the HP Operations Manager for Windows management server. In this example, messages are sent to different management servers based on their message group. TIP: To configure an HTTPS agent installed by HPOMfor UNIX so that it sends messages to an HPOMfor Windows management server, switch the agent's primary management server. (See Switch the primary management server.) To communicate with DCE agents installed by HP Operations Manager for UNIX 1. Add the node to HP Operations Manager for Windows. (See, Create new nodes). 2. Ensure that the agent is up to date. 3. As user root, copy the template below to the working directory: /etc/opt/OV/share/conf/OpC/mgmt_sv/work_respmgrs/ # This template sets the following configuration: # # - send messages with message group OpC to Unix management server # - send messages with message group VPW to Windows management server # - allow both servers to run actions on the node # TIMETEMPLATES # none RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "responsible mgrs for messages and agents" SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "unix.bbn.hp.com" DESCRIPTION "HP Operations Manager for UNIX management server" SECONDARYMANAGER NODE IP 0.0.0.0 "windows.bbn.hp.com" DESCRIPTION "HP Operations Manager for Windows management server" ACTIONALLOWMANAGERS ACTIONALLOWMANAGER HP Operations Manager (9.00) Page 688 of 1297 Online Help NODE IP 0.0.0.0 "unix.bbn.hp.com" DESCRIPTION "HP Operations Manager for UNIX management server" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "windows.bbn.hp.com" DESCRIPTION "HP Operations Manager for Windows management server" MSGTARGETRULES MSGTARGETRULE DESCRIPTION "Unix responsibility" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "Unix messages" MSGGRP "OpC" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "unix.bbn.hp.com" MSGTARGETRULE DESCRIPTION "Windows responsibility" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "Windows messages" MSGGRP "VPW" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "windows.bbn.hp.com" MSGTARGETRULE DESCRIPTION "Rest of News" MSGTARGETRULECONDS MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "$OPC_PRIMARY_MGR" Rename the file either allnodes, if the file applies to all nodes, or the IP address of an individual managed node in Hex notation, generated using the command /opt/OV/bin/OpC/install/opc_ip_addr (use opc_ip_addr -h for more information). 5. Run the HP Operations Manager for UNIX template validation tool opcmomchk(1) on the finished configuration file to ensure that your changes are correct: /opt/OV/bin/OpC/opcmomchk <file_name> See the man page opcmomchk(1) for more information. 3. As user root, copy the validated file to the configuration directory: cp <file_name> /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs/ NOTE: If several, but not all, managed nodes have the same configuration, you can apply a HP Operations Manager (9.00) Page 689 of 1297 Online Help symbolic link to the Hex file name of the related managed node. In addition, the same configuration directory can contain both an allnodes file and files for specific managed nodes. If configuration files for specific nodes are present, they are used in preference to the allnodes file for those nodes. HP Operations Manager for UNIX distributes the management responsibility configuration file fromthis directory as part of the standard template distribution process. 4. Install the template(s) on the appropriate managed nodes: a. Select the nodes in the Node Bank window or other submap, then select Actions:Agents Install/Upgrade SW & Config... b. Select the Templates check box in the Install/Update Software and Configuration window. c. Click OK. HP Operations Manager (9.00) Page 690 of 1297 Online Help Logfile Entry Policies This policy type monitors entries in a text or binary log file and responds when text that you choose appears in the log file. Choose this policy type if you want to monitor entries in a log file. Log file entry policies specify a source log file, and rules. Rules define what a policy should do in response to a specific type of event. Each rule consists of a condition and an action. The condition is the part of an event policy that describes the type of event in the source that will trigger an action and the action is the response that the policy should take if an event that matches the condition occurs. A policy must contain at least one rule. If the policy contains multiple rules, it is important to remember that the rules are evaluated in a specific order, and that when one condition is matched, no additional rules will be evaluated. Actions are the part of a rule that define what the policy should do if it detects an event that matches (or does not match) the rule's condition. The action can consist of one or more of the following: l Send a message to the active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the event and can provide a link to a command that the operator can run. You can also configure messages acknowledge or suppress duplicates. l Send a message to the acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. l Automatically run a command Certain events could represent conditions that can always be helped by running a certain command. If you know that a command should always be run in response to an event, you can configure an automatic command. l Nothing In some circumstances, you may want a rule to stop the policy fromevaluating the event (to improve performance) without providing the operator with any notification. Note: The maximumsupported string length for an operator-initiated or automatic command is 2048 characters. Be particularly careful to stay within this limit when using variables substitution within the action call. Configure log file source properties The Source tab of the logfile policy editor enables you to specify which log file the policy reads. You can also set options that configure how the policy reads the log file. Select the log file to monitor Specify the log file that the policy reads. Type the drive letter and the full path for the location of this log file on the appropriate managed node. You can use Windows environmental variables (for example winnt or clusterlog) to make your policies more flexible. The proper syntax for these variables is <$variablename>. You can also call a script or command that returns the path and name of the log file you want to monitor. For example, type <`command`> HP Operations Manager (9.00) Page 691 of 1297 Online Help where command is the name of a script that returns the path and name of the log file you want to monitor. The command can also return more than one log file path separated by spaces. The HP Operations agent monitors each of the files using the same options and conditions as configured for this policy. This is very useful when you want to dynamically determine the log file path or monitor multiple instances of a log file. Caution: You must ensure that the log file can be processed by HP Operations. For example, log files that contain binary data cannot be read by the policy and may cause the policy to stop responding or even quit. If your log files do contain binary data, use log file preprocessing to preprocess your files. Preprocess a log file If you want to reformat an original log file before the agent reads it, you can preprocess it using a command or programthat you provide. For example, you can preprocess a binary log file to produce a text file in a format that the agent can then read. To preprocess a log file: 1. Select the Preprocessing check box. 2. In File to be executed, type the name or full path of a command or programthat preprocesses the log file. The file that you specify should exist on the node. Tip: If you want to automatically deploy the command or programthat preprocesses your log file, configure it as instrumentation for this policy. (See Configuring instrumentation.) If Log file path \ name is empty, the agent runs the command at the polling interval that you specify. If Log file path \ name contains the path of a log file, the agent runs the command at the specified polling interval only if the log file has changed. 3. Optional. In File to be read, type the full path of the log file that the preprocessing command creates or updates. If you specify a path in File to be read, the agent reads this log file. If you leave File to be read empty, the agent reads the log file that you specify in Log file path \ name instead. Set the log file polling interval You can indicate how often the policy should read the log file. This period of time is the polling interval. The polling interval should be as large as possible, although this depends on the amount of new data written to the file and the read mode that you choose. Set the interval to no less than 30 seconds; usually 5 minutes is appropriate. Note, however, that a policy begins to evaluate data after the first polling interval passes. A shorter polling interval is better when you are testing a policy. Select the log file character set Indicate the name of the character set used by the log file that you are monitoring. It is important to choose the correct character set. If the character set that the policy is expecting does not match the character set in the log file, pattern matching may not work, and the message text can have incorrect characters or be truncated in the message browser. If you are unsure of which character set is used by the log file that you want to monitor, consult the documentation of the programthat writes the log file. NOTE: The character set of the log file must be convertible to the HP Operations agent node character set. HP Operations Manager (9.00) Page 692 of 1297 Online Help For example, if agent character set is iso88591 (English) then, ACP 1252, ACSII, ISO8859-1, OEMCP 850, OEMCP 437, ROMAN 8, or EBCDIC may be used. If the agent character set is sjis (Japanese), then ACP 932, ACSII, or EUC may be used. If the agent character set is iso88595 (Cyrillic), then iso88595, ASCII, ACP 1251, or OEMCP 866 may be used. The character sets supported by Windows and HP-UX nodes are: Character set Description ACP 1250 Central European ACP 1251 Cyrillic ACP 1252 Western European ACP 932 Includes all characters defined in the shift-JIS code. This character set is supported by the Japanese versions of Microsoft Windows NT and Microsoft Windows 95/98. ACSII English (American Standard Code for Information Interchange) BIG-5 Taiwanese Taiwanese EBCDIC (Extended Binary-Coded Decimal Interchange Code) Generally used only on large IBMcomputers. EUC Japanese (Extended UNIX Code) Japanese EUC Korean (Extended UNIX Code) Korean EUC Taiwanese (Extended UNIX Code) Taiwanese GB-2312- 80 Chinese Chinese ISO8859- 1 Most West European languages, including French, Spanish, Catalan, Basque, Portuguese, Italian, Albanian, Rhaeto-Romanic, Dutch, German, Danish, Swedish, Norwegian, Finnish, Faeroese, Icelandic, Irish, Scottish, and English. Also Afrikaans, Swahili. ISO8859- 15 Latin alphabet ISO8859- 2 Central and Eastern European languages, including Czech, Hungarian, Polish, Romanian, Croatian, Slovak, Slovenian, Sorbian. ISO8859- 5 Languages that use Cyrillic characters, including Bulgarian, Belorussian, Macedonian, Russian, Serbian and Ukrainian. ISO8859- 6 Arabic HP Operations Manager (9.00) Page 693 of 1297 Online Help ISO8859- 7 Greek ISO8859- 8 Hebrew and Yiddish ISO8859- 9 Same as ISO8859-1, but with Turkish, instead of Icelandic. OEMCP 437 U.S. English OEMCP 737 Greek (formerly 437G) OEMCP 775 Baltic OEMCP 850 All the characters used by most European, North American, and South American languages OEMCP 852 Slavic (Latin II) OEMCP 857 IBMTurkish OEMCP 860 Portuguese OEMCP 861 Icelandic OEMCP 862 Hebrew OEMCP 863 Canadian-French OEMCP 864 Arabic OEMCP 865 Nordic OEMCP 866 Russian OEMCP 869 IBMModern Greek ROMAN 8 European characters HP Operations Manager (9.00) Page 694 of 1297 Online Help SHIFT-JIS Microsoft's standard encoding for Japanese. UCS-2 This codeset is intended to express all characters in the world in a united character set. UTF-8 (Unicode Transformation Format-8) This codeset is intended to express all characters in the world in a united character set. Send message if log file does not exist Select if you want the management server to send a message if the specified log file does not exist Close after reading Select if you want the policy to close the log file (and release its file handle) after reading it. A short polling interval is recommended when using this option. If you do not select this option and the name of the log file changes, the policy continues to read the open, renamed logfile instead of processing the new log file. Consider the following example: a policy monitors the log file syslog.log. Mondays at 23:59, the file is renamed to syslog.monday, and a new version of syslog.log is created for the Tuesday log. Without Close after reading being selected, the policy continues to monitor syslog.monday because the file handle refers to the original, renamed file. Set the read mode The read mode of a log file policy indicates whether the policy should process the entire log file or should only process new log file entries. The available read modes are described in the table below. Note that every policy reads the same log files independently fromany other policies. This means, for example, that if "Policy 1" with read mode Read from beginning (first time) is enabled on a node where "Policy 2" with the same read mode already exists, "Policy 1" will still read the entire log file after it has been enabled. Mode: Description Advantage / Disadvantage Read from last position: The policy reads only newappendedentries written in the log file while the policy is enabled on the managed node. If the log file decreases in size between readings, then the entire log file is read. Log file entries that are added to the log file when the policy is disabled are not processed by the policy. Choose this option if you are concerned only with log file entries that occur when the policy is enabled. Advantage: No chance of reading the same entry twice. (Unless the log file decreases in size because some entries were deleted.) Disadvantage: Entries written to the log file while the policy is disabled or the agent is not running will not be processed by the policy. Read from beginning (first time): The policy reads the complete log file each time the policy is Advantage: Every existing and future entry in Log file read modes HP Operations Manager (9.00) Page 695 of 1297 Online Help enabled or the agent restarts on the managed node. This ensures that all entries in the log file are compared with the rules in the policy. Each successive time that the policy reads the log file, only new (appended) entries in the log file are processed. Choose this option if you want to ensure that every existing and future entry in the log file will be processed by the policy while it is enabled. the log file will be processed by the policy. Disadvantage: Duplicate entries can occur if an enabled policy is disabled and reenabled, or if the agent stops and restarts. Read from beginning (always): The policy reads the complete log file every time it detects that the log file has changed. The policy scans the log file at the specified polling interval. If no change is detected, the log file is not processed. Any log file entries overwritten while the agent is not running or the policy is disabled will not be evaluated by the policy. Choose this option if you are monitoring a log file that is overwritten, rather than appended. Advantage: Ensures that log files that are overwritten are correctly processed. Disadvantage: Only valid for log files that are overwritten, rather than appended. Configure message defaults in log file entry policies The Outgoing message defaults dialog box enables you to set default attributes for all messages that a policy sends. The message defaults only affect new rules. You can override the defaults for individual rules after you create them. If a message in any rule contains empty attributes, the agent uses the default attributes. To set message defaults 1. Right-click the policy, and then click All Tasks Edit... 2. In the Rules tab, click Defaults....The Outgoing message defaults dialog box opens. 3. Set the message defaults: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node HP Operations Manager (9.00) Page 696 of 1297 Online Help name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. HP Operations Manager (9.00) Page 697 of 1297 Online Help You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. HP Operations Manager (9.00) Page 698 of 1297 Online Help o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 699 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. HP Operations Manager (9.00) Page 700 of 1297 Online Help iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external HP Operations Manager (9.00) Page 701 of 1297 Online Help programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. HP Operations Manager (9.00) Page 702 of 1297 Online Help You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. Configure conditions in log file entry policies This tab lets you specify a string that the policy searches for in the log file that the policy monitors. If the policy finds a match, the actions associated with this rule are carried out In Log file line, type the pattern that you want the policy to compare with the log file line. When this pattern is matched, the actions are carried out. Use pattern-matching syntax to specify the structure of the log file line. You can include parts of the matched log file line into the message that the policy sends by defining variables in this pattern. Note: Log file entry policies read each line of a log file individually. Therefore, you cannot match patterns that span multiple lines in the log file. If you only want to match the log file froma specific node, type the FQDN, the primary node name, or the IP address in the Node box. Give multiple entries with the OR operator (for example, celery.example.com|broccoli.example.com) or leave the field blank for all nodes. You can also use the variable <$OPC_MGMTSV>. You can use the Launch Log file button to browse to a log file and then open it to inspect or copy values. To set log file rule conditions 1. Right-click the policy and select All Tasks Edit... 2. Select Rules. 3. Select the rule for which you want to modify the conditions. 4. Select Modify. 5. Select Conditions and type the conditions for this rule. Tip: The Rules tab provides a textual summary of each rule. You can use this summary as a navigational aid. Click any underlined text in the rule to jump to the dialog box that enables you to set that value. HP Operations Manager (9.00) Page 703 of 1297 Online Help Related topics l "Pattern matching" (on page 946) l "User-defined variables in patterns" (on page 950) Configure actions in log file entry policies In the Actions tab, you indicate what the policy should do after evaluating a particular conditionservice or process monitor. The policy can send a message to the management server, start a command, prepare a command for the operator to start, or any combination or none of these actions. Note: In all cases, if a rule evaluates as true, no more rules are processed. It is important to pay attention to the rule order. The order in which rules are evaluated has a large effect on the type of messages you receive. It also affects the speed with which messages are sent and the amount of processor time that is required by the policy. For example, you might have a policy that monitors CPU activity, containing these two rules: 1. If usage is greater than 80%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. If the rules were evaluated in the order shown, disk usage of 99% would only produce a warning message. If the order were reversed, however, a critical message would be sent. You could solve the problemby making the rules more specific, so that the order was not important: 1. If usage is between 80% and 94%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. In the example above, disk usage of 99% produces a critical message regardless of which rule is evaluated first. However, if the rules are evaluated in the order shown, disk usage of 99% is evaluated by two rules. If the order were reversed, it would be evaluated only by the first rule, thereby sending the message more quickly and reducing processing time on the managed node. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$LOGFILE> Returns the name of the log file that contains the input event which caused the message. Sample output:program_log.txt <$LOGPATH> Returns the name and path of the log file that contains the input event which caused the message. Sample output:C:\temp\mylogfile\program_log.txt <$MSG_APPL> HP Operations Manager (9.00) Page 704 of 1297 Online Help Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key HP Operations Manager (9.00) Page 705 of 1297 Online Help l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com To configure actions in log file entry policies HP Operations Manager (9.00) Page 706 of 1297 Online Help 1. Specify the rule type. The three rule types are: n If matched, do actions and stop. (Select True, and then click Send.) n If matched, stop. (Select True, and then click Do nothing.) n If not matched, stop. (Select False.) 2. Optional. To configure the message that the action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated HP Operations Manager (9.00) Page 707 of 1297 Online Help by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the HP Operations Manager (9.00) Page 708 of 1297 Online Help management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 709 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 710 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 711 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 712 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble HP Operations Manager (9.00) Page 713 of 1297 Online Help ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the action sends a message using the outgoing message defaults. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you can add commands to the action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. HP Operations Manager (9.00) Page 714 of 1297 Online Help n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) HP Operations Manager (9.00) Page 715 of 1297 Online Help n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure log file policy options The Options tab of the logfile policy editor enables you to configure several policy behaviors. Log local events on the managed node HP Operations Manager allows you to define which events, if any, are logged on the managed node fromwhich they originated. These events are logged on the local managed node in the log file: <data_dir>\log\OpC\opcmsglg. Three logging options are available. l Log local events that match a rule and trigger a message. This selection logs any events in the message source that match the policy rules. l Log local events that match a rule and are ignored. This selection logs any events in the message source that are suppressed (that is, they do not cause a message to be sent to the management server). l Log local events that don't match any rule. This selection logs any events that do not match any of the rules in the policy. Capture unmatched events You can configure a policy to send a message to the management server when an event does not match any rule in the policy because none of the conditions apply or because the policy does not contain any rules. This ensures that unexpected events that might be important do not go unreported. By default, unmatched events are ignored. HP Operations Manager (9.00) Page 716 of 1297 Online Help Each policy that sends unmatched events to the management server creates a message with the default values of the policy. Tip: If you want a policy to send messages only with the default values, omit all rules fromthe policy. The following options are available: l Unmatched events are sent to the messages browser l Unmatched events are sent to the acknowledged messages browser l Unmatched events are ignored (default) If several policies forward unmatched messages to the management server you could receive multiple messages about a single input event. Pattern matching options The following pattern matching options are available: l Case sensitivity You can choose whether the case (uppercase or lowercase) of a text string is considered when the message text of a rule is compared with the destination text in the message source. When switched on, a match only occurs if the use of uppercase and lowercase letters is exactly the same in both the message source and the message text string. This is the default setting. l Field separators You can indicate which characters should be considered to be field separators. Field separators are used in the message text pattern as separator characters for the rule condition. You can define up to seven separators, including these special characters: n \n new line (NL) n \t horizontal tab (HT) n \v vertical tab (VT) n \b backspace (BS) n \r carriage return (CR) n \f formfeed (FF) n \a alert (BEL) n \\ backslash (\) For example, if you wanted a backslash, an asterisk, and the letter A to define the fields in the message text, you would type \\*A (with no spaces separating the characters). If you leave this box empty, the default separators (a blank and the tab character) are used by default. If you change the pattern matching options, they apply to all new rules in a policy. Click Apply to all to apply themto all existing rules in a policy. This overwrites any modifications made to the pattern matching options in individual rules. You can set case sensitivity and separator characters for individual rules in a policy by clicking the button in the Condition tab of a rule. HP Operations Manager (9.00) Page 717 of 1297 Online Help Measurement Threshold Policies This policy type evaluates performance data and responds if the data does not remain within acceptable levels. Choose this policy type if you want to monitor parameters that are constantly changing, such as CPU load, disk space, number of running processes, and so on. Configure measurement threshold sources The Threshold Source properties tab allows you to indicate the source that you want a Measurement Threshold policy to monitor. This source provides the data that is compared against the rules that you write for the policy. The Short name and Description are labels that you choose to help you recognize the value or metric for a threshold source. These labels are visible in the source tab and are helpful if you write a policy with multiple sources. When using a script to determine the threshold level, these names are used in the script to identify the sources. Source Type External Select External if you want to use the data sent froman external programas the source for a threshold alarm. The programmust produce and deliver values to the policy (see opcmon). If you choose this source, the programwill not be started or stopped by the HP Operations Agent. If you want HP Operations Agent to run the external program, choose Program instead. Store in Embedded Performance Component: You can enter a data source, object and metric of your own invention here. The policy will create themin the embedded performance component and will store the data fromthe policy's source each polling interval. The data is then available for other uses. For example, you can use data in to embedded performance component to create graphs with HPPerformance Manager and reports with HP Reporter. Embedded Performance Component Select Embedded Performance Component if you want to measure performance metrics. The embedded performance component is an especially useful data source because it is available on all agent operating systems. You can define one policy that measures performance metrics on all your managed nodes. The embedded performance component collects performance counter and instance data. You can use these metrics in defining event/action thresholds that generate alarms in real time based on availability, response time, and throughput measurements. The following types of metrics are collected: l Basic (golden) metrics These are approximately 30 metrics that are collected for all supported platforms. They can be used to answer most of your questions about a system's global configuration, CPU, disk, swap, and memory usage and have been chosen to offer the best information for the widest number of platforms. l Additional metrics The data collection component also provides you with additional performance metrics on each of the supported platforms. Although these metrics vary by platform, they are available on most HP Operations Manager (9.00) Page 718 of 1297 Online Help platforms and are generally useful for drill down and diagnosis on a particular system. On HP- UX, for example, there are approximately 120 of these additional metrics. The collection interval is five minutes. All metrics, including golden metrics and the additional metrics, are collected. The data is kept in the data store for up to five weeks, at which time a week's worth of data is rolled out. You can view a of list of available metrics in the HP Performance Agent Dictionary of Operating SystemPerformance Metrics which is available at HP Software Product Manuals. (Select the product Performance Agent, the required version, OS, and language.) For each source, you will need to indicate the following parameters: l Data Source: for example, CODA l Object: for example, GLOBAL l Metric: for example, GBL_CPU_TOTAL_UTIL You can view a of list of available metrics in the HP Performance Agent Dictionary of Operating SystemPerformance Metrics which is available at HP Software Product Manuals. (Select the product Performance Agent, the required version, OS, and language.) If you do not know the parameters that you need, you can click the Browse on node... button to view the parameters available on a specific node. NOTE: The embedded performance component must have the Physical Disk Object available to report the disk metrics. To get the disk metrics reported on a node, you must run diskperf -Y to enable the counters under the Physical Disk Object. The following metrics are affected: GBL_NUM_DISK GBL_ DISK_PHYS_IOGBL_ DISK_PHYS_IO_RATE GBL_DISK_PHYS_BYTE GBL_DISK_PHYS_ BYTE_RATE BYDSK_ID BYDSK_DEVNAME BYDSK_PHYS_IOBYDSK_ PHYS_IO_RATE BYDSK_ PHYS_BYTE BYDSK_ PHYS_BYTE_RATE BYDSK_ PHYS_READ BYDSK_ PHYS_READ_RATE BYDSK_PHYS_READ_BYTE BYDSK_PHYS_READ_BYTE_ RATE BYDSK_PHYS_WRITE BYDSK_PHYS_WRITE_RATE BYDSK_PHYS_WRITE_BYTE BYDSK_PHYS_WRITE_BYTE_ RATE BYDSK_BUSY_TIME BYDSK_UTIL MIB Select MIB if you want to use entries in a Management Information Base as the source for a threshold alarm. You must type the MIB ID, as well as the node where the ID is produced. Note: The default community public is used for SNMP queries. If the MIB object resides in another community, the community name must be set on the managed node where the MIB monitoring takes place. The syntax for defining the community name is: SNMP_COMMUNITY <community>. On DCE agents, you can set the community name in the opcinfo file; on HTTPS agents, you can set the parameter locally in the eaagt namespace on the node. (See ovconfchg.) Store in Embedded Performance Component: You can enter a data source, object and metric of your own invention here. The policy will create themin the embedded performance component and will store the data fromthe policy's source each polling interval. The data is then available for other HP Operations Manager (9.00) Page 719 of 1297 Online Help uses. For example, you can use data in to embedded performance component to create graphs with HPPerformance Manager and reports with HP Reporter. Real Time Performance Management Select Real Time Performance Management if you want to use data gathered by the performance monitor as the source for a threshold alarm. The values listed in the pull-down menus (Object, Counter, and Instance) are fixed labels that correspond to entries in the Performance Monitor. For a complete listing and description of all default object counters, see the documentation that Microsoft provides. The following examples show frequently used performance monitor parameters. the percentage of free disk space on a C drive on SCSI port 0 Object: LogicalDisk Counter: % Free Space Instance:0/C:'' the number of free megabytes on any C: drive Object: LogicalDisk Counter: Free Megabytes Instance:?/C:'' the available bytes of RAM Object: Memory Counter: Available Bytes Instance:'' the number of processes running on a node Object: Objects Counter: Processes Instance:'' the percentage of the paging file that is being used Object: Paging File Counter: % Usage Instance:?'' the total amount of processor time that is being used in a system Object: Processor Counter: % Processor Time Instance:0'' the amount of CPU time used by a specific process Object: Process Counter: % Processor Time Instance: process name'' whether a specific programis running or not Object: Process Counter: Thread Count HP Operations Manager (9.00) Page 720 of 1297 Online Help Instance: process name'' the amount of non-paged memory available Object: Memory Counter: Pool Non-paged bytes Instance:'' the paging file utilization Object: Paging File Counter: /% Usage Instance:/DosDevices/C:/pagefile.sys'' Additional configuration: l If the counter has a percent sign (%), it can be omitted if you want to receive the raw value instead of a percent l For instances which have parent instances, a question mark (?) can be used as a wildcard to match any parent instance. For example: ?/C: matches 0/C and 1/C Click Browse on node and navigate to a specific node to ensure that the performance monitor data that you expect is available. Store in Embedded Performance Component: You can enter a data source, object and metric of your own invention here. The policy will create themin the embedded performance component and will store the data fromthe policy's source each polling interval. The data is then available for other uses. For example, you can use data in to embedded performance component to create graphs with HPPerformance Manager and reports with HP Reporter. Caution: For each Performance Monitor object that you want to store in the embedded performance component, you must specify a dedicated CODA object. For example, you can store all Performance Monitor PhysicalDisk instances in a CODA object "physical_disk", but you cannot store Performance Monitor Logical Disk instances in the same CODA "physical_disk" object. For Logical Disk instances, use the CODA object "logical_disk", for example. Program Select Program if you want to use the data sent froman external programas the source for a threshold alarm. If you choose this type, the programthat you type in the Program name text box will be started by HP Operations, and must produce and deliver values to the policy. If you don't want HP Operations to control when the external programruns, choose External instead. Policy name variables You can use the following policy name variables in Program name: <$FULLNAME> Returns the name of the policy and the source, concatenated with a hyphen (-). Sample output: example_policy_name-example_source_name <$NAME> Returns the name of the policy, which you specify when you save the policy. Sample output: example_policy_name <$SRCNAME> HP Operations Manager (9.00) Page 721 of 1297 Online Help Returns the name of the source, which you specify in Short name. Sample output: example_ source_name The agent resolves these variables before it starts the program. This enables you to rename the policy without modifying the Program name. The " <$>"character combination can be suppressed with the "\" escape character. If the " <$>" character combination is found, but the variable is unknown, or no closing bracket (">") is found, then no substitution is performed. Parsing for escape characters is limited to the characters directly before a known variable, as shown in examples 3 and 4. It is possible to disable this for a node by setting the parameter: OPC_MON_DISABLE_PROG_VARS TRUE Examples: Policy: SNMP-service-Win2k with source name service Example: 1 Definition: opcservice SNMP <$NAME>-<$SRCNAME> Resolved: opcservice SNMP SNMP-service-Win2k-service Notes: Create required name for opcmon from both the policy name and source name variables Example: 2 Definition: opcservice SNMP <$FULLNAME> Resolved: opcservice SNMP SNMP-service-Win2k-service Notes: Resolves to the combined policy and source name. Example: 3 Definition: opcservice SNMP \<$FULLNAME> Resolved: opcservice SNMP <$FULLNAME> Notes: Single escape character, therefore the variable is ignored Example: 4 Definition: opcservice SNMP \\<$FULLNAME> Resolved: opcservice SNMP \SNMP-service-Win2k-service Notes: Double escape character, resolved to single and variables resolved. Store in Embedded Performance Component: You can enter a data source, object and metric of your own invention here. The policy will create themin the embedded performance component and will store the data fromthe policy's source each polling interval. The data is then available for other uses. For example, you can use data in to embedded performance component to create graphs with HPPerformance Manager and reports with HP Reporter. WMI Select WMI if you want to use information in the WMI database as the source for the threshold alarm HP Operations Manager (9.00) Page 722 of 1297 Online Help l Node: The node that hosts the WMI database that you want to monitor. This can be an agentless node. If you do not specify a node, HPOMmonitors the WMI database of the node that has this policy deployed. Use the browse button to select HPOMnodes or type a node name into the box. See Identify the originating node for information about adding agentless nodes to HPOM. l WMI Namespace: The namespace that contains the data that you want to monitor. l Instance class name: The instance that contains the property that you want to monitor. l Property name: Select the property that you want to monitor.The property should in most cases be either an integer or a Boolean value. If you choose any other type of property (for example, a string), the policy will automatically restrict the choice of threshold level to VB Script, or Perl Script and you will need to write a script that interprets the string and sets the Rule object to True or False. l Connect as non-agent user: If selected, the agent accesses the node's WMI database using the following account information. This account must exist on the agentless node and must have local administrator privileges. If not selected, the agent account is used. l User name: Type the user name of the account that the policy will use to connect to the WMI database. l Login password: Type the password of the connecting account. Note: You can also monitor WMI sources using Windows Management Interface policies. (See "Windows Management Interface Policies" (on page 921).) Store in Embedded Performance Component: You can enter a data source, object and metric of your own invention here. The policy will create themin the embedded performance component and will store the data fromthe policy's source each polling interval. The data is then available for other uses. For example, you can use data in to embedded performance component to create graphs with HPPerformance Manager and reports with HP Reporter. Caution: For each WMI instance class, you must specify a dedicated CODA object. For example, you can store all WMI instance classes of the type Win32_SystemUsers in a CODA object "users", but you cannot store WMI instance classes of the type Win32_LogicalDisk in the same CODA "users" object. For Win32_LogicalDisk instance classes, use the CODA object "logical_ disk", for example. Polling Interval: Indicate how often the policy should check the source for new information. This period of time is the polling interval. To increase performance, the polling interval should be as large as possible, while still being frequent enough to monitor data at the rate that it is expected to change. Note that a policy begins to evaluate data after the first polling interval passes. A shorter polling interval is better when you are testing a policy. Add Source: If you want the policy to monitor more than one threshold source, you can click this button to add sources. Policies with multiple sources require you to write scripts to evaluate the threshold levels. Note that switching fromsingle to multiple sources automatically converts the rules to VB Script. Caution: Make sure that the scripting language that you choose will run on the operating system where you intend to use the policies. HP Operations Manager (9.00) Page 723 of 1297 Online Help Related topics l "Rule object" (on page 968) Specify instance filters Instance filters provide a way for the measurement threshold policy to apply different sets of threshold levels to different instances of the object being monitored. For example, a threshold policy that monitors disk usage will apply the same threshold to all disks, but if you specify instance filters, you can specify one set of threshold levels for disk C:, another set for disk D: and so on. Instance filters can be used with policies that evaluate the threshold based on a minimum, maximumor scripts. Instance filters are not available for threshold policies based on the source MIB. To create instance filters: 1. In the Threshold Levels tab, select Maximum, Minimum, VB Script, or Perl Script, and then click Specify instance filters. 2. Provide a Rule description (for example, matches the C drive). 3. For a minimumor maximumthreshold, in the Object name text box, type a pattern matching string that will match the instance (or instances) for which you want to write specific rules. For a VBScript threshold, in the VB Script text box, type a script that filters the object instances. Set Rule.Status = True if you want evaluate threshold levels for an object instance. Otherwise set Rule.Status = False. For a Perl Script threshold, in the Perl Script text box, type a script that filters the object instances. Set $Rule->Status(TRUE); if you want to evaluate threshold levels for an object instance. Otherwise set $Rule->Status(FALSE);. 4. Click the Actions tab, and then create the threshold levels for this object instance. 5. Repeat for each object instance. Tip: If you do not know what the instance names are, write a policy with a very low threshold (one that will be broken immediately), and then deploy it to a node. The message that you receive will show the name of the instance in the object field of the message properties. Related topics l "Pattern matching" (on page 946) l "Policy objects for scripts" (on page 956) Configure message defaults in measurement threshold policies The Outgoing message defaults dialog box enables you to set default attributes for all messages that a policy sends. The message defaults only affect new threshold levels. You can override the defaults for individual threshold levels after you create them. If a message in any threshold level contains empty attributes, the agent uses the default attributes. To set message defaults HP Operations Manager (9.00) Page 724 of 1297 Online Help 1. Right-click the policy, and then click All Tasks Edit... 2. In the Threshold levels tab, click Defaults....The Outgoing message defaults dialog box opens. 3. Set the message defaults: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START<$THRESHOLD> n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). HP Operations Manager (9.00) Page 725 of 1297 Online Help Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. HP Operations Manager (9.00) Page 726 of 1297 Online Help You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: HP Operations Manager (9.00) Page 727 of 1297 Online Help n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. Set threshold level general properties In this tab you set the threshold level for the rule, a minimumtime for which the threshold must be broken to produce a message, and a reset level. l Threshold level description: This is a name you give to the rule to help you identify it. This name is visible in the rules list. l Threshold Limit: Minimumor maximum If you are setting a Minimumor Maximumrule, set the value that triggers a message if met or crossed. Use the following syntax guidelines when specifying the threshold: HP Operations Manager (9.00) Page 728 of 1297 Online Help Sequence of Digits: May include a decimal separator. (The character used as the separator is determined by the operating systemlanguage.) For example: 0.5, 100.1 Sign (optional): Plus sign (+). For example: +50 Minus sign (-). For example: -730 Exponent (optional): Exponent character: e or E. For example: 15e2, 7E4 Exponent sign. For example: 8e+2, 4E-2 One or more decimal digits. For example: 25.88e4 Tip: If you set a minimumor maximumthreshold limit, you can override it for individual nodes. To override a threshold limit on an individual node, set a parameter locally on the node in the eaagt.thresholds namespace. Specify the parameter value in the following format: <policy_name>/<threshold_level_description>/<limit>:<reset_value> For example, if you have a policy called cpu load with a threshold level called condition critical that you want to override with the limit 75 and the reset value 70, set a parameter with the following value: cpu load/condition critical/75:70 The following limitations apply: n Specify <policy_name> and <threshold_level_description> exactly as they appear in the policy editor. The first and last slash marks (/) delimit the <threshold_ level_description>, which can itself contain slash marks. n <reset_value> is required, even if it is the same as <limit>. n Nodes must have the HTTPS agent installed. Set the parameter using one of the following methods: n Deploy a node info policy that contains the following line: <parameter_name>(thresholds) <parameter_value> The <parameter_name> can be any alphanumeric string that is unique within the eaagt.thresholds namespace. Adding (thresholds) after <parameter_name> ensures that the node info policy sets the parameter in the eaagt.thresholds namespace. (See "Node info policies" (on page 770).) n Use the command ovconfpar with the following syntax: ovconfpar -change -host <node_hostname> -ns eaagt.thresholds -set <parameter_name> <parameter_value> The <parameter_name> can be any alphanumeric string that is unique within the eaagt.thresholds namespace. (See ovconfpar.) VBScript or Perl If you are setting a VBScript or Perl rule, you must write a script that evaluates the sources you are monitoring and sets the rule object to either TRUE or FALSE. HP Operations Manager (9.00) Page 729 of 1297 Online Help You need to use a script to determine the threshold for your measurement threshold policy if the source that you choose delivers something other than a number or a Boolean value or if you want to evaluate multiple sources. A script makes it possible for you to performyour own calculations and decide if the threshold has been crossed. Here is how a script works together with a measurement threshold policy: a. First, you create a policy that monitors one or more sources. You assign a Short Name to each source in the policy. b. If the source has multiple instances (for example, multiple logical disks), then use the processing options in the Options tab to indicate if the script should process only one instance at a time, or should process all instances at once. c. Next, you create a threshold rule that uses VB Script or Perl to determine the threshold limit. The script should use the short names and the policy objects to access the value for each source, and should performsome calculation to determine if a threshold has been crossed. The script should set the Rule Object to TRUE if threshold has been crossed or FALSE if it has not been crossed. d. When the policy is deployed, the script will evaluate the sources and sets the rule object to TRUE or FALSE after each polling interval. If rule object is set to TRUE, the policy will carry out the start, continue, or end actions depending on how long the threshold has been crossed. You can also use the script to send messages or execute commands directly if you require more flexibility than the start, continue, and end actions provide. Note: The agent runs as a service that has no standard input, standard output, or standard error streams. Therefore, the predefined file handles STDIN, STDOUT, and STDERR are not available for Perl scripts in measurement threshold policies. It is also not possible to open file handles that use command pipes or capture the standard output fromcommands within backticks (`). Caution: The advanced threshold policy rules tab provides the ability to specify whether the rules define a maximumor minimumthreshold, or use scripts. A Measurement Threshold policy can only contain one of these three types of rules. Note that a conversion between threshold types is not always possible: n changing between minimumand maximum: rules are not deleted n changing fromminimumor maximumto VisualBasic or Perl: the rules are converted to script n changing fromVisualBasic or Perl to minimumor maximum: rules are deleted n changing between VisualBasic and Perl: no conversion occurs, you must rewrite the script l Short-term peaks Since it may not be reasonable to create a message when a threshold is exceeded only for a short time, HP Operations allows you to define a minimumtime period over which the monitored value must exceed the threshold before generating a message. For a message to be sent, the value must be greater than the threshold each time the value is measured during a duration that you select. Select a value that is a multiple of the policy's polling interval. For example, if the polling interval is 2m(two minutes), set the short-termpeak duration to 4m, 6m, 8m, or 10m(and so on). If the duration is set to 0 or the box is left empty, an alarmis generated as soon as HP Operations detects that the threshold has been equaled or crossed. l Reset The reset value is a limit below which the monitored value must drop (or exceed, for minimumthresholds) to return the status of the monitored object to normal. After the status of a monitored object returns to normal, a new start message can be issued if the monitored value HP Operations Manager (9.00) Page 730 of 1297 Online Help again crosses the threshold value. You can either use the same value as the threshold limit, or specify a different reset value. Set the Measurement Threshold general rule properties: 1. Right-click the policy and select All Tasks Edit... 2. Select Threshold levels. 3. Select the rule to which you want to modify the conditions. 4. Select Modify. 5. Select General. Tip: The Rules tab provides a textual summary of each rule. You can use this summary as a navigational aid. Click any underlined text in the rule to jump to the dialog box that enables you to set that value. Related topics l "Rule object" (on page 968) Configure script parameters in measurement threshold policies Measurement threshold policies can contain VB Script or Perl scripts that do complicated calculations, evaluate thresholds, or add functionality. Script parameters enable you to change the values of variables in the script without the need to edit the script itself. Note: In the measurement threshold policy editor, the Script Parameters tab is visible only in policies that have VB Script or Perl script threshold limits. Define script parameters To define script parameters in a measurement threshold policy, you must add a parameter definition block to a VB script or Perl script. You must add the parameter definition block to the policy's first script as follows: l In a policy with one or multiple threshold levels, add the parameter definition block to the threshold limit script of the first threshold level. l In a policy with instance filter rules, add the parameter definition block to the condition script of the first instance filter rule. If you change the order of threshold levels or instance filter rules, or if you change a policy to use instance filter rules, the policy editor moves the parameter definition block automatically to the correct script. The script parameters that you define are only available in the script that contains the parameter definition block. However, you can also store the parameters in the policy's session object, so that you can use themin other scripts. The parameter definition block has the following format: PARAMETERS START HP Operations Manager (9.00) Page 731 of 1297 Online Help PARAMETER <name> STRING|INT|DOUBLE DEFAULT <value> [VALUE <value>] [CAPTION "<caption string>"] [MIN <numeric value>] [MAX <numeric value>] [SESSION ["<key>"]] ... PARAMETERS END Each line of the parameter definition block must start with a comment delimiter: l In a VBScript, start each line with an apostrophe ('). l In a Perl script, start each line with a number sign (#). You can define any number of parameters between the start and end of the parameter definition block. Each parameter definition must have a name, data type, and default value. In addition, each parameter definition can have a caption, minimumvalue, maximumvalue, and session key. The following table explains the keywords that you use to define a script parameter. Keyword Definition Syntax STRING|INT|DOUBLE This keyword specifies the type of data that the parameter holds. If you specify the data type STRING, you must enclose values in quotation marks ("). STRING|INT|DOUBLE DEFAULT This keyword defines the default value for the parameter. It is required and must be defined by the policy developer. DEFAULT <value> CAPTION Optional. A more descriptive text that appears on the windows to change the parameter value. CAPTION "<text>" VALUE Optional. This keyword should not be used during parameter definition. It will be created automatically at the time a user changes a parameter value; it is necessary for the editor to know the changed value. If the changed value is available, the generated code will always contain this value and not the DEFAULT value. VALUE <value> MIN, MAX Optional. These keywords are only valid for parameters of type INT or DOUBLE. If a user changes a numeric parameter for that a MIN or MAX value or both is defined, the editor does a checking whether the new value is within the defined range. MIN <value> MAX <value> SESSION Optional.This keyword configures the policy to store the parameter value in its session object. Unless you specify this keyword, the parameters that you define are only available in the script that contains the parameter definition block. If you specify this keyword, the policy stores the parameter in its session object. You can then use the session object to access the parameter in all of the policy's scripts. SESSION ["<key>"] Keywords for script parameter definitions HP Operations Manager (9.00) Page 732 of 1297 Online Help For example, if you specify the keyword SESSION "CriticalThreshold", you can access the parameter in other VBScripts using the following code: Session.Value("CriticalThreshold") The equivalent code in a Perl script is as follows: $Session->Value('CriticalThreshold') If you specify the SESSION keyword without specifying a key, the policy editor uses the parameter name for the session key. After you add the parameter definition block, the policy editor parses it, and then inserts the VB script or Perl script variables that you have defined. You can then edit the value of each parameter in the Script Parameters tab. Whenever you edit the value of a parameter in the Script Parameters tab, the policy editor automatically updates the variables in the script. The parameter definition block must contain only script parameter definitions, because the policy editor overwrites any other comments or code. Examples The following example defines an integer parameter in a Perl script. The parameter has the name CriticalThreshold and the default value 95: #PARAMETERS START #PARAMETER CriticalThreshold INT DEFAULT 95 #PARAMETERS END After the policy editor parses the parameter definition block, it overwrites it with the following code: #PARAMETERS START #PARAMETER CriticalThreshold INT DEFAULT 95 my $CriticalThreshold; $CriticalThreshold = 95; #PARAMETERS END The following example defines two parameters in a VB Script: 'PARAMETERS START 'PARAMETER WarningThreshold INT DEFAULT 70 MIN 60 MAX 80 'PARAMETER WarningThresholdMsg STRING DEFAULT "Warning Message" 'PARAMETERS END After the policy editor parses the parameter definition block, it overwrites it with the following code: 'PARAMETERS START 'PARAMETER WarningThreshold INT DEFAULT 70 VALUE 70 MIN 60 MAX 80 Dim WarningThreshold WarningThreshold = 70 HP Operations Manager (9.00) Page 733 of 1297 Online Help 'PARAMETER WarningThresholdMsg STRING DEFAULT "Warning Message" VALUE "Warning Message" Dim WarningThresholdMsg WarningThresholdMsg = "Warning Message" 'PARAMETERS END Edit script parameter values If a measurement threshold policy contains script parameter definitions, you can edit the values. Script parameters enable you to change the behavior of the policy without editing the policy's scripts. To edit script parameter values: 1. In the measurement threshold policy editor, click the Script Parameters tab. 2. Click the script parameter that you want to change and then click Edit. The parameter properties dialog box opens. 3. Edit the Value, or click Default to set the default value. 4. Click OK. The parameter properties dialog box closes. The policy editor updates the variables in the script. 5. Click Save to save the policy. Related topics: "Session object" (on page 967) Configure start actions in measurement threshold policies Measurement threshold policies provide the ability to performactions at different times, depending on how long the threshold is crossed. Start actions are carried out the first time that the threshold is crossed. In the Start actions tab, you indicate what the policy should do after evaluating a particular threshold levelservice or process monitor. The policy can send a message to the management server, start a command, prepare a command for the operator to start, or any combination or none of these actions. Note: In all cases, if a rule evaluates as true, no more rules are processed. It is important to pay attention to the rule order. The order in which rules are evaluated has a large effect on the type of messages you receive. It also affects the speed with which messages are sent and the amount of processor time that is required by the policy. For example, you might have a policy that monitors CPU activity, containing these two rules: 1. If usage is greater than 80%, send a warning message and stop processing rules. HP Operations Manager (9.00) Page 734 of 1297 Online Help 2. If usage is greater than 95%, send a critical message and stop processing rules. If the rules were evaluated in the order shown, disk usage of 99% would only produce a warning message. If the order were reversed, however, a critical message would be sent. You could solve the problemby making the rules more specific, so that the order was not important: 1. If usage is between 80% and 94%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. In the example above, disk usage of 99% produces a critical message regardless of which rule is evaluated first. However, if the rules are evaluated in the order shown, disk usage of 99% is evaluated by two rules. If the order were reversed, it would be evaluated only by the first rule, thereby sending the message more quickly and reducing processing time on the managed node. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$INSTANCE> Returns the name of the current instance Sample output: C; <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> HP Operations Manager (9.00) Page 735 of 1297 Online Help Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> HP Operations Manager (9.00) Page 736 of 1297 Online Help Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TIME_CREATED> Returns the time the message was created on the managed node in seconds elapsed since midnight (00:00:00), January 1, 1970, coordinated universal time. Sample output: 950008585 <$MSG_TYPE> Delivers the name set for message type. <$NAME> Returns the name of the policy that sent the message. Sample output: cpu_util <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com <$OPTION(N)> Returns the value of an optional variable that is set by opcmsg or opcmon (for example, $OPTION(A) $OPTION(B), and so on.). <$THRESHOLD> Returns value for the threshold limit set in the Threshold Level dialog box. If the threshold is determined with a script, the name of the scripting language is returned, for example, VBScriptSample output: 95.00 <$VALUE> Returns the value measured by a Measurement Threshold policy. Sample output: 100.00 <$VALAVG> Returns the average value of all messages reported by the Measurement Threshold policy. Sample output: 100.00 <$VALCNT> Returns the number of times that the threshold monitor has delivered a message to the browser. Sample output: 1 To configure start actions in measurement threshold policies: 1. Optional. To configure the message that the start action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: HP Operations Manager (9.00) Page 737 of 1297 Online Help Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START<$THRESHOLD> n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. HP Operations Manager (9.00) Page 738 of 1297 Online Help Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. Note that for Measurement Threshold and Scheduled Task policies, only the first item(Acknowledge messages with message key) is available. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> HP Operations Manager (9.00) Page 739 of 1297 Online Help This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Note: In measurement threshold policies, you can also specify automatic acknowledgement of messages related to the same policy using the policy option Show only newest message in active browser (see "Configure measurement threshold policy options" (on page 767)). Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 740 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 741 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 742 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 743 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble HP Operations Manager (9.00) Page 744 of 1297 Online Help ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the start action sends a message using the outgoing message defaults. 2. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 3. Optional. If you choose to send the message to the active message browser, you can add commands to the action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. HP Operations Manager (9.00) Page 745 of 1297 Online Help n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n Graph Select Graph if the source of your policy is a metric in the Embedded Performance Component and you want the operator-initiated command to show a graph of that metric's value over time. Use Date range to indicate how much historical data the graph should present. For example, if you select 1 Hour, the graph shows the metric's value over the hour before the threshold was crossed. n Graph Template By selecting Graph Template, you can choose a predefined HP Performance Manager graph that you want the operator-initiated command to show. When an operator starts this command, HP Performance Manager generates a graph using data fromthe affected node and the selected graph template. HP Operations Manager (9.00) Page 746 of 1297 Online Help o Graph template name: Click Browse and select the name of the graph template that you want to provide to the operator. o Date Range: Select the span of time for which data should be displayed in the graph. o Filter on Instance: If want the graph to only show data froma specific instance, enter the instance name here. Note: Graphs are available only if HP Performance Manager integration is correctly configured on the management server.(See HP Performance Manager Integration.) n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure continue actions in measurement threshold policies Measurement threshold policies provide the ability to performactions at different times, depending on how long the threshold is crossed. Continue actions are carried are carried out at each polling interval if the start action of the rule was carried out at a previous polling interval, and the reset value is not reached. HP Operations Manager (9.00) Page 747 of 1297 Online Help To configure continue actions in measurement threshold policies: 1. If you want to configure continue actions, click one of the following; n Use the specified 'Start actions'. This option enables you to send a message that is a duplicate of the start action message. In addition, if the start action has an automatic command, the agent starts this command again. n Define special 'Continue actions'. This option enables you configure a message and commands that are different those in the start action. 2. Optional. To configure the message that the continue action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START<$THRESHOLD> n Message Type: Use this box if you want to provide another organizational category for this HP Operations Manager (9.00) Page 748 of 1297 Online Help message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. Note that for Measurement Threshold and Scheduled Task policies, only the first HP Operations Manager (9.00) Page 749 of 1297 Online Help item(Acknowledge messages with message key) is available. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Note: In measurement threshold policies, you can also specify automatic acknowledgement of messages related to the same policy using the policy option Show only newest message in active browser (see "Configure measurement threshold policy options" (on page 767)). Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: HP Operations Manager (9.00) Page 750 of 1297 Online Help n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. HP Operations Manager (9.00) Page 751 of 1297 Online Help Counter correlation example The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter HP Operations Manager (9.00) Page 752 of 1297 Online Help in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a HP Operations Manager (9.00) Page 753 of 1297 Online Help message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. HP Operations Manager (9.00) Page 754 of 1297 Online Help You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the start action sends a message using the outgoing message defaults. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you can add commands to the continue action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) HP Operations Manager (9.00) Page 755 of 1297 Online Help n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n Graph Select Graph if the source of your policy is a metric in the Embedded Performance Component and you want the operator-initiated command to show a graph of that metric's value over time. Use Date range to indicate how much historical data the graph should present. For example, if you select 1 Hour, the graph shows the metric's value over the hour before the threshold was crossed. HP Operations Manager (9.00) Page 756 of 1297 Online Help n Graph Template By selecting Graph Template, you can choose a predefined HP Performance Manager graph that you want the operator-initiated command to show. When an operator starts this command, HP Performance Manager generates a graph using data fromthe affected node and the selected graph template. o Graph template name: Click Browse and select the name of the graph template that you want to provide to the operator. o Date Range: Select the span of time for which data should be displayed in the graph. o Filter on Instance: If want the graph to only show data froma specific instance, enter the instance name here. Note: Graphs are available only if HP Performance Manager integration is correctly configured on the management server.(See HP Performance Manager Integration.) n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure end actions in measurement threshold policies Measurement threshold policies provide the ability to performactions at different times, depending on how long the threshold is crossed. HP Operations Manager (9.00) Page 757 of 1297 Online Help End actions are carried out after the threshold crosses the reset value, only if the start action for that rule was carried out. If the value drops below two thresholds within one polling interval, the end actions of the lowest rule that performed start actions are carried out. To configure end actions in measurement threshold policies: 1. Select the Start the specified 'End actions' check box. 2. Optional. To configure the message that the end action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START<$THRESHOLD> n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. HP Operations Manager (9.00) Page 758 of 1297 Online Help n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. Note that for Measurement Threshold and Scheduled Task policies, only the first item(Acknowledge messages with message key) is available. HP Operations Manager (9.00) Page 759 of 1297 Online Help n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Note: In measurement threshold policies, you can also specify automatic acknowledgement of messages related to the same policy using the policy option Show only newest message in active browser (see "Configure measurement threshold policy options" (on page 767)). Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: HP Operations Manager (9.00) Page 760 of 1297 Online Help n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. HP Operations Manager (9.00) Page 761 of 1297 Online Help Counter correlation example The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter HP Operations Manager (9.00) Page 762 of 1297 Online Help in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a HP Operations Manager (9.00) Page 763 of 1297 Online Help message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. HP Operations Manager (9.00) Page 764 of 1297 Online Help You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the start action sends a message using the outgoing message defaults. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you add commands to the end action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) HP Operations Manager (9.00) Page 765 of 1297 Online Help n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n Graph Select Graph if the source of your policy is a metric in the Embedded Performance Component and you want the operator-initiated command to show a graph of that metric's value over time. Use Date range to indicate how much historical data the graph should present. For example, if you select 1 Hour, the graph shows the metric's value over the hour before the threshold was crossed. HP Operations Manager (9.00) Page 766 of 1297 Online Help n Graph Template By selecting Graph Template, you can choose a predefined HP Performance Manager graph that you want the operator-initiated command to show. When an operator starts this command, HP Performance Manager generates a graph using data fromthe affected node and the selected graph template. o Graph template name: Click Browse and select the name of the graph template that you want to provide to the operator. o Date Range: Select the span of time for which data should be displayed in the graph. o Filter on Instance: If want the graph to only show data froma specific instance, enter the instance name here. Note: Graphs are available only if HP Performance Manager integration is correctly configured on the management server.(See HP Performance Manager Integration.) n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure measurement threshold policy options The Options tab of the measurement threshold policy editor enables you to configure several policy behaviors. HP Operations Manager (9.00) Page 767 of 1297 Online Help Log local events on the managed node HP Operations Manager allows you to define which events, if any, are logged on the managed node fromwhich they originated. These events are logged on the local managed node in the log file: <data_dir>\log\OpC\opcmsglg. Three logging options are available. l Log local events that match a rule and trigger a message. This selection logs any events in the message source that match the policy rules. l Log local events that match a rule and are ignored. This selection logs any events in the message source that are suppressed (that is, they do not cause a message to be sent to the management server). l Log local events that don't match any rule. This selection logs any events that do not match any of the rules in the policy. Capture unmatched events You can configure a policy to send a message to the management server when an event does not match any rule in the policy because none of the conditions apply or because the policy does not contain any rules. This ensures that unexpected events that might be important do not go unreported. By default, unmatched events are ignored. Each policy that sends unmatched events to the management server creates a message with the default values of the policy. Tip: If you want a policy to send messages only with the default values, omit all rules fromthe policy. The following options are available: l Unmatched events are sent to the messages browser l Unmatched events are sent to the acknowledged messages browser l Unmatched events are ignored (default) If several policies forward unmatched messages to the management server you could receive multiple messages about a single input event. Pattern matching options The following pattern matching options are available: l Case sensitivity You can choose whether the case (uppercase or lowercase) of a text string is considered when the message text of a rule is compared with the destination text in the message source. When switched on, a match only occurs if the use of uppercase and lowercase letters is exactly the same in both the message source and the message text string. This is the default setting. l Field separators You can indicate which characters should be considered to be field separators. Field separators are used in the message text pattern as separator characters for the rule condition. You can define up to seven separators, including these special characters: HP Operations Manager (9.00) Page 768 of 1297 Online Help n \n new line (NL) n \t horizontal tab (HT) n \v vertical tab (VT) n \b backspace (BS) n \r carriage return (CR) n \f formfeed (FF) n \a alert (BEL) n \\ backslash (\) For example, if you wanted a backslash, an asterisk, and the letter A to define the fields in the message text, you would type \\*A (with no spaces separating the characters). If you leave this box empty, the default separators (a blank and the tab character) are used by default. If you change the pattern matching options, they apply to all new rules in a policy. Click Apply to all to apply themto all existing rules in a policy. This overwrites any modifications made to the pattern matching options in individual rules. You can set case sensitivity and separator characters for individual rules in a policy by clicking the button in the Condition tab of a rule. Processing options You can choose how a policy processes multiple instances of the value being measured. For example, if a policy monitors disk space, then each disk in the managed node is one instance, and you can choose whether to treat each disk separately or all disks as a whole. l Process each instance separately: Select this option if you want each instance to be processed by the policy separately. For example, if the policy monitors each CPU in a multiple CPU server, and the activity of all CPUs exceeds the threshold, a message will be generated for each CPU. l Process all instances once: This option can only be used if the threshold rules use the output of a script as the threshold (instead of minimumor maximum). Select this option if the script evaluates all instances and delivers one value to be tested by the policy. (Make sure that the scripting language that you choose is supported on the platformwhere you plan to distribute your policy.) Show only newest message in active browser You may want to ensure that only the most current status of a threshold is shown in the active message browser. The values that measurement threshold policies monitor can change rapidly. A condition that produces an error message might only exist for a short time. In order to prevent your message browser fromfilling up with threshold messages that might not be current, you can use Show only newest message in active browser. This feature causes a measurement threshold policy message to acknowledge all messages in the message browser which were created by the same policy, and which have the same node and instance. (Note that although a message cannot acknowledge itself, you can send an End Action message directly to the acknowledged messages browser.) HP Operations Manager (9.00) Page 769 of 1297 Online Help Node info policies The node info policy type provides a way to modify configuration information on a managed node. Node info policies update the nodeinfo file on managed nodes that have the DCE agent installed. On managed nodes that have the HTTPS agent installed, node info policies use ovconfchg to manipulate node settings files and update the node configuration database. Specifying parameters in node info policies The node info policy type provides a simple editor where parameters can be typed. Each parameter consists of a name and a string value. Only ASCII characters are permitted. The string value may not contain new line characters. The node info policy syntax depends on the type of agent the nodeinfo policy configures: l HTTPS agents ;XPL config [<namespace>] <parameter_name>=<parameter_value> ;XPL config triggers the configuration of HTTPS agents. [<namespace>] contains the namespace to be updated. Example: ;XPL config [eaagt] OPC_AGTMSI_ENABLE = TRUE OPC_AGTMSI_ALLOW_AA = FALSE [bbc.http] PROXY = proxy1.example.com:8080 l DCE agents <parameter_name><parameter_value> <parameter_name> starts at the beginning of the line and ends at the first white space (space or tab). <parameter_value> starts after the white spaces and ends at the end of the line. Example: OPC_AGTMSI_ENABLE TRUE OPC_AGTMSI_ALLOW_AA FALSE PROXY proxy1.example.com:8080 Tip: Parameters can be disabled by inserting a number sign (#) at the beginning of the name. Caution: It is important to be cautious when writing and deploying node info policies. If a parameter is defined in more than one policy, the value in the policy that was deployed last is the value that will be used. However, when a node info policy is removed fromthe node, the value for the parameter is not rolled back to previous value but rather is set to the default value. This can make it difficult to know what the configuration state on the node actually is. To prevent confusion, it is recommended either to deploy only one node info policy per HP Operations Manager (9.00) Page 770 of 1297 Online Help node, or to create one node info policy for each specific parameter or unique group of parameters that you want set. nodeinfo files on DCE agents The nodeinfo file is created automatically when HPOMinstalls a DCE agent on a node. Deploying a node info policy to a node will cause the parameters in the node info policy to be written to the end of the nodeinfo file. Removing the policy deletes the parameters. If parameters are defined twice in this file, the parameter that is defined last (fromtop to bottom) is the parameter that is used. Note: If you want to set some of these parameters and want to ensure that they are never changed by a node info policy, you can write most of themin the opcinfo file, as well. (The only exceptions are parameters that set values relating to HTTP communication. These parameters may only be set in the nodeinfo file.) Information in the opcinfo file takes precedence over the nodeinfo file. The opcinfo file can be found in these locations: AIX: /usr/lpp/OV/OpC/install/opcinfo UNIX and Linux: /opt/OV/bin/OpC/install/opcinfo Windows: <drive>:\usr\OV\bin\OpC\install\opcinfo Node info policy parameters Parameter OPC_RESOLVE_IP Description : Specifies the IP address of the managed node's primary manager. This parameter can be used if name resolution is not working correctly in your network environment. Note that any changes dictated by an agent-based flexible management policy will override the value set here. Type: string, a.b.c.d (for example, 15.136.120.1) Default: (not set) Agent: DCE only Parameter OPC_COND_FIELD_ICASE Description : Toggles the case-sensitivity of policy conditions that match the object, application, or message group fields. TRUE = case-insensitive. FALSE = case-sensitive. Type: Boolean Default: TRUE Agent: DCE only Parameter OPC_INT_MSG_FLT Description : If TRUE, agent-internal messages (mainly HPOM-internal status- and error- messages) are passed to the HP Operations agent and can be filtered through HP Operations Manager (9.00) Page 771 of 1297 Online Help opcmsg policies. This allows you to add your own actions, instruction text and so on. Information on how to configure filtering of server-internal messages (mainly agent health checks) can be found in the topic Agent Health Check. Type: Boolean Default: FALSE Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_LE_CLOSE_MSG_DLL Description : The default value is TRUE. This causes the Windows message DLL for EventLog messages to be closed after every read. This might increase CPU usage of the log file encapsulator process but it prevents the agent fromlocking DLLs, allowing software to be updated while the HP Operations agent runs. Type: Boolean Default: TRUE Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_AGENT_ID Description: DCE agent identifier stored on managed nodes. Type: string Default: not set Agent: DCE only Parameter OPC_AGENT_LOG_SIZE Description : Specifies the maximumsize for the agent log files (opcerror, opcerro1, opcerro2, opcerro3) in increments of 1/10 KB (default 10000 * 1/10 KB = 1000 KB = 1 MB). When the current log file reaches 1/4 of that maximumsize (default 1/4 * 1000 KB = 250 KB), it is moved to the next name (opcerror opcerro1 opcerro2 opcerro3 deleted) and a new opcerror log file is created. Type: int Default: 10000 Agent: DCE only Parameter OPC_AGTMSI_ENABLE HP Operations Manager (9.00) Page 772 of 1297 Online Help Description: Enables the agent message streaminterface (MSI). Type: Boolean Default: FALSE Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_AGTMSI_ALLOW_AA Description : Allows automatic commands in messages. If set to FALSE, the agent discards the commands in the messages. Type: Boolean Default: FALSE Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_AGTMSI_ALLOW_OA Description : Allows operator-initiated commands in messages. If set to FALSE, the agent discards the commands in the messages. Type: Boolean Default: FALSE Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_APM_HANDLE_GROUP_AS_ONLINE Description : Defines which Microsoft Cluster Server cluster group states are treated as online. Type: string : ClusterGroupFailed, ClusterGroupPending, ClusterGroupOnline, ClusterGroupPartialOnline, ClusterGroupOffline, ClusterGroupStateUnknown Default: ClusterGroupOnline Agent: DCE only Parameter OPC_APM_HANDLE_NODE_AS_ONLINE Description : Defines which Microsoft Cluster Server cluster node states are treated as online. Type: string : ClusterNodeUp, ClusterNodeDown, ClusterNodeJoining, HP Operations Manager (9.00) Page 773 of 1297 Online Help ClusterNodePaused, ClusterNodeStateUnknown Default: ClusterNodeUp Agent: DCE only Parameter OPC_BUFLIMIT_ENABLE Description : Enable or disable checking of buffer-file limit on agent. Checks applied on msgagtdf-file. If TRUE the file will not grow unchecked and fill the disk if the management server becomes temporarily unavailable. The message agent counts the number of discarded messages, started actions, and message operations such as acknowledge requests, and forwards themwhen the server becomes available again. Type: Boolean Default: FALSE Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_BUFLIMIT_SIZE Description : If buffer-file limitation is set on agent, this value describes the limit for msgagtdf-file in kilobytes. Type: int, kilobytes Default: 10000 Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_BUFLIMIT_SEVERITY Description : Allows you to define a severity that overrides the buffer file limit, and allows messages of that severity, or higher, to be added to the buffer file. Type: string : normal, warning, minor, major, critical Default: major Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_HBP_INTERVAL_ON_AGENT Description : Changes the frequency with which each node sends alive packets. The agent sends an alive packet at an interval equal to two-thirds of the configured value. On HP Operations Manager (9.00) Page 774 of 1297 Online Help nodes that have the DCE agent, the default value of OPC_HBP_INTERVAL_ON_ AGENT is 280, so the agent sends an alive packet every 120 seconds. Type: int, seconds, values of <=0 are mapped to -1 (no alive packets) Default: DCE agents: 280; HTTPS agents: not set Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_NAMESRV_CACHE_SIZE Description : HP Operations agent processes use a name-resolution cache in the trap interceptor process to improve performance. If the cache is full, least frequently used entries are replaced by new ones. If a node is the SNMP target for over 100 nodes, it is useful to enlarge the cache. Type: int Default: 100 Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_NAMESRV_DISABLE_CACHE Description : Enable or disable the HPOMname-service cache. This can be useful if the node names in your environment change frequently. Type: Boolean Default: FALSE Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_NODE_CHARSET Description : Indicates the character set that the node is using. Type: string : For a list of values, refer to the read-me files for HP Operations DCE agents. Default: iso88591 Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_MSI_CREATE_NEW_MSGID HP Operations Manager (9.00) Page 775 of 1297 Online Help Description : Determines how message IDs are created when messages are sent to the agent message streaminterface (MSI). 1 = Create a new message ID each time a message attribute is changed or the API copy-operator is called. 2 = Do not create a new message ID when message attributes change if this message was diverted and sent to only one instance. If you apply the API copy- operator to a message, the copy is no longer diverted and later attribute changes lead to a new message ID. For changed messages, the attribute OPCDATA_ ORIGMSGID contains the original message ID (otherwise it contains a null ID). 3 = Same as 2, except that the API copy-operator immediately creates a new message ID for the copy. 4 = Do not modify message IDs. The API-user is responsible for modifying the message IDs. Type: int, 1 <= n <= 4 Default: 2 Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_STORE_TIME_FOR_MGR_INFO Description : The HP Operations agent holds information about the manager to which the messages were sent. OPC_STORE_TIME_FOR_MGR_INFOdefines the time after which the information is deleted to save memory, disk space, and processing time. Type: int, hours Default: 24 Agent: DCE, HTTPS (namespace eaagt) Parameter PROXY Description : Sets the proxy for any HP BTOSoftware HTTP clients running on the computer. Clients can be HP Reporter or HP Performance Manager (running on the management server) or the Service Discovery agent (running on a DCE managed node). The format is PROXY proxy1:port1 +(a)-(b); proxy2:port2 +(c)- (d); and so on. The variables a, b, c and d are comma separated lists of hostnames, networks, and IP addresses that apply to the proxy. Multiple proxies may be defined for one PROXY parameter. The minus sign (-) before the list indicates that those entities do not use this proxy, the plus sign (+) before the list indicates that those entities do use this proxy. The first matching proxy is used. HP Operations Manager (9.00) Page 776 of 1297 Online Help Example: PROXY web-proxy:8088- (*.example.com)+(*.lettuce.example.com) Meaning: the proxy 'web-proxy' will be used with port 8088 for every server (*) except hosts that match *.example.com, for example, www.example.com. The exception is hostnames that match *.lettuce.example.com. For example, romaine.lettuce.example.com the proxy server will be used. Refer to the HP Operations Manager for Windows Firewall Configuration white paper for more information. Type: string Default: not set Agent: DCE, HTTPS (namespace bbc.http, bbc.http.ext.*) Parameter CLIENT_BIND_ADDR(app_name) Description : Sets the address for the specified application's HTTP client. Valid application names are com.hp.openview.CodaClient (on the management server) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the managed node). Example: CLIENT_BIND_ ADDR(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 65.114.4.69 Refer to the HP Operations Manager for Windows Firewall Configuration white paper for more information. Type: string Default: not set Agent: DCE Parameter CLIENT_PORT(app_name) Description : Sets the port number for the specified application's HTTP client. Valid application names are com.hp.openview.CodaClient (on the management server) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the DCE managed node). Example: CLIENT_ PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 8003 Refer to the HP Operations Manager for Windows Firewall Configuration white paper for more information. HP Operations Manager (9.00) Page 777 of 1297 Online Help Type: string Default: not set Agent: DCE Parameter SERVER_BIND_ADDR(app_name) Description : Sets the address for the specified application's HTTP server. Valid application names are com.hp.openview.Coda (on the DCE managed node) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the management server). Example: SERVER_BIND_ ADDR(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 65.114.4.69 Refer to the HP Operations Manager for Windows Firewall Configuration white paper for more information. Type: string Default: not set Agent: DCE Parameter SERVER_PORT(app_name) Description : Sets the port number for the specified application's HTTP server. Valid application names are com.hp.openview.Coda (on the managed node) and com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML (on the management server). Example: SERVER_ PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 8001 Refer to the HP Operations Manager for Windows Firewall Configuration white paper (available fromyour Hewlett-Packard representative) for more information. Type: string Default: SERVER_PORT(com.hp.openview.Coda) 381 SERVER_ PORT(com.hp.openview.OvDiscoveryCore.OvDiscoveryInstanceXML) 6602 Agent: DCE HP Operations Manager (9.00) Page 778 of 1297 Online Help Parameter OPC_IP_ADDRESS Description : When a node has several IP addresses, this parameter configures the agent to always use a specific IP address. Type: string (for example, 192.168.1.1) Default: not set (the agent uses the first IP address it finds) Agent: DCE, HTTPS (namespace eaagt) Parameter OPC_ALTERNATIVE_AGENT_IDS Description : Sets alternative agentIDs for a particular node. Usually used in cluster environments. Example: OPC_ALTERNATIVE_AGENT_IDS agentid1,agentid2 See Configure DCE agents to monitor cluster-aware applications for more information. Type: string Default: Not set Agent: DCE only Parameter SNMP_SESSION_MODE Description : Determines how the HP Operations agent intercepts SNMP events. To intercept SNMP V2 events on Windows managed nodes, disable the standard Windows SNMP service, which does not support SNMP V2 events. Set the parameter SNMP_SESSION_MODE to NNM_LIBS. The parameter supports the following values: TRAPD: Use the HP Operations event interceptor (opctrapi). NO_TRAPD: Use direct port access mode. TRY_BOTH: Try both, the trap daemon and direct port access mode. NNM_LIBS: Use the HP NNMi libraries (shipped with the HP Operations agent) to receive events. Type: int Default: Not set (connect to local trapd) Agent: DCE, HTTPS (namespace eaagt) HP Operations Manager (9.00) Page 779 of 1297 Online Help Open Message Interface Policies HP Operations Manager can integrate messages generated by its own message command, opcmsg. If the Open Message Interface policy is not installed on the computer where opcmsg generates messages, all messages generated by opcmsg are sent directly to the management server. The Open Message Interface policy filters messages by defining match conditions for these messages. If a message matches, the policy sends a message to the management server. All other messages are suppressed. Related topics: l opcmsg Configure message defaults in open message interface policies The Outgoing message defaults dialog box enables you to set default attributes for all messages that a policy sends. The message defaults only affect new rules. You can override the defaults for individual rules after you create them. If a message in any rule contains empty attributes, the agent uses the default attributes. To set message defaults 1. Right-click the policy, and then click All Tasks Edit... 2. In the Rules tab, click Defaults....The Outgoing message defaults dialog box opens. 3. Set the message defaults: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message HP Operations Manager (9.00) Page 780 of 1297 Online Help ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// HP Operations Manager (9.00) Page 781 of 1297 Online Help o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were HP Operations Manager (9.00) Page 782 of 1297 Online Help sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. HP Operations Manager (9.00) Page 783 of 1297 Online Help iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For HP Operations Manager (9.00) Page 784 of 1297 Online Help example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal HP Operations Manager (9.00) Page 785 of 1297 Online Help message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. HP Operations Manager (9.00) Page 786 of 1297 Online Help If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. Configure conditions in open message interface policies Rule Description: Type a description that will help you remember what this rule does. This description is visible in the rules list. Node: Type the fully qualified domain name, the primary node name, or the IP address if you only want to match messages generated on a specific node. Give multiple entries with the OR operator (for example: kohlrabi.veg.com|beet.veg.com), or leave blank for all nodes. You can also use variable <$OPC_MGMTSV>. Message Group: Type the message group that you want to assign to messages generated by this rule. Give a message group or leave blank for all message groups. A message can belong to only one message group. You can use multiple message groups to set the filter in the policy's rule condition, to select the messages that will arrive. Application: Type the name of the application that generated the message. Object: Type the name of the object that generated the message. Note: Although the termapplication generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. Severity: Select the severities that the message should have. Message Text: Type in the pattern that you want the policy to compare with the message text in the source message that it is evaluating. To set open message interface policy rule conditions 1. Right-click the Open Message Interface policy and select All Tasks Edit... 2. Select Rules. 3. Select the rule to which you want to modify the conditions. 4. Select Modify. 5. Select Condition and choose the conditions for this rule. You can use message text pattern conventions to specify the matching pattern. Tip: The Rules tab provides a textual summary of each rule. You can use this summary as a navigational aid. Click any underlined text in the rule to jump to the dialog box that enables you to set that value. Related topics l "Pattern matching" (on page 946) HP Operations Manager (9.00) Page 787 of 1297 Online Help Configure actions in open message interface policies In the Actions tab, you indicate what the policy should do after evaluating a particular conditionservice or process monitor. The policy can send a message to the management server, start a command, prepare a command for the operator to start, or any combination or none of these actions. Note: In all cases, if a rule evaluates as true, no more rules are processed. It is important to pay attention to the rule order. The order in which rules are evaluated has a large effect on the type of messages you receive. It also affects the speed with which messages are sent and the amount of processor time that is required by the policy. For example, you might have a policy that monitors CPU activity, containing these two rules: 1. If usage is greater than 80%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. If the rules were evaluated in the order shown, disk usage of 99% would only produce a warning message. If the order were reversed, however, a critical message would be sent. You could solve the problemby making the rules more specific, so that the order was not important: 1. If usage is between 80% and 94%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. In the example above, disk usage of 99% produces a critical message regardless of which rule is evaluated first. However, if the rules are evaluated in the order shown, disk usage of 99% is evaluated by two rules. If the order were reversed, it would be evaluated only by the first rule, thereby sending the message more quickly and reducing processing time on the managed node. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> HP Operations Manager (9.00) Page 788 of 1297 Online Help Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command HP Operations Manager (9.00) Page 789 of 1297 Online Help l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_OBJECT> Delivers the name of the object associated with the event. Only events fromthe Open Message Interface (parameter: msg_object) and Windows Event Log (parameter: category) will set this variable. <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com <$OPTION(N)> Returns the value of an optional variable that is set by opcmsg or opcmon (for example, $OPTION(A) $OPTION(B), and so on.). To configure actions in open message interface policies 1. Specify the rule type. The three rule types are: n If matched, do actions and stop. (Select True, and then click Send.) n If matched, stop. (Select True, and then click Do nothing.) HP Operations Manager (9.00) Page 790 of 1297 Online Help n If not matched, stop. (Select False.) 2. Optional. To configure the message that the action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). HP Operations Manager (9.00) Page 791 of 1297 Online Help Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: HP Operations Manager (9.00) Page 792 of 1297 Online Help <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 793 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 794 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 795 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 796 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble HP Operations Manager (9.00) Page 797 of 1297 Online Help ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the action sends a message using the outgoing message defaults. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you can add commands to the action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. HP Operations Manager (9.00) Page 798 of 1297 Online Help n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) HP Operations Manager (9.00) Page 799 of 1297 Online Help n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure open message interface policy options The Options tab of the open message interface policy editor enables you to configure several policy behaviors. Log local events on the managed node HP Operations Manager allows you to define which events, if any, are logged on the managed node fromwhich they originated. These events are logged on the local managed node in the log file: <data_dir>\log\OpC\opcmsglg. Three logging options are available. l Log local events that match a rule and trigger a message. This selection logs any events in the message source that match the policy rules. l Log local events that match a rule and are ignored. This selection logs any events in the message source that are suppressed (that is, they do not cause a message to be sent to the management server). l Log local events that don't match any rule. This selection logs any events that do not match any of the rules in the policy. Capture unmatched events You can configure a policy to send a message to the management server when an event does not match any rule in the policy because none of the conditions apply or because the policy does not contain any rules. This ensures that unexpected events that might be important do not go unreported. By default, unmatched events are ignored. HP Operations Manager (9.00) Page 800 of 1297 Online Help Each policy that sends unmatched events to the management server creates a message with the default values of the policy. Tip: If you want a policy to send messages only with the default values, omit all rules fromthe policy. The following options are available: l Unmatched events are sent to the messages browser l Unmatched events are sent to the acknowledged messages browser l Unmatched events are ignored (default) Nodes create a message about an unmatched event only if the event is unmatched in all open message interface policies on the node. Nodes send only one message for each unmatched event. Pattern matching options The following pattern matching options are available: l Case sensitivity You can choose whether the case (uppercase or lowercase) of a text string is considered when the message text of a rule is compared with the destination text in the message source. When switched on, a match only occurs if the use of uppercase and lowercase letters is exactly the same in both the message source and the message text string. This is the default setting. l Field separators You can indicate which characters should be considered to be field separators. Field separators are used in the message text pattern as separator characters for the rule condition. You can define up to seven separators, including these special characters: n \n new line (NL) n \t horizontal tab (HT) n \v vertical tab (VT) n \b backspace (BS) n \r carriage return (CR) n \f formfeed (FF) n \a alert (BEL) n \\ backslash (\) For example, if you wanted a backslash, an asterisk, and the letter A to define the fields in the message text, you would type \\*A (with no spaces separating the characters). If you leave this box empty, the default separators (a blank and the tab character) are used by default. If you change the pattern matching options, they apply to all new rules in a policy. Click Apply to all to apply themto all existing rules in a policy. This overwrites any modifications made to the pattern matching options in individual rules. You can set case sensitivity and separator characters for individual rules in a policy by clicking the button in the Condition tab of a rule. HP Operations Manager (9.00) Page 801 of 1297 Online Help Scheduled Task Policies This policy type allows you to schedule commands to run on managed nodes, and will send a message to the management server to indicate the success or failure of the command. Use this policy if you want to run commands on one or more managed nodes either once or according to a specific schedule. To create a scheduled task policy 1. Right-click the scheduled task policy type and select New Policy 2. Click the Tasktab and indicate the command that should be run and any messages that you want to receive. 3. Click the Schedule tab and indicate when the command should be run. 4. Save the policy. Configure tasks in scheduled task policies In the Task tab, you specify a command or script that you want to run on the managed node, as well as any messages that you want to receive. You can use HPOMaction variables in most message text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> HP Operations Manager (9.00) Page 802 of 1297 Online Help Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by HP Operations Manager (9.00) Page 803 of 1297 Online Help the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$NAME> Returns the name of the policy that sent the message. Sample output: cpu_util <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com <$PROG> Returns the name of the programexecuted by the scheduled task policy Sample output:check_for_upgrade.bat <$USER> Returns the name of the user under which the scheduled task was executed. Sample output:administrator To configure tasks in scheduled task policies 1. In Task type, select one of the following options: Command n Command: Type the command that you want to run on the managed node If the command is not in the action, command, monitor or category directory on the managed node, or in the default path for the user account under which the command will be run, then the path to the command must be included. (The action, command, monitor and category directories are located under Program Files\HP\HP BTO Software\Installed Packages\{790C06B4-844E-11D2-972B-080009EF8C2A}\bin\OpC\vpwin\) HP Operations Manager (9.00) Page 804 of 1297 Online Help n Execute Under agent account ($AGENT_USER): This is the default choice. It runs the command under the same account as the agent is running, which is Local Systemby default. If selected, the Execute as user: options are not available. n Execute as user: To specify a password for this user, select the Specify password check box and type the user name under which the command should be run. The user must exist and have permission to run the command on the managed node. Note: With agent versions lower than 8.53, if you specify a non-existent user, the command runs under the same account as the agent. With agent version 8.53 and higher, if you specify a non-existent user, the command fails to run. If you type the password, then a standard Windows logon as user is performed before executing the command. If no password is entered, then an HPOMswitch user is performed before executing the command. Should I provide the password or not? Executing the command without the password is the easier of the two methods, but it has some restrictions that make it unsuitable in some situations. The lists below show the restrictions and advantages of both methods. Without a password: o For Windows nodes, resources accessed through the network are not available. o For Windows nodes, if a domain user is specified, the agent must be installed on the domain controller that authenticates the user. In Windows 2000 domains, the agent must be installed on the PDC Primary Domain Controller and the BDC Backup Domain Controller of the user domain and both must have been restarted once. o For all nodes, changed passwords do not invalidate the policy. With a password: o For all nodes, resources accessed through the network are available. o For all nodes, the encrypted password is sent over the network. o For all nodes, if the password changes, the policy must be updated and redeployed. VB Script Type the VB script in the window. Tip: Use the policy method Rule.Status to specify whether the task is successful. For example, to specify that the task has failed (and trigger a failure message), use Rule.Status=False. (See "Policy objects for scripts" (on page 956) .) Perl Script Type the Perl script in the window. Tip: Use the policy method $Rule->Status to specify whether the task is successful. For example, to specify that the task has failed (and trigger a failure message), use $Rule.Status(False). (See "Policy objects for scripts" (on page 956) .) HP Operations Manager (9.00) Page 805 of 1297 Online Help Note: The agent runs as a service that has no standard input, standard output, or standard error. Therefore, the predefined file handles STDIN, STDOUT, and STDERR are not available for Perl scripts in scheduled task policies. It is also not possible to open file handles that use command pipes or capture the standard output fromcommands within backticks (`). 2. Decide if you want to receive any notification messages, and make the appropriate selection. Design the start, success, or failure message that you want to receive. The message dialog box enables you to specify the following options: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. HP Operations Manager (9.00) Page 806 of 1297 Online Help n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. Note that for Measurement Threshold and Scheduled Task policies, only the first item(Acknowledge messages with message key) is available. HP Operations Manager (9.00) Page 807 of 1297 Online Help n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example HP Operations Manager (9.00) Page 808 of 1297 Online Help In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 809 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 810 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 811 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. The Immediate local automatic actions check box is unavailable, because you do not specify automatic commands in scheduled task policies. Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. 3. When Append output of command as annotation to success / failure message is selected, an annotation is added to the message when the command has completed. The annotation contains the start time, output, exit value, and finish time of the command. If a HP Operations Manager (9.00) Page 812 of 1297 Online Help command fails, an annotation is provided even if this itemis not selected. Configure schedules in scheduled task policies The following schedule options are available for the scheduled task policy. l When Every minute is selected, the command will be run at 60 second intervals. l When Every hour is selected, the command will be run at 60 minute intervals. You can also indicate how many minutes after the hour the command should run. For example, if you select 34, the command will run at 1:34, 2:34 and so on. l When Daily is selected, the command will every day at the time you indicate. You can schedule the command to run at multiple times each day by selecting Multiple Times and clicking the Times... button. In the time reoccurrence window, you can specify specific hours and minutes when a command should be run. By default, none are selected, meaning that the command will never run. Click an interval to select it, or drag the pointer over multiple intervals. l When Weekly is selected, the command will be run one day per week at the time you indicate. You can schedule the command to run at multiple times on this day by sjelecting Multiple Times and clicking the Times... button. In the time reoccurrence window, you can specify specific hours and minutes when a command should be run. By default, none are selected, meaning that the command will never run. Click an interval to select it, or drag the pointer over multiple intervals. l When Monthly is selected, the command will be run one day per month at the time you indicate. You can schedule the command to run at multiple times on this day by selecting Multiple Times and clicking the Times... button. In the time reoccurrence window, you can specify specific hours and minutes when a command should be run. By default, none are selected, meaning that the command will never run. Click an interval to select it, or drag the pointer over multiple intervals. l When Once is selected, the command will be run on one specific day at the time you indicate. You can schedule the command to run at multiple times on this day by selecting Multiple Times and clicking the Times... button. In the time reoccurrence window, you can specify specific hours and minutes when a command should be run. By default, none are selected, meaning that the command will never run. Click an interval to select it, or drag the pointer over multiple intervals. l When Specially is selected, you can indicate specific days and times when the command should be run. You select specific days of the week, specific days of the month, and specific months. This allows you to specify odd schedules such as, "On Monday when it falls on the 2nd of the month." You can also indicate that the command should only be run during a specific year. l When Once per interval is selected, the command will be run once each time the interval that you indicate passes. HP Operations Manager (9.00) Page 813 of 1297 Online Help Service Auto-Discovery Policies Service Discovery policies automatically populate the service map in the HP Operations Manager for Windows console, based on discovery rules executed within the managed environment. Discovered attributes may be hardware resources, operating systemattributes, applications, and other information that can be retrieved froma managed object. In HPOMfor Windows, a service tree and rule set is defined by a management module. A service auto-discovery policy references a management module and includes user-defined parameters and an execution schedule, which can be configured. Predefined management modules are provided with HP Operations Smart Plug-ins (SPIs). HPOMprovides a management module for your own customservice auto-discovery policies. Service auto-discovery policies allow you to: l Configure a predefined management module discovery l Configure a customservice discovery policy l Schedule the execution of the discovery by the management module l Define additional parameters if required You must deploy a service auto-discovery policy to a managed node before it can be executed. When you remove a service auto-discovery policy froma managed node, the discovered services and relationships are removed fromthe service map. To configure service auto-discovery 1. In the console tree, select Policy Management Policies grouped by type Agent policies Service Auto-Discovery. 2. Right-click to open the shortcut menu. Select New Policy to open the Service Auto- discovery editor. The Discover tab appears by default. a. In the Discover tab, specify the management module and service type definition you want to configure. b. Use the Schedule tab to specify the time, date, and frequency of discovery. c. Check the status line at the bottomof the policy editor for messages about your policy configuration. d. When configuration is complete, click Save and Close to save the changes to the policy and close this policy editor. Related topics l Configure deployment for service types l View node group deployment properties l Remove policy fromnode Management modules Management modules are predefined sets of discovery rules and actions that allow distributed discovery. An executed management module, using a service auto-discovery policy, automatically HP Operations Manager (9.00) Page 814 of 1297 Online Help creates instances of service type definitions in the service map. An instance of a service type is an actual service visible in the service map. A management module is stored on the management server. By itself it is not deployed or active. To be executed, any management module has to be referenced and started by a service auto- discovery policy. HP Operations Smart Plug-ins (SPIs) provide predefined management modules and service types. Using the Service Type editor, you can make changes to certain attributes of a predefined service type. For example, you might assign graphs and reports and define auto-deployment attributes. However, you cannot add a new service type to existing management modules. HPOMdoes not allow you to create management modules, but does provide the Custom- Discovery management module. You can use the Custom-Discovery management module if you want to create your own customservice auto-discovery policies. Service auto-discovery policies Service auto-discovery policies are supplied by Smart Plug-ins (SPIs) to discover services in your managed environment and display themon a service map. You can also create your own custom service auto-discovery policies. Before you can execute a service auto-discovery policy, you must deploy it to a managed node, either manually or through auto-deployment. See the specific SPI documentation for details on auto-deployment, which varies somewhat fromSPI to SPI. Usually there is no need to modify the SPI auto-discovery policy. However, certain SPIs may require that you configure this policy by adding parameter data such as a user name or password to allow access and discovery of specific applications on a managed node. Undesired services in the service map that were discovered can be manually removed. These services will not be rediscovered unless a change in the environment is detected. However, you can start commands that force agents to resend service discovery data. When the management server receives the service discovery data, it recreates the service map, including any services that you previously removed. You can also use these commands for troubleshooting if services fail to appear on the management server. You can start these commands on nodes using the following tools: l Tools HP Operations Manager Tools Resend service discovery data (Windows agents) l Tools HP Operations Manager Tools Resend service discovery data (UNIX agents) To disable automatic service discovery, remove service auto-discovery policies fromthe Policy Groups that are configured for auto-deployment. When you remove a service auto-discovery policy froma managed node, the discovered services and relationships are removed fromthe service map. Related topics l Remove policy frompolicy group l Remove policy fromnode HP Operations Manager (9.00) Page 815 of 1297 Online Help Configure predefined service auto-discovery If you are using HPOperations Smart Plug-ins that provide predefined management modules, you can ins some cases use the Discover tab in the Service Auto-Discovery policy editor to configure discovery options. 1. In the console tree, select Policy Management Policies grouped by type Agent policies Service Auto-Discovery. 2. Right-click to open the shortcut menu. Select New Policy to open the Service Auto- discovery editor. The Discover tab displays by default. 3. Fromthe Management Modules list, select a management module. Service type definitions associated with the selected management module appear in the Service Type Definitions box. 4. Select the service type definition you want to configure. Any editable parameters associated with the selected service type definition display in the User Editable Parameters box. 5. Select a parameter and type in the field beside it to change the parameter. To continue to configure service auto-discovery, click the Schedule tab. Configure custom service auto-discovery You can create new service auto-discovery policies to discover services in your environment and automatically populate your service hierarchy. The services that you discover can belong to any existing service type, including any new service types that you have configured. Before you can configure a customservice auto-discovery policy, you must create a script (or program) that the agent can run on a managed node to discover services. This service discovery script must write details of each discovered service in XML to the standard output stream (STDOUT). The agent stores these details in the agent repository, which is a local data store of services that exist on the node. The agent publishes details of new, changed, and removed services to the management server, but does not resend details of unchanged services. Service XMLSchema Definition (XSD) Your service discovery script must output XML that conforms to the following schema: <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="Service"> <xs:complexType> <xs:choice maxOccurs="unbounded"> <xs:element ref="NewInstance"/> <xs:element ref="DeleteInstance"/> <xs:element ref="NewRelationship"/> <xs:element ref="DeleteRelationship"/> </xs:choice> </xs:complexType> <xs:key name="InstanceKey"> <xs:selector xpath="NewInstance|DeleteInstance"></xs:selector> <xs:field xpath="Key"></xs:field> HP Operations Manager (9.00) Page 816 of 1297 Online Help </xs:key> <xs:keyref refer="InstanceKey" name="InstanceKeyRef"> <xs:selector xpath="NewInstance|DeleteInstance"></xs:selector> <xs:field xpath="@ref"></xs:field> </xs:keyref> <xs:keyref refer="InstanceKey" name="InstanceRef"> <xs:selector xpath="NewRelationship/*/Instance|DeleteRelationship/*/Instance"></xs:selector> <xs:field xpath="@ref"></xs:field> </xs:keyref> </xs:element> <xs:element name="NewInstance" type="InstanceType"/> <xs:element name="DeleteInstance" type="InstanceType"/> <xs:complexType name="InstanceType"> <xs:sequence> <xs:element ref="Std"/> <xs:element ref="NodeGuid" minOccurs="0"/> <xs:element ref="Virtual" minOccurs="0"/> <xs:element ref="Key"/> <xs:element ref="GraphInstanceID" minOccurs="0" maxOccurs="1"/> <xs:element ref="Attributes"/> </xs:sequence> <xs:attribute name="ref" type="xs:string" use="required"/> </xs:complexType> <xs:element name="NewRelationship" type="RelationType"/> <xs:element name="DeleteRelationship" type="RelationType"/> <xs:complexType name="RelationType"> <xs:sequence> <xs:element ref="Parent"/> <xs:element ref="Components" minOccurs="0"/> <xs:element ref="DependentOn" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Std"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="DiscoveredElement"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="Virtual"> <xs:complexType/> </xs:element> <xs:element name="NodeGuid" type="xs:string"/> <xs:element name="Key" type="xs:string"/> <xs:element name="GraphInstanceID" type="xs:string"/> <xs:element name="Attributes"> <xs:complexType> HP Operations Manager (9.00) Page 817 of 1297 Online Help <xs:sequence> <xs:element ref="Attribute" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="Attribute"> <xs:complexType> <xs:attribute name="value" type="xs:string" use="required"/> <xs:attribute name="name" type="xs:string" use="required"/> </xs:complexType> </xs:element> <xs:element name="Parent"> <xs:complexType> <xs:sequence> <xs:element ref="Instance"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="DependentOn" type="InstanceList"/> <xs:element name="Components" type="InstanceList"/> <xs:complexType name="InstanceList"> <xs:sequence> <xs:element ref="Instance" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:element name="Instance"> <xs:complexType> <xs:attribute name="ref" type="xs:string" use="required"/> </xs:complexType> </xs:element> </xs:schema> The following table describes the elements that the service XML document can contain. Element Description NewInstance Represents a discovered service. You must add a ref attribute, which must match the unique service ID that you specify in the Key element. You can then use this reference in Instance elements in the current XML document if you want to create or delete relationships. DeleteInstance Represents a service that you want to delete immediately. The agent automatically deletes previously discovered services fromthe agent repository if your service discovery script runs five times (by default) without including the service as a NewInstance in the XML document. You can control how often the service discovery script must run before a missing service is automatically deleted by changing the agent parameter INSTANCE_DELETION_THRESHOLD in the agtrep namespace. HP Operations Manager (9.00) Page 818 of 1297 Online Help Element Description Note: There are several different ways to set agent parameters. l Using a node info policy. (See Node Info Policies.) l In the HTTPS agent installation defaults. (See Configure HTTPS agent installation defaults.) l Using ovconfchg at a command prompt on the node. (See ovconfchg.) l Using ovconfpar at a command prompt on the management server. (See ovconfpar.) However, if you specify this element, the agent deletes the service immediately and publishes the change to the management server. If the service that you specify has related component services, the agent also deletes the component services. NewRelationship Defines a new relationship between services. This element must contain exactly one Parent element and can contain one or more Components and DependentOn elements. DeleteRelationship Defines relationships that you want to delete. This element must contain exactly one Parent element and can contain one or more DependentOn elements. Note: The agent does not allow to delete component relationships to avoid orphaned child services. To delete a component relationship, you must delete the component service using a DeleteInstance element. Std Must contain the string DiscoveredElement. NodeGuid Contains the core ID or primary node name of the node that hosts this service. You need to include this element only if the service is hosted on a different node. For example, you can include this element if your service discovery script runs on a central computer that has data about services on other computers. Virtual Include this element if the service is virtual. A virtual service is abstract and does not exist on any node. Omit this element if the service is hosted on a node. HP Operations Manager (9.00) Page 819 of 1297 Online Help Element Description Key Contains the full service ID for this service, which must be unique. You must include this element in all NewInstance and DeleteInstance elements. You must not specify a NewInstance and DeleteInstance with the same key in the same XML document. GraphInstanceID Contains the unique ID of a graph that you want to associate with the service. Attributes Contains Attribute elements. Attribute Has a name attribute and a value attribute. You must include an Attribute element with the name hpom_realstdid. The value of this attribute must contain the unique ID of the service type that this service belongs to. The management server can use any other name and value pairs to generate the service's display name and description according to the formats in the service type. Alternatively, you can override the service type's display name and description formats, by including attributes with the names hpom_ captionformat and hpom_descriptionformat. Parent Contains an Instance element, which defines the service that is the parent of this relationship. The parent instance that you specify must exist on the management server and in the agent repository on the node. Therefore, you may need to include a NewInstance element to add the parent to the agent repository, even if the parent already exists on the management server. Instance Has a ref attribute that refers to a NewInstance element in the current XML document. DependentOn Contains one or more Instance elements, which refer to the services that are dependent on the specified Parent element. Components Contains one or more Instance elements, which refer to the services that are components of the specified Parent element. Your service discovery script must output an XML document that meets the following additional requirements: l Each service instance must include an Attribute element with the name hpom_realstdid. The value of this attribute must contain the unique ID of the service type that this service belongs to. You can find this unique ID in the service type properties dialog box. l A service appears in the console's service hierarchy only after you create a component relationship with another service that already exists in the service hierarchy. For example, to add a service at the top level of the service hierarchy, you must create a component relationship with HP Operations Manager (9.00) Page 820 of 1297 Online Help the root service, which has the service ID Root_Services and the service type unique ID root. Example Service XML Create a new service instance and component relationship The following XML creates a new service with the service ID CustomServiceID, which belongs to a customservice type that has the ID {3C589DC6-6627-4C37-9818-91CB6B342E72}. The XMLspecifies that the display name of the service is Custom Service 1, and the description is An example custom service.. The XMLadds the new service to the service hierarchy as a component of the root service. The root service already exists on the management server, but is specified as a new service instance so that the agent adds it to the local agent repository. <Service> <NewInstance ref="CustomServiceID"> <Std>DiscoveredElement</Std> <Key>CustomServiceID</Key> <Attributes> <Attribute name="hpom_realstdid" value="{3C589DC6-6627-4C37-9818- 91CB6B342E72}" /> <Attribute name="hpom_captionformat" value="Custom Service 1" /> <Attribute name="hpom_descriptionformat" value="An example custom service." /> </Attributes> </NewInstance> <NewInstance ref="Root_Services"> <Std>DiscoveredElement</Std> <Key>Root_Services</Key> <Virtual /> <Attributes> <Attribute name="hpom_realstdid" value="root" /> </Attributes> </NewInstance> <NewRelationship> <Parent> <Instance ref="Root_Services" /> </Parent> <Components> <Instance ref="CustomServiceID" /> </Components> </NewRelationship> </Service> Create a dependency relationship The following XML creates two new services, which belong different service types. The XMLadds the new services to the service hierarchy as components of the root service. The XML also specifies a dependency relationship between the two new services. HP Operations Manager (9.00) Page 821 of 1297 Online Help Each service specifies an example attribute, which the management server can use in the service's display name. (The service type has a display name format that contains the corresponding variable $ExampleAttribute$.) <Service> <NewInstance ref="ServiceA"> <Std>DiscoveredElement</Std> <Key>ServiceA</Key> <Attributes> <Attribute name="hpom_realstdid" value="{54316677-0262-45F7-85E3- 49101B42F2AA}" /> <Attribute name="ExampleAttribute" value="ExampleA" /> </Attributes> </NewInstance> <NewInstance ref="ServiceB"> <Std>DiscoveredElement</Std> <Key>ServiceB</Key> <Attributes> <Attribute name="hpom_realstdid" value="{54FB405F-4EB9-4A77-B5A7- DE137F91FEEB}" /> <Attribute name="ExampleAttribute" value="ExampleB" /> </Attributes> </NewInstance> <NewInstance ref="Root_Services"> <Std>DiscoveredElement</Std> <Key>Root_Services</Key> <Virtual /> <Attributes> <Attribute name="hpom_realstdid" value="root" /> </Attributes> </NewInstance> <NewRelationship> <Parent> <Instance ref="Root_Services" /> </Parent> <Components> <Instance ref="ServiceA" /> <Instance ref="ServiceB" /> </Components> </NewRelationship> <NewRelationship> <Parent> <Instance ref="ServiceB" /> </Parent> <DependentOn> <Instance ref="ServiceA" /> </DependentOn> </NewRelationship> </Service> Move a dependency relationship HP Operations Manager (9.00) Page 822 of 1297 Online Help The following XML specifies that the services fromthe previous example still exist, but moves the dependency relationship fromone service to another. <Service> <NewInstance ref="ServiceA"> <Std>DiscoveredElement</Std> <Key>ServiceA</Key> <Attributes> <Attribute name="hpom_realstdid" value="{54316677-0262-45F7-85E3- 49101B42F2AA}" /> <Attribute name="ExampleAttribute" value="ExampleA" /> </Attributes> </NewInstance> <NewInstance ref="ServiceB"> <Std>DiscoveredElement</Std> <Key>ServiceB</Key> <Attributes> <Attribute name="hpom_realstdid" value="{54FB405F-4EB9-4A77-B5A7- DE137F91FEEB}" /> <Attribute name="ExampleAttribute" value="ExampleB" /> </Attributes> </NewInstance> <NewInstance ref="Root_Services"> <Std>DiscoveredElement</Std> <Key>Root_Services</Key> <Virtual /> <Attributes> <Attribute name="hpom_realstdid" value="root" /> </Attributes> </NewInstance> <NewRelationship> <Parent> <Instance ref="Root_Services" /> </Parent> <Components> <Instance ref="ServiceA" /> <Instance ref="ServiceB" /> </Components> </NewRelationship> <DeleteRelationship> <Parent> <Instance ref="ServiceB" /> </Parent> <DependentOn> <Instance ref="ServiceA" /> </DependentOn> </DeleteRelationship> <NewRelationship> <Parent> <Instance ref="ServiceA" /> HP Operations Manager (9.00) Page 823 of 1297 Online Help </Parent> <DependentOn> <Instance ref="ServiceB" /> </DependentOn> </NewRelationship> </Service> Delete service instances The following XMLimmediately deletes a service with the service ID CustomServiceID, which belongs to a customservice type that has the ID {3C589DC6-6627-4C37-9818- 91CB6B342E72}. <Service> <DeleteInstance ref="CustomServiceID"> <Std>DiscoveredElement</Std> <Key>CustomServiceID</Key> <Attributes> <Attribute name="hpom_realstdid" value="{3C589DC6-6627-4C37-9818- 91CB6B342E72}" /> </Attributes> </DeleteInstance> </Service> To configure a custom service auto-discovery policy 1. Copy your service discovery script to a category subfolder within <share_ dir>\Instrumentation 2. In the console tree, expand Policy management Policies grouped by type Agent policies. 3. Right-click Service Auto-Discovery, and then click New Policy. 4. In Management Modules select Custom-Discovery. 5. In User Editable Parameters modify CommandLine to specify the name of your service discovery script. You can specify a different command line for Windows and UNIX nodes. Use the variable $ACTION_DIR to represent the folder that contains instrumentation on managed nodes. For example, you could specify the command line "$ACTION_ DIR/custom_discovery.cmd". Escape any backslashes (\) with a second backslash (\\). 6. Optional. By default, the agent starts the service discovery script under the same account as the agent is running under, which is Local Systemby default. You can specify a different user and password if you want the script to run under a different account. 7. Configure the schedule in the Schedule tab. 8. Click Save and Close. The Save As dialog box appears. 9. Type a Name for the policy. 10. Type the Category that corresponds to the category subfolder to which you copied the service HP Operations Manager (9.00) Page 824 of 1297 Online Help discovery script. 11. Click OK. 12. Deploy the policy to the appropriate managed nodes. Tip: The maximumfrequency that you can schedule for a service auto-discovery policy is hourly. This frequency may not be convenient when you are developing and testing your policy. However, after you deploy your policy to a node, you can run the policy on demand using the command ovagtrep -run <policy name> on the node. Related topics l Configure a new service type l Associate instrumentation with policies l ovagtrep Configure schedules in service auto-discovery policies Use the Schedule tab of the Service Auto-Discovery policy editor to specify a discovery schedule for the current policy. The contents of the Schedule tab change depending on the option that you choose fromthe Schedule Task list. The following options are available: l Every hour: Specify the minute within the hour that the task should begin. l Daily: Specify the specific time of day the task should run, or multiple times. l Weekly: Specify the day of the week, the specific time of day that the task should run, or multiple times. l Monthly: Specify the day of the month, the specific time of day that the task should run, or multiple times. l Once: Specify a date, and the specific time that the task should run, or multiple times. l Specially: This option provides the most choice. You can specify weekdays, days of the month, and months that the task should run. You can specify that the task should run at a specific time, or multiple times. By default, the command runs at 2 a.m. every day. n To set the parameter: Click in the appropriate day, date, or month interval to select it or drag the cursor over multiple intervals and click Set. A blue bar indicates the selection has been set. n To delete the setting:Right-click in the timeline or interval and click Clear or select Clear All fromthe shortcut menu. If you select the Daily, Weekly, Monthly, Once, or SpeciallyDaily or Weekly, you can either set a specific time of day that the task should run, or you can set multiple times. To set multiple times 1. In the Schedule tab of the Service Auto-Discovery dialog box, click Multiple Times, and then click Times. The Time Reoccurrence dialog box opens. By default, the task runs at the start HP Operations Manager (9.00) Page 825 of 1297 Online Help of every hour. 2. To specify the minute when the task should run, click one of the minutes in the On specified minute display. You can select only one minute during the hour. A blue bar indicates your choice. 3. Click Clear all to clear the On specified hours default settings. 4. To select one or more hours for the task to be run, click one or more hours drag the cursor over multiple hours. A blue bar indicates your choice. Click Set all to select all the hours. 5. To select one or more weekdays for the task to be run, click one or more days or drag the cursor over multiple days. A blue bar indicates your choice. 6. Click OK to close this dialog box. In all cases, your choices are summarized in the Schedule Summary at the bottomof the screen. HP Operations Manager (9.00) Page 826 of 1297 Online Help Service/Process Monitoring Policies This policy type monitors the Windows services or processes (on any supported operating system), which are running on the managed node. You can define the status to monitor and the action to take if the status changes. Service/process monitoring policies can send a message when the status of the monitored services changes (for example, fromrunning to stopped). Choose this policy type if you want to monitor the status of services or processes, which are running on the managed node. Configure service monitors Use the Add New Services dialog box to specify which Windows services you want to monitor with the policy you are creating. If you know the name of the node where the Windows service you want to monitor is running, you can type it directly into the Node box. If you do not know the name of the node, click the [...] button to browse a list of known nodes. After you have selected the node, click Refresh to display a list of the Windows services running on the selected node. To add a newWindows service to monitor 1. Select Services in the Monitoring drop-down menu in the Policy dialog. 2. If you know the exact name of the Windows service you want to add: a. Click New.Click the Newbutton in the Service/Process Policy Editor to display the New Service dialog box, which you use to enter details of the services that you want to monitor with the Windows service policy. Use this option if know the details of the Windows service that you want to monitor but cannot access the node where the services are running. b. Provide the following details: Service Name Type the real name of the Windows service that you want to monitor. The policy editor compares the string that you type in the Service Name box with the list of existing service names defined in the policy. It does not allow duplicate names or recognize the following special characters; \ (backslash), " (quotation mark), : (colon), & (ampersand), < > (angle brackets), ? (question mark), | (pipe), and spaces ( ). The policy editor does not try to establish whether the Windows service you specify exists (for example, because you have not typed the service name correctly). Select the Send message if Service does not exist option to ensure that HPOMinforms you if the Windows service you specify here is not present when you deploy the policy to the node. Display Name The Display Name is used in the policy editor for information purposes only. It is not used to identify the Windows service. By default, the Display Name is the name that Windows shows in the Name column of Services dialog box. Monitoring Select the state that you want to monitor for the selected Windows service. For example, the default monitoring status "Running" checks whether the selected Windows service is running. Other states include "Disabled" and "Stopped". If the policy detects a change in HP Operations Manager (9.00) Page 827 of 1297 Online Help state for the selected Windows service, it starts the actions defined in Actions, below. Actions Choose whether you want to use the default actions defined for the Windows service, or specify your own, customized actions: o Default Actions: Click Defaults in the Policy dialog to specify that you want the Windows-service monitor to use the default actions defined for the policy. o Custom Actions: Click Custom defined if you want to define customactions for a Windows-service monitor. If you check this option, you must use the options in the Start actions, Continue actions and End actions tabs to configure the actions that you want to occur when the policy finds a match. The actions tabs you use here are the standard HPOMtabs for defining a message and automatic or operator-initiated action. c. Click OK. 3. If you want to select the Windows service froma list: a. Click Browse... to select froma list of available Windows services on the specified node. b. Type the name of the node in the Node box or click the [...] button to browse a list of nodes. The list of nodes is retrieved fromthe HPOMdatabase and does not indicate that a connection to the individual nodes in the list has been successful. c. Click Refresh. Note: The policy editor attempts to connect to the node you type into the Node box as the Windows user who started the console. If this user is not allowed to access service information on the specified node, or the policy editor cannot connect to the specified node, the policy editor displays an error message or asks you for more information. d. Select the Windows service that you want to monitor. e. Click OK if you do not want to add any more Windows services, or click Apply if you want to continue adding Windows services to the monitor policy. 4. If you want to copy an existing Windows service monitor so that you can then modify it (for example, if you want to re-use customized actions that you have defined for an existing Windows service monitor): a. Select the service that you want to copy in the list of existing Windows services displayed in the policy editor. b. Click Copy. c. Type the details of the new Windows service to monitor. By default, the policy editor inserts the word "Copy" in front of the service name. d. Click OK. The new copy appears in the list of Windows-service monitors in the policy editor. 5. Set the Polling Interval. Indicate how often the policy should check the source for new information. This period of time is the polling interval. To increase performance, the polling HP Operations Manager (9.00) Page 828 of 1297 Online Help interval should be as large as possible, while still being frequent enough to monitor data at the rate that it is expected to change. Note that a policy begins to evaluate data after the first polling interval passes. A shorter polling interval is better when you are testing a policy.. Configure process monitors Use the Add New Process dialog box to specify which processes you want to monitor. If you know the name of the node where the process you want to monitor is running, you can type it directly into the Node box. If you do not know the name of the node, click the [...] button to browse a list of nodes.. After you have selected the node, click Refresh to display a list of the Windows processes running on the selected node. The list shows only running processes; the list does not display processes that are either disabled or stopped. To add a newprocess to monitor 1. Select Processes in the Monitoring drop-down menu in the Policy dialog. 2. If you know the name of the process you want to add: a. Click the Newbutton in the Service/Process Policy Editor to display the New Process dialog box. Use this dialog box to specify details of the processes that you want to monitor with the process monitor policy. Use this option if you know the details of the process that you want to monitor but cannot access the node where the process is running. b. Type the details of the process to monitor: Process The name of the process that you want to monitor. The policy editor compares the string you type in the Process box with the list of existing process names defined in the policy. It does not allow duplicate names or recognize the following special characters; \ (backslash), " (quotation mark), : (colon), & (ampersand), < > (angle brackets), ? (question mark), | (pipe), and spaces ( ). For Windows nodes, the string you enter here must match the name of the process as it is known to Windows, including the file extension, for example: "notepad.exe". Duplicates are not allowed. For UNIX or Linux nodes, specify only the name of the executable file for the process that you want to monitor. Do not include the path. You can monitor multiple instances of a process by using parameters to differentiate between the instances (for example, svchost.exe -k rpcss and svchost.exe -k netsvcs). For more information, see Parameters below. Parameters Define the strings or parameters that you need to match. If you use this option, the parameters you specify are used to identify the running process. Standard HPOMpattern matching is used to evaluate the contents of this box, which for Windows managed nodes are not case sensitive. Note that: HP Operations Manager (9.00) Page 829 of 1297 Online Help o If the Parameters box is empty, the policy editor matches only processes running without parameters. o If the Parameters box contains a string with no pattern-matching characters, the policy editor matches only processes with the defined string. o If the Parameters box contains pattern-matching characters, the policy editor matches all process parameters with the string defined (for example, <*> matches all parameters, and <*>abc<*> matches all parameters containing the string "abc"). Number of Processes Use the drop-down list to specify an operator, and the text box to specify the number of processes that you expect to be running. Use the equals operator (==) to specify an exact value. Alternatively, use less than or equal to (<=), or greater than or equal to (>=) to define a range (for example, >=1). Note: The value you enter here defines the state which the policy expects to find and considers correct. The policy sends a message only if the state it finds is not the expected one. For example, use >= 1 (greater than or equal to one) to check that one or more instances of a process are running. If the policy discovers that 0 (zero) instances of the process are running, it sends a message to the console. CPU Utilization Use the drop-down list to specify an operator, and the text box to specify the percentage of CPU that you expect the process to use. Use the equals operator (==) to specify an exact value. Alternatively, use less than or equal to (<=), or greater than or equal to (>=) to define a range (for example, <=60). Note: If you specify a value for CPU Utilization, the policy requires agent version 8.60 or greater. Memory Usage Use the drop-down list to specify an operator, and the text box to specify the amount of memory (in megabytes) that you expect the process to use. Use the equals operator (==) to specify an exact value. Alternatively, use less than or equal to (<=), or greater than or equal to (>=) to define a range (for example, <=200). Note: If you specify a value for Memory Usage, the policy requires agent version 8.60 or greater. Actions Choose whether you want to use the default actions defined for the process, or specify your own, customized actions: o Default Actions: Click Defaults in the Policy dialog box to specify that you want the process monitor to use the default actions defined for the policy. o Custom Actions: HP Operations Manager (9.00) Page 830 of 1297 Online Help Click Custom defined if you want to define customactions for a process monitor. If you check this option, you will have to use the options in the Start actions, Continue actions and End actions tabs to configure the actions that you want to occur when the policy finds a match. The actions tabs you use here are the standard HPOMtabs for defining a message and automatic or operator-initiated action. c. Click OK. 3. If you want to select the process froma list:: a. Click Browse to select froma list of available processes on a node. b. Type the name of the node in the Node box or click the [...] button to browse a list of nodes. The list of nodes is retrieved fromthe HP Operations database and does not indicate that a connection to the individual nodes in the list has been successful. Note: It is not possible to browse processes on UNIX and Linux nodes using the Browse button. c. Click Refresh to display a list of processes on the specified node. Note: The policy editor attempts to connect to the node you type into the Node box as the Windows user who started the console. If this user is not allowed to access process information on the specified node, or the policy editor cannot connect to the specified node, the policy editor displays an error message or asks you for more information. d. Select the process that you want to monitor and click OK if you do not want to add any more processes, or click Apply if you want to continue adding processes to the process monitor policy. e. Select a process fromthe list and click Edit if you want to inspect or change the default actions associated with the selected process monitor. 4. If you want to copy an existing process so that you can then modify it (for example, if you want to re-use customized actions that you defined for an existing monitor or if you want to monitor two instances of a process on a node, but with different parameters): a. Select the process monitor that you want to copy in the list of existing processes in the process monitor policy editor. b. Click Copy. c. Type the details of the process to monitor. d. Click OK. The copy appears in the list of process monitors in the process monitor policy editor. 5. Set the Polling Interval. Indicate how often the policy should check the source for new information. This period of time is the polling interval. To increase performance, the polling interval should be as large as possible, while still being frequent enough to monitor data at the rate that it is expected to change. Note that a policy begins to evaluate data after the first polling interval passes. A shorter polling interval is better when you are testing a policy.. 6. Save the new or modified process monitor policy. HP Operations Manager (9.00) Page 831 of 1297 Online Help Configure start actions in service/process monitoring policies Each service or process monitor that you add to your policy has a start action. A start action is triggered when the service is not in the state you specified, or the number of processes is not as you specified. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where HP Operations Manager (9.00) Page 832 of 1297 Online Help applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$NAME> Returns the name of the policy that sent the message. Sample output: cpu_util <$OPC_GUI_CLIENT> HP Operations Manager (9.00) Page 833 of 1297 Online Help Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com You can also use some default session object values in message and command text boxes. The agent automatically sets these values for service/process monitoring policies. Session object values for service monitoring policies The agent automatically sets the following values in the session object for service monitor policies: <$SESSION(SERVICENAME)> Defines the name used to access the Windows service on the Managed Node <$SESSION(SERVICEDISPLAYNAME)> Defines the display name of the Windows service. This value is retrieved on the specified Managed Node and can be displayed in the local language of the Managed Node. <$SESSION(SERVICEMONITORSTATE)> Defines the state of the Windows service to monitor, for example; "running", "stopped", or "disabled". If an agent catalog is available in the local language set on the Managed Node, this is the localized text for the monitor state. If no agent catalog is available in the local language of the Managed Node, English text is used to display the monitor state. <$SESSION(SERVICECURRENTSTATE)> Defines the current state of the Windows service being monitored, for example; "running", "stopped", or "disabled". If an agent catalog is available in the local language set on the Managed Node, this is the localized text for the monitor state. If no agent catalog is available in the local language of the Managed Node, English text is used to display the monitor state. <$SESSION(SERVICEACTION)> Defines the string used to build the message text. It depends on the monitor mode you define: l Monitor state "running" net start /Y <service_name> l Monitor state "stopped" net stop /Y <service_name> l Monitor state "disabled" empty Session object values for process monitoring policies The agent automatically sets the following values in the session object for process monitor policies: <$SESSION(PROCESSNAME)> Defines the name used to access the process on the Managed Node HP Operations Manager (9.00) Page 834 of 1297 Online Help <$SESSION(PROCESSPARAMETERS)> Defines the parameter pattern used to access the process on the Managed Node <$SESSION(PROCESSNBREXPECTED)> Defines the number of monitored processes <$SESSION(PROCESSNBRAVAILABLE)> Defines the number of available processes matching the process name and parameter pattern <$SESSION(PROCESSMODE)> Defines the string used to build the message text. It depends on the monitor you specify, for example: l MIN PROCESSMODE is: ">= " l MAX PROCESSMODE is: "<= " l EQUAL PROCESSMODE is: " " (empty string) If you do not change the default start actions, the predefined start actions run. Predefined default start action for service monitors The predefined default start action for service monitors sends a message to the active message browser. The message has the following attributes: l Severity: Critical l Message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_OBJECT>:START l Message text: <$MSG_TEXT>.(Service name, actual and expected service state) For example: Service Telnet is not running. Current state is stopped. l Acknowledge message with message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_ OBJECT>:<*> The predefined default start action for service monitors includes an operator-initiated action: <$SESSION(SERVICEACTION)>. The value of this variable depends on the state that you define in the service monitor: l Monitoring state "running" net start /Y <service_name> l Monitoring state "stopped" net stop /Y <service_name> l Monitoring state "disabled" empty Predefined default start action for process monitors The predefined default start action for process monitors sends a message to the active message browser. The message has the following attributes: HP Operations Manager (9.00) Page 835 of 1297 Online Help l Severity: Critical l Message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_OBJECT>:START l Message Acknowledgement with message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_ OBJECT>:<*> l Message text: <$MSG_TEXT>.(Process name, actual and expected number of running processes) For example: 0 processes "notepad.exe" with parameter "<*>abc<*>" are running. Expected: 1 process. To configure start actions for service/process monitoring policies: 1. You can configure default start actions, which apply to all service or process monitors, or configure customstart actions, which apply to individual service or process monitors. n To configure default start actions, click Defaults... n To configure customstart actions: i. Click the service or process monitor in the list, and then click Modify.... The properties dialog box opens. ii. In Actions, click Custom defined, and then click the Start actions tab. 2. To configure the message that the start action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more HP Operations Manager (9.00) Page 836 of 1297 Online Help than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// HP Operations Manager (9.00) Page 837 of 1297 Online Help o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time HP Operations Manager (9.00) Page 838 of 1297 Online Help that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. HP Operations Manager (9.00) Page 839 of 1297 Online Help iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For HP Operations Manager (9.00) Page 840 of 1297 Online Help example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: HP Operations Manager (9.00) Page 841 of 1297 Online Help n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. HP Operations Manager (9.00) Page 842 of 1297 Online Help If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you can add commands to the start action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. HP Operations Manager (9.00) Page 843 of 1297 Online Help You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. HP Operations Manager (9.00) Page 844 of 1297 Online Help n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure continue actions in service/process monitoring policies Each service or process monitor that you add to your policy can have a continue action. After the start runs, continue actions are carried out at each subsequent polling interval if the reset value is not reached. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> HP Operations Manager (9.00) Page 845 of 1297 Online Help Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by HP Operations Manager (9.00) Page 846 of 1297 Online Help the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$NAME> Returns the name of the policy that sent the message. Sample output: cpu_util <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com You can also use some default session object values in message and command text boxes. The agent automatically sets these values for service/process monitoring policies. Session object values for service monitoring policies The agent automatically sets the following values in the session object for service monitor policies: <$SESSION(SERVICENAME)> Defines the name used to access the Windows service on the Managed Node <$SESSION(SERVICEDISPLAYNAME)> Defines the display name of the Windows service. This value is retrieved on the specified Managed Node and can be displayed in the local language of the Managed Node. <$SESSION(SERVICEMONITORSTATE)> Defines the state of the Windows service to monitor, for example; "running", "stopped", or "disabled". If an agent catalog is available in the local language set on the Managed Node, this is the localized text for the monitor state. If no agent catalog is available in the local language of the Managed Node, English text is used to display the monitor state. <$SESSION(SERVICECURRENTSTATE)> Defines the current state of the Windows service being monitored, for example; "running", "stopped", or "disabled". If an agent catalog is available in the local language set on the Managed Node, this is the localized text for the monitor state. If no agent catalog is available in the local language of the Managed Node, English text is used to display the monitor state. <$SESSION(SERVICEACTION)> HP Operations Manager (9.00) Page 847 of 1297 Online Help Defines the string used to build the message text. It depends on the monitor mode you define: l Monitor state "running" net start /Y <service_name> l Monitor state "stopped" net stop /Y <service_name> l Monitor state "disabled" empty Session object values for process monitoring policies The agent automatically sets the following values in the session object for process monitor policies: <$SESSION(PROCESSNAME)> Defines the name used to access the process on the Managed Node <$SESSION(PROCESSPARAMETERS)> Defines the parameter pattern used to access the process on the Managed Node <$SESSION(PROCESSNBREXPECTED)> Defines the number of monitored processes <$SESSION(PROCESSNBRAVAILABLE)> Defines the number of available processes matching the process name and parameter pattern <$SESSION(PROCESSMODE)> Defines the string used to build the message text. It depends on the monitor you specify, for example: l MIN PROCESSMODE is: ">= " l MAX PROCESSMODE is: "<= " l EQUAL PROCESSMODE is: " " (empty string) If you do not change the default continue actions, then no continue actions run. To configure continue actions for service/process monitoring policies: 1. You can configure default continue actions, which apply to all service or process monitors, or you can configure customcontinue actions, which apply to individual service or process monitors. n To configure default continue actions, click Defaults..., and then click the Continue actions tab. n To configure customcontinue actions: i. Click the service or process monitor in the list, and then click Modify.... The properties dialog box opens. ii. In Actions, click Custom defined, and then click the Continue actions tab. 2. If you want to configure continue actions, click one of the following; HP Operations Manager (9.00) Page 848 of 1297 Online Help n Use the specified 'Start actions'. This option enables you to send a message that is a duplicate of the start action message. In addition, if the start action has an automatic command, the agent starts this command again. n Define special 'Continue actions'. This option enables you configure a message and commands that are different those in the start action. 3. To configure the message that the action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated HP Operations Manager (9.00) Page 849 of 1297 Online Help by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the HP Operations Manager (9.00) Page 850 of 1297 Online Help management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 851 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 852 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 853 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 854 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. 4. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send HP Operations Manager (9.00) Page 855 of 1297 Online Help the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 5. Optional. If you choose to send the message to the active message browser, you can add commands to the start action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command HP Operations Manager (9.00) Page 856 of 1297 Online Help a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. HP Operations Manager (9.00) Page 857 of 1297 Online Help Configure end actions Each service or process monitor that you add to your policy can have an end action. After the start runs, end actions are carried out after the service or process returns to the expected state. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. HP Operations Manager (9.00) Page 858 of 1297 Online Help <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$NAME> Returns the name of the policy that sent the message. Sample output: cpu_util <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> HP Operations Manager (9.00) Page 859 of 1297 Online Help Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com You can also use some default session object values in message and command text boxes. The agent automatically sets these values for service/process monitoring policies. Session object values for service monitoring policies The agent automatically sets the following values in the session object for service monitor policies: <$SESSION(SERVICENAME)> Defines the name used to access the Windows service on the Managed Node <$SESSION(SERVICEDISPLAYNAME)> Defines the display name of the Windows service. This value is retrieved on the specified Managed Node and can be displayed in the local language of the Managed Node. <$SESSION(SERVICEMONITORSTATE)> Defines the state of the Windows service to monitor, for example; "running", "stopped", or "disabled". If an agent catalog is available in the local language set on the Managed Node, this is the localized text for the monitor state. If no agent catalog is available in the local language of the Managed Node, English text is used to display the monitor state. <$SESSION(SERVICECURRENTSTATE)> Defines the current state of the Windows service being monitored, for example; "running", "stopped", or "disabled". If an agent catalog is available in the local language set on the Managed Node, this is the localized text for the monitor state. If no agent catalog is available in the local language of the Managed Node, English text is used to display the monitor state. <$SESSION(SERVICEACTION)> Defines the string used to build the message text. It depends on the monitor mode you define: l Monitor state "running" net start /Y <service_name> l Monitor state "stopped" net stop /Y <service_name> l Monitor state "disabled" empty Session object values for process monitoring policies The agent automatically sets the following values in the session object for process monitor policies: <$SESSION(PROCESSNAME)> Defines the name used to access the process on the Managed Node <$SESSION(PROCESSPARAMETERS)> Defines the parameter pattern used to access the process on the Managed Node <$SESSION(PROCESSNBREXPECTED)> HP Operations Manager (9.00) Page 860 of 1297 Online Help Defines the number of monitored processes <$SESSION(PROCESSNBRAVAILABLE)> Defines the number of available processes matching the process name and parameter pattern <$SESSION(PROCESSMODE)> Defines the string used to build the message text. It depends on the monitor you specify, for example: l MIN PROCESSMODE is: ">= " l MAX PROCESSMODE is: "<= " l EQUAL PROCESSMODE is: " " (empty string) If you do not change the default continue actions, the predefined end action runs. Predefined default end action for service monitors The predefined default end action for service monitors sends a message to the active message browser. The message has the following attributes: l Severity: Normal l Message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_OBJECT>:END l Acknowledge message with message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_OBJECT>:<*> l Message text: <$SESSION(SERVICEDISPLAYNAME)> is <$SESSION(SERVICEMONITORSTATE)>. For example: Service Telnet is running. Predefined default end action for process monitors The predefined default end action for process monitors sends a message to the active message browser. The message has the following attributes: l Severity: Normal l Message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_OBJECT>:END l Message Acknowledge with message key: <$NAME>:<$MSG_NODE_NAME>:<$MSG_OBJECT>:<*> l Message text: <$SESSION(PROCESSNBRAVAILABLE)> process "<$SESSION(PROCESSNAME)>" with parameter "<$SESSION(PROCESSPARAMETERS)>" is running. Example: 1 processes "notepad.exe" with parameter "<*>abc<*>" is running. To configure end actions for service/process monitoring policies: 1. You can configure default end actions, which apply to all service or process monitors, or you can configure customend actions, which apply to individual service or process monitors. HP Operations Manager (9.00) Page 861 of 1297 Online Help n To configure default end actions, click Defaults..., and then click the End actions tab. n To configure customend actions: i. Click the service or process monitor in the list, and then click Modify.... The properties dialog box opens. ii. In Actions, click Custom defined, and then click the End actions tab. 2. Select the Start the specified 'End actions' check box. 3. To configure the message that the action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$NAME><$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this HP Operations Manager (9.00) Page 862 of 1297 Online Help message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. HP Operations Manager (9.00) Page 863 of 1297 Online Help n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example HP Operations Manager (9.00) Page 864 of 1297 Online Help In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 865 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 866 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 867 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. 4. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send HP Operations Manager (9.00) Page 868 of 1297 Online Help the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 5. Optional. If you choose to send the message to the active message browser, you can add commands to the start action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command HP Operations Manager (9.00) Page 869 of 1297 Online Help a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. HP Operations Manager (9.00) Page 870 of 1297 Online Help SNMP Interceptor Policies This policy type monitors SNMP events, and responds when a character pattern that you choose is found in an SNMP message. Choose this policy type if you want to monitor network components that send SNMP messages. SNMP interceptor policies enable you to manage SNMP devices that you cannot deploy policies to (for example, printers, routers, computers with unsupported operating systems). To manage SNMP devices 1. Ensure that the device you want to manage has an IP address and is SNMP-enabled. 2. Add the device to the list of managed nodes. In the System tab, set System Type to Other, Operating System to SNMP, and Version to v1. 3. Configure the device to send the SNMP traps to the managed node to which you intend to deploy the SNMP interceptor policy. 4. Create an SNMP interceptor policy with rules that match the SNMP events that you are looking for with appropriate actions. The messages can be configured to regard the source of the SNMP messages as a service, so that the device can be added to the service hierarchy. 5. Deploy the policy to the node to which the device is sending the SNMP traps. Configure message defaults in SNMP interceptor policies The Outgoing message defaults dialog box enables you to set default attributes for all messages that a policy sends. The message defaults only affect new rules. You can override the defaults for individual rules after you create them. If a message in any rule contains empty attributes, the agent uses the default attributes. To set message defaults 1. Right-click the policy, and then click All Tasks Edit... 2. In the Rules tab, click Defaults....The Outgoing message defaults dialog box opens. 3. Set the message defaults: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. HP Operations Manager (9.00) Page 871 of 1297 Online Help Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to HP Operations Manager (9.00) Page 872 of 1297 Online Help the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check HP Operations Manager (9.00) Page 873 of 1297 Online Help that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 874 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 875 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Write instructions to accompany a message HP Operations Manager (9.00) Page 876 of 1297 Online Help Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: HP Operations Manager (9.00) Page 877 of 1297 Online Help n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. Configure SNMP conditions With this tab, you set the match conditions for an SNMP interceptor rule. l Rule Description: Type a description that will help you remember what this rule does. This description is visible in the rules list. HP Operations Manager (9.00) Page 878 of 1297 Online Help l Node: If you only want to match SNMP events froma specific node, type the FQDN Fully Qualified Domain Name, the primary node name, or the IP address. Give multiple entries with the OR operator (for example, celery.veg.com|broccoli.veg.com), or leave blank for all nodes. You can also use variable <$OPC_MGMTSV>. l Event Information If you want to match a specific event, select Event Object ID. If you want to match a range of events or specify a specific event in SNMPv1 Notation, select the SNMPv1 Notation option. n Event object ID Type the complete Event Object Identifier for the SNMP event that you want to match. For example: .1.3.6.1.4.1.11.2.17.1.0.40000001 n SNMPv1 Notation You can type the complete event object ID in SNMPv1 format or you can specify only part of the identifier. For example, by specifying only the Enterprise ID, you can match all events with a specific Enterprise ID. n Enterprise ID Type in the enterprise ID for incoming SNMP traps to be compared with this condition. The enterprise ID is a vendor-specific identifier for the trap. Standard HPOMpattern-matching syntax may not be used in this field; however, it is possible to match a range of objects by entering only a prefix. For instance, the pattern: .1.3.6.1.4.1.11.2.17 would match: .1.3.6.1.4.1.11.2.17.1 .1.3.6.1.4.1.11.2.17.2 and so on. n Generic ID Fromthe list, select the appropriate Generic Trap ID. Possible values are: o (0) ColdStart o (1)WarmStart o (2) LinkDown o (3) LinkUp o (4) Authentification o (5) EgpNeighborLoss o (6) EnterpriseSpecific o (7) don't care HP Operations Manager (9.00) Page 879 of 1297 Online Help If you select (6) EnterpriseSpecific, you can type in the specific trap ID. Select don't care to intercept any kind of trap. n Specific ID Type in the specific trap ID if you have selected (6)EnterpriseSpecific in Generic Trap. Enterprise-specific SNMP traps can be implemented by vendors on their specific network devices. The specific trap ID is used to identify the source of the trap. NOTE: The SNMP syntax used by the editor requires that the trap string begins with a point. If you forget to add the point at the beginning of the string, the programwill add it for you when you save the policy. l SNMP V2 Traps On nodes that have a Windows operating system, the HPOperations agent provides an SNMP trap interceptor, which starts according to the following conditions: n If HPNetwork Node Manager (NNM) exists on the node, the agent's trap interceptor attaches to the NNMpmd and receives SNMP traps fromthere. This configuration provides the agent with SNMP v1 and v2 traps. n Otherwise, if the Microsoft SNMP Trap service is running, the agent uses this service instead. This configuration provides the agent with SNMP v1 traps only. n If neither of the above conditions exists, the trap interceptor logs an error and then stops. However, you can configure the agent to start the trap interceptor even when NNMdoes not exist on the node to provide the agent with SNMP v1 and v2 traps. On nodes that have an HTTPS agent, the trap interceptor is called opctrapi. On nodes that have a DCE agent, the trap interceptor is called opcevti. To configure the agent to start the trap interceptor: a. Stop the Microsoft SNMP Trap service. Set service start mode to Manual to prevent it from getting started at next systemboot b. Set the parameter SNMP_SESSION_MODE to NNM_LIBS: o On nodes that have the DCE agent add: SNMP_SESSION_MODE NNM_LIBS to the file: <install_dir>\bin\OpC\install\opcinfo o On nodes that have the HTTPSagent, open a command prompt, and then type: ovconfchg -ns eaagt -set SNMP_SESSION_MODE NNM_LIBS c. Start the trap interceptor: o On nodes that have the DCE agent, open a command prompt, and then type: opcagt -start o On nodes that have the HTTPSagent, open a command prompt, and then type: ovc -start opctrapi HP Operations Manager (9.00) Page 880 of 1297 Online Help l Variable Bindings Select the variable bindings you want the policy to monitor, and write one or more match patterns for each binding. Standard HP Operations pattern-matching rules can be used when matching variable bindings. $1 represents the first variable binding in the event, $2 the second variable, and so on. Use the matching options button to set the case sensitivity and field separators for all variable bindings. Tip: The Rules tab provides a textual summary of each rule. You can use this summary as a navigational aid. Click any underlined text in the rule to jump to the dialog box that enables you to set that value. Configure actions in SNMPinterceptor policies In the Actions tab, you indicate what the policy should do after evaluating a particular condition. The policy can send a message to the management server, start a command, prepare a command for the operator to start, or any combination or none of these actions. Note: In all cases, if a rule evaluates as true, no more rules are processed. It is important to pay attention to the rule order. The order in which rules are evaluated has a large effect on the type of messages you receive. It also affects the speed with which messages are sent and the amount of processor time that is required by the policy. For example, you might have a policy that monitors CPU activity, containing these two rules: 1. If usage is greater than 80%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. If the rules were evaluated in the order shown, disk usage of 99% would only produce a warning message. If the order were reversed, however, a critical message would be sent. You could solve the problemby making the rules more specific, so that the order was not important: 1. If usage is between 80% and 94%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. In the example above, disk usage of 99% produces a critical message regardless of which rule is evaluated first. However, if the rules are evaluated in the order shown, disk usage of 99% is evaluated by two rules. If the order were reversed, it would be evaluated only by the first rule, thereby sending the message more quickly and reducing processing time on the managed node. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$#> Returns the number of variables in an enterprise-specific SNMP event (generic event 6 Enterprise specific ID). Sample output: 2 HP Operations Manager (9.00) Page 881 of 1297 Online Help <$*> Returns all variables assigned to the event up to the possible fifteen. Sample output: [1] .1.1 (OctetString): arg1 [2] .1.2 (OctetString): turnip.example.com <$@> Returns the time the event was received as the number of seconds since Jan 1, 1970 using the time_t representation. Sample output: 859479898 <$1> Returns one or more of the fifteen possible event parameters that are part of an SNMP event. (<$1> returns the first variable, <$2> returns the second variable, and so on.) <$\>1> Returns all attributes greater than n as value strings, useful for printing a variable number of arguments. <$\>0> is equivalent to $* without sequence numbers, names, or types. Sample output: bokchoy.example.com <$\>+1> Returns all attributes greater than n as name:value string. Sample output: .1.2: asparagus.example.com <$+2> Returns the nth variable binding as name:value . (Note: not valid in the command box.) Sample output: .1.2: artichoke.example.com <$\>-n > Returns all attributes greater than n as [seq] name (type): value strings. Sample output: [2] .1.2 (OctetString): cauliflower.example.com <$-2> Returns the nth variable binding as [seq] name-type:value . (Note: not valid in Command Box.) Sample output: [2] .1.2 (OctetString): brusselsprouts.example.com <$A> Returns the node that produced the event. Sample output: eggplant.example.com <$C> Returns the community of the event. Sample output: public <$c> Returns the event's category. Sample output: SNMP <$E> Returns the enterprise ID of the event. Sample output: .1.3.6.1.4.1.11.2.17.1 <$e> Returns the enterprise object ID. Sample output: .1.3.6.1.4.1.11.2.17.1 <$F> Returns the textual name of the remote postmaster daemon's computer if the event was forwarded. Sample output: cress.example.com <$G> Returns the generic event ID. Sample output: 6 <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User HP Operations Manager (9.00) Page 882 of 1297 Online Help <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application HP Operations Manager (9.00) Page 883 of 1297 Online Help l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_OBJECT> Returns the name of the object associated with the event. This is set in the Message Defaults section of the policy editor. <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$N> Returns the event name (textual alias) of the event format specification used to format the event, as defined in the Event Configurator. Sample output: OV_Node_Down <$O> Returns the name (object identifier) of the event. Sample output: .1.3.6.1.4.1.11.2.17.1.0.58916865 <$o> Returns the numeric object identifier of the event. Sample output: .1.3.6.1.4.1.11.2.17.1.0.58916865 <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the HP Operations Manager (9.00) Page 884 of 1297 Online Help default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com <$R> Returns the true source of the event. This value is inferred through the transport mechanism which delivered the event. Sample output: carrot.example.com <$r> Returns the implied source of the event. This may not be the true source of the event if the true source is proxying for another source, such as when a monitoring application running locally is reporting information about a remote node. Sample output: rutabaga.example.com <$S> Returns the specific event ID. Sample output: 5891686 <$s> Returns the event's severity. Sample output: Normal <$T> Returns the event time stamp. Sample output: 0 <$V> Returns the event type, based on the transport fromwhich the event was received. Currently supported types are SNMPv1, SNMPv2, CMIP, GENERIC, and SNMPv2INFORM. Sample output: SNMPv1 <$X> Returns the time the event was received using the local time representation. Sample output: 17:24:58 <$x> Returns the date the event was received using the local date representation. Sample output: 03/27/10 To configure actions in SNMP interceptor policies 1. Specify the rule type. The three rule types are: n If matched, do actions and stop. (Select True, and then click Send.) n If matched, stop. (Select True, and then click Do nothing.) n If not matched, stop. (Select False.) 2. Optional. To configure the message that the action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be HP Operations Manager (9.00) Page 885 of 1297 Online Help set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. HP Operations Manager (9.00) Page 886 of 1297 Online Help n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: HP Operations Manager (9.00) Page 887 of 1297 Online Help critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 888 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 889 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 890 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 891 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble HP Operations Manager (9.00) Page 892 of 1297 Online Help ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the action sends a message using the outgoing message defaults. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you can add commands to the action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. HP Operations Manager (9.00) Page 893 of 1297 Online Help n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) HP Operations Manager (9.00) Page 894 of 1297 Online Help n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure SNMP interceptor policy options The Options tab of the SNMP interceptor policy editor enables you to configure several policy behaviors. Log local events on the managed node HP Operations Manager allows you to define which events, if any, are logged on the managed node fromwhich they originated. These events are logged on the local managed node in the log file: <data_dir>\log\OpC\opcmsglg. Three logging options are available. l Log local events that match a rule and trigger a message. This selection logs any events in the message source that match the policy rules. l Log local events that match a rule and are ignored. This selection logs any events in the message source that are suppressed (that is, they do not cause a message to be sent to the management server). l Log local events that don't match any rule. This selection logs any events that do not match any of the rules in the policy. Capture unmatched events You can configure a policy to send a message to the management server when an event does not match any rule in the policy because none of the conditions apply or because the policy does not contain any rules. This ensures that unexpected events that might be important do not go unreported. By default, unmatched events are ignored. HP Operations Manager (9.00) Page 895 of 1297 Online Help Each policy that sends unmatched events to the management server creates a message with the default values of the policy. Tip: If you want a policy to send messages only with the default values, omit all rules fromthe policy. The following options are available: l Unmatched events are sent to the messages browser l Unmatched events are sent to the acknowledged messages browser l Unmatched events are ignored (default) Nodes create a message about an unmatched event only if the input event is unmatched in all SNMP interceptor policies on the node. Nodes send only one message for each unmatched input event. Pattern matching options The following pattern matching options are available: l Case sensitivity You can choose whether the case (uppercase or lowercase) of a text string is considered when the message text of a rule is compared with the destination text in the message source. When switched on, a match only occurs if the use of uppercase and lowercase letters is exactly the same in both the message source and the message text string. This is the default setting. l Field separators You can indicate which characters should be considered to be field separators. Field separators are used in the message text pattern as separator characters for the rule condition. You can define up to seven separators, including these special characters: n \n new line (NL) n \t horizontal tab (HT) n \v vertical tab (VT) n \b backspace (BS) n \r carriage return (CR) n \f formfeed (FF) n \a alert (BEL) n \\ backslash (\) For example, if you wanted a backslash, an asterisk, and the letter A to define the fields in the message text, you would type \\*A (with no spaces separating the characters). If you leave this box empty, the default separators (a blank and the tab character) are used by default. If you change the pattern matching options, they apply to all new rules in a policy. Click Apply to all to apply themto all existing rules in a policy. This overwrites any modifications made to the pattern matching options in individual rules. You can set case sensitivity and separator characters for individual rules in a policy by clicking the button in the Condition tab of a rule. HP Operations Manager (9.00) Page 896 of 1297 Online Help Windows Event Log Policies This policy type monitors entries in a Windows event log and responds when a character pattern that you choose appears in the event log. Choose this policy type if want to monitor entries in a Windows event log. Configure event log source properties The Source tab of the Windows event log policy editor allows you to indicate which event log the policy reads and where the policy should begin to read the event log. You can also choose to receive a message if the event log is missing. Select the event log to monitor Windows produces several event logs. You can choose which event log you want a policy to monitor. If you want to monitor more than one event log, you need more than one policy. Receive a Message if the event log is missing If you write a policy that monitors entries in a Windows event log, you might want to receive a message if for some reason the event log is missing. To receive a message if the event log is missing, select theSend message if event log does not exist check box. Set the read mode The read mode of a event log policy indicates whether the policy should process the entire log or should only process new log entries. The available read modes are described in the table below. Note that every policy reads the same event logs independently fromany other policies. This means, for example, that if "Policy 1" with read mode Read from beginning (first time) is enabled on a node where "Policy 2" with the same read mode already exists, "Policy 1" will still read the entire log after it has been enabled. Mode: Description Advantage / Disadvantage Read from last position: The policy reads only newappendedentries written in the Event Log while the policy is enabled on the managed node. If the Event Log decreases in size between readings, then the entire Event Log is read. Event Log entries that are added to the Event Log when the policy is disabled are not processed by the policy. If the agent stops, all entries written to the monitored Event Log while the agent is not running will be processed after the agent restarts. Choose this option if you are concerned only with Event Log entries that occur when the policy is enabled. Advantage: No chance of reading the same entry twice. (Unless the Event Log decreases in size because some entries were deleted.) Disadvantage: Entries written to the Event Log while the policy is disabled will not be processed by the Log file read modes HP Operations Manager (9.00) Page 897 of 1297 Online Help policy. Read from beginning (first time): The policy reads the complete log each time the policy is enabled or the agent restarts on the managed node. This ensures that all entries in the log are compared with the rules in the policy. Each successive time that the policy reads the log, only new (appended) entries in the log file are processed. Choose this option if you want to ensure that every existing and future entry in the log will be processed by the policy while it is enabled. Advantage: Every existing and future entry in the log will be processed by the policy. Disadvantage: Duplicate entries can occur if an enabled policy is disabled and reenabled, or if the agent stops and restarts. Configure message defaults in Windows event log policies The Outgoing message defaults dialog box enables you to set default attributes for all messages that a policy sends. The message defaults only affect new rules. You can override the defaults for individual rules after you create them. If a message in any rule contains empty attributes, the agent uses the default attributes. To set message defaults 1. Right-click the policy, and then click All Tasks Edit... 2. In the Rules tab, click Defaults....The Outgoing message defaults dialog box opens. 3. Set the message defaults: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be HP Operations Manager (9.00) Page 898 of 1297 Online Help used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. HP Operations Manager (9.00) Page 899 of 1297 Online Help You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. HP Operations Manager (9.00) Page 900 of 1297 Online Help o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 901 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. HP Operations Manager (9.00) Page 902 of 1297 Online Help iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external HP Operations Manager (9.00) Page 903 of 1297 Online Help programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. HP Operations Manager (9.00) Page 904 of 1297 Online Help You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. Configure event log conditions This tab lets you specify an entry in the Windows event log that causes the rule to carry out the actions that are associated with the rule. If the policy finds an event log entry that matches what you specify here, the actions that you specify in the action tab are carried out. l Rule Description: Type a description that will help you remember what this rule does. This description is visible in the rules list. l Computer, Source, Category, Type, Event ID, Format, Description: In these text boxes, indicate the content of these event log fields that you want this rule to match. Note that you can start the event viewer with a button at the bottomof the window if you want to copy data fromthe event log. n Node names If you only want to match event log entries froma specific node, type the FQDN Fully Qualified Domain Name, the primary node name, or the IP address in the Computer field. Give multiple entries with the OR operator (for example, celery.veg.com|broccoli.veg.com) or leave the field blank for all nodes. You can also use the variable <$OPC_MGMTSV>. n Pattern matching Pattern matching may be used in the Description field. The match patterns may not contain newline characters. If you need to match a multi-line pattern, use the special character <*> to match any carriage return/linefeed characters. You can also use pattern matching in the Source field, but you must first enable this on the nodes that you want to use it on. Enable pattern matching in the Source field To enable pattern matching in the Source field, set the agent parameter OPC_COND_EVT_ LOG_SRC_PAT in the eaagt namespace to TRUE. HP Operations Manager (9.00) Page 905 of 1297 Online Help Note: There are several different ways to set agent parameters. o Using a node info policy. (See Node Info Policies.) o In the HTTPS agent installation defaults. (See Configure HTTPS agent installation defaults.) o Using ovconfchg at a command prompt on the node. (See ovconfchg.) o Using ovconfpar at a command prompt on the management server. (See ovconfpar.) n Policies generated from existing HP Operations Manager for UNIX templates Policies generated fromexisting HP Operations Manager for UNIX templates have a combined Event ID and Description text box. You can convert to two text box format by selecting Use combined format for event ID and description and then saving the policy and re-opening. Note that you must re-type the information in the two new boxes. Parts of the matched string can be built into the message displayed in the message browser by defining variables. Set Event Log Rule Conditions 1. Right-click the policy and select All Tasks Edit... 2. Select Rules. 3. Select the rule to which you want to modify the conditions. 4. Select Modify. 5. Select Condition and choose the conditions for this rule. Tip: The Rules tab provides a textual summary of each rule. You can use this summary as a navigational aid. Click any underlined text in the rule to jump to the dialog box that enables you to set that value. Related topics l "Pattern matching" (on page 946) Configure actions in Windows event log policies In the Actions tab, you indicate what the policy should do after evaluating a particular condition. The policy can send a message to the management server, start a command, prepare a command for the operator to start, or any combination or none of these actions. Note: In all cases, if a rule evaluates as true, no more rules are processed. It is important to pay attention to the rule order. The order in which rules are evaluated has a large effect on the type of messages you receive. It also affects the speed with which messages are sent and the amount of processor time that is required by the policy. For example, you might have a policy that monitors CPU activity, containing these two rules: HP Operations Manager (9.00) Page 906 of 1297 Online Help 1. If usage is greater than 80%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. If the rules were evaluated in the order shown, disk usage of 99% would only produce a warning message. If the order were reversed, however, a critical message would be sent. You could solve the problemby making the rules more specific, so that the order was not important: 1. If usage is between 80% and 94%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. In the example above, disk usage of 99% produces a critical message regardless of which rule is evaluated first. However, if the rules are evaluated in the order shown, disk usage of 99% is evaluated by two rules. If the order were reversed, it would be evaluated only by the first rule, thereby sending the message more quickly and reducing processing time on the managed node. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 HP Operations Manager (9.00) Page 907 of 1297 Online Help <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_OBJECT> Delivers the name of the object associated with the event. Only events fromthe Open Message Interface (parameter: msg_object) and Windows Event Log (parameter: category) will set this variable. <$MSG_SEV> HP Operations Manager (9.00) Page 908 of 1297 Online Help Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com To configure actions in Windows event log policies 1. Specify the rule type. The three rule types are: n If matched, do actions and stop. (Select True, and then click Send.) n If matched, stop. (Select True, and then click Do nothing.) n If not matched, stop. (Select False.) 2. Optional. To configure the message that the action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching HP Operations Manager (9.00) Page 909 of 1297 Online Help service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. HP Operations Manager (9.00) Page 910 of 1297 Online Help n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: HP Operations Manager (9.00) Page 911 of 1297 Online Help o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 912 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 913 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) HP Operations Manager (9.00) Page 914 of 1297 Online Help Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management HP Operations Manager (9.00) Page 915 of 1297 Online Help server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble HP Operations Manager (9.00) Page 916 of 1297 Online Help ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the action sends a message using the outgoing message defaults. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you can add commands to the action: Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. HP Operations Manager (9.00) Page 917 of 1297 Online Help n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) HP Operations Manager (9.00) Page 918 of 1297 Online Help n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure event log policy options The Options tab of the Windows event log policy editor enables you to configure several policy behaviors. Log local events on the managed node HP Operations Manager allows you to define which events, if any, are logged on the managed node fromwhich they originated. These events are logged on the local managed node in the log file: <data_dir>\log\OpC\opcmsglg. Three logging options are available. l Log local events that match a rule and trigger a message. This selection logs any events in the message source that match the policy rules. l Log local events that match a rule and are ignored. This selection logs any events in the message source that are suppressed (that is, they do not cause a message to be sent to the management server). l Log local events that don't match any rule. This selection logs any events that do not match any of the rules in the policy. Capture unmatched events You can configure a policy to send a message to the management server when an event does not match any rule in the policy because none of the conditions apply or because the policy does not contain any rules. This ensures that unexpected events that might be important do not go unreported. By default, unmatched events are ignored. HP Operations Manager (9.00) Page 919 of 1297 Online Help Each policy that sends unmatched events to the management server creates a message with the default values of the policy. Tip: If you want a policy to send messages only with the default values, omit all rules fromthe policy. The following options are available: l Unmatched events are sent to the messages browser l Unmatched events are sent to the acknowledged messages browser l Unmatched events are ignored (default) If several policies forward unmatched messages to the management server you could receive multiple messages about a single input event. Pattern matching options The following pattern matching options are available: l Case sensitivity You can choose whether the case (uppercase or lowercase) of a text string is considered when the message text of a rule is compared with the destination text in the message source. When switched on, a match only occurs if the use of uppercase and lowercase letters is exactly the same in both the message source and the message text string. This is the default setting. l Field separators You can indicate which characters should be considered to be field separators. Field separators are used in the message text pattern as separator characters for the rule condition. You can define up to seven separators, including these special characters: n \n new line (NL) n \t horizontal tab (HT) n \v vertical tab (VT) n \b backspace (BS) n \r carriage return (CR) n \f formfeed (FF) n \a alert (BEL) n \\ backslash (\) For example, if you wanted a backslash, an asterisk, and the letter A to define the fields in the message text, you would type \\*A (with no spaces separating the characters). If you leave this box empty, the default separators (a blank and the tab character) are used by default. If you change the pattern matching options, they apply to all new rules in a policy. Click Apply to all to apply themto all existing rules in a policy. This overwrites any modifications made to the pattern matching options in individual rules. You can set case sensitivity and separator characters for individual rules in a policy by clicking the button in the Condition tab of a rule. HP Operations Manager (9.00) Page 920 of 1297 Online Help Windows Management Interface Policies This policy type monitors the properties of WMI classes and instances, and responds when a property matches a value you select, or when an instance you select is created. Choose this policy type if you want to monitor objects that provide WMI information. Configure WMI sources The WMI source tab allows you to choose the instance or event that you want the WMI policy to monitor. l Object path The object path defines the WMI object that you want to monitor. How do I know what WMI object I should monitor? What's in WMI? WMI contains a very large amount of information about the configuration of Windows, and about the configuration of other programs that write information to WMI namespaces. In order to write a useful WMI policy, you need to gain an understanding of the kinds of information that are available in WMI. The information provided by WMI is divided into namespaces. The default namespaces provided by WMI are Root, Root\Default, Root\security and Root\CimV2. Other applications may add other namespaces, for example, HPOMadds the namespace root\Hewlett- Packard\OpenView\. Namespace Root\CimV2 is one of the most interesting namespaces, as it contains a large amount of information about the Windows operating system, and about hardware installed on the computer. The classes that are most useful are prefixed with Win32_, for example, Win32_ Service, Win32_Desktop, Win32_Share, Win32_PhysicalDisk and so on. A good way to become acquainted with the information is to use a tool like wbemtest or the HP Operations class browser to examine the contents of the classes. n Node: The node that hosts the WMI database that you want to monitor. This can be an agentless node. If you do not specify a node, HPOMmonitors the WMI database of the node that has this policy deployed. Use the browse button to select HPOMnodes or type a node name into the box. See Identify the originating node for information about adding agentless nodes to HPOM. n WMI Namespace: The namespace that contains the data that you want to manage. n Object type: Choose Event or Instance. Note that if you used the browse button to fill in the Object path fields, the Object type will probably be correctly set. If, however, the class is not correctly located in the class hierarchy, the setting might be wrong. What are WMI events and instances? Instance Static information written to the WMI repository. This information remains in the repository until it is changed or deleted. HP Operations Manager (9.00) Page 921 of 1297 Online Help Event Information that briefly appears in the WMI repository. This information is transitory, and never remains in the repository. Some events are defined by WMI by default, and are known as intrinsic events. Intrinsic events include the creation, modification, or deletion of an instance, class, or namespace. Other events, known as extrinsic events, are only available to a WMI policy if the namespace designer has defined them. In both cases, the event is only available to the WMI policy if the namespace designer has written a provider available for event, although intrinsic events can be simulated by the WMI policy by using a polling interval. n Event/Instance class name: Type the class that contains the event or instance that you want to monitor. (A class is a collection of data properties that is defined for information that will be stored in the WMI repository.) n Connect as non-agent user: If selected, the agent accesses the node's WMI database using the following account information. This account must exist on the agentless node and must have local administrator privileges. If not selected, the agent account is used. n User name: Type the user name of the account that the agent will use to connect to the WMI database. n Login password: Type the password of the connecting account. n Browse for WMI classes The WMI class browser allows you to inspect all WMI classes installed on any Windows computer that is accessible to the management server. To use the WMI class browser: i. Click the browse button ( ) fromthe WMI policy source tab. ii. When the connect to namespace window appears, click the browse for namespace button ( ) iii. In the Machine Name text box, type the name of the computer where you want to inspect WMI classes, and click Connect. The WMI root namespace of that computer appears in the window. iv. Click the root namespace to expand the folder, select one of the available namespaces (for example Hewlett-Packard\OpenView\console), and select OK. The class browser appears, populated with the classes present in the namespace that you selected. v. Browse or search for classes in this namespace. Click the check box before one class name to select it, and select OK. The class and namespace are inserted into the appropriate Object path boxes. l Type of query The type of query depends on the object type that you are monitoring. If you are monitoring an event for which a provider is defined, then you do not need to enter any information here. If you are monitoring an intrinsic event for which no provider is defined, then you need to specify a polling interval. If you are monitoring an Instance, then you need to provide the following information: n Select Query instances of class if you want to match specific values contained within the class. You must indicate the Polling interval to indicate the frequency with which the HP Operations Manager (9.00) Page 922 of 1297 Online Help Windows Management Interface policy checks the instances you selected. n Select Query the intrinsic event for these instances if you want to check for the creation, modification or deletion of the instance, the class that contains the instance, or the namespace that contains the instance. If there is no provider for the event, you must also set the Polling interval to indicate the frequency with which the Windows Management Interface policy will check the object you selected. (This results a WBEMQuery Language within clause.) How do I check for a provider? i. Click the button and connect to the namespace that contains the instance you are monitoring ii. In the Class browser, select __SystemClass __ProviderRegistration __ EventProviderRegistration. iii. Click OK to close the Class browser. iv. Select the Rules tab. v. Select New. vi. Select Launch instance browser... vii. Scroll horizontally to the EventQueryList column, and click Array. The new window will display all events that have a provider. l View global WQL filter... A global filter can be described as a rule. It is a test that is applied to the instance or event before the policy begins to evaluate it. A global filter can improve performance, because events or instances that do not get through the filter are not evaluated by the policy. (The global filter is a WBEMQuery Language where clause.) Sample global filters The syntax of a global filter has three parts: PROPERTY OPERATOR VALUE for example: _PATH = "C:/program files" If the global filter filters intrinsic events, the syntax is somewhat different: TargetInstance.PROPERTY OPERATOR VALUE or TargetClass.PROPERTY OPERATOR VALUE or TargetNamespace.PROPERTY OPERATOR VALUE for example, TargetInstance.InteractWithDeskTop = 1 TargetNamespace.name = "CIMV2" Configure message defaults in WMI policies The Outgoing message defaults dialog box enables you to set default attributes for all messages that a policy sends. HP Operations Manager (9.00) Page 923 of 1297 Online Help The message defaults only affect new rules. You can override the defaults for individual rules after you create them. If a message in any rule contains empty attributes, the agent uses the default attributes. To set message defaults 1. Right-click the policy, and then click All Tasks Edit... 2. In the Rules tab, click Defaults....The Outgoing message defaults dialog box opens. 3. Set the message defaults: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. HP Operations Manager (9.00) Page 924 of 1297 Online Help n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. HP Operations Manager (9.00) Page 925 of 1297 Online Help n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example HP Operations Manager (9.00) Page 926 of 1297 Online Help In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example HP Operations Manager (9.00) Page 927 of 1297 Online Help The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Write instructions to accompany a message HP Operations Manager (9.00) Page 928 of 1297 Online Help Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: HP Operations Manager (9.00) Page 929 of 1297 Online Help n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. Configure WMI conditions With this dialog box, you specify the conditions for a Windows Management Interface Policy rule. Conditions for these rules are sets of WMI event or instance properties, along with values that these properties must have in order for a match to be successful. HP Operations Manager (9.00) Page 930 of 1297 Online Help l Property name: Select the property that you want the rule to inspect. (You can also type the name of the property if you know it. Note that properties must begin with a letter.) l Property type: Indicate the property of the selected class that you want to inspect. If the property is an array (for example, as in _DERIVATION), you should indicate whether the value must be present in all elements, in one element, or in one specific element. In the case that the property is a reference to another class, and you want to reference a property of this subclass, use the format subClass.PropertyName. l Operator: Select the comparison operator that you want to use. l Select value or property: Indicate whether you want to type the value to be compared, or whether you want to use another property as the comparison value, then either type the value, or select the property. l Specific value to compare:Type the value (or property) that you want to compare. This is the value or property that will be comparedusing the comparison operator you selectedagainst the property selected under Property name. (You can also type the name of the property if you know it. Note that properties must begin with a letter.) Launch the instance browser The WMI instance browser is a tool provided by Microsoft that allows you to view the data in each instance of a WMI class. This information is often helpful because it allows you to see what text actually exists in each property. You need to know this information to design match conditions for WMI policies. To access the WMI instance browser 1. Open a WMI policy 2. Select the Rules tab 3. Select New, (or modify an existing policy) 4. Select Launch instance browser... Tip: The Rules tab provides a textual summary of each rule. You can use this summary as a navigational aid. Click any underlined text in the rule to jump to the dialog box that enables you to set that value. Configure actions in Windows Management Interfacepolicies In the Actions tab, you indicate what the policy should do after evaluating a particular condition. The policy can send a message to the management server, start a command, prepare a command for the operator to start, or any combination or none of these actions. Note: In all cases, if a rule evaluates as true, no more rules are processed. It is important to pay attention to the rule order. The order in which rules are evaluated has a large effect on the type of messages you receive. It also affects the speed with which messages are sent and the amount of processor time that is required by the policy. For example, you might have a policy that monitors CPU activity, containing these two rules: HP Operations Manager (9.00) Page 931 of 1297 Online Help 1. If usage is greater than 80%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. If the rules were evaluated in the order shown, disk usage of 99% would only produce a warning message. If the order were reversed, however, a critical message would be sent. You could solve the problemby making the rules more specific, so that the order was not important: 1. If usage is between 80% and 94%, send a warning message and stop processing rules. 2. If usage is greater than 95%, send a critical message and stop processing rules. In the example above, disk usage of 99% produces a critical message regardless of which rule is evaluated first. However, if the rules are evaluated in the order shown, disk usage of 99% is evaluated by two rules. If the order were reversed, it would be evaluated only by the first rule, thereby sending the message more quickly and reducing processing time on the managed node. You can use HPOMaction variables in most message and command text boxes (exceptions are noted). It is often useful to surround the variable with quotation marks, especially if it may return a value that contains spaces. HPOMaction variables <$MSG_APPL> Returns the name of the application associated with the input event that caused the message. Only events fromthe Open Message Interface (parameter: application) or the Windows Event Log (parameter: source) will set this variable. Sample output: /usr/bin/su(1) Switch User <$MSG_GEN_NODE> Returns the IP address of the node that sends the message. Sample output: 192.168.1.123. Note: On agents that run in an AIXWorkload Partition (WPAR), <$MSG_GEN_NODE> returns the IPaddress of the global environment. To configure the agent to return the WPAR's IP address for this variable, set the parameter OPC_IP_ADDRESS in the eaagt namespace to the IP address of the WPAR. (See "" (on page 778).) <$MSG_GEN_NODE_NAME> Returns the host name of the node that sends the message. Sample output: node123.example.com. <$MSG_GRP> Returns the default message group of the message. Only events fromthe Open Message Interface (parameter: message_group) will set this variable. Sample output: Security <$MSG_ID> Returns the unique identity number of the message, as generated by the HP Operations agent. Note that identity numbers are not generated for suppressed messages. Sample output: 6e998f80-a06b-71d0-012e-0f887a7c0000 <$MSG_NODE> Returns the IP address of the managed node on which the original event took place. Sample output: 192.168.1.123 HP Operations Manager (9.00) Page 932 of 1297 Online Help <$MSG_NODE_ID> Returns the GUID that the management server assigned to the node on which the message originates. Because this value is only known by the management server, this variable cannot be resolved on the managed node. This variable is valid for the service_id message attribute and in the Command box for an automatic or operator-initiated command. Sample output: {6e998f80-a06b-71d0-012e-0f887a7c0000} <$MSG_NODE_NAME> Returns the name of the managed node on which the original event took place. This is the hostname that the agent resolves for the node. This variable is not fixed, however, and can be changed by a policy on a per-message basis. For example, if the policy is intercepting SNMP traps that originate fromother devices, you might want to set this variable to the name of the device where the trap originated. If the policy is monitoring a log file on a network share where applications on several nodes write messages, you could extract the name of the node fromthe error message, save it in a user-defined variable, and assign it to MSG_NODE_NAME. <$MGMTSV_KNOWN_MSG_NODE_NAME> Returns the name of the managed node on which the message originates. The management server resolves this variable to the node's hostname. This variable may be different to <$MSG_ NODE_NAME>, which is the hostname that the agent resolves. You can use <$MGMTSV_KNOWN_MSG_NODE_NAME> in the following message and command text boxes: l Service ID l Message Key l Message Type l Message Group l Application l Object l Message Text l CMA Name l CMA Value l Automatic Command l Automatic Command Node l Operator-initiated Command l Operator-initiated Command Node This variable is useful in environments where management servers and agents resolve different hostnames for the same the node (for example, NAT environments). <$MSG_SEV> Returns the default value for the severity of the event. Only events fromthe Open Message Interface (default is "Normal') and the Windows Event Log (parameter: converted) will set this variable. Note that the following severity conversions are performed when this variable is set by the Windows Event Log: information=Normal, warning=Warning, error=critical, success audit=Normal, failure audit=Critical, default=unknown). Sample output: Normal <$MSG_TEXT> HP Operations Manager (9.00) Page 933 of 1297 Online Help Returns the full text of the message. For the Open Message Interface, this value is the msg_ text parameter. For the Windows Event Log this value is the event ID and description. In general, there are default texts for all editors derived fromincoming event properties (this is shown in the message text field of outgoing message properties). Sample output: SU 03/19 16:13 + ttyp7 bill-root <$MSG_TYPE> Delivers the name set for message type. <$OPC_GUI_CLIENT> Returns the hostname of the client where the HP Operations GUI is currently running. This variable is valid in the Node box for an operator-initiated command and for message attributes. <$OPC_GUI_CLIENT_WEB> Returns the hostname and default web browser of the client where the HP Operations GUI is currently running. This can be used with an operator-initiated command to load a web page in the default browser on the HP Operations GUI client. This variable is valid in the node field for an operator-initiated command and for message attributes. <$OPC_MGMTSV> Returns the name of the current HP Operations management server. This variable is valid in the Command text box and in the Node text box for an automatic or operator-initiated command. This variable is only resolved on the management server. Sample output: zucchini.example.com <$WBEM:WMI class property> (for example, <$WBEM:TimeCreated> Sample output: 19991130105330.000000+060) To configure actions in WMI policies 1. Specify the rule type. The three rule types are: n If matched, do actions and stop. (Select True, and then click Send.) n If matched, stop. (Select True, and then click Do nothing.) n If not matched, stop. (Select False.) 2. Optional. To configure the message that the action sends, click Message.... The Outgoing Message dialog box opens, and enables you to configure the message: Configure message attributes The message attributes tab enables you to set the message attributes for a specific message (or for the message defaults). These attributes are visible in the message browser and help the operator to organize and evaluate the messages. Note that not all message attributes can be set for the default message and that some attributes are not supported by some policy types. n Service ID: A service ID is a unique identifier for a service in your service hierarchy. When a message with a service ID is sent to the management server, the severity of that message will be included in the status calculation for the service that has the matching service ID. Type the ID of the service that you want to associate with this message. (The service IDs are assigned to services in the Service Editor.) To find and insert a service ID, you can click the browse button ( ), browse to the service to which this message will belong, and select HP Operations Manager (9.00) Page 934 of 1297 Online Help OK. This action will also fill in the Hosted on text box (if the service is not a virtual service). Generally, it is best to use this method to fill in these two text boxes. Changing the node name in the Hosted on text box is only recommended if you are writing a policy that will be used for more than one service hierarchy, when you could use a variable instead of a node name. n Message Key: A message key is an identifier that you can assign to messages so that other processes can identify them. Note that the message key is different fromthe message ID: while every message has a unique message ID, all messages produced by a particular rule will have the same message key. The same message key can also be used by more than one policy or rule. Since you assign the message keys, you know in advance what key a particular message will have, and can set up other processes to look for this key. If you use messages keys, it is important to develop naming conventions that allow you to specifically identify an event or sets of events. You can incorporate HPOMaction variables into the message key. For example, if you want to ensure that messages generated on one computer have a different key frommessages generated on another computer, you can include the variable <$MSG_NODE_NAME> as a part of the message key. A useful message key could look like this: <$MSG_NODE_NAME><$MSG_OBJECT>:START n Message Type: Use this box if you want to provide another organizational category for this message, for example, if you want to indicate two types of messages that belong to the same message group. n Message Group: Type the message group that you want to assign to messages generated by this rule. Message filters in the console and web console limit the message group length to 32 characters (the same length limit of the field in messages). Every message that the management server receives is assigned to a message group. Message groups organize messages belonging to the same policy or having some logical connection, for example, messages frombackup and output tasks. n Application:Type the name of the application which generated the message. n Object:Type the name of the object which generated the message. Note: Although, application generally refers to a general programname and object generally refers to a process or sub-program, you should use these values to assist your own organizational scheme. n Node: Type the name of the node to which the message will be assigned. You can also use the default <$MSG_NODE> (Local Node), or use the variable <$OPC_MGMTSV> for the management server node. For monitoring agentless nodes, type the name of the originating node. n Severity: Choose the severity that you want the message to have. The severity indicates to the operator the importance of the event which triggers this message. n Message Text: Type the text that the message should have. You can use HPOMaction variables to construct messages that are specific to the event that causes the message. HP Operations Manager (9.00) Page 935 of 1297 Online Help You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. To add a link, type any URL that begins with one of the following URI scheme names: o http:// o https:// o ftp:// o ftps:// (in the Web Console only) o mailto: o telnet:// o file:// You can also just type the address of any web site that begins with www. Configure message correlation Message correlation helps to prevent your message browser frombecoming cluttered by messages that describe the same problem. When message correlation is enabled, you can set the type of duplicate message suppression and define the method used to suppress duplicate messages. n Acknowledge messages with message key: If messages with the message key that you type here exist in the active messages browser when this message is received by the management server, these messages are automatically acknowledged. You can use pattern matching and variables to match multiple message keys. For example, consider the following pattern: <$MSG_SEV>:<$MSG_NODE_NAME>:<_><5*> This pattern is evaluated by first replacing the variables with the values that they resolve to, for example: critical:cabbage.example.com:<_><5*> This pattern is then compared using pattern matching rule against the message keys for all messages in the active message browser. The pattern above would match the following message keys: critical:cabbage.example.com: 12345 critical:cabbage.example.com: TEST1 When writing patterns for this box, note the following: o Although user-defined variables can be included in this box, these variables can only be expanded after the policy is deployed and therefore are not included in the syntax check that is performed when the policy is saved. Because of this, it is important to ensure that any user-defined variables in this box are correctly used. HP Operations Manager (9.00) Page 936 of 1297 Online Help o Pattern-matching test has limited usage because if the 'Patterns to test' contains variables the replacement of those cannot be simulated. Suppress messages which are: n Generated by the same rule: Select this option to suppress messages that match the message text pattern specified for the selected rule. This is a more general setting for the suppression of duplicate messages. For example, a log file entry policy might contain a rule with this match pattern: Error Message<#> The log file lines Error Message10 and Error Message20 are not identical, but would both match this rule. n Generated by the same input event: Select this option to suppress messages that were sent in response to two separate input events that are identical except for the date and time that the event was generated (for example, identical entries in a log file). n Identical relative to their attributes: Select this option to suppress either messages that have the same message key or (if no message key is present) messages that have identical message attributes (except for the date and time that the message was generated). Suppression Method For message correlation, you can define one of three correlation methods: n Time interval: This correlation method lets you define an interval during which duplicate events will be ignored. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Time interval correlation example In the illustration below, the interval is set to 30 seconds, but the suppression is limited to 60 seconds. HP Operations Manager (9.00) Page 937 of 1297 Online Help The represents events that are identical. i. The first input event (E1) matches a rule in the policy. The policy sends a message and starts timing. ii. A second matching event (E2) occurs 25 seconds later. This event occurred less than 30 seconds after the first event, and is therefore suppressed. iii. A third matching event (E3 ) occurs less than 30 seconds after the second event, and so is also suppressed. iv. The next matching event (E4) occurs less than thirty seconds after the third event, but is also more than 60 seconds after the first event, and therefore the policy sends a message. n Counter: This correlation method counts the number of matching input events and sends a message only after the number of matching input events equals the counter threshold. The counter can also be reset to zero after a time period that you specify. For more information, see Message suppression simulation for an interactive demonstration of these concepts, or read this detailed example. Counter correlation example The represent events that are identical. i. The first input event (E1) matches a rule in the policy, and the counter increments to one. No message is sent. ii. A second matching event (E2 ) occurs, the counter increments to two, a message is sent, and the counter resets. HP Operations Manager (9.00) Page 938 of 1297 Online Help iii. A third matching event (E3 ), and the counter increments to one no message is sent. iv. The next matching event (E4) occurs more than thirty seconds after the third event. Since at thirty seconds the counter was reset to zero, the counter now increments to one no message is sent. n Time interval/Counter If you use the Time interval and Counter together, events are evaluated first by the timer. If an event passes the timer, it is then evaluated by the counter, which either suppresses it or sends a message to the management server. Note: If you specify just time interval correlation or just counter-based correlation in an individual message, any messagedefaults for the other correlation method also apply. For example, if you specify time interval correlation for a message, and the message defaults specify counter-based correlation, the combined time interval and counter-based correlation applies to both new rules and existing rules. On nodes that have HTTPS agents version 8.60 or higher, you can change this default behavior, so that only the correlation method that you specify in the individual message applies. To change the default behavior, set the parameter OPC_IGNORE_DEFAULT_MSG_ CORRELATION=TRUE in the eaagt namespace on the node. You can configure this parameter in the HTTPS agent installation defaults or using ovconfchg or ovconfpar at a command prompt. Configure custommessage attributes (CMAs) Custommessage attributes (CMAs) are additional attributes that contain any information that is meaningful to you. For example, you might add a company name, contact information, or a city location to a message. You can have more than one CMA attached to a single message. This attribute information displays in the message browser in a column you have previously created to contain it. To add custom message attributes a. Click the CMAs tab, and then click Add. The CMAProperties dialog box opens. b. Type a name for the new custommessage attribute in the Name box, or select an existing custommessage attribute name in the list. (Name is case-insensitive.) c. Type the custommessage attribute to associate with this name in the Value box. d. Click OK. The custommessage attribute appears in the CMAs tab. Write instructions to accompany a message Messages generated by a policy can include instructions that explain what to do when the message is generated. This instruction text can often help an operator to solve a problemwhen a particular type of message is received. The operator can view the instructions included with a message by viewing the message details in the message browser. You can define default instructions for all rules in a policy. You can also override the default with different instructions for any rule. In Instruction Text, type the instructions that you want to accompany the message. You can type URLs in the text, and the console automatically converts theminto clickable hyperlinks. For example, you can add URLs of external web sites, support sites, documentation repositories, troubleshooting information, and similar sites. HP Operations Manager (9.00) Page 939 of 1297 Online Help To add a link, type any URL that begins with one of the following URI scheme names: n http:// n https:// n ftp:// n ftps:// (in the Web Console only) n mailto: n telnet:// n file:// You can also just type the address of any web site that begins with www. Message streaminterface and external services This tab lets you configure the interface between HP Operations messages and external programs. Here you can set up the message streaminterface and external services for a message. Note: This tab contains functions that provide compatibility with the HP Operations Manager for UNIX management server. They cannot be used with an HP Operations management server. For more information, consult the HP Operations Manager for UNIX documentation. Send messages to the message streaminterface The message streaminterface allows external applications to interact with the internal message flow of the HP Operations agent. The external application can be a read-write application, for example, a message processing programthat can read HP Operations messages, modify attributes, and generate new messages for retransmission to the management server. The application could also read messages, or send its own messages. When you enable the message streaminterface, you can also allow external applications using the interface to set up automatic or operator-initiated commands. Select Agent message stream interface to allow messages to be directed to the message stream interface on the managed node. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select Server message stream interface to allow messages to be directed to the message stream interface on the management server. When switched on, you can choose between the following options: n Divert a message to the message streaminterface instead of to the message manager when a message is requested by an external application. HP Operations Manager (9.00) Page 940 of 1297 Online Help n Send the message directly to the message browser, and a copy of the message to the message streaminterface. Select the Immediate local automatic actions check box if you want to allow local automatic commands at the managed node for messages that can be diverted to the message stream interface. You can use this function when local automatic commands are configured for messages that can be output to the message streaminterface. For example, if a message starts an automatic command at the managed node and is then diverted to the message streaminterface, it may be discarded by an event correlation engine connected to the message streaminterface. In this case, a response fromthe local action would never be seen by an operator as the corresponding message does not exist in the HP Operations database. If local automatic commands are not allowed, the automatic command is triggered by the management server as soon as the message is received, if the message is not discarded on its way through the message streaminterface. You can only select this function when output to the message streaminterface is enabled and set to "Divert Messages". Forward messages to external services HP Operations Manager can forward messages to external services. If Forward to trouble ticket is selected, HP Operations Manager forwards message parameters to a predefined external trouble ticket systemwhen the message is received by the management server. HP Operations Manager does not provide trouble ticket services, but supports an interface to export event-specific details to an external trouble ticket service. If Forward to notification service is selected, the message will trigger a configured notification service such as a beeper or paging service. Note: These functions are only available on UNIX management servers. To use this functionality, you must forward the message to an HP Operations Manager for UNIX management server. Refer to the HP Operations Manager for UNIX documentation for more information about this feature. If you do not configure the message, the action sends a message using the outgoing message defaults. 3. Select the message browser that you want to send the message to: Acknowledged messages browser You may want to send a message to the management server for tracking reasons, but don't need to have the user take any action or acknowledge the message. In this case, you can send the message directly to the acknowledged messages browser. Active message browser This is the most common action. A message notifies the operator that an event has occurred, can supply the operator with instructions for responding to the message and can provide a command that the operator can start. 4. Optional. If you choose to send the message to the active message browser, you can add commands to the action: HP Operations Manager (9.00) Page 941 of 1297 Online Help Automatic command... For every rule, you can configure an automatic command to be run when the rule is matched. For example, you could configure a log file entry policy to automatically delete the contents of C:\Temp when the log file contains "The C: disk is at or near capacity." For every automatic command, you can set the following properties: n In the Command text box, you specify the command and parameters to run when the command is started for this message. The command runs on the node you specify in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV> or <$MSG_NODE_NAME>, to configure reusable policies for replicated sites. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged message browser) if the command is successful. You can also define how the management server is informed about the progress of local automatic commands. n Send the message immediately: Send a message to the management server as soon as a local automatic command starts on the managed node. This is the default setting. n You can also choose to wait until the local command completes, and then send the message to the management server based on whether the command was successful or failed. Other options can help to reduce the amount of unnecessary network traffic to the management server. For example, if a local automatic command solves the problemthat generated the message, you may choose not to informthe management server. To set up an automatic command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Automatic Command. HP Operations Manager (9.00) Page 942 of 1297 Online Help Operator-initiated command... For every rule, you can configure an operator-initiated command to be attached to the message that the rule sends to the message browser. This command can be started by the operator from the message browser. The command might be a script that requires operator input to solve the problem, or instructions that appear in the web browser on the management console. You can set the following properties: n In the Command text box, you specify the command to run when the command is started for this message. The command runs on the node specified in the Node box. If the command contains spaces, enclose it in quotation marks. Commands that are internal to the Windows command shell (for example echo or move), must be preceded by cmd /c. See the Windows help for more information about cmd. n Leave the Under agent account option selected. The As user option is reserved for future use. (If you select the As user option, it is not currently possible to deploy the policy to any node.) n In the Node text box, you specify the name of the node on which the command will be started. You can also use the variables <$OPC_MGMTSV>, <$MSG_NODE_NAME>, <$OPC_GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB>, to configure reusable policies for replicated sites. Note that the options below cannot be used when the variables <$OPC_ GUI_CLIENT>, or <$OPC_GUI_CLIENT_WEB> are selected. n When Append output of command as annotation to the message is selected, an annotation is added to the message when the command completes. The annotation contains the start time, output, exit value, and finish time of the command. If a command fails, an annotation is provided even if this itemis not selected. n When Acknowledge the message when command is successful is selected, the message is automatically acknowledged (that is, moved to the acknowledged messages browser) if the command is successful. To set up an operator-initiated command a. Right-click the policy and select All Tasks Edit... b. Select Rules. c. Select the rule to which you want to add a command. d. Select Modify. e. Select Actions. f. Select Operator-initiated command and set up the command. Configure WMI policy options The Options tab of the Windows Management Interface policy editor enables you to configure several policy behaviors. Log local events on the managed node HP Operations Manager allows you to define which events, if any, are logged on the managed node fromwhich they originated. These events are logged on the local managed node in the log file: <data_dir>\log\OpC\opcmsglg. HP Operations Manager (9.00) Page 943 of 1297 Online Help Three logging options are available. l Log local events that match a rule and trigger a message. This selection logs any events in the message source that match the policy rules. l Log local events that match a rule and are ignored. This selection logs any events in the message source that are suppressed (that is, they do not cause a message to be sent to the management server). l Log local events that don't match any rule. This selection logs any events that do not match any of the rules in the policy. Capture unmatched events You can configure a policy to send a message to the management server when an event does not match any rule in the policy because none of the conditions apply or because the policy does not contain any rules. This ensures that unexpected events that might be important do not go unreported. By default, unmatched events are ignored. Each policy that sends unmatched events to the management server creates a message with the default values of the policy. Tip: If you want a policy to send messages only with the default values, omit all rules fromthe policy. The following options are available: l Unmatched events are sent to the messages browser l Unmatched events are sent to the acknowledged messages browser l Unmatched events are ignored (default) If several policies forward unmatched messages to the management server you could receive multiple messages about a single input event. Pattern matching options The following pattern matching options are available: l Case sensitivity You can choose whether the case (uppercase or lowercase) of a text string is considered when the message text of a rule is compared with the destination text in the message source. When switched on, a match only occurs if the use of uppercase and lowercase letters is exactly the same in both the message source and the message text string. This is the default setting. l Field separators You can indicate which characters should be considered to be field separators. Field separators are used in the message text pattern as separator characters for the rule condition. You can define up to seven separators, including these special characters: n \n new line (NL) n \t horizontal tab (HT) n \v vertical tab (VT) n \r carriage return (CR) n \f formfeed (FF) n \a alert (BEL) HP Operations Manager (9.00) Page 944 of 1297 Online Help n \b backspace (BS) n \\ backslash (\) For example, if you wanted a backslash, an asterisk, and the letter A to define the fields in the message text, you would type \\*A (with no spaces separating the characters). If you leave this box empty, the default separators (a blank and the tab character) are used by default. If you change the pattern matching options, they apply to all new rules in a policy. Click Apply to all to apply themto all existing rules in a policy. This overwrites any modifications made to the pattern matching options in individual rules. You can set case sensitivity and separator characters for individual rules in a policy by clicking the button in the Condition tab of a rule. HP Operations Manager (9.00) Page 945 of 1297 Online Help Pattern matching To make your policies as flexible as possible, you can use pattern-matching syntax. The pattern- matching syntax makes it possible to write rule conditions that match strings very specifically. l "Pattern-matching details" (on page 946) Learn how to construct match patterns for your policy rules. l "User-defined variables in patterns" (on page 950) Learn how to assign parts of matched text to variables that can be used with commands, instructions, or to reword the message. l "Pattern matching for variables " (on page 951) Learn how to test a string or variable against a pattern, and define an output string that is conditional on the result. l "Examples of pattern matching in rule conditions" (on page 952) Examine examples of pattern matching. l "Test pattern matching" (on page 954) Learn how to test the patterns that you write, before deploying your policies. l "Environment variables " (on page 954) Learn how to use environment variables in scripts, tools, and commands that run on a Windows node. Pattern-matching details HP Operations Manager provides a powerful pattern-matching language that reduces the number of conditions you must use. Selected, dynamic parts of text-based events can be extracted, assigned to variables, and used as parameters to build message text or to set other attributes. These parameters can also be used for automatic and operator-initiated commands. The pattern-matching language enables you to very accurately specify the character string that you want a rule to match. Note: In text boxes where pattern-matching expressions are allowed you can right-click for a shortcut menu with pattern-matching values that can be selected and inserted into the text box. Matching special characters Ordinary characters are expressions which represent themselves. Any character of the supported character set may be used. However, if any of the following special characters are used they must be prefaced with a backslash (\) that masks their usual function. \ [ ] < > | ^ $ If ^ and $ are not used as anchoring characters, that is, not as first or last characters, they are considered ordinary characters and do not need to be masked. Matching characters at the beginning or end of a line If the caret (^) is used as the first character of the pattern, only expressions discovered at the beginning of lines are matched. For example, "^ab" matches the string "ab" in the line "abcde", but not in the line "xabcde". HP Operations Manager (9.00) Page 946 of 1297 Online Help If the dollar sign is used as the last character of a pattern, only expressions at the end of lines are matched. For example, "de$" matches "de" in the line "abcde", but not in the line "abcdex". Matching multiple characters Patterns used to match strings consisting of an arbitrary number of characters require one or more of the following expressions: l <*> matches any string of zero or more arbitrary characters (including separators) l <n*> matches a string of n arbitrary characters (including separators) l <#> matches a sequence of one or more digits l <n#> matches a number composed of n digits l <_> matches a sequence of one or more field separators l <n_> matches a string of n separators l <@> matches any string that contains no separator characters, in other words, a sequence of one or more non-separators; this can be used for matching words l </> matches one or more line breaks l <n/> matches exactly n line breaks Separator characters are configurable for each pattern. By default, separators are the space and the tab characters. Matching two or more different expressions Two expressions separated by the special character vertical bar (|) matches a string that is matched by either expression. For example, the pattern: [ab|c]d matches the string "abd" and the string "cd". Matching text that does not contain an expression The NOT operator ( ! ) must be used with delimiting square brackets, for example: <![WARNING]> The pattern above matches all text which does not contain the string "WARNING". The NOT operator may also be used with complex subpatterns: SU <*> + <@.tty> <![root|[user[1|2]]].from>-<*.ot> The above pattern makes it possible to generate a "switch user" message for anyone who is not user1, user2 or root. Therefore the following would be matched: SU 03/25 08:14 + ttyp2 user11-root However, this line would not be matched, because it contains an entry concerning "user2": SU 03/25 08:14 + ttyp2 user2-root HP Operations Manager (9.00) Page 947 of 1297 Online Help Notice that if the subpattern including the not operator does not find a match, the not operatorbehaves like a <*>: it matches zero or more arbitrary characters. For this reason, the pattern-matching expression: <![1|2|3]> matches any character or any number of characters, except 1, 2, or 3. Mask ( \ ) Operator The backslash ( \ ) is used to mask the special meaning of the characters: [ ] < > | ^ $ A special character preceded by \ results in an expression that matches the special character itself. Notice that because ^ and $ only have special meaning when placed at the beginning and end of a pattern respectively, you do not need to mask themwhen they are used within the pattern (in other words, not at beginning or end). The only exception to this rule is the tab character, which is specified by entering "\t" into the pattern string. Bracket ([ and ]) Expressions The brackets ([ and ]) are used as delimiters to group expressions. To increase performance, brackets should be avoided wherever they are unnecessary. In the pattern: ab[cd[ef]gh] all brackets are unnecessary--"abcdefgh" is equivalent. Bracketed expressions are used frequently with the OR operator, the NOT operator and when using subpatterns to assign strings to variables. Numeric range operators HPOMprovides six numeric range operators that can be used in pattern matching. The operators are used in this way: Operator name Syntax Example/Explanation Less than <[pattern This is a match pattern you provide that returns the number to be compared] -lt n This is the value against which you want to test the number returned by the match pattern> <[<#>] -lt 5> matches every number less than 5 Less than or equal to <[pattern] -le n > <[<#>] -le 5> matches 5 and every number less than 5 Greater than <[pattern] -gt n > <[<#>] -gt 5> matches every number greater than 5 HP Operations Manager (9.00) Page 948 of 1297 Online Help Greater than or equal to <[pattern] -ge n > <[<#>] -ge 5> matches 5 and every number greater than 5 Equal to <[pattern] -eq n > <[<#>] -eq 5> matches 5 or 5.0 Not equal to <[pattern] -ne n > <[<#>] -ne 5> matches every number but 5 and 5.0 The operators can also be combined to produce matches according to ranges of numbers: Matches numbers that belong to the interval, excluding the limits < n -lt [pattern] -lt n > <5 -lt [<#>] -lt 10> matches every number between 5 and 10 ( but not 5 or 10) Matches numbers that belong to the interval, including the limits < n -le [pattern] -le n > <5 -le [<#>] -le 10> matches every number between 5 and 10 (including 5 and 10) Matches numbers that do not belong to the interval, excluding the limits < n -gt [pattern] -gt n > <10 -gt [<#>] - gt 5> matches every number between 5 and 10 ( but not 5 or 10) Matches numbers that do not belong to the interval, < n -ge [pattern] -ge n > <10 -ge [<#>] - ge 5> matches every number between 5 and 10 (including 5 and 10) HP Operations Manager (9.00) Page 949 of 1297 Online Help including the limits Any time you are working with message text pattern-matching, you can use the left and right mouse buttons to insert expression symbols, as follows: 1. Mark the text you want to replace with an expression with the left mouse button. 2. Press the right mouse button for a list of replacement symbol choices. 3. Select the symbol fromthe list. Note that these expressions do nothing unless you replace pattern with a match pattern and n with a number to compare against the value that the match pattern returns. User-defined variables in patterns Any matched string can be assigned to a variable, which can be used to compose messages or used as a parameter for action calls. To define a parameter, add ". parametername " before the closing bracket. The pattern: ^errno: <#.number> - <*.error_text> matches a message such as: errno: 125 - device does not exist and assigns "125" to number and "device does not exist" to error_text. When using these variables, the syntax is <variable_name> (for example, <number>). Rules by which HP Operations assigns strings to variables In matching the pattern <*.var1><*.var2> against the string "abcdef", it is not immediately clear which substring of the input string will be assigned to each variable. For example, it is possible to assign an empty string to var1 and the whole input string to var2, as well as assigning "a" to var1and "bcdef" to var2, and so forth. The pattern matching algorithmalways scans both the input line and the pattern definition (including alternative expressions) fromleft to right. <*> expressions are assigned as few characters as possible. <#>, <@>, <S> expressions are assigned as many characters as possible. Therefore, var1 will be assigned an empty string in the example above. To match an input string such as: this is error 100: big bug use a pattern such as: error<#.errnumber>:<*.errtext> In which: l "100" is assigned to errnumber l "big bug" is assigned to errtext For performance and pattern readability purposes, you can specify a delimiting substring between two expressions. In the above example, ":" is used to delimit <#> and <*>. HP Operations Manager (9.00) Page 950 of 1297 Online Help Matching <@.word><#.num> against "abc123" assigns "abc12" to word and "3" to num, as digits are permitted for both <#> and <@>, and the left expression takes as many characters as possible. Patterns without expression anchoring can match any substring within the input line. Therefore, patterns such as: this is number<#.num> are treated in the same way as: <*>this is number<#.num><*> Using subpatterns to assign strings to variables In addition to being able to use a single operator, such as * or #, to assign a string to a variable, you can also build up a complex subpattern composed of a number of operators, according to the following pattern: <[ subpattern ].var> For instance: <[<@>file.tmp].fname> In the example above, the period ( . ) between "file" and "tmp" matches a similar dot character, while the dot between "]" and "fname" is necessary syntax. This pattern would match a string such as "Logfile.tmp" and assigns the complete string to fname. Other examples of subpatterns are: l <[Error|Warning].sev> l <[Error[<#.n><*.msg>]].complete> In the first example above, any line with either the word "Error" or the word "Warning" is assigned to the variable, sev. In the second example, any line containing the word "Error" has the error number assigned to the variable, n, and any further text assigned to msg. Finally, both number and text are assigned to complete. Pattern matching for variables HPOMenables you to test a string or variable against a pattern, and define an output string that is conditional on the result. You can do this using $MATCH, which has the following syntax: $MATCH(string, pattern, true, [false]) Specify the parameters as follows: string Specify a literal string (for example, TEST STRING) or an HPOMvariable (for example <$LOGPATH>). pattern Specify a pattern, using HPOMpattern matching syntax. You can create user-defined variables in the pattern to use in the parameters true and false. The pattern is case sensitive. true Specify a string to return if the string and pattern match. You can specify a literal string, or a user-defined variable, or an HPOMvariable. false HP Operations Manager (9.00) Page 951 of 1297 Online Help Optional. Specify a string to return if the string and pattern do not match. You can specify a literal string, or a user-defined variable, or an HPOMvariable. Separate each parameter with a comma (,). To specify a comma within a parameter, you must precede it with two backslashes (\\). You can use $MATCH within your policies in the following message attributes: l Service ID l Message type l Message group l Application l Object l Message text l Automatic command l Custommessage attribute Note: You can use $MATCH only once in each message attribute. You cannot use $MATCH recursively. Example A logfile entry policy can monitor a number of log files. The name of path of the log file is available in the HPOMvariable <$LOGPATH>. If part of the log file path corresponds to an application name, you can use $MATCH to set the application message attribute as follows: $MATCH(<$LOGPATH>,<@.application>.log, <application>, Unknown) Examples of pattern matching in rule conditions The following examples show some of the many ways in which the pattern-matching language can be used. l Error Recognizes any message containing the keyword Error at any place in the message. (It is case sensitive by default.) l panic Matches all messages containing panic, Panic, PANIC anywhere in the text of the message, when case sensitive mode is switched off. l logon|logoff Uses the OR operator to recognize any message containing the keyword logonor logoff. l ^getty:<*.msg> errno<*><#.errnum>$ Recognizes any message such as: getty: cannot open ttyxx errno : 6or getty: can't open ttyop3; errno 16 In the example getty: cannot open ttyxx errno : 6, the string "cannot open ttyxx" is assigned to the variable msg. The digit 6 is assigned to the variable errnum. Note that the dollar sign ($) is used as an anchoring symbol to specify that the digit 6 will only be matched if it is at the end of the line. HP Operations Manager (9.00) Page 952 of 1297 Online Help l ^errno[ |=]<#.errnum> <*.errtext> Matches messages such as: errno 6 - no such device or addressor errno=12 not enough core. Note the space before the OR operator. The expression in square brackets matches either this blank space, or the "equals" sign. The space between <#.errnum> and <*.errtext> is used as a delimiter. Although not strictly required for assignments to the variables shown here, this space serves to increase performance. l ^hugo:<*>:<*.uid>: Matches any /etc/passwd entry for user hugo and returns the user ID to variable uid. Notice that ":" in the middle of the pattern is used to delimit the string passed to uid fromthe preceding string. The colon ":" at the end of the pattern is used to delimit the string passed to uid fromthe succeeding group ID in the input pattern. Here, the colon is necessary not only as a speed enhancement, but also as a means of logical separation between strings. l ^Warning:<*.text>on node<@.node>$ Matches any message such as: Warning: too many users on node hpbbx and assigns too many users to text, and hpbbxto node. l ^<*.line1><1/><*.line2><1/><*.line3><1/><*.line4>$ Matches four lines of text, for example: Security ID: S-1-5-21-3358208617-1210941181-189752109-500 Account Name: Administrator Account Domain: EXAMPLE Logon ID: 0x228a2 There is one line break between each line. The pattern assigns each line of text to a variable. l <<#> -le 45> This pattern matches all strings containing a number which is less than or equal to 45. For example, the message: ATTENTION: Error 40 has occurred would be matched. Note that the number 45 in the pattern is a true numeric value and not a string. Numbers higher than 45, for instance, "4545" will not be matched even if they contain the combination, "45". l <15 -lt <2#> -le 87> This pattern matches any message in which the first two digits of a number are within the range 16-87. For instance, the message: Error Message 3299 would be matched. The string: Error Message 9932 would not be matched. l ^ERROR_<[<#.err>] -le 57> This pattern matches any text starting with the string "ERROR_" immediately followed by a number less than, or equal to, 57. For example, the message: ERROR_34: processing stopped would be matched and the string 34 would be assigned to the variable, err. l <120 -gt [<#>1] -gt 20> Matches all numbers between 21 and 119 which have 1 as their last digit. For instance, messages containing the following numbers would be matched: 21, 31, 41... 101... 111 and so on. HP Operations Manager (9.00) Page 953 of 1297 Online Help l Temperature <*> <@.plant>: <<#> -gt 100> F$ This pattern matches strings such as: "Actual Temperature in Building A: 128 F". The letter "A" would be assigned to the variable, plant. l Error <<#> -eq 1004> This pattern matches any message containing the string "Error" followed by a space and the sequence of digits, "1004". For example, Warning: Error 1004 has occurredwould be matched by this pattern. However, Error 10041 would not be matched by this pattern. l WARNING <<#> -ne 107> This pattern matches any message containing the string "WARNING" followed by a space and any sequence of one or more digits, except "107". For example, the message: Application Enterprise (94/12/45 14:03): WARNING3877 would be matched. Test pattern matching HP Operations provides the ability to test the match patterns that you write for your policies. You can test either individual patterns, or all the patterns in one policy. It is a good idea to test the pattern matching in your rules, to make sure that the policy actually produces the kinds of messages that you want to receive. 1. To test all rules, select the Rules tab in the policy editor and select Matching test.. To test one rule, right-click in the text box that contains the pattern you want to test, and select Matching test... The match patterns fromall rules in the policy are visible in the upper window, titled Patterns to test. 2. Click Copy from file..., navigate to a file that contains text against which you want to test your patterns, and click OK. The file will be visible in the Lines to match dialog. If you don't want to load an entire file, you can select Add Line... and type a few lines that you can use for the test. You can edit the lines in the window if you want to change the test. 3. Click Test patterns and all the patterns will be tested against the lines to match. The Status column indicates if the one of the patterns matched each line, and the Rule No. column indicates which rule or rules matched. If you did not get the results that you expected, you can double-click any pattern or line to match, modify it, and try again. Note: Remember that the rule order is important. If rule number 1 matches a line, that line will not be tested against any other rule. 4. If you want to use the changes you have made, click Apply changes.... Environment variables On nodes that have a Windows operating system, the agent installation creates several environment variables. These are user environment variables for the account that runs the agent, and therefore are not visible to other users. You can use these in scripts, tools, and commands that run on the node. Directory HTTPS agents DCE agents HPOMagent installation directory %OvAgentDir% HP Operations Manager (9.00) Page 954 of 1297 Online Help HP BTOSoftware installation directory %OvInstallDir% HP BTOSoftware data directory %OvDataDir% Directory that contains the agent's Perl interpreter %OvPerlADir% N/A Location of the agent's Perl interpreter N/A %OvPerlBin% HP Operations Manager (9.00) Page 955 of 1297 Online Help Policy objects for scripts The objects listed here are available for each policy and can be manipulated with Visual Basic Scripting Edition or with Perl. These policy objects can only be used in scripts that run within a policy. They cannot be used in standalone scripts that are executed fromthe command line. Caution: Policy scripts provide administrators with a powerful tool to evaluate and manipulate data. If, however, a script is incorrectly written, it could cause the agent to fail. Hewlett- Packard Company is not responsible for agent failures resulting fromincorrectly written scripts. Policy object This object is used to access the attributes of a policy. Policy Method: Source Parameter: name (The Short name indicated in the policy's source properties.) Return Type: VB Script: IDispatch object of type "Source" (This is the default method for the Policy object.) Perl: source object VBScript Syntax: Policy.Source("name") Perl Syntax: $Policy->Source("name"); Description : Returns the source object for the defined source and metric. Measurement type sources must use a separate source for each metric. Note: To improve performance, assign the source object to a variable instead of using the Source method every time it is needed. PolicyMethod: Name Parameter: void ReturnType: VB Script: BSTR Perl: string VBScriptSyntax: Policy.Name() Perl Syntax: $Policy->Name(); Description: Returns the name of the policy that started the script. Policy Method: CreateObject Parameter: progID (string of format: [Vendor.]Component[.Version] ) Return Type: VB Script: IDispatch Perl: not applicable HP Operations Manager (9.00) Page 956 of 1297 Online Help VBScript Syntax: Policy.CreateObject("progID") Perl Syntax: not applicable Description : Creates a component instance of a COMobject. Note that this method is valid only on Windows nodes, and cannot be used in a Perl script. Policy Method: SourceEx Parameter: expression (See Description, below, for valid expressions.) Return Type: VB Script: IDispatch object of type "Source" Perl: source object VBScript Syntax: Policy.SourceEx("expression") Perl Syntax: $Policy->SourceEx("expression"); HP Operations Manager (9.00) Page 957 of 1297 Online Help Description : l NTPERFMON\\Object\\Counter\\Instance Access a perflib metric (not supported on UNIX nodes). Object, Counter, and Instance are strings as specified in the current monitor configuration for NT performance monitors. Example: NTPERFMON\\Process\\Elapsed Time\\* l SNMP\\object id[\\hostname] Performan SNMP get on the specified object id (OID). By default, the collection will be done on the managed node but can be elsewhere if the optional hostname is given. For SNMP, the method will have to wait until the value is returned which might take some time. Example: SNMP\\.1.3.6.1.2.1.1.7.0\\onion.veg.com l PROGRAM\\command[\\monname] Run the specified command or script for gathering the monitored value. The command or script must at some point run the opcmon command to return the value associated with the monitor. If no monitor name is specified, then the default DynPROGRAMmust be used. For example, to specify the monitor mymonname: opcmon mymonname=value; to specify the default, opcmon DynPROGRAM=value. Examples: PROGRAM\\opcmon DynPROGRAM=12 PROGRAM\\opcmon testmon=25\\testmon l EXTERNAL[\\monname] Wait for a value returned by the execution of the opcmon command. This is similar to the PROGRAMexpression but a command is not directly carried out. An external command previously triggered by the ExecuteCommand object must provide the monitor value. The default value is DynEXTERNAL (opcmon DynExternal=10) Examples: EXTERNAL EXTERNAL\\testmon l WBEM\\namespace\\class name\\property name WMI interface (not supported on UNIX nodes). Get access to WBEMvalues. Namespace, class name and property name are strings as specified in the current monitor configuration for WBEM.Example: WBEM\\ROOT\CIMV2\\Win32_PerfRawData_PerfDisk_ LogicalDisk\\DiskReadBytesPersec l CODA\\data source\\collection\\metric name Query a metric fromthe embedded performance component. Data source, collection and metric name are strings as specified in the monitor configuration for the embedded performance component. Currently if the data source is empty, the string Coda will be used. Example: CODA\\\\CPU\\BYCPU_CPU_ TOTAL_UTIL You can view a of list of available metrics in the HP Performance Agent Dictionary of Operating SystemPerformance Metrics which is available at HP Software Product Manuals. (Select the product Performance Agent, the required version, OS, and language.) Note: In Perl, the backslash character '\' is an escape code. A backslash is only introduced in a string when preceded by another backslash. Because of this, tokens in expressions need to be separated by quadruple backslashes '\\\\'. Example for Perl: my $TestSource = $Policy- >SourceEx("PROGRAM\\\\/tmp/script.sh\\\\testmon"); HP Operations Manager (9.00) Page 958 of 1297 Online Help Policy Method: SourceExTimeout Parameter: seconds (integer) Return Type: VB Script: void Perl: void VBScript Syntax: Policy.SourceExTimeout(seconds) Perl Syntax: $Policy->SourceExTimeout(seconds); Description : Specifies the maximumamount of time, in seconds, the SourceEx and SourceCollection methods will wait before a value is returned. Default is 30 seconds. Policy Method: Execute Parameter: command (string) Return Type: VB Script: void Perl: void VBScript Syntax: Policy.Execute("command") Perl Syntax: $Policy->Execute("command"); Description : Run the specified command asynchronously. The command is executed in the context of agent security, so could be run as Local Systemor any other user- selected user to run the agent. The method will return immediately. See the ExecuteCommand method Command for more information about how to indicate commands. Policy Method: Output Parameter: string Return Type: VB Script: void Perl: void VBScript Syntax: Policy.Output("string") Perl Syntax: $Policy->Output("string"); Description : Appends the string to the annotation field of the message sent to the message browser in response to the success or failure of a scheduled task. This method is valid only for scheduled task policies. HP Operations Manager (9.00) Page 959 of 1297 Online Help Policy Method: ExecuteEx Parameter: command (string) Return Type: VB Script: BSTR Perl: string VBScript Syntax: Policy.ExecuteEx("command") Perl Syntax: $Policy->ExecuteEx("command"); Description : Run the specified command synchronously and wait for it to complete before returning the output of the command. The command is executed in the context of agent security, so could be run as Local Systemor any other user-selected user to run the agent. If the command is successful, STDOUT is returned. If the command is not successful (return value non-zero), the string "ERROR:\n" followed by STDERR will be returned. Note that you must either use complete paths or ensure that any needed path is included in the PATH variable. Example: dir_con = Policy.ExecuteEx ("cmd /c dir c:\") Policy Method: StoreCollection Parameters : l expression: (An embedded performance component metric in the format: CODA\\data source\\collection\\metric name[\\category]) l sourceobj: (Any valid source object) Return Type: VB Script: void Perl: void VBScript Syntax: Policy.StoreCollection("expression", sourceobj) Perl Syntax: $Policy->StoreCollection("expression", sourceobj); Category Type: Describes available category types. UNDEFINED Ignored NOTAPPLICABLE Ignored KEY Columns that uniquely identify instances of an object. ATTRIBUTE Static definitions or values, such as the OS name, version, release, physical memory, and CPU clock speed. HP Operations Manager (9.00) Page 960 of 1297 Online Help DELTA Show the activity during the last interval, such as intervalized counts,rates, and utilizations. GAUGE Numeric value that shows the current use or value at the time of the observation, such as the run queue, number of users, and files systemspace utilization. COUNTER Cumulative counts of activity, such as CPU times, physical IOs, paging, network packet counts, and interrupts. Description : Stores the source object into the embedded performance component data source identified by the expression. Example: Policy.StoreCollection "CODA\\DBSPI\\TABLE\\SPACE",Source Policy Method: SourceCollection Parameters : l expression: An embedded performance component metric in the format: CODA\\data source\\collection\\metric name. l rangeofseconds: The number of seconds for which metrics should be returned. l endtime: End time for rangeofseconds. The format of time is of type DATE for VB Script or a string (format DD/MM/YYYY HH:MM:SS) for Perl. The date is optional. Return Type: VB Script: IDispatch object of type "Source" Perl: source object VBScript Syntax: Policy.SourceCollection ("expression", rangeofseconds, endtime) Perl Syntax: $Policy->SourceCollection ("expression", rangeofseconds, endtime); Description : Returns the source object containing all values collected by the specified embedded performance component metric. For each instance, all metrics collected between the expression "endtime - rangeofseconds" and "rangeofseconds" will be returned. If endtime is 0 (NULL for Perl) it is evaluated with the current time. Example: Policy.SourceCollection ("CODA\\\\CPU\\BYCPU_CPU_ TOTAL_UTIL",300,0)The number of seconds specified should usually be less than 3600 (one hour), since retrieving a large number of values takes time and consumes resources. Source object The source object is used to access the current values of the metrics. The source object instances can be created by any method that returns the source object. Source Method: Value HP Operations Manager (9.00) Page 961 of 1297 Online Help Parameter: void Return Type: VB Script: variant (This is the default method for the Source object.) Perl: string VBScript Syntax: Sourceobj.Value() Perl Syntax: $Sourceobj->Value(); Description: Current instance value if the option Process each instance separately is selected in the policy's processing options. Source Method: Name Parameter: void Return Type: VB Script: BSTR Perl: string VBScript Syntax: Sourceobj.Name() Perl Syntax: $Sourceobj->Name(); Description : Returns the name of the current instance if option Process each instance separately is selected in the processing options of the measurement threshold policy. SourceMethod: InstanceCount Parameter: void ReturnType: VB Script: Int Perl: integer VBScriptSyntax: Sourceobj.InstanceCount() Perl Syntax: $Sourceobj->InstanceCount(); Description: Returns the number of instances that the source has. Source Method: Count Parameter: void ReturnType: VB Script: Int Perl: integer VBScript Syntax: Sourceobj.Count() Perl Syntax: $Sourceobj->Count(); HP Operations Manager (9.00) Page 962 of 1297 Online Help Description: Same as InstanceCount. This parameter exists to provide backwards compatibility. Source Method: Item Parameter: index Return Type: VB Script: IDispatch object of type "Source" Perl: source object VBScript Syntax: Sourceobj.Item(index) Perl Syntax: $Sourceobj->Item(index); Description : Access to the instance defined by the index. The index is a number from0 to InstanceCount - 1. The returned source object can be extracted using the Value and Name methods. This parameter exists to provide backwards compatibility. Source Method: ValueOf Parameter: index (integer) Return Type: VB Script: variant Perl: string VBScript Syntax: Sourceobj.ValueOf(index) Perl Syntax: $Sourceobj->ValueOf(index); Description : Direct access to the value of the instance defined by the index. This method is useful for looping over all instances, if the option Process all instances once is defined. The index is a number from0 to InstanceCount - 1. Source Method: NameOf Parameter: index (integer) Return Type: VB Script: BSTR Perl: string VBScript Syntax: Sourceobj.NameOf(index) Perl Syntax: $Sourceobj->NameOf(index); Description : Direct access to the name of the instance defined by the index. The index is a number from0 to InstanceCount - 1. This method is useful for looping over all HP Operations Manager (9.00) Page 963 of 1297 Online Help instances, if the option Process all instances once is selected in the policy's processing options. Source Method: Top Parameter: number Return Type: VB Script: IDispatch object of type "Source" Perl: source object VBScript Syntax: Sourceobj.Top(number) Perl Syntax: $Sourceobj->Top(number); Description : Returns a new source object instance that contains only the instances with the <number> highest values. For example, if these three instances exist: c: = 90%; d = 80%; e = 40% then Sourceobj.Top(2) returns c: and d:. Source Method: Bottom Parameter: number Return Type: VB Script: IDispatch object of type "Source" Perl: source object VBScript Syntax: Sourceobj.Bottom(number) Perl Syntax: $Sourceobj->Bottom(number); Description : Returns a new source object instance that contains only the instances with the <number> lowest values. For example, if these three instances exist: c: = 90%; d = 80%; e = 40% then Sourceobj.Bottom(2) will return d: and e:. Source Method: Exclude Parameter: namepattern, valuepattern Return Type: VB Script: IDispatch object of type "Source" Perl: source object VBScript Syntax: Sourceobj.Exclude("namepattern", "valuepattern") Perl Syntax: $Sourceobj->Exclude("namepattern", "valuepattern"); Description : Returns a new source object instance excluding values specified by the patterns. You can specify two parameters, one for the name of the variable (type, object, and HP Operations Manager (9.00) Page 964 of 1297 Online Help instance) and one for the value. Specify NULL if no matching is required for one argument. Patterns should be valid HPOMpattern-matching expressions. Source Method: Include Parameter: namepattern, valuepattern Return Type: VB Script: IDispatch object of type "Source" Perl: source object VBScript Syntax: Sourceobj.Include("namepattern", "valuepattern") Perl Syntax: $Sourceobj->Include("namepattern", "valuepattern"); Description : Returns a new source object instance including only values specified by the patterns. You can specify two parameters, one for the name of the variable (type, object, and instance) and one for the value. Specify NULL if no matching is required for one argument. Patterns should be valid HPOMpattern-matching expressions. SourceMethod: Time Parameter: void ReturnType: VB Script: DATE Perl: string (format: DD/MM/YYYY HH:MM:SS) VBScriptSyntax: Sourceobj.Time() Perl Syntax: $Sourceobj->Time(); Description: Returns the time when the expression was evaluated. Source Method: TimeOf Parameter: index (integer) Return Type: VB Script: DATE Perl: string (format: DD/MM/YYYY HH:MM:SS) VBScript Syntax: Source.TimeOf(index) Perl Syntax: $Sourceobj->TimeOf(index); Description : Returns the time when the expression was evaluated for a specific instance. The index is a number from0 to InstanceCount - 1. Source Method: Add Parameter: instancename, value HP Operations Manager (9.00) Page 965 of 1297 Online Help Return Type: VB Script: void Perl: void VBScript Syntax: Sourceobj.Add "instancename:",value Perl Syntax: $Sourceobj->Add("instancename:",value); Category Type: Describes available category types. UNDEFINED Ignored NOTAPPLICABLE Ignored KEY Columns that uniquely identify instances of an object. ATTRIBUTE Static definitions or values, such as the OS name, version, release, physical memory, and CPU clock speed. DELTA Show the activity during the last interval, such as intervalized counts,rates, and utilizations. GAUGE Numeric value that shows the current use or value at the time of the observation, such as the run queue, number of users, and files systemspace utilization. COUNTER Cumulative counts of activity, such as CPU times, physical IOs, paging, network packet counts, and interrupts. Description : Adds the instance name to the source object and sets the value. If this instance is already part of the source object, the new instance will not be added and the value will be replaced. This method can be used on a newly created object or an object retrieved fromany method returning a source object. This method is used to store data into the embedded performance component. VB Script example: set Sourceobj = Policy.CreateObject("Ito.OvEpScriptMetric") Sourceobj.Add "a:",10 Sourceobj.Add "b:",25 Policy.StoreCollection "CODA\\floppy\\disk\\space\\\\gauge",Sourceobj Perl example: my $Sourceobj = new Source; $Sourceobj->Add("a:",10); $Sourceobj->Add("b:",25); $Policy- >StoreCollection("CODA\\\\floppy\\\\disk\\\\space\\\\gauge",$Sourceobj); SourceMethod: DataAvailable Parameter: void ReturnType: VB Script: Boolean Perl: integer HP Operations Manager (9.00) Page 966 of 1297 Online Help VBScript Syntax: Sourceobj.DataAvailable Perl Syntax: $Sourceobj->Sourceobj.DataAvailable; Description: Returns TRUE if the source object contains any value, otherwise, returns FALSE. SourceMethod: ValueOfInstance Parameter: instancename ReturnType: VB Script: variant Perl: string VBScriptSyntax: Sourceobj.ValueOfInstance("instancename") Perl Syntax: $Sourceobj->ValueOfInstance("instancename"); Description: Direct access to the value of the instance defined by the instance name. Session object The Session object can be used to store data and to access it later within the script running at a different interval. The session object can also be used to transfer data fromthe script to the policy actions using the action variable <$SESSION(KEY)>. The Session object is unique for each policy. Session Method: IsPresent Parameter: key Return Type: VB Script: Boolean Perl: integer VBScript Syntax: Session.IsPresent("key") Perl Syntax: $Session->IsPresent("key"); Description : Returns TRUE if a value for key exists. Returns FALSE if no value for key exists. Keys are set with the Session.Value method. SessionMethod: Remove Parameter: key ReturnType: VB Script: void Perl: void VBScriptSyntax: Session.Remove("key") Perl Syntax: $Session->Remove("key"); Description: Removes the key specified fromthe session object. HP Operations Manager (9.00) Page 967 of 1297 Online Help SessionMethod: RemoveAll Parameter: void ReturnType: VB Script: void Perl: void VBScriptSyntax: Session.RemoveAll() Perl Syntax: $Session->RemoveAll(); Description: Removes all keys fromthe session object. SessionMethod: Value Parameter: key value (for Perl only) ReturnType: VB Script: variant (This is the default method for the Session object.) Perl: string VBScriptSyntax: for put: Session.Value("key")=value for get: value=Session.Value("key") Perl Syntax: for put: $Session->Value("key","value"); for get: Value = $Session->Value("key"); Description: Gets or puts a value for the defined key. Rule object The Rule object is used to indicate to the policy whether a threshold has been crossed or not. TRUE = threshold crossed, FALSE = threshold not crossed. Rule Method: Status Parameter: void Return Type: VB Script: Boolean Perl: integer VBScript Syntax: for put: Rule.Status = boolvalue for get: boolvalue = Rule.Status Perl Syntax: for put: $Rule.Status(boolvalue); for get: boolvalue = $Rule.Status(); Description : Puts or gets the value for threshold status. For scheduled task policies, FALSE indicates that the scheduled task failed. ConsoleMessage object The ConsoleMessage object provides a method for sending messages directly to the message browser. Messages sent in this way will not be intercepted by an open message interface policy, but instead will be sent directly to the management server (message will go to MSI, if configured). The specified message will be sent to the message agent. Multiple uses of the Send method are HP Operations Manager (9.00) Page 968 of 1297 Online Help supported. The same script can then send multiple messages to the HP Operations Manager console depending on which problemit detects. Note: You cannot use action variables with the ConsoleMessage object. ConsoleMessage Method: Application Parameter: application (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.Application = "application" Perl Syntax: $ConsoleMessage->Application("application"); Description: This optional method sets the content of Application in the general message properties of the message sent to the browser. ConsoleMessage Method: Object Parameter: object (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.Object = "object" Perl Syntax: $ConsoleMessage->Object("object"); Description: This optional method sets the content of Object in the general message properties of the message sent to the browser. ConsoleMessageMethod: MsgText Parameter: msgtext (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.MsgText = "msgtext" Perl Syntax: $ConsoleMessage->MsgText("msgtext"); Description: This method sets the message text for the message that is sent. ConsoleMessage Method: Severity Parameter: severity (valid strings are: Unknown|Normal|Warning|Minor|Major|Critical) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.Severity = "severity" Perl Syntax: $ConsoleMessage->Severity("severity"); Description: Sets the severity of the message that is sent. If not specifically set with this HP Operations Manager (9.00) Page 969 of 1297 Online Help method, the default is Normal. If an invalid string is supplied, severity Unknown will be used. ConsoleMessage Method: MsgGrp Parameter: messagegroup (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.MsgGrp = "messagegroup" Perl Syntax: $ConsoleMessage->MsgGrp("messagegroup"); Description: Sets the value for the Message Group in general message properties of the message sent to the browser. If this method does not supply a value, Misc is used. ConsoleMessage Method: Node Parameter: nodename (IP address or fully qualified hostname) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.Node = "nodename" Perl Syntax: $ConsoleMessage->Node("nodename"); Description: Sets the value for Primary Node Name that will be displayed in the general message properties of the message sent to the browser. IP addresses and fully qualified hostnames are valid. If this method does not supply a value, the hostname of the managed node is used by default. ConsoleMessageMethod: ServiceId Parameter: serviceid (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.ServiceId = "serviceid" Perl Syntax: $ConsoleMessage->ServiceId("serviceid"); Description: This optional method sets the Service ID for the message. ConsoleMessage Method: MessageType Parameter: messagetype (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.MessageType = "messagetype" Perl Syntax: $ConsoleMessage->MessageType("messagetype"); HP Operations Manager (9.00) Page 970 of 1297 Online Help Description: This optional method sets the value for the message type field of the general message properties of the message sent to the browser. ConsoleMessageMethod: MessageKey Parameter: messagekey (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.MessageKey = "messagekey" Perl Syntax: $ConsoleMessage->MessageKey("messagekey"); Description: This optional methods sets a key for message correlation. ConsoleMessage Method: AcknowledgeMessageKey Parameter: messagekey (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.AcknowledgeMessageKey = "messagekey" Perl Syntax: $ConsoleMessage->AcknowledgeMessageKey("messagekey"); Description: This optional method sets the message key to indicate which messages are automatically acknowledged in the browser. ConsoleMessage Method: TroubleTicket Parameter: Booleanvalue ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.TroubleTicket = Booleanvalue Perl Syntax: $ConsoleMessage->TroubleTicket(Booleanvalue); Description: This optional method specifies if the message is to be sent to a trouble ticket interface. Default is FALSE. ConsoleMessage Method: Notification Parameter: Booleanvalue ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.Notification = Booleanvalue Perl Syntax: $ConsoleMessage->Notification(Booleanvalue); Description: This optional method specifies if the message is sent to the notification mechanism. Default is FALSE. HP Operations Manager (9.00) Page 971 of 1297 Online Help ConsoleMessage Method: AgentMSI Parameter: type (valid strings are: copy|divert|none) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.AgentMSI = "type" Perl Syntax: $ConsoleMessage->AgentMSI("type"); Description: This optional method specifies if the message is to be sent through the message streaminterface on the agent. Default (or if string misspelled) is none. ConsoleMessage Method: ServerMSI Parameter: type (valid strings are: copy|divert|none) ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.ServerMSI = "type" Perl Syntax: $ConsoleMessage->ServerMSI("type"); Description: This optional method specifies if message is sent through the message streaminterface on the server. Default (or if string misspelled) is none. ConsoleMessage Method: Send Parameter: void ReturnType: VB Script: void Perl: void VBScriptSyntax: ConsoleMessage.Send() Perl Syntax: $ConsoleMessage->Send(); Description: This method sends the message to the management server. The MsgText method must set the message text before using this method. Multiple uses of the Send method are supported. HP Operations variables will not be expanded. ExecuteCommand object Object used for requesting a command to be run. It starts a command to be run by the HP Operations agent. ExecuteCommand Method: Command Parameter: command (string) ReturnType: VB Script: void Perl: void HP Operations Manager (9.00) Page 972 of 1297 Online Help VBScriptSyntax: ExecuteCommand.Command = "command" Perl Syntax: $ExecuteCommand->Command("command"); Description: This mandatory method is the name of the command to run with all necessary parameters. NOTE: For scripts that will run on Windows nodes, internal commands such as Copy, Rename, and DIR use a command interpreter that must be started before the command can be run. For commands of this type, the command must be preceded with cmd /k, followed by any other parameters required. ExecuteCommand Method: KillonTimeout Parameter: seconds (integer) ReturnType: VB Script: void Perl: void VBScriptSyntax: ExecuteCommand.KillonTimeout = seconds; Perl Syntax: $ExecuteCommand->KillonTimeout(seconds); Description: This method sets the maximumtime, in seconds, that the command will run. The default is unlimited. Valid only with the StartEx method. ExecuteCommand Method: UserName Parameter: username (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ExecuteCommand.UserName = "username" Perl Syntax: $ExecuteCommand->UserName("username"); Description: User name under which the command should be run. Optional, default is $AGENT_USER. ExecuteCommand Method: Password Parameter: password (string) ReturnType: VB Script: void Perl: void VBScriptSyntax: ExecuteCommand.Password = "password" Perl Syntax: $ExecuteCommand->Password("password"); HP Operations Manager (9.00) Page 973 of 1297 Online Help Description: Password for accessing the specified user account. To prevent the password frombeing visible in the script, use the following instructions: 1. Open a command prompt. 2. Change directory to the agent install directory. By default, this directory is: \Program Files\HP\HP BTO Software\Installed Packages\{790C06B4-844E-11D2-972B- 080009EF8C2A}\bin\OpC\install 3. Encrypt your password with the command: opcpwcrpt yourpassword 4. Use the output string as the password in your script. In some cases it is better not to supply a password. Should I provide the password or not? Executing the command without the password is the easier of the two methods, but it has some restrictions that make it unsuitable in some situations. The lists below show the restrictions and advantages of both methods. Without a password: l For Windows nodes, resources accessed through the network are not available. l For Windows nodes, if a domain user is specified, the agent must be installed on the domain controller that authenticates the user. In Windows 2000 domains, the agent must be installed on the PDC Primary Domain Controller and the BDC Backup Domain Controller of the user domain and both must have been restarted once. l For all nodes, changed passwords do not invalidate the policy. With a password: l For all nodes, resources accessed through the network are available. l For all nodes, the encrypted password is sent over the network. l For all nodes, if the password changes, the policy must be updated and redeployed. ExecuteCommand Method: Start Parameter: void ReturnType: VB Script: void Perl: void VBScriptSyntax: ExecuteCommand.Start() Perl Syntax: $ExecuteCommand->Start(); HP Operations Manager (9.00) Page 974 of 1297 Online Help Description: Run the command specified by ExecuteCommand.Command and return immediately the control to the script so the next lines can be processed right away. ExecuteCommand Method: StartEx Parameter: void ReturnType: VB Script: BSTR Perl: String VBScriptSyntax: ExecuteCommand.StartEx Perl Syntax: $ExecuteCommand->StartEx(); Description: Run the command ExecuteCommand.Command and wait until it finishes. If the command is successful, STDOUT is returned. If the command is unsuccessful (return value non-zero) the string "ERROR:\n" followed by STDERR is returned. Commands can be run synchronously or asynchronously, as needed. Multiple uses of the Start method are supported. This way, the same script can trigger multiple external commands. Related topics l "Pattern matching" (on page 946) l View general message properties HP Operations Manager (9.00) Page 975 of 1297 Online Help Developing server policies In HPOM, a policy is a set of configuration information that enables you to automate network and systemadministration. HPOMadministrators can deploy policies to computers in a managed network to provide consistent, automated administration across the network. HPOMprovides several different policy types. Each type of policy enables you to performa different monitoring or configuration task. HPOMprovides policy editors, which enable you to create new policies, or modify existing policies to suit your requirements. There is a different policy editor for each policy type. The following policy types enable you to performconfiguration tasks on a management server: "Remote Action Security Policies " (on page 977) By default, any node can send a message with a remote automatic action, and the management server runs that action on the remote node. However, you can configure a management server to allow or deny remote automatic action requests. You do this using a remote action security policy. Remote Action Security policies are deployed to the management server. "Server-based Flexible Management Policies" (on page 981) Server-based flexible management enables you to forward messages, message operations, and action responses fromone management server to another. Server-based flexible management policies are deployed to the management server. "Server-based MSI Policies" (on page 1011) The server-based Message StreamInterface (MSI) enables programs external to the HPOM message and action server to read and change incoming messages before they are stored in the HPOMdatabase. Server-based MSI policies are deployed to the management server. HP Operations Manager (9.00) Page 976 of 1297 Online Help Developing server policies Remote Action Security Policies A node can run a remote automatic action on another node by sending a message to a management server. The message specifies the automatic action and a target node. By default, any node can send a message with a remote automatic action, and the management server runs that action on the remote node. However, you can configure a management server to allow or deny remote automatic action requests. You do this using a remote action security policy. The policy can contain exceptions, so that the management server allows or denies remote automatic action requests for specific nodes. For example, you might want to restrict remote automatic actions in the following situations: l If local administrators of managed nodes cannot be trusted, you may want to deny remote automatic actions fromthese nodes. l If you are managing multiple customers, organizations, or departments, you may want to allow automatic actions only between nodes in the same domain. After you create a remote action security policy, you must deploy it to the management server that you want to configure. In previous versions of HPOM, you could configure remote action security using registry keys. After you upgrade the management server, these registry keys still take effect. You can reconfigure themusing the Server Configuration dialog box. However, if you deploy a remote action security policy to the management server, the policy overrides the existing registry keys. Note: Remote action security policies determine whether a management server starts remote automatic actions. Remote action security policies do not prevent users fromstarting remote automatic actions manually. They also do not prevent users fromstarting remote operator-initiated actions. You can configure user roles to prevent users fromstarting actions on specific nodes. You can also configure the management server to remove all message actions. 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Message Action Server Message Filter. 3. Select the Expert mode check box. A full list of values appears. 4. Set the value of Remove all message actions to true. The management server removes all operator-initiated actions and remote automatic actions fromall incoming messages. The management server does not remove local automatic actions, because these actions start automatically on the node. However, when the value of Remove all message actions is true, the management server prevents users fromrestarting local automatic actions. 5. Click OK. Related topics l Configuring user roles HP Operations Manager (9.00) Page 977 of 1297 Online Help Create a remote action security policy You can configure a management server to allow or deny remote automatic action requests using a remote action security policy. To create a remote action security policy 1. In the console tree, under Policy management Policies grouped by type Server policies, right-click Remote Action Security and then click New Policy. The remote action security policy editor opens. 2. In the General tab, click one the following options: n Deny all actions No remote automatic actions are allowed. n Allow actions Remote automatic actions are allowed. Optional. HTTPS agents run policies that the management server secures using certificates. If someone tampers with a policy or the action that it contains, the policy becomes invalid. To allow remote automatic actions fromHTTPS agents only, select the Only certified check box. No remote automatic actions fromDCE agents are allowed. 3. Optional. Set exceptions. For more information, see Set exceptions for a remote action security policy. 4. Save the policy, and then deploy it to the management server that you want to configure. Set exceptions for a remote action security policy A remote action security policy can contain exceptions, which allow or deny remote automatic actions for specific source and target nodes. These exceptions override your choices on the General tab. After you the deploy the remote action security policy to a management server, the management server evaluates the remote automatic actions in incoming messages against the exceptions. It evaluates the exceptions in the order that you specify, and applies the first exception that matches. If no exception matches, the management server allows or denies the action according to your choices on the General tab. To set exceptions for a remote action security policy 1. In the remote action security policy editor, click the Exceptions tab. 2. Click New.... The Exception properties dialog box opens. 3. Optional. Type a short Description to identify the exception. 4. Specify source nodes. You can either select specific nodes or node groups, or specify a pattern that matches the names of many nodes or node groups. n To select specific nodes: i. Click Add Nodes .... A dialog box opens that contains a tree of nodes and node groups. HP Operations Manager (9.00) Page 978 of 1297 Online Help ii. Select individual nodes or node groups. (You can select node groups in this dialog box to quickly add all the individual nodes in that are currently in the group.) iii. Click OK. n To select specific node groups: i. Click Add Group .... A dialog box opens that contains a tree of node groups. ii. Select node groups, and then click OK. n To specify a pattern to match the names of nodes or node groups: i. Click Add Pattern.... The Edit Node / Group dialog box appears. ii. Type a Matching string. The string can contain any characters and pattern matching expressions. You can type the pattern or insert expressions by clicking the > button, and then clicking Matching expressions. Click one of the expressions that appears. iii. Click Type to select the whether to apply the match string to node name or node group. iv. Click OK. To change an existing match string, click it in the list, and then click Edit.... 5. Click the Target tab, and then specify target nodes. In the same way that you specify source nodes, you can either select specific target nodes or node groups, or specify a pattern that matches the names of many nodes or node groups. 6. To allow actions if the target node is the same as the node that sent the message, in the Target tab, select the on source node check box. Normally, if the target node of an automatic-action is the same as the node that is sending the message, the agent runs the action immediately on the node, and the management server receives the action response. However, in some cases the agent does not run the action automatically and the management server is responsible for starting the automatic-action remotely. This can happen, for example, if the action contains variables that the management server must resolve, or if a message passes through the message streaminterface on the agent. This check box enables you to allow this type of remote action. 7. In Policy action choose one of the following options: n Click Deny to disallow remote automatic actions when the source and target node match the criteria in this exception. n Click Allowto allow remote automatic actions when the source and target node match the criteria in this exception. Optional. HTTPS agents run policies that the management server secures using certificates. If someone tampers with an policy or the action that it contains, the policy becomes invalid. To allow remote automatic actions fromHTTPS agents only, select the Only certified check box. No remote automatic actions fromDCE agents are allowed. 8. Click OK. You return to the remote action policy editor. 9. Optional. Add further exceptions. To reorder the exceptions, click an exception in the list, and then click Move Up or Move Down. 10. Save the policy, and then deploy it to the management server that you want to configure. HP Operations Manager (9.00) Page 979 of 1297 Online Help Reconfigure registry keys for remote action security This version of HPOMenables you to configure remote action security using server policies. In previous versions of HPOM, you could configure remote action security using registry keys. After you upgrade the management server, these registry keys still take effect. You can reconfigure them using the Server Configuration dialog. However, if you deploy a remote action security policy to the management server, this will override the existing registry keys. To reconfigure registry keys for remote action security 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click Remote Action Handling. A list of values appears. 3. Optional. Set the value of Enable remote actions to true or false. If you set this value to false, the management server denies all remote automatic actions. The management server allows automatic actions on the node that the message originates from. This does not prevent users fromstarting remote operator-initiated actions. 4. Optional. In Allow remote actions from specific nodes, type a comma-separated list of primary node names without spaces. The management server allows remote automatic actions fromthese nodes, even if the value of Enable remote remote actions is false . The default value is an empty string, which means that the management server denies all remote automatic actions. 5. Click Apply. HP Operations Manager (9.00) Page 980 of 1297 Online Help Server-based Flexible Management Policies Server-based flexible management enables you to forward messages between multiple management servers. After a management server forwards a message, you can keep it up to date on all management servers by configuring themto forward message operations, for example, ownership changes and acknowledgements. Management servers can also forward action responses, which contain information about the success or failure of operator-initiated and automatic actions. Competence centers If you operate in a large enterprise with multiple management servers distributed over a wide area, specialist knowledge relating to a specific subject is not always available locally. For example, your organization might have a center responsible for all operating system-related problems. In addition, another center of expertise may be responsible for a database, which is used company-wide. A competence center hierarchy distributes responsibility for managed nodes. Regional management servers are not solely responsible for managed nodes. Instead, messages about specific subjects go to a competence center management server, where expertise exists to solve similar problems for all managed nodes. You can configure competence centers using agent-based or server-based flexible management, or both. Server-based flexible management enables you to configure regional management servers to forward some messages to other servers in your network. You can configure your regional management servers to forward messages to the management servers of your choice anywhere in your network, based on message attributes such as originating node or application. In the figure below all regional management servers forward all database messages to the database competence center management server. Message operations (for example acknowledge, own, severity change) are synchronized between regional management servers, competence center management servers, and the central HP Operations Manager (9.00) Page 981 of 1297 Online Help management server. This way the message states are always kept synchronized across the whole enterprise environment. The advantages of configuring competence centers with server-based flexible management are: l You do not need to configure the nodes, because the target for the messages is decided on the regional management servers. l The messages forwarded to competence center management servers are also visible on (and synchronized with) the regional management servers, so you have the full context of messages on the regional management servers. By default, management servers communicate using the HTTPS protocol, but you can configure communication using the DCE protocol if necessary. HPOMfor Windows 8.10 and higher supports server-based flexible management with the following management server versions: HTTPS-based DCE-based HPOM for Windows 7.50 N Y HPOM for Windows 8.10 Y Y HPOM on UNIX 7.10 patch level A.07.17 (PHSS_29548) or higher N Y HPOM on UNIX 8.10 or higher Y Y HPOMfor Windows 9.00 and higher supports server-based flexible management with the following management server versions: HTTPS-based DCE-based HPOM for Windows 8.10 or higher Y Y HPOM for Windows 9.00 Y Y HPOM on UNIX 8.30 Y Y HPOM on UNIX 9.00 Y N HPOMon Linux 9.00 Y N HP OMi 8.10 and 9.00 Y N Note: For up-to-date details of supported integrations, see the support matrix at HP Software Support Online. Configuring server-based flexible management involves multiple tasks. The following tasks are mandatory: l Configure prerequisites for server-based flexible management l Create a server-based flexible management policy The following tasks are optional: HP Operations Manager (9.00) Page 982 of 1297 Online Help l "Configure action-allowed and secondary managers" (on page 985) l Configure forwarding options for server-based flexible management l Configure duplicate suppression for server-based flexible management l "Security for server-based flexible management" (on page 992) l "Forward internal messages fromagents " (on page 993) l Migrate fromForwardToVP-based forwarding The following tasks are only necessary if you need to configure communication using the DCE protocol: l Configure communication protocols for server-based flexible management l Configure the character set for server-based flexible management l Configure HPOMfor UNIX compatibility mode l Configure firewall and NAT for DCE-based server communication After you deploy a valid server-based flexible management policy to a management server, the management server begins to forward messages and message operations. To subsequently stop the management server forwarding messages and message operations, disable the server-based flexible management policy. Note: If you have two servers set up as target servers for each other (server A and server B) there can be some communication overhead. If every management server is set up to forward messages to every other server, this could be an issue. As the administrator, you will set up the forward configuration file which contains the rules controlling which messages to forward and where to send them. Configure prerequisites for server-based flexible management When you deploy a valid server-based flexible management policy to a management server, the management server begins to forward messages and message operations. Before you do this, you must ensure that management servers and nodes meet a number of prerequisites. Some tasks are mandatory, and other tasks are optional. To configure prerequisites for server-based flexible management 1. Configure trusted certificates for multiple management servers Before management servers can communicate with each other using the HTTPS protocol, you must exchange their trusted certificates. Also, to enable a management server to communicate with HTTPS nodes that another management server owns (for example to start actions or deploy policies), you must update the trusted certificates on the nodes. 2. Exchange configuration data between management servers Management servers immediately discard all messages fromunknown nodes. Therefore, before a management server can accept forwarded messages, you must exchange the appropriate node configurations. You can exchange node configurations manually using command-line tools, or you can automatically synchronize node configurations by forwarding the configuration data fromone management server to another. HP Operations Manager (9.00) Page 983 of 1297 Online Help Alternatively, you can configure external nodes, which can represent a range of nodes without the need to configure each individual managed node. This option enables the management server to accept messages that originate fromthe nodes, but is not suitable if need to manage the nodes fromthis management server. For example, you cannot start commands or launch tools on an external node. You can also exchange other configuration data between management servers. This task is necessary if you need to have policies and instructions, user roles, tools, services, or instrumentation available on other management servers. For example, you may need to view instruction texts for forwarded messages. Instruction texts are not sent within messages, but are stored on the management server as part of the policy that generates the message. Therefore, to view instruction texts for forwarded messages, you must upload the appropriate policies. Note: Before exchanging policies that originate fromSPIs HP Operations Smart Plug-ins, make sure to install the SPIs on all management servers. Failing to install the SPIs before the policy upload results in warning messages in the message browser. Example message text: EventID: 0x00000400 (1024) - (PMD1404) Policy 'DBSPI-3004' (type 'Measurement Threshold') requires a product (ID 'MSSSPI') which is not yet installed on this server. 3. Optional. Configure action-allowed and secondary managers By default, only a node's primary management server can start actions on the node. To enable other management servers to start actions on a node, you must specify action-allowed management servers in a flexible management policy and deploy it to the node. To enable other management servers to become a node's primary management server, you can specify secondary management servers in the same policy. If a node has the HTTPS agent, the secondary management servers can also deploy policies and packages to the node. Create a server-based flexible management policy Server-based flexible management enables you to forward messages, message operations, and action responses fromone management server to another. To configure the types of message that you want to forward, and the management servers to which you want to forward the messages, you create a server-based flexible management policy. You then deploy this policy to the management server. To subsequently stop the management server forwarding messages and message operations, disable the server-based flexible management policy. To create a server-based flexible management policy 1. In the console tree, under Policy management Policies grouped by type Server policies, right-click Server-based Flexible Management and then click New Policy. The server-based flexible management policy editor appears. 2. In the General tab, type the server-based flexible management policy. The following topics provide more information on the policy syntax: n "Example server-based flexible management policies" (on page 997) n "Syntax of server-based flexible management policies" (on page 995) HP Operations Manager (9.00) Page 984 of 1297 Online Help Tip: If you are modifying a large policy, you can split the text area vertically and horizontally by dragging the split controls. (The split controls are at the top of the vertical scroll bar and at the left of the horizontal scroll bar.) Note: In HP Operations Manager for Windows version 7.5, the MsgForwarding.ini file controls server-based flexible management. This file is in the folder <data_ dir>\shared\conf\MsgActSrv\ on the management server. If you have an existing MsgForwarding.ini file, you can copy its text into the policy editor. The syntax is the same. Optionally, you can remove any SECONDARYMANAGER entries fromthe new policy to leave the SECONDARYMANAGERS section empty. The entries are no longer needed, because the management server maintains an internal list of the management servers to which it has forwarded each message. The management server forwards message operations and action responses to only the management servers in this list. 3. Optional. To check the policy's syntax, click Check Syntax. A message appears, which gives details of any errors. 4. Save the policy, and then deploy it to the management server that you want to configure. Configure action-allowed and secondary managers By default, only a node's primary management server can start actions on the node. To enable other management servers to start actions on a node, you must specify action-allowed management servers in a flexible management policy and deploy it to the node. This policy is important if you forward messages that have automatic and operator-initiated actions to other management servers. The primary management server is initially set during the agent installation. To enable other management servers to become a node's primary management server, you can specify secondary management servers in the same policy. If a node has the HTTPS agent, the secondary management servers can also deploy policies and packages to the node, without first becoming the primary management server. A flexible management policy that configures action-allowed and secondary managers must contain the following statements: RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Policy description" SECONDARYMANAGERS ACTIONALLOWMANAGERS You can add to this minimal policy as many secondary managers and action-allowed managers as you need. You can specify either the IP address or host name of each management server. To specify only a host name, use the IP address 0.0.0.0. For example, the following policy specifies manager1.example.comand manager2.example.com as secondary and action-allowed managers. It also specifies that the management server with IP address 192.168.1.3 is an action-allowed manager. RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Enable manager1, manager2, and 192.168.1.3" SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "manager1.example.com" SECONDARYMANAGER NODE IP 0.0.0.0 "manager2.example.com" HP Operations Manager (9.00) Page 985 of 1297 Online Help ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager1.example.com" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager2.example.com" ACTIONALLOWMANAGER NODE IP 192.168.1.3 If you use agent-based flexible management, you can add the secondary and action-allowed managers to an existing flexible management policy. For management servers in clusters, specify the IP address or host name of the virtual management server. In addition, you must add the core ID of the virtual management server. You must also add the core ID for standalone management servers if you have not set up a node to represent these management servers on the management server fromwhich you intend to deploy the policy. To get a management server's core ID, open a command prompt on that management server, and then type the following command: ovconfget -ovrg server sec.core CORE_ID If the management server is in a cluster, make sure that you start the above command on the cluster node that is currently active. For example, the following policy specifies manager3.example.comand manager4.example.com as secondary and action-allowed managers. You intend to use manager3.example.comto configure and deploy the policy, but you do not want to set up manager4.example.comas a node on manager3.example.com. RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "Enable manager3, and manager4" SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "manager3.example.com" SECONDARYMANAGER NODE IP 0.0.0.0 "manager4.example.com" ID "e77b4992-5d78-753f-1387-c01230fe2648" ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager3.example.com" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager4.example.com" ID "e77b4992-5d78-753f-1387-c01230fe2648"" To configure action-allowed and secondary managers 1. In the console tree, open Policy management Policies grouped by type Agent policies. Right-click Flexible Management, and then click New Policy. The flexible management policy editor appears. 2. In the General tab, type a flexible management policy that specifies secondary and action- allowed managers. 3. Optional. Click Check Syntax. A message appears, which gives details of any errors. Correct any syntax errors. 4. Save the policy, and then deploy it to the nodes that you want to configure. Alternatively, you can copy one of the sample flexible management policies, which are available in Policy management Policy groups Samples Agent-based Flexible Management. HP Operations Manager (9.00) Page 986 of 1297 Online Help Configure forwarding options for server-based flexible management If you use server-based flexible management, the management server maintains queues of messages, message operations, and action responses to forward to other management servers. There is one queue for all management servers that support HTTPS communication. If you have older management servers that support only DCE communication, there is additional queue for each of these servers. You can configure options for these queues using the Server Configuration dialog. To configure forwarding options for server-based flexible management 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Server-based Flexible Management. 3. Select the Expert mode check box. The full list of values appears. 4. Configure the queue sizes and retry intervals. The following table lists the values to configure. Value Description Forwarding queue size warning threshold When the size of a queue exceeds this threshold, the management server creates a warning event in the event log. Specify a warning threshold in megabytes. The default is 40 MB. Forwarding queue size maximum When the size of a queue exceeds this threshold, the management server creates an error event in the event log. The management server does not add to the queue until the queue size falls below the queue maximumsetting. The destination management server or management servers for this queue do not receive messages, message operations, or action responses that occur while the queue size exceeds this threshold. Specify a queue size maximumin megabytes. The default is 50 MB. Forwarding retry interval This value specifies the number of seconds to wait before trying to reconnect to an unreachable management server. Specify an interval in seconds. The default is 60 seconds. Note: The management server creates entries in the event log that relate to queue sizes and unreachable management servers. You can monitor event logs on the management server with the self-manager policy VP_SM-Server_EventLogEntries. 5. Optional. Configure the message operations that you want this management server to forward and accept. The following table lists the values to configure. Message Operation Description HP Operations Manager (9.00) Page 987 of 1297 Online Help Operations to be forwarded This setting configures which types of message operations to forward to other management servers. For example, you can configure the management server not to forward message acknowledgements. You configure this setting with a bit mask consisting of the possible values below: 1 Acknowledge 2 Unacknowledge 4 Own 8 Disown 16 Severity change 32 Message counter change 64 Annotation change 128 Text change 256 Action response 512 Action state change Add all the operations that you want the server to forward. The default is 1023, which means that the management server forwards all operations. Note: The message streaminterface (MSI) enables external applications to read and change incoming messages on a management server, including messages that are forwarded by other management servers. However, if the MSI changes a forwarded message, it does not send a message operation back to the original management server. Therefore, you should only change messages using the MSI on the management server that originally receives the message. This restriction includes any changes to messages that you make using HP Event Correlation Services (ECS). Forwarded operations to be accepted This setting configures which types of message operations to accept fromother management servers. For example, you can configure the management server not to accept message acknowledgements. You configure this setting with a bit mask consisting of the possible values below: 1 Acknowledge 2 Unacknowledge 4 Own 8 Disown 16 Severity change 32 Message counter change 64 Annotation change 128 Text change 256 Action response 512 Action state change Add all the operations that you want the server to accept. The default is 1023, which means that the management server accepts all operations. 6. Click Apply. Related topics l Configure communication protocols for server-based flexible management l Self-management policies HP Operations Manager (9.00) Page 988 of 1297 Online Help Configure duplicate suppression for server-based flexible management When duplicate suppression and server-based flexible management are used together, inconsistencies between the servers may arise. Most of the inconsistencies can be resolved by configuring the duplicate suppression on each server in exactly the same way. However, there are some configurations possible, when inconsistencies can only be resolved by disabling duplicate suppression for forwarded messages or changing the forwarding configuration. Scenario 1 Server A forwards Message M1 to Server C. Server B forwards Message M2 to Server C. Message M1 arrives first at Server C. Message M2 is recognized as a duplicate to M1 and is being attached to M1 as a duplicate annotation and the duplicate count is being increased (or depending on the configuration just as a duplicate count increase). Inconsistency 1 1. The duplicate count of M1 on Server C is incremented. 2. Server C forwards the duplicate count of M1 to Server A and Server B. 3. Server A increments the duplicate count of M1. 4. Server B discards the operation as it does not have message M1. HP Operations Manager (9.00) Page 989 of 1297 Online Help Inconsistency 2 1. An Administrator on Server B acknowledges Message M2. 2. This operation is being forwarded to Server C. Server C does not know about a Message M2, because it was discarded by duplicate suppression. 3. The operation is being discarded without any action. 4. The original message M1 still exists as well as the duplicate annotation created by M2. Resolution for both inconsistencies Introduce bi-directional forwarding between Server A and Server B. Configure duplicate suppression on each server in the same way. Scenario 2 HP Operations Manager (9.00) Page 990 of 1297 Online Help Server A forwards Message M1 to Server C and Server B. Message M2 arrives on Server B. It is NOT discarded as a duplicate. Server B forwards Message M2 to Server C and Server A. Message M2 is recognized on Server C and Server A as a duplicate. Server C and Server A forward the duplicate count change operation to Server B, which increments the duplicate count of Message M1. Message M2 however is still in the message browser. Inconsistency Server B has Message M2 twice, once as real message and again as a duplicate annotation (or depending on the configuration just as a duplicate count increase). Resolution Configure the duplicate suppression on all servers the same way. Then Message M2 gets discarded already on Server B and all servers have a consistent view in the message browser. To disable duplicate suppression for forwarded messages 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Server-based Flexible Management. 2. Set the value of Duplicate detection on forwarded msgs to false. This disables duplicate message for forwarded messages. This may help to resolve inconsistencies caused by duplicate suppression, but may increase the number of messages in the message browser. (Setting this value to true may help reduce the number of messages in the message browser, but has a small performance impact. ) 3. Click Apply. 4. Complete the same Related Topics: HP Operations Manager (9.00) Page 991 of 1297 Online Help l Configure duplicate message suppression Security for server-based flexible management Security for message communication between management servers is the same as that provided for the agent to server communication. By default, HPOMfor Windows management servers use the HTTPS protocol to communicate with other management servers securely. If you need to forward messages to management servers that support only the DCE protocol, the communication is less secure. Note: HPOMfor Windows cannot communicate with an HPOMon UNIX server that runs Advanced Network Security (ANS). By default, an HPOMfor Windows management server expects every message that it receives fromanother management server to contain a known agent ID. You can configure several settings that relate to agent ID checks. To configure security for server-based flexible management 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Optional. Click Namespaces, and then click Message Action Server Message Filter. A list of values appears. The following table lists the values to configure. Value Description Allow actions in forwarded messages with no agent ID To increase security, set this value to false so that the management server removes actions fromforwarded messages that have an empty agent ID field. Most messages contain the agent ID that uniquely identifies the node that sends the message. The management server checks that the agent ID is valid for each message. However, HPOMon UNIX deployed DCE agents that have never received a policy froman HPOMfor Windows management server send messages that have an empty agent ID field. By default, the management server removes all actions fromthis kind of message, except for forwarded messages. Disable agent ID check for forwarded messages This value configures whether the message filter skips the agent ID check for messages that it receives fromanother management server. If this value is false and the management server receives a message that contains an unknown agent ID but a known node name, the management server contacts the node to check the agent ID. If the management server cannot reach the node due to a firewall, the request for the agent ID takes several seconds to timeout. To increase performance, set this value to true so the management server skips this check. Ignore empty agent ID on proxy messages This value configures whether the message filter allows proxy messages without agent IDs (for example, SNMP traps), which HPOMon UNIX and HPOMon Linux management servers can forward. If you set this value to true, the message filter does not discard the proxy messages with empty agent IDs that HPOMon UNIX or HPOMon Linux forwards. HP Operations Manager (9.00) Page 992 of 1297 Online Help forwarded from HPOMfor UNIX 3. Click Apply. Related topics l Configuring HTTPS communication through firewalls Forward internal messages from agents Most of the messages that appear in the message browser originate fromthe policies that you deploy to nodes. If you need to customize the messages that you receive (for example, change the severity), you can modify the policy that the messages originate from. However, in addition to messages that originate frompolicies, you also receive internal messages. The self-management functionality on agents and management servers generates these internal messages to notify you about the status of your managed nodes. You cannot directly modify the internal messages that agents and management servers generate. However, if you want to filter and modify internal messages, you can redirect themthrough policies. If you want to filter internal messages fromagents, you can redirect themto an open message interface policy. With HPOMfor Windows, you can redirect internal messages fromagents only on the agents themselves. In contrast, HPOMfor UNIX additionally enables you to redirect internal messages fromagents when they arrive at the management server. If you configure an HPOMfor UNIX management server to redirect internal messages fromagents, this configuration may cause the following problemwith message forwarding: 1. An agent sends an internal message to an HPOMfor Windows management server. 2. The HPOMfor Windows management server receives the message, and forwards it to an HPOMfor UNIX management server. 3. The HPOMfor UNIX management server receives the forwarded message, and identifies that it is an internal message. 4. The HPOMfor UNIX management server redirects the internal message to its open message interface. An open message interface policy evaluates the message, and if it matches the condition of any rule, creates a different message on the HPOMfor UNIXmanagement server. 5. An operator changes the status of the internal message on the HPOMfor Windows management server. 6. The HPOMfor Windows management server forwards the message operation to the HPOMfor UNIX management server. The original internal message does not exist on the HPOMfor UNIX management server, so the HPOMfor UNIX management server discards the forwarded message operation. You can avoid this situation by configuring the agents to redirect internal messages to the open message interface locally, before they send the messages to the management server. This configuration ensures that status messages fromagents always originate froman open message interface policy. If you forward such messages to an HPOMfor UNIX management server, the HP Operations Manager (9.00) Page 993 of 1297 Online Help HPOMfor UNIX management server does not identify themas internal messages, and therefore stores the original messages. To redirect an agent's internal messages to the open message interface, set the parameter OPC_ INT_MSG_FLT in the eaagt namespace to TRUE. Create an open message interface policy with at least one rule, and then deploy it to the agent. You should configure the policy so that the agent suppresses messages that are identical relative to their attributes. Note: The problemdoes not occur with internal messages that HPOMfor Windows management servers generate. These internal messages relate to agent health checks. The HPOMfor UNIX management server can only redirect internal messages that agents generate. Related topics l Filter and modify internal messages l Agent health checks Migrate from ForwardToVP-based forwarding Previous versions of HPOMfor Windows use agent policies on the management server to forward messages to other management servers: l A Windows Management Interface (WMI) policy creates messages with the message type ForwardToVP. l A flexible management policy forwards messages that have the message type ForwardToVP. l Another WMI policy forwards ownership changes and acknowledgements. Server-based flexible management offers several advantages: l You can keep messages up to date on all management servers by forwarding more message operations, for example changes of severity, changes to annotations, and action responses. l The object attribute of the forwarded message remains unchanged. It is not overwritten with the originating node name, as is the case with the ForwardToVP-based method. l You can forward messages, message operations, and action responses to multiple management servers. l The message action server forwards the messages, so the load on the management server's agent is much smaller. l Server-based flexible management is faster and more reliable, especially if there is a high load on the management server. l You can forward all types of messages, not just messages of with the message type ForwardToVP. If you use ForwardToVP-based message forwarding, you can stay with that solution or manually migrate to server-based flexible management. Server-based flexible management is the recommended message forwarding solution. ForwardToVP-based message forwarding is only available for backward compatibility. HP Operations Manager (9.00) Page 994 of 1297 Online Help To migrate from ForwardToVP-based message forwarding to server-based flexible management 1. Copy the content of the agent-based flexible management policy that to forwards all messages of the type ForwardToVP to other management servers. Use it to create a server-based flexible management policy. 2. In the server-based flexible management policy, remove the SECONDARYMANAGERS section. The section is not needed, because each management server maintains an internal list of the other management servers to which it has forwarded each message. The management server forwards message operations and action responses to only the management servers in this list. 3. In the policy, remove the ACTIONALLOWMANAGERS section. The section is not needed for server-based flexible management. 4. In the MSGTARGETRULES section, remove the MSGTARGETRULE that forwards all messages to the source server itself. 5. In the MSGTARGETRULES section, modify the MSGTARGETRULE that forwards messages to destination servers. Replace MSGTARGETRULECOND MSGTYPE "ForwardToVP" with the conditions (if any) fromthe WMI policy that creates messages with the message type ForwardToVP. 6. The keywords ACKNONLOCALMGR, MSGCONTROLLINGMGR, and NOTIFYMGR are not supported for server-based flexible management policies. If your existing policy contains these keywords, remove them. 7. Remove the WMI policy that creates messages with the message type ForwardToVP, so that it is no longer deployed to the agent on the management server. 8. Remove the agent-based flexible management policy that forwards messages, so that it is no longer deployed to the agent on the management server. 9. Remove the WMI policy that forwards ownership changes and acknowledgements. 10. Configure any prerequisites for server-based flexible management and then deploy the new server-based flexible management policy to the management server. Related Topics: l Configure prerequisites for server-based flexible management l Syntax of server-based flexible management policies Syntax of server-based flexible management policies A management server compares every incoming message to the server-based flexible management policy. If the message attributes match the rules, the management server forwards the message to the other management servers specified in the policy. A policy is designed according to syntax rules. The flexible management policy syntax is in EBNF (Extended Backus- Naur Form). The server-based flexible management policy editor enables you to check that a policy has valid syntax. Note: Management servers evaluate only the first matching MESSAGETARGETRULE in the policy. For example, you have a message target rule A with the condition to match on critical messages and the rule to forward these kinds of messages to server X. You have another message HP Operations Manager (9.00) Page 995 of 1297 Online Help target rule B, with the condition to match on messages with application "test" and the rule to forward these kinds of messages to server Y. If a critical message arrives with application "test," then this message matches rules A and B, but the management server evaluates only the first matching rule and so forwards the message only to server X and not to server Y. If you do not want this behavior, you must write an additional message target rule that matches only on critical messages with application "test" and forward these messages to server X and server Y; then you must place this rule before rule A. Note: HPOMon UNIX and HPOMon Linux allow time templates but HPOMfor Windows does not. The syntax below does not contain time templates, although you will find themin the HPOMon UNIX and HPOMon Linux example files. EBNF notation <configfile> ::= <epsilon> | RESPMGRCONFIGS <respmgrconfigs> <respmgrconfigs> ::= <epsilon> | <respmgrconfigs> RESPMGRCONFIG DESCRIPTION <string> <respmgrconds> <respmgrconds> ::= SECONDARYMANAGERS <secondmgrs> ACTIONALLOWMANAGERS <actallowmgrs> | SECONDARYMANAGERS <secondmgrs> ACTIONALLOWMANAGERS <actallowmgrs> MSGTARGETRULES <msgtargetrules> | MSGTARGETRULES <msgtargetrules> <secondmgrs> ::= <epsilon> | <secondmgrs> SECONDARYMANAGER NODE <node> | <secondmgrs> SECONDARYMANAGER NODE <node> DESCRIPTION <string> <actallowmgrs> ::= <epsilon> | <actallowmgrs> ACTIONALLOWMANAGER NODE <node> | <actallowmgrs> ACTIONALLOWMANAGER NODE <node> DESCRIPTION <string> <msgtargetrules> ::= <epsilon> | <msgtargetrules> MSGTARGETRULE DESCRIPTION <string> <msgtargetrule> <msgtargetrule> ::= MSGTARGETRULECONDS <mtrconditions> MSGTARGETMANAGERS <msgtargetmgrs> | MSGTARGETRULECONDS <mtrconditions> MSGTARGETMANAGERS <msgtargetmgrs> <mtrconditions> ::= <epsilon> | <mtrconditions> MSGTARGETRULECOND DESCRIPTION <string> <mtrcond> HP Operations Manager (9.00) Page 996 of 1297 Online Help <mtrcond> ::= <epsilon> | <mtrcond> SEVERITY <severity> | <mtrcond> NODE <nodelist> | <mtrcond> APPLICATION <string> | <mtrcond> MSGGRP <string> | <mtrcond> OBJECT <string> | <mtrcond> MSGTYPE <string> | <mtrcond> TEXT <string> | <mtrcond> SERVICE_NAME <string> | <mtrcond> MSGCONDTYPE <msgcondtype> <msgtargetmgrs> ::= <epsilon> | <msgtargetmgrs> MSGTARGETMANAGER TIMETEMPLATE "$OPC_ ALWAYS" OPCMGR <node> <severity> ::= Unknown | Normal | Warning | Minor | Mayor | Critical <msgcondtype> ::= Match | Suppress <nodelist> ::= <node> | <nodelist> <node> <node> ::= IP <ipaddress> | IP <ipaddress> <string> | IP <ipaddress> <string> ID <string> <string> ::= "any alphanumeric string" <ipaddress> ::= <digits>.<digits>.<digits>.<digits> Note: For detailed descriptions of the attributes used in the syntax described here, see the help topic "Keywords for flexible management policies " (on page 677). Note: The keywords ACKNONLOCALMGR, MSGCONTROLLINGMGR, and NOTIFYMGR are not supported for server-based flexible management policies. Note: The syntax check allows the keywords SECONDARYMANAGERS and ACTIONALLOWMANAGERS in server-based flexible management policies for backwards compatibility with MsgForwarding.ini files. However, these keywords have no effect in server-based flexible management policies. Example server-based flexible management policies Hierarchy The figure below shows a hierarchy scenario of managed nodes and management servers. HP Operations Manager (9.00) Page 997 of 1297 Online Help This hierarchy scenario consists of managed nodes Nxy that report to their regional management servers MS-Rx. Regional management servers control managed nodes in a specific region (for example, a LAN). Operators managing a region are responsible for keeping the managed nodes up and running. All critical problems and problems originating fromthe regional management servers are reported to the central management server (MSC). Operations are synchronized between regional management servers and central management server. Regional management server (see "Hierarchy Regional Server" Server Policy in the "Samples\Server-based flexible management" policy group) # # Example hierarchy forward configuration for HPOM for Windows Server- based flexible management # Forwarding from regional HPOM for Windows management server MS-Rx to central HPOM for Windows management server MSC: # - Forward all messages from MS-Rx to MSC # - Forward all critical messages from managed nodes to MSC # - Synchronize operations with MSC # # Note: Adapt the server names and deploy this policy # on the regional management server (MS-Rx) if you want to use it. # TIMETEMPLATES # none RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "MS-Rx - Hierarchical Forward Configuration" SECONDARYMANAGERS ACTIONALLOWMANAGERS MSGTARGETRULES HP Operations Manager (9.00) Page 998 of 1297 Online Help MSGTARGETRULE DESCRIPTION "messages from node MS-Rx" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "messages from node MS-Rx" NODE IP 0.0.0.0 "MS-Rx" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "MSC" MSGTARGETRULE DESCRIPTION "critical messages" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "critical messages" SEVERITY Critical MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "MSC" Central management server (no server-based flexible management configuration required on the Central HPOMfor Windows Management Server MSC) Backup server The figure below shows a backup server scenario of managed nodes and management servers. This backup server scenario consists of managed nodes Nx that report to their management server MS-Act. This management server reports all messages to the backup management server MS-Bck and synchronizes all operations to the backup management server. This way MS-Act and MS-Bck are completely kept in synch with regards to messages and the message states. MS-Bck is set up as secondary manager on the managed nodes Nx so that it can get control over themif it needs to. If MS-Act cannot performits tasks as management server any longer (for example due to a hardware failure) then MS-Bck can take over its tasks immediately by telling the managed nodes to switch their management server to MS-Bck, for example using the command "opcragt primmgt". HP Operations Manager (9.00) Page 999 of 1297 Online Help Actual management server (see Backup Actual Server" Server Policy in the "Samples\Server-based flexible management" policy group) # # Example backup forward configuration for HPOM for Windows Server- based flexible management # Forwarding from actual HPOM for Windows management server MS-Act to backup HPOM for Windows management server MS-Bck: # - Forward all messages from MS-Act to MS-Bck # - Synchronize operations between MS-Act and MS-Bck # # Note: Adapt the server names and deploy this policy # on the actual management server (MS-Act) if you want to use it. # TIMETEMPLATES # none RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "MS-Act - Backup Forward Configuration" SECONDARYMANAGERS ACTIONALLOWMANAGERS MSGTARGETRULES MSGTARGETRULE DESCRIPTION "forward all messages to MS-Bck" MSGTARGETRULECONDS MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "MS-Bck" Backup management server (see Backup Backup Server" Server Policy in the "Samples\Server-based flexible management" policy group) # # Example backup forward configuration for HPOM for Windows Server- based flexible management # Forwarding from backup HPOM for Windows management server MS-Bck to actual HPOM for Windows management server MS-Act: # - Forward all messages from MS-Bck to MS-Act # - Synchronize operations between MS-Bck and MS-Act # # Note: Adapt the server names and deploy this policy # on the backup management server (MS-Bck) if you want to use it. HP Operations Manager (9.00) Page 1000 of 1297 Online Help # TIMETEMPLATES # none RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "MS-Bck - Backup Forward Configuration" SECONDARYMANAGERS ACTIONALLOWMANAGERS MSGTARGETRULES MSGTARGETRULE DESCRIPTION "forward all messages to MS-Act" MSGTARGETRULECONDS MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "MS-Act" Competence center The figure below shows a competence center scenario of managed nodes and management servers. This competence center scenario consists of managed nodes Nxy that report to their regional management servers MS-Rx. Regional management servers report database problems to the competence server MS-DB and application problems to the competence server MS-Appl. All critical problems and problems originating fromthe regional management servers and the competence servers are reported to the central management server (MSC). Operations are synchronized between regional, competence center management servers and central management server. HP Operations Manager (9.00) Page 1001 of 1297 Online Help Regional management server (see "Competence Center Regional Server" Server Policy in the "Samples\Server-based flexible management" policy group) # # Example competence center forward configuration for HPOM for Windows Server-based flexible management # Forwarding from regional HPOM for Windows management server MS-Rx to competence center management servers MS-DB and MS-Appl and central HPOM for Windows management server MSC: # - Forward database messages to MS-DB # - Forward application messages to MS-Appl # - Forward critical messages to MSC # - Synchronize operations with MS-DB, MS-Appl and MSC # # Note: Adapt the server names and deploy this policy # on the regional management server (MS-Rx) if you want to use it. # TIMETEMPLATES # none RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "MS-Rx - Competence Center Forward Configuration" SECONDARYMANAGERS ACTIONALLOWMANAGERS MSGTARGETRULES MSGTARGETRULE DESCRIPTION "database messages" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "database messages" MSGGRP "DATABASE" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "MS-DB" MSGTARGETRULE DESCRIPTION "application appl" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "application appl" APPLICATION "appl" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" HP Operations Manager (9.00) Page 1002 of 1297 Online Help OPCMGR IP 0.0.0.0 "MS-Appl" MSGTARGETRULE DESCRIPTION "critical messages" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "critical messages" SEVERITY Critical MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "MSC" Database management server / application management server (see "Competence Center Competence Center Server" Server Policy in the "Samples\Server- based flexible management" policy group) # # Example competence center forward configuration for HPOM for Windows Server-based flexible management # Forwarding from competence center management servers MS-DB and MS- Appl to central HPOM for Windows management server MSC: # - Forward critical messages to MSC # - Synchronize operations with MS-R1, MS-R2, MS-Rn and MSC # # Note: Adapt the server names and deploy this policy # on the competence center management servers (MS-DB and MS- Appl) if you want to use it. # TIMETEMPLATES # none RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "MS-DB - Competence Center Forward Configuration" SECONDARYMANAGERS ACTIONALLOWMANAGERS MSGTARGETRULES MSGTARGETRULE DESCRIPTION "critical messages" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "critical messages" SEVERITY Critical MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "MSC" HP Operations Manager (9.00) Page 1003 of 1297 Online Help Central management server (no server-based flexible management configuration required on the Central HPOMfor Windows Management Server MSC) Configure communication protocols for server-based flexible management By default, with HPOMfor Windows 8.00 and above, the management server uses the HTTPS protocol to communicate with other management servers securely. If you need to forward messages to management servers that support only the DCE protocol, you can change this default, or set exceptions. To configure communication protocols for server-based flexible management 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Server-based Flexible Management. 3. Optional. Set the value Default protocol to DCE. The management server uses DCE-based message forwarding and synchronization for all management servers that are not listed in Protocol exceptions. 4. Optional. Set the value of Protocol exceptions to contain a comma-separated list of management server names, for which you need to use the opposite of the Default protocol. For example, if most of your management servers support HTTPS, leave Default protocol set to HTTPS. List the older management servers that support only DCE in Protocol exceptions. Related Topics: l Configure the character set for server-based flexible management Configure the character set for server-based flexible management By default, HPOMfor Windows uses the HTTPS protocol to communicate with other management servers securely. HPOMfor Windows always uses the UTF-8 character set internally and for HTTPS-based communication. HPOMfor Windows also supports the UTF-8 character set for DCE-based communication. However, if you need to forward messages to HPOMfor UNIX management servers that support only the DCE protocol, you must configure the HPOMfor Windows management server to use a different character set. Before you configure the character set for server-based flexible management, consider the following details: l The character set must support all characters that may occur in the forwarded messages, message operations, and action responses. For example, it is not possible to forward Japanese characters using the ascii character set. l An HPOMfor UNIX management server can only receive DCE-based communications in the specific character set that the HPOMfor UNIX administrator configures it to use. HP Operations Manager (9.00) Page 1004 of 1297 Online Help l HPOMfor Windows can receive DCE-based communications in any character set that HPOM for UNIX supports. HPOMfor Windows converts the characters to UTF-8 on arrival for use internally. Therefore, HPOMfor Windows can receive DCE-based communications from several HPOMfor UNIX servers that each use different character sets. l An HPOMfor Windows management server uses the same character set for all DCE-based communications with other management servers (including both HPOMfor Windows and HPOMfor UNIX management servers). Therefore it is not possible to use DCE-based communication with several HPOMfor UNIX servers that each use different character sets. To configure the character set for server-based flexible management 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Server-based Flexible Management. 3. Set the value of Character code set of target servers. This value configures the character set to which the management server converts messages, message operations, and action responses before forwarding themto other management servers. Select one of the following character sets: n ascii n eucJP n eucKR n gb2312 n iso88591 n iso885915 n iso88592 n iso88595 n roman8 n sjis n utf8 (default) 4. Click Apply. Related Topics: l Configure communication protocols for server-based flexible management Configure HPOM for UNIX compatibility mode Note: With HPOMfor UNIX 7.24 or 8.12 and higher, HPOMfor UNIX compatibility mode is not necessary. Older versions of HPOMfor UNIX impose restrictions on server-based flexible management. The restrictions are fixed with the patches HPOMfor UNIX 7.24 (PHSS_32403) and HPOMfor UNIX 8.12 (PHSS_32820). If you want to use server-based flexible management with older HPOMfor UNIX management servers, you must turn on HPOMfor UNIX compatibility mode. HP Operations Manager (9.00) Page 1005 of 1297 Online Help Older versions of HPOMfor UNIX cannot handle user names with a length of more than 20 characters, so forwarded messages and operations that contain longer user names will be discarded by the HPOMfor UNIX management server. HPOMfor Windows user names are built fromthe domain name and user name, and so they can easily exceed this limit. Older versions of HPOMfor UNIX are not aware of user rights on the HPOMfor Windows management server, so they do not allow an HPOMfor Windows administrator to force a disown operation on a message that another user owns. If you configure HPOMfor UNIX compatibility mode, the HPOMfor Windows user names are reduced to the first 20 characters. For disown operations, the user name of the owning user is always sent with the operation, even if the operation is performed by an HPOMfor Windows administrator. HPOMfor UNIX compatibility mode causes limitations for the handling of messages on multiple HPOMfor Windows management servers. For example, if a user owns a message on one HPOM for Windows management server, the management server reduces the user name to 20 characters when it forwards the own operation to a second HPOMfor Windows management server. When the same user tries to change the message state on the second HPOMfor Windows management server, an error occurs. The error states that the user is not the owner of this message, because the second HPOMfor Windows management server cannot map the shortened name to the full user name. To configure UNIX compatibility mode 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog appears. 2. Click Namespaces, and then click Server-based Flexible Management. 3. Select the Expert mode check box. The full list of values appears. 4. Set the value of HPOM for UNIX compatibility mode to true. 5. Click Apply. Configure firewall and NAT for DCE-based server communication Server-based flexible management allows message forwarding and synchronization between management servers that are separated by a firewall, a network address translation (NAT) router, or both. Note: In the current version of HPOMfor Windows, server-based flexible management uses the HTTPS communication protocol by default. Therefore, you can configure server-to-server communication through a firewall in the same way that you configure agent communication through a firewall. If you need to forward messages to management servers that support only the DCE protocol, you can change the default communication protocol. (See "Configure communication protocols for server-based flexible management " (on page 1004).) The configuration information provided here is for server-based flexible management between HPOMfor Windows management servers using the DCE communication protocol. HP Operations Manager (9.00) Page 1006 of 1297 Online Help Firewall and NAT basics A firewall is a router systembetween two or more subnets. In addition to the routing, the firewall also filters all communication. Only packets that pass at least one filter rule are allowed to pass the firewall. All other packets are discarded. A filter rule usually consists of the following items: l A protocol type, such as TCP, UDP, or ICMP l A direction ("inside outside" or "outside inside") l A source port l A destination port Instead of a specific port, you can give a port range. In a typical remote communication, a client uses the source port to connect to a server, which is listening on the destination port on a remote system. For firewall configuration, it is important to know which systeminitiates the communication (client) and which receives communication requests (server), so that the firewall rules can be set up accordingly. A Network Address Translation (NAT) router connects two subnets, a public one and a private one. The NAT router has an IP address on the public subnet and translates this public IP address to one or more IP addresses on the private subnet, based on a given set of rules. The private IP addresses are not directly accessible on the public subnet, so an IP packet fromthe public subnet has to be rewritten to the private subnet by the NAT router, exchanging the public IP address with an IP address of the private subnet. There are two kinds of NAT: l Basic NAT (static NAT): translates each public IP address to a private IP address; so for each private IP address there needs to be one public IP address. l Port Address Translation (PAT): has only a single public IP address and maps it to multiple private IP addresses based on the ports used. Configuration scenario This example explains the necessary configuration steps based on a PAT scenario. It should be easily possible to derive the necessary configuration steps for any real server-based flexible management environment fromthis example. The example shows one management server (manager1.example.com) directly connected to a LAN; the other two management servers are hidden behind a NAT router. The configuration task is to set up server-based flexible management between manager1.example.comand manager2.example.com. HP Operations Manager (9.00) Page 1007 of 1297 Online Help Server-based flexible management works using RPC requests fromthe source management server (acting as DCE RPC client) to the message receiver on the target management server (acting as DCE RPC server). With these RPC requests, HPOMfor Windows forwards messages and message operations. To get the port number of the message receiver on the target management server, the client has to request it fromthe DCE RPC endpoint mapper on the fixed port 135 of the target server system. As RPC requests frominside a NAT or firewall (in this example: frommanager2.example.comto manager1.example.com) are usually allowed without special configuration, this example concentrates on the configuration for RPC requests frommanager1.example.comto manager2.example.com. For environments where both servers are behind a firewall or inside separate NATs, you have to repeat the configuration done for RPC requests from manager1.example.comto manager2.example.comalso for the other direction. To configure firewall communication using PAT Follow these steps to configure firewall communication using PAT. 1. Provide the correct target server name in the server-based flexible management policy. If you want to forward messages and message operations to a management server hidden by a NAT, you must specify the public network name of the NAT router in the policy, not the hidden name of the management server. In the example illustrated above, the server-based flexible management policy on manager1.example.comcontains nat.example.comas target server in the MSGTARGETMANAGERS sections for all messages that should be forwarded to manager2.example.com. 2. Force the target management server to use a fixed port for the message receiver RPC server, so that you can open this port in the firewall respectively map this port in the NAT configuration. HP Operations Manager (9.00) Page 1008 of 1297 Online Help a. In the console tree on the target management server, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box appears. b. Click Namespaces, and then click Message Action Server General . A list of values appears. c. Set the value of DCE RPC server port to the port number you want to use. 3. Restart the RPC server on the target management server (manager2.example.com) by restarting the OvEpMessageActionServer service. Verify RPC port usage You can check the RPC server port usage using the opcrpccp utility which is located in <InstallDir>\Installed Packages\{790C06B4-844E-11D2-972B- 080009EF8C2A}\contrib\OpC\opcrpccp.exe. The following command lists all RPC servers on the local system: # opcrpccp show mapping A list having many entries similar to the following will be printed: <object> nil <interface id> 6d63f833-c0a0-0000-020f-887818000000,7.0 <string binding> ncadg_ip_udp:15.136.123.62[12001] <-- port used <annotation> OvEpRpcDataRcvr Next, open the configured port in the firewall and respectively map this port in the NAT configuration to the target management server system. Make sure that port 135 for the DCE RPC endpoint mapper is opened in the firewall respectively mapped in the NAT configuration to the target management server system, so that the RPC client on the source management server can request the message receiver port of the target management server system. Communication without DCE RPC endpoint mapper In many environments, opening the DCE RPC endpoint mapper port 135 in the firewall is considered a security risk. Using a PAT (Port Address Translation) router, it may also not be possible to map port 135 to a hidden systembecause the PAT router needs port 135 for its own purposes. Server-based flexible management can do without port 135. For this purpose, the RPC client on the source management server (manager1.example.com) needs to know on which port the message receiver on the target management server (manager2.example.com) is listening. The client can get this information froma port configuration file instead of fromthe DCE RPC endpoint mapper. 1. Specify the location of the port configuration file on the source management server: a. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box appears. b. Click Namespaces, and then click Message Action Server General. A list of values appears. c. Configure the value DCE RPC server port specification file with the full path of the port configuration file. For example: C:\restricted\ports.txt HP Operations Manager (9.00) Page 1009 of 1297 Online Help Of course you can also use other file locations and names for the port configuration file. For security reasons you should restrict the file access rights for this file (especially write). 2. Create the port specification file and specify which port should be used for a given target server. If you want to access a management server hidden by a NAT, you have to specify the network name of the NAT router as the node name. An example of the server port specification file for the given scenario is shown below: # # SelectionCriteria SrvType Port Node # ------------------------------------------------------------------- NODE_NAME opcmsgrd 12001 nat.example.com NODE_NAME opcdistm12001 nat.example.com NOTE: somename.example.com matches <*>somename.example.com<*> ^somename.hp.com matches$ matches somename.hp.comexactly. Restrictions In an environment with Port Address Translation (PAT), only one management server in the private network of the PAT router can be accessed froma management server in the public (outside) network. If you use the RPC endpoint mapper, then only the one management server is accessible, to which port 135 of the PAT router is mapped. If you turned off the use of the RPC endpoint mapper, then only the management server is accessible, to which the port is mapped that is specified in the port specification file. Related Topics: l DCE RPC communication without using the endpoint mapper HP Operations Manager (9.00) Page 1010 of 1297 Online Help Server-based MSI Policies The server-based message streaminterface (MSI) enables external applications to read and change incoming messages on the management server before they are stored in the database. Note: The policy that generates a message must specify that the management server diverts or copies the message to the MSI. Otherwise, the message bypasses the MSI. Each external application must be registered with the MSI on the management server using a server-based MSI policy. Normally, if a Smart Plug-in (SPI) uses server-based MSI, it includes the policy for the external applications that it provides. If you develop your own MSI applications using the C and COMAPIs provided, you must install the applications on the management server. You must then create or modify a server-based MSI policy to register them, and then deploy the policy to the management server that you want to configure. To create a server-based MSI policy: 1. In the console tree, under Policy management Policies grouped by type Server policies, right-click Server-based MSI and then click New Policy. The server-based MSI policy editor appears. 2. To add details of an application instance, click New. The MSI instance dialog appears. 3. Optional. Type a Description of the instance for future reference. 4. Specify an Order number in the range -127 to 127. This controls the order in which application instances can read and change the streamof incoming messages. An application instance with a lower order number is able to read, change, and delete messages before an application instance with a higher order number. If multiple application instances have the same order number, the management server forwards messages to all the application instances at the same time. Caution: Forwarding messages to multiple application instances at the same time can have undesirable results with diverted messages, because there will be two messages in the message streamwith the same message ID. The same problemcan also occur with messages that are copied to the MSI, if at least two application instances receive the same message in parallel and do not modify it. 5. Type the Instance name of the external application. 6. Click the Application type that corresponds to the API that the application uses to interact with the MSI. This can either be the Legacy UNIX API (which is the C API), or COM. 7. Click OK. You return to the server-based MSI policy editor. 8. Optional. Add further application instances. To reorder the instances, click an instance in the list, and then click Move Up, Move Down, or type a number and click Move to. 9. Save the policy, and then deploy it to the management server that you want to configure. HP Operations Manager (9.00) Page 1011 of 1297 Online Help Related topics l Server Message StreamInterface (MSI) l Save a policy l Deploy a policy or policy group HP Operations Manager (9.00) Page 1012 of 1297 Online Help Developing event correlation policies Event correlation is a technique to reduce the number of events reported in the IT environment so that only events that have more significance or a higher value are passed on. When analyzing an event stream, event correlation uses filters and searches for patterns to identify relationships between events. Related events can be consolidated into a single event, can be annotated with additional information, or can be replaced by a new event. HP Event Correlation Services (ECS) is a software product for correlating events. ECS correlates events by processing themthrough an event correlation (EC) circuit. An EC circuit contains filters for selecting the events that pass through the circuit and the correlation logic by which ECS identifies the relationships between the events. ECS provides an interface and a protocol for correlating HP Operations Manager (HPOM) messages. To correlate messages for HPOM, ECS must be allowed to access the HPOM message flow through the HPOMmessage streaminterface. Event correlation policies integrate EC circuits so that you can deploy themto the management server or nodes froma central location. The following components make up ECS: l HP ECS Designer is a graphical user interface for designing, verifying, simulating, and compiling EC circuits. The license to use HPOMdoes not include a license to use HP ECS Designer. For details of the HP ECS Designer versions supported for use with HPOMfor Windows, see the support matrix at HP Software Support Online. l HP Correlation Composer is a light-weight version of HP ECS Designer. HP Correlation Composer enables you to customize a predefined correlation logic to meet your correlation requirements. It is easier to use than HP ECS Designer because you only modify correlation parameters rather than creating the correlation logic yourself. HP Correlation Composer is designed to handle the most common correlation scenarios you might encounter. However, if HP Correlation Composer does not meet your requirements, consider using HP ECS Designer. This product provides a complete event correlation development environment for complex requirements. HP Correlation Composer runs inside the HP ECS Engine and is installed automatically with HPOMfor Windows on the management server and with remote consoles. A separate license is not required. l HP ECS Engine performs the correlation by running one or more EC circuits. HP ECS Engine is installed automatically with HPOMfor Windows both on the management server and the managed nodes. A separate license is not required. For more information about ECS, see the ECS documentation, which is available at the HP Software Product Manuals web site. Tip: HPOMfor Windows provides simple message correlation techniques to suppress duplicate messages. However, this type of message correlation is restricted to message de-duplication and simple state-based correlation (down-up). To achieve more sophisticated correlation techniques, consider using HP ECS Designer or even HP Correlation Composer. HP Operations Manager (9.00) Page 1013 of 1297 Online Help Developing event correlation policies Deciding where to correlate You can correlate messages on the management server, on the nodes, or both. Where the correlation takes place depends on your environment and on what you want to achieve. Correlating messages on the node reduces the number of messages sent to the management server. It also reduces network traffic, database usage, and the load on the management server. However, when correlating messages on the node, you can only correlate messages that occur on the same agent. Correlating messages on the management server enables you to compare and, if necessary, suppress similar or related messages coming fromdifferent nodes. In flexible management environments, the choice of where to correlate widens to include the relationship between the various levels of management servers. Tip: To improve performance, always correlate as early as possible. Whenever possible, suppress messages on the agent before correlating themfurther with messages fromother agents on the management server. Typically, you use lower levels for bulk suppression and filtering. You use later (higher) levels for enrichment and cross-domain correlation. Where appropriate, correlate at multiple levels. Related topics l Duplicate message suppression Create an event correlation policy Event correlation policies enable you to correlate messages on the management server or the managed node using HP Event Correlation Services (ECS). Event correlation policies reference event correlation (EC) circuits. EC circuits may access external data through data and fact stores and annotate nodes. HPOM does not deploy the files and processes required for data and fact stores and annotate nodes. You must deploy themmanually before deploying the event correlation policies. To create an event correlation policy 1. In the console tree, under Policy management Policies grouped by type, right-click Event Correlation and then click New Policy. The event correlation policy editor appears. Alternatively, create a copy of the sample policies, which are provided in Policy groups Samples Event Correlation. 2. Optional. Click Start ECS Designer to open HP ECS Designer and create or edit an ECS circuit. This button is only available if HP ECS Designer is installed on the same systemas the HPOMconsole. For details of the HP ECS Designer versions supported for use with HPOMfor Windows, see the support matrix at HP Software Support Online. 3. Upload the EC files to the policy. The EC files must be available on the management server. If they are not, copy themfromthe systemwhere HP ECS Designer is installed to the management server. HP Operations Manager (9.00) Page 1014 of 1297 Online Help Developing event correlation policies a. Click Browse to select an EC circuit file for the policy. Compiled circuit files have a .eco file extension. b. Optional. Click Browse to select an EC source file for the policy. EC source files have a .ecs file extension. After the EC files have been added to the policy, the file names appear in the corresponding boxes and file status changes to Status OK. Caution: Do not upload EC files with the same name to more than policy. When you later deploy the policies to the same node, the EC file of the policy that was deployed last overwrites all other EC files with the same name. Note: When you modify an uploaded EC file using HPECS Designer, you must manually upload the file again to the policy. 4. Optional. Select Log messages that leave the ECS engine if you want ECS to log all messages going out of the HP ECS Engine. The messages are stored in the following file: n Management server: %OvShareDir%\log\<circuit filename>.log n Nodes with a UNIX or Linux operating system: <OvDataDir>/log/OpC/ecevolg n Nodes with a Windows operating system: %OvDataDir%\log\OpC\ecevolg 5. Optional. Select Log messages that enter the ECS engine if you want ECS to log all messages going into the HP ECS Engine. The messages are stored in the following file: n Management server: %OvShareDir%\log\inEcsEvt.log n Nodes with a UNIX or Linux operating system: <OvDataDir>/log/OpC/ecevilg n Nodes with a Windows operating system: %OvDataDir%\log\OpC\ecevilg 6. Save the policy. 7. Optional. Copy the data and fact store files to the management server or managed nodes into the following folders: n Location of global data and fact store files You must store global data store (dstore.ds) and fact store (fstore.fs) files in the following folders: o Management server: %OvShareDir%\conf\ec o Nodes with a UNIX or Linux operating system: <OvDataDir>/conf/eaagt o Nodes with a Windows operating system: %OvDataDir%\conf\eaagt You may need to create these folders if they do not already exist. n Location of specific data and fact store files You must store specific data and fact store files in the following folders: o Management server: %OvShareDir%\server\datafiles\policies\ec o Nodes with a UNIX or Linux operating system: <OvDataDir>/conf/eaagt HP Operations Manager (9.00) Page 1015 of 1297 Online Help Developing event correlation policies o Nodes with a Windows operating system: %OvDataDir%\conf\eaagt n Location of Perl scripts If the fact stores call external Perl functions, store the Perl scripts in the following folder: o Management server: %OvDataDir%\contrib\ecs\external\perl o Nodes with a UNIX or Linux operating system: <OvInstallDir>/contrib/ecs/external/perl o Nodes with a Windows operating system: %OvInstallDir%\contrib\ecs\external\perl 8. Optional. Copy the scripts or executables called by annotate nodes to the location specified in the Annotate Spec parameter of the annotate node. 9. Enable the message streaminterface (MSI). For ECS to be able to read and correlate HPOMmessages, the message streaminterface (MSI) must be enabled. Depending on where you plan to correlate messages, enable the MSI on the management server or on the agent. In addition, the policies that generate the messages to be correlated must specify that the management server or agent diverts or copies the messages to the MSI. Otherwise the messages bypass the MSI. Tip: To enable the server MSI, deploy the sample policy Event Correlation MSI client, which is provided in Policy groups Samples Event Correlation to the management server. This policy registers the COMclient that forwards messages to the HP ECS Engine. If other application instances are already running on the management server, modify the server MSI policy and add the application instance ovowecm.msiadapter with the application type COM. 10. Deploy the event correlation policy to the management server or the nodes that you want to configure. To deploy the event correlation policy to the management server, make sure that you select Configure server-based event correlation in the Deploy policies dialog box. Note: When you deploy an event correlation policy, the HP ECS Engine forwards all messages that it currently processes to the agent, stops, reloads all EC circuits, and restarts. The agent does not subsequently return the forwarded messages to the HP ECS Engine. Related topics l ovpmutil l Server-based MSI Policies l Agent Message StreamInterface (MSI) l "Create a circuit with HP ECS Designer" (on page 1017) l "Data and fact stores" (on page 1020) l "Annotate nodes" (on page 1021) l Save a policy l Deploy a policy or policy group HP Operations Manager (9.00) Page 1016 of 1297 Online Help Developing event correlation policies Create a circuit with HP ECS Designer Event correlation (EC) circuits contain the logic by which ECS identifies the relationships between the HPOMmessages. EC circuits are built using HP ECS Designer. (HP ECS Designer is a graphical user interface for designing, verifying, simulating, and compiling EC circuits. The license to use HPOMdoes not include a license to use HP ECS Designer. For details of the HP ECS Designer versions supported for use with HPOMfor Windows, see the support matrix at HP Software Support Online.) In addition to the correlation logic, EC circuits for HPOMalso specify which messages enter the correlation flow. By default, all messages that enter the message streaminterface (MSI) are also processed by an EC circuit. This could be the intended behavior if you have designed an EC circuit to operate on all messages that pass through the MSI. However, you can configure an EC circuit to filter for messages that match a specified message type or any other specified message attribute. Note: The following procedure describes only the steps that are necessary to configure an EC circuit to accept HPOMmessages. For more information about designing the correlation logic, see the ECS documentation, which is available at the HP Software Product Manuals web site. To create a circuit with HP ECS Designer 1. Start HP ECS Designer in build mode. You can start HP ECS Designer directly froman event correlation policy by clicking the Start ECS Designer button. (This button is only available if HP ECS Designer is installed on the same systemas the HPOMconsole.) Alternatively, click Start All Programs ECS Designer. 2. Create a new circuit or open an existing circuit and modify it. 3. Click External to open the External tab. 4. For Circuit Policy, select either Output or Unspecified. Caution: If you select Discard, messages that are not accepted by the EC circuit are discarded. 5. In the External Event Filtering Details section of the External tab, define which HPOM messages enter the circuit. Provide the following information for each input port: a. Type OpC_Msg in the Encoding Type box. b. Type OpC_Msg in the Event Syntax box. c. Optional. Type the message type attribute of the HPOMmessages that you want to correlate in the Event Type box. Only messages with a message type attribute that matches the specified event type and that satisfy the filter condition will enter the input port. If the message type attribute does not match the event type, the message does not enter the input port. If the Event Type box is empty, the message must match the filter condition to enter the input port. By default, a message always matches the filter condition because the filter condition is by default set to true. HP Operations Manager (9.00) Page 1017 of 1297 Online Help Developing event correlation policies d. Optional. Type an ECDL (Event Correlation Description Language) expression in the Filter Condition box. By default, the filter condition is set to true. If the filter condition contains an ECDL expression, a message enters the input port only if the message type attribute of the message matches the event type (or if the event type field is empty), and the ECDL expression evaluates to true. If an ECDL expression evaluates to false, the message does not enter the input port. Filter conditions are useful if you cannot determine whether a message should enter the input port just by looking at the message type attribute. For example, specify input_ event SEVERITY = SEV_CRITICAL to filter for messages with a critical severity. e. Click Replace to update the input port. 6. Optional. Use HPOMmessage attributes in ECS nodes. For example, a filter node in an ECS circuit can refer to the object message attribute as input_event OBJECT = ovbbccb. 7. Complete the configuration of the circuit as described in the ECS documentation. 8. Verify and save the circuit. 9. Test the circuit using the HP ECS Designer in simulation mode. 10. Compile the circuit. When you compile a circuit, ECS creates a platform-independent ASCII file for the circuit that can be referenced by event correlation policies. Circuit files have a .eco file extension. Related topics l "Developing event correlation policies" (on page 1013) Create correlators with HP Correlation Composer HP Correlation Composer is an extension of HP Event Correlation Services (ECS). It includes the following components: l A parameterized event correlation (EC) circuit that contains a predefined correlation logic. l A graphical user interface for customizing the parameterized EC circuit. You customize the parameterized EC circuit in HP Correlation Composer by creating correlators. Each correlator represents a unit of logic to be applied to an event or a set of events. HP Correlation Composer provides correlator templates that can be used as models for the most common correlation tasks. HP Correlation Composer maintains correlators in correlator stores. When you save a correlator store, HP Correlation Composer creates a fact store file. HPOMprovides the policy Correlation Composer for the HP Correlation Composer circuit. The policy references the circuit file ecs_comp.eco which in turn is associated with the fact store file ecs_comp.fs (and optionally the data store file ecs_comp.ds). To create correlators with HP Correlation Composer 1. Start the HP Correlation Composer graphical user interface, click Start Programs HP HP Operations Manager Correlation Composer. Alternatively, type the following command at a command prompt: HP Operations Manager (9.00) Page 1018 of 1297 Online Help Developing event correlation policies %OvBinDir%\ovocomposer -ui 2. Create correlators and correlator stores as described in the HP Correlation Composer User's Guide for HP Operations Manager and HP Network Node Manager. Tip: Copy an existing correlator store (for example, %OvInstallDir%\conf\OpC\mgmt_ sv\CO\demo.fs) for your work so that you benefit fromthe already defined global constants for HPOMmessage attributes. 3. Save your correlator stores in the folder %OvInstallDir%\conf\OpC\mgmt_sv\CO on the management server. 4. Merge the correlator stores (optional) and deploy themto the management server or managed nodes as described in the HP Correlation Composer User's Guide for HP Operations Manager and HP Network Node Manager. You can use the ovocomposer utility for this purpose. For information about ovocomposer, type ovocomposer -h at a command prompt. 5. Optional. If the fact stores call external Perl functions, store the Perl scripts in the following folder: n Management server: %OvDataDir%\contrib\ecs\external\perl n Nodes with a UNIX or Linux operating system: <OvInstallDir>/contrib/ecs/external/perl n Nodes with a Windows operating system: %OvInstallDir%\contrib\ecs\external\perl 6. Enable the message streaminterface (MSI). For ECS to be able to read and correlate HPOMmessages, the message streaminterface (MSI) must be enabled. Depending on where you plan to correlate messages, enable the MSI on the management server or on the agent. In addition, the policies that generate the messages to be correlated must specify that the management server or agent diverts or copies the messages to the MSI. Otherwise the messages bypass the MSI. Tip: To enable the server MSI, deploy the sample policy Event Correlation MSI client, which is provided in Policy groups Samples Event Correlation to the management server. This policy registers the COMclient that forwards messages to the HP ECS Engine. If other application instances are already running on the management server, modify the server MSI policy and add the application instance ovowecm.msiadapter with the application type COM. 7. Deploy the HP Correlation Composer policy Correlation Composer to the management server or node. To deploy the event correlation policy to the management server, make sure that you select Configure server-based event correlation in the Deploy policies dialog box. The HP Correlation Composer circuit cannot run without the required fact store file. If you deploy the HP Correlation Composer policy before the fact store file is in place, the circuit aborts. Install the fact store file and restart the management server or agent, or redeploy the HP Correlation Composer policy after you installed the fact store file. You can also use the ecsmgr tool to force a reload of fact store files into the HP ECS Engine. The ecsmgr tool is included with the HP ECS Engine. Note: This help topic provides only a short introduction to HP Correlation Composer. For more detailed information, see the HP Correlation Composer User's Guide for HP Operations HP Operations Manager (9.00) Page 1019 of 1297 Online Help Developing event correlation policies Manager and HP Network Node Manager, which is available at the HP Software Product Manuals web site. Related topics l Server-based MSI Policies l Agent Message StreamInterface (MSI) l Deploy a policy or policy group l "Developing event correlation policies" (on page 1013) Data and fact stores HP Event Correlation Services (ECS) enables you to introduce data into your event correlation (EC) circuits without having to edit and recompile the circuit. EC circuits can access external data in the formof data and fact stores and through annotate nodes. Note: This help topic provides only information that is required to configure data and fact stores for HPOMfor Windows. For more information about accessing external data fromwithin EC circuits, see the ECS documentation, which is available at the HP Software Product Manuals web site. Data and fact stores enable you to separate the environmental aspects of the correlation fromthe rules and basic logic that are hard coded into EC circuits. l Data stores hold user-specified key-value pairs of information. For example, you could configure a generic EC circuit for correlating switch user messages. You can run the same circuit on many different nodes if you store the names of trusted users (which might change from systemto system) in a data store. l Fact stores hold user-specified relationships between objects. For example, you could store the relationships between users and groups in a fact store. ECS distinguishes between global and specific data and fact stores. Global data stores and fact stores are shared between multiple EC circuits. Specific data and fact stores can be accessed by a single EC circuit only. If a specific data or fact store does not exist for a given EC circuit, the HP ECS Engine loads the global store. Each EC circuit can access only one data store and one fact store at a time. Data and fact stores are text files with the file extension .ds and .fs respectively. Global data store files are called dstore.ds; global fact store files are called fstore.fs. The names of specific data and fact store files must correspond to the name of the EC circuit that references them. l Location of global data and fact store files You must store global data store (dstore.ds) and fact store (fstore.fs) files in the following folders: n Management server: %OvShareDir%\conf\ec n Nodes with a UNIX or Linux operating system: <OvDataDir>/conf/eaagt n Nodes with a Windows operating system: %OvDataDir%\conf\eaagt HP Operations Manager (9.00) Page 1020 of 1297 Online Help Developing event correlation policies You may need to create these folders if they do not already exist. l Location of specific data and fact store files You must store specific data and fact store files in the following folders: n Management server: %OvShareDir%\server\datafiles\policies\ec n Nodes with a UNIX or Linux operating system: <OvDataDir>/conf/eaagt n Nodes with a Windows operating system: %OvDataDir%\conf\eaagt l Location of Perl scripts If the fact stores call external Perl functions, store the Perl scripts in the following folder: n Management server: %OvDataDir%\contrib\ecs\external\perl n Nodes with a UNIX or Linux operating system: <OvInstallDir>/contrib/ecs/external/perl n Nodes with a Windows operating system: %OvInstallDir%\contrib\ecs\external\perl Note: Policy deployment does not deploy data and fact store files and Perl scripts. You must copy themto the management server or node before deploying the event correlation policy. The HP ECS Engine loads data and fact stores when you restart the management server or node and when you deploy an event correlation policy. You can also manually load data and fact stores into the HP ECS Engine using the ecsmgr tool. This tool needs to know whether you want to update the HP ECS Engine on the management server (instance 11) or on a node (instance 12). The ecsmgr tool is included with the HP ECS Engine. Related topics l "Annotate nodes" (on page 1021) Annotate nodes HP Event Correlation Services (ECS) enables you to introduce data into your event correlation (EC) circuits without having to edit and recompile the circuit. EC circuits can access external data in the formof data and fact stores and through annotate nodes. Note: This help topic provides only information that is required to configure annotate nodes for HPOMfor Windows. For more information about accessing external data fromwithin EC circuits, see the ECS documentation, which is available at the HP Software Product Manuals web site. Annotate nodes make a call outside the HP ECS Engine to an external process. This external process is known as annotation server. The annotation server performs the appropriate processing and returns the resulting information to the annotate node. This information can then be used within an EC circuit to assist in decision making or to enrich the information output fromthe circuit. Use annotate nodes in preference to data or fact stores when accessing information that is likely to change on a regular basis. HP Operations Manager (9.00) Page 1021 of 1297 Online Help Developing event correlation policies HPOperations agent annotation server The HP Operations agent provides an annotation server (opcecaas) to run scripts or executables. By default, the annotation server intercepts requests fromall annotate nodes if the first element of the Annotate Spec parameter is a string. If the first element is an integer, for example, the request is available for any user-built annotation server. (ECS provides an annotation API for users to develop their own annotation server. See the HP Event Correlation Services Developer s Guide and Reference for more information.) Tip: You can configure the annotation server to intercept requests fromnamed annotate nodes only using the following command: ovconfchg -ns eaagt -set OPC_ECS_ANNO_NODE <annotate node name> Annotate Spec parameter When sending an annotation request to the annotation server, the Annotate Spec parameter must be a single string containing the full path to and name of the script or executable to be run, for example: l UNIX or Linux: ["/var/opt/OV/bin/instrumentation/loginCount.sh"] l Windows: ["D:\ECS\annoserver.pl"] Tip: If you store the scripts or executables in the %OvShareDir%\Instrumentation folder on the management server and use categories to associate the scripts or executables with your event correlation policies, the management server automatically deploys the files when it deploys your policies. In addition to the path and name of the scripts or executables, the Annotate Spec parameter also accepts any number of parameters that you want to pass to the script or executable. The first parameter equates to the first positional parameter in the script. Additional parameters equate to subsequent positional parameters in the script. You can also obtain parameters fromthe message attributes of the input messages, for example: l UNIX or Linux: ["/var/opt/OV/bin/instrumentation/loginCount.sh + (input_ event OBJECT)"] l Windows: ["\"C:/Program Files/HP/HP BTO Software/nonOV/perl/a/bin/perl.exe\" \"D:\ECS\annoserver.pl\""] On Windows, enclose all paths in quotation marks ("") and escape the quotation marks with a backslash (\"). The annotation server returns both the exit code and the standard output of the script or executable. To obtain this information, for example in a filter node, use the following syntax: input_event 2 1 (obtains the exit code) input_event 2 2 (obtains the standard output of the script or executable) Tip: Use the standard exit and echo commands (or equivalent) in your scripts or executables to produce the desired response. Configure the ECS engine If the ECS engine does not connect correctly to the annotation server, try changing the following connection options. HP Operations Manager (9.00) Page 1022 of 1297 Online Help Developing event correlation policies 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog opens. 2. Click Namespaces, and then click Event Correlator Service (ECS) Engine. A list of values appears 3. Change any of the values in the following table: Value Default Description Annotate Server timeout (in seconds) 10 This value specifies the maximumtime (in seconds) that the ECS engine may take to connect to the annotation server at startup and at reconfiguration time. Modify this value if you experiences problems when starting or reconfiguring the annotation server. Maximum Annotate Server retries 20 This value specifies the maximumnumber of retry attempts by the ECS engine to connect to the annotation server socket stack. If the specified value is too low, the annotation server may not be able to process all messages when it temporarily experiences problems. If the value is too high, messages may be delayed when the annotation server is unavailable. Related topics l "Data and fact stores" (on page 1020) l Configure instrumentation l Change server configuration values HP Operations Manager (9.00) Page 1023 of 1297 Online Help Developing event correlation policies Customizing the Console Your administrator configures the view of nodes, tools, services, and messages that you see in your console and may place certain limits on the activities you can perform. Within these administrator-defined constraints, you are free to customize your view and save the changed configuration to use again. You might change your view in these ways: l Define filters to display only the messages you specify. l Define your screen layout in terms of: n Number of windows n Window arrangement n Message browser sorting n Message browser column placement l Configure the console default view for nodes, node groups, maps, and services l Configure map background color l Turn error message display on or off l Set the number of levels a map can expand l Set the maximumnumber of messages that are cached l And so on You can save your customized view for later use. Name your view with an .msc extension. Related Topics: l Save customized console views l Customizing console properties l Filtering messages Connect to a management server When you start a console for the first time, the Connect To Server dialog box opens where you can specify the management server to which you want the console to connect. Instead of typing the server name you can also browse the network for a list of systems. When you save the console settings, the name of the management server is also saved. The next time you start a console, the console automatically connects to the management server that is stored in the console settings file. By default, the HPOMserver includes only one console settings file (%OvDataDir%\bin\HP Operations Manager.msc). To connect to a different management server You can configure the console to always prompt you for the name of the management server as follows: HP Operations Manager (9.00) Page 1024 of 1297 Online Help Customizing the Console 1. Open the Console Properties dialog box if it is not already open. a. In the Scope pane, right-click the name of the root node to open the shortcut menu. b. Select Properties to open the Console Properties dialog box. 2. Select the Misc tab. 3. Select Ask for server name on each start. 4. Click OK to confirmyour choices and close this dialog box. The Connect To Server dialog box opens each time you start a console and prompts you for the name of the management server. To connect to a partially unavailable management server By default, consoles establish or maintain a successful connection to a management server only if all of the following services are running on the management server: l OvEpStatusEngine (Calculates the status of services, nodes, node groups, and associations. Performs root cause and impact analysis.) l OvMsmAccessManager (Controls the read and write accesses to the HP Operations Manager service model.) l OvEpMessageActionServer (Receives and processes HP Operations Manager messages and actions and notifies clients of changes.) l OvAutoDiscovery Server (Administers the HP Operations Manager Auto-Discovery Server.) l OvSecurityServer (Provides security services for HP Operations Manager.) l OvDnsDiscoveryService (OvDnsDscr; Provides functionality to read entries fromDNS servers.) l OvPmad (Manages policies and packages as well as their deployment to the managed node.) You can add or remove services to and fromthis list so that a management server accepts and maintains connections fromconsoles even if additional or fewer services are running on the server. Caution: If you allow a console to connect to a management server where one or more services are not running, the console will not be able to access the functionality that these services normally provide. 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. Alternatively, open a command prompt and type: "%OvBinDir%\OVSrvConfEditor.exe" <management server> Replace <management server> with $SERVERNAME to configure the local management server. For remote consoles, type the hostname of the management server that you want to configure. You must be a member of the HP-OVE-ADMINS group to open the Server Configuration dialog box on remote consoles. 2. Click Namespace and then click Server Monitor. 3. Click Expert mode. HP Operations Manager (9.00) Page 1025 of 1297 Online Help Customizing the Console 4. Modify the value for Service names which should be monitored: n Optional. Remove the name of the service that does not need to run for successful console connections. n Optional. Add the name of the service that must be available for successful console connections. 5. Click OK. 6. Restart the ovservermonitor service. Open a command prompt and type: net stop ovservermonitor && net start ovservermonitor Related Topics: l Save customized console views l Specify console miscellaneous properties l "Generic server configuration " (on page 200) Save customized console views All of the configuration settings for the tools and controls are saved with the console view and restored when the customized console file is opened. As an administrator, you can create a console file, save it as an .msc file, then distribute it to different computers across your environment for operators to use in performing their tasks. Typically, the .msc file is specific to one management server, which is named in the .msc file. If you distribute the .msc file to a different management server, when you open the .msc file, it attempts to find the server originally specified. If unable to locate that server, the programprompts you for a new server name. As an operator you are free to make certain changes to the view of nodes, services, tools, and messages to customize your display. You can save the changed configuration to use again. You might want to save your console view if you have: l Filtered the display of messages in the browser to show only messages of a certain severity, ownership, or certain period of time. l Modified the sort order of the received time and date column. The sort order of the other columns is not saved. l Added, removed, or rearranged console views and want to preserve the views to use the next time your workspace file (.msc) is loaded. To save changes to your console view 1. Fromthe console menu, select Save as to open the Save as dialog box. 2. Type a name for your customized view with the file extension .msc. 3. Specify the directory where you want to keep the file. 4. Click OK to confirmyour selections and close the dialog box. You can return to any customized view you create by opening its .msc file. Select File Open fromthe MMC console menu to open a saved view. HP Operations Manager (9.00) Page 1026 of 1297 Online Help Customizing the Console Related Topics: l Customizing the console l Modify message attributes l Filtering messages Find objects in the console tree You can search the console tree for a specific object. This helps you to locate an object, for example a node, service, or tool more quickly. To find objects in the console tree 1. Right-click the object group in the console tree. For example, right-click a tool group. 2. Select All Tasks Find <object>. The Find <object> dialog box opens. For example, select All Tasks Find Tool. The Find Tool dialog box opens. 3. Type the search string in the Search for box. 4. Select the scope of the search in the Search in section of the Find dialog box. Your choices depend on the type of object selected. They include, for example, the display name, description, primary node name, service type, command, and so on. For example, when searching for a tool, you have the choice between searching in the display name, description, or command attributes of a tool. 5. Optional. Select Case sensitive if you want your search results to match exactly the characters you typed into the Search for box. Optional. Select additional options for your search in the Options part of the Find dialog box. Your choices depend on the type of object selected. They include, for example, to search only for nodes or services in outage mode. 6. Click OK. The Results dialog box opens. 7. Double-click an object, or click an object and then click Select. The object is selected in the console tree. Related Topics: l Viewing properties Customizing console properties You can customize the appearance and behavior of your console by setting preferences in the Console Properties dialog box. To customize console properties 1. Open the Console Properties dialog box if it is not already open. a. In the Scope pane, right-click the name of the root node to open the shortcut menu. HP Operations Manager (9.00) Page 1027 of 1297 Online Help Customizing the Console b. Select Properties to open the Console Properties dialog box. 2. Specify your preferences in the tabs. 3. Click Apply to apply your settings without closing the dialog box. 4. Click OK to confirmyour choices and close the dialog box. Changes take effect immediately and apply to all the consoles available to the user making the changes. Related Topics: l Specify console general properties l Specify console data presentation properties l Specify console message browser properties l Specify console notification properties l Specify console miscellaneous properties Specify console general properties You can specify the appearance of maps in HPOMusing the General tab of the Console Properties dialog box to set preferences for how many levels the map view will expand, map background color, and model pre-caching. In addition, you can specify how many WMI instances can be retrieved at any one time, how results views are opened, and whether the Agent Installation dialog box opens when you deploy a policy or package to a node that does not yet have an agent installed. To specify console general properties 1. Open the Console Properties dialog box if it is not already open. a. In the Scope pane, right-click the name of the root node to open the shortcut menu. b. Select Properties to open the Console Properties dialog box. 2. In the General tab, specify how the map view expands using the Number of Levels to Automatically Expand box, enter a number. You can specify fromone to five levels of expansion. In map views where large numbers of items are displayed in the lower levels, configuring the map to expand one level at a time can increase performance. The new settings will not take effect until the map is redisplayed. Change the view to the message browser, for example, then return to the map view to see the change. 3. To change the light gray default background color of your maps, click Change Color to open the Microsoft Windows Color dialog box. Select a basic color or define a customcolor, then click OK to close the Color dialog box. In the General tab, click Apply to see the new background color. 4. Select Model Pre-caching to upload all node and service information to the console at startup. Clear this check box if you do not want this information uploaded at startup. 5. The number in the WMI instance retrieval count box determines the maximumsize of the HP Operations Manager (9.00) Page 1028 of 1297 Online Help Customizing the Console data packets that are exchanged between the management server and the console (more specifically, between the server and the node, tool, and service configuration editors). The default value of 100 means that a maximumof 100 objects (messages, nodes, or services, for example) are transmitted in each packet. This default value is valid for most HPOM environments, with the following exceptions: n Fast network connections: If a fast network connection is available, you can decrease the default value to a minimumof ten. Low values mean that fewer objects are transmitted in each packet so that the first packet arrives more quickly. However, because more packets are transmitted, the overall transportation overhead is higher. n Slow network connections: If the network connection is slow, increase the value to a maximumof 500. Higher values mean that more objects are transmitted in each packet, which slows down the arrival of the first packet, but overall, fewer packets are transmitted. 6. Clear Show result views in new windowto display result views in the details pane rather than in a new window. Result views are, for example, map views, reports, and graphs. 7. The Enable agent installation dialog option determines if HPOMchecks prior to each deployment whether an agent is already installed on the target nodes. If no agent is installed, the Agent Installation dialog box opens and asks you for the credentials of the node. Depending on the number of nodes, the agent installation check may take a long time to complete, during which the console is inaccessible. When you disable the Agent Installation dialog box, all deployment jobs start immediately. However, policy deployment jobs may fail if no agent is installed. To correct the problem, restart the failed deployment job by right-clicking the job and selecting All Tasks Restart job with advanced options. 8. Click Apply to see your changes take effect. Click OK to confirmyour choices and close this dialog box. Related Topics: l Configure the console l Specify console data presentation properties l Specify console message browser properties l Specify console notifications properties l Restart job with new options l Disable automatic agent installation Specify console data presentation properties Set preferences for data presentation in your console using the Data Presentation tab of the Console Properties dialog box. You can specify default views for nodes, node groups, and services with and without subservices. HP Operations Manager (9.00) Page 1029 of 1297 Online Help Customizing the Console To set default viewpreferences 1. Open the Console Properties dialog box if it is not already open. a. In the Scope pane, right-click the name of the root node to open the shortcut menu. b. Select Properties to open the Console Properties dialog box. 2. Select the Data Presentation tab. 3. Optional. Select Position duplicate messages as new messages in local browser to treat duplicate messages the same way you treat new messages. 4. Optional. Clear Clickable URLs in messages to disable hyperlinks in message fields. 5. Select the default view for Nodes fromthe list. Choose Maps, Message Browser, List, Impacted, or Root Cause. a. Choose a default view for Node Groups. o If you select Maps, you can select your default view fromContains or Contained By map views. o If you select Message Browser, you can display either the active or acknowledged messages browser in your default view. o If you select List, Impacted, or Root Cause, no filtered view is available. b. Choose a default view for Nodes. o If you select Maps, you can choose fromContained By or Hosting Services Map as your default view. o If you select Message Browser, you can display either the active or acknowledged messages browser in your default view. o If you select List, Impacted, or Root Cause, no filtered view is available. 6. Select the default view for Services. Choose Maps, Message Browser, or List. a. Choose a default view for Service with subservice. o If you select Map you can select your default view fromContains/Uses, Contained By/Used By, Uses, Used By, Contains, ContainedBy and Service Hosted On map views. o If you select Message Browser, you can display either the active or acknowledged messages browser in your default view. o If you select List, no filtered view is available. b. Select a default view for Service without subservice. Choices are the same as for Service with subservice. 7. Click Apply to see your changes take effect. Click OK to confirmyour choices and close this dialog box. Related Topics: l Customizing console properties l Specify console general properties HP Operations Manager (9.00) Page 1030 of 1297 Online Help Customizing the Console l Specify console message browser properties l Specify console notifications properties l Specify console miscellaneous properties l Understanding uses and contains relationships Specify console message browser properties You can specify message browser appearance using the Message Browser tab of the Console Properties dialog box to set preferences for whether error messages display, the color of messages, and the maximumnumber of displayed messages. To specify message browser properties 1. Open the Console Properties dialog box if it is not already open. a. In the Scope pane, right-click the name of the root node to open the shortcut menu. b. Select Properties to open the Console Properties dialog box. 2. In the Message Browser tab, clear Display Error Dialogs from Message Browser if you do not want to view error messages. Turn the display of messages on or off in your active messages browser for messages on which you performmass operations. This can save you time so that you do not repeat the closure of the same error message box for a block of messages. For example, assume your active messages browser has a block of 1,000 messages that are owned by another operator. You decide to select all 1,000 messages to performa mass operation. Before the operation can complete, the following error message displays: To continue working, you would have to select OK and close each of these error messages. To avoid having to click OK for each error message, you can turn off the display of all the error messages by clearing the Display Error dialogs checkbox. This turns off the errors associated with all messages that are owned, disowned, acknowledged, and unacknowledged. It can also be used on messages where the severity has been changed. 3. Click Always apply my changes in message properties if you do not want to be asked to refresh the message when other processes or users have modified it. With this check box selected, HPOMalways applies your changes to the message's properties and discards all other updates. 4. To specify the coloring of messages in the message browser, click one of the following options: n Do not color messages Messages have no background color. HP Operations Manager (9.00) Page 1031 of 1297 Online Help Customizing the Console n Color messages, highlight owned messages Messages that you own have a background color according to their status. Messages that other users own have a light gray background. n Color messages, highlight unowned messages Unowned messages have a background color according to their status. Messages that other users own have a light gray background. 5. To set the number of messages that you want to display, enter the number in the Maximum Number of Displayed Messages box and click Apply. There is no limit to the number of messages you can display. When the default message limit is exceeded, the oldest messages are removed fromview at the rate of 10% at a time. The browser removes all messages in those views not being looked at (inactive views) and also removes the view. For example, if you have an active view and three inactive views in the background, to remain within the message display setting, the browser would first remove the inactive views, then remove 10% of the messages in the active view. 6. Click Apply to see your changes take effect. Click OK to confirmyour choices and close this dialog box. Related Topics: l Customizing console properties l Specify console general properties l Specify console data presentation properties l Specify console notifications properties l Specify console miscellaneous properties Specify console notifications properties You can specify how to be notified in the console when new messages arrive using the Notifications tab of the Console Properties dialog box, using one or all of the following options: l Systemtray popup message l Systemtray icon display l Sound notification To specify notifications properties 1. Open the Console Properties dialog box if it is not already open. a. In the Scope pane, right-click the name of the root node to open the shortcut menu. b. Select Properties to open the Console Properties dialog box. 2. In the Notifications tab, select Enable system tray popup to display a notice that a new message has arrived in the message browser. The default is to show the message for all message severities. Use the list box to restrict the message display to the severity level you prefer. 3. Select Enable system tray icon to receive notification in the Windows systemtray. The HP Operations Manager (9.00) Page 1032 of 1297 Online Help Customizing the Console default is to show the icon for all message severities. The list box contains the same severity levels as the Enable system tray popup. 4. Select Enable sounds to receive an audible notification when a new message arrives. Use the Browse button to select the sound you prefer. The default is to play the sound for all message severities. The list box contains the same severity levels as the Enable system tray popup. 5. Click Apply to see your changes take effect. Click OK to confirmyour choices and close this dialog box. Related Topics: l Customizing console properties l Specify console general properties l Specify console data presentation properties l Specify console message browser properties l Specify console miscellaneous properties Specify console miscellaneous properties In the Misc tab of the Console Properties dialog box, you can specify whether to provide the name of the management server each time the console starts, and whether the node editor, service editor, or tool editor open with or without displaying the properties of the currently selected node, node group, service, or tool. By default, the editors open directly, without displaying the properties. To specify miscellaneous properties 1. Open the Console Properties dialog box if it is not already open. a. In the Scope pane, right-click the name of the root node to open the shortcut menu. b. Select Properties to open the Console Properties dialog box. 2. Select the Misc tab. 3. Select Ask for server name on each start to always be prompted for the name of the management server in the Connect to Server dialog. 4. Select Display properties on open editor to display the properties of the currently selected node, node group, service, or tool when the corresponding editor opens. You can configure this setting for the following editors: n Node editor n Service editor n Tool editor This setting only takes effect when you open an editor through the shortcut or main menu. When you click a toolbar button to open an editor, the editor always opens directly, without displaying the properties. 5. Click Apply to see your changes take effect. Click OK to confirmyour choices and close this dialog box. Related Topics: HP Operations Manager (9.00) Page 1033 of 1297 Online Help Customizing the Console l Customizing console properties l Specify console general properties l Specify console data presentation properties l Specify console message browser properties l Specify console notification properties Customizing the message browser You can customize the appearance and content of your message browser in several ways: l Sorting message information l Change the message browser column display l Change the default message browser limit For information about applying filters to limit the display of messages, see the help topic Filtering messages. Sort message information You can sort the information that appears in the columns in the active and acknowledged messages browsers so that data appears in either ascending or descending order, indicated by either an up or down arrow at the top of the column. Except for the Received column, all new information appears at the bottomof the message browser. Received: This column sorts date and time. Select ascending order to see the oldest messages at the top of the list and new messages at the bottom. Select descending order to see the newest messages at the top of the list. Severity: In the Severity column, ascending order places the least severe messages at the top of the list. Descending order places the most severe messages at the top. All other columns are sorted alphabetically in either ascending or descending order. To sort message information 1. In either the active or acknowledged messages browser, click in the column heading of the column you want to sort. 2. Use the up arrow to sort in ascending order. 3. Use the down arrow to sort in descending order. Change the message browser column display You can choose to show any combination of the following message attributes in the columns of your message browsers: Severity Duplicates State Unmatched Instructions Available Automatic Command HP Operations Manager (9.00) Page 1034 of 1297 Online Help Customizing the Console Operator-initiated Command Annotations Available Received Created Service Node Application Object Text Message Group Policy Policy Type Origin Sender User of last state change Time of last state change Message key Type First Received You can also show up to ten columns of custommessage attributes (CMAs). To change the column display 1. Right-click the column headings in the message browser, and then click Options. The Message Header Options dialog box opens. 2. To toggle display of a column, select or clear the check box beside the column you want to show or hide. Tip: You can also hide an individual column by right-clicking the column name in the message browser, and then clicking Hide Column. 3. To create a custommessage attribute column, type the title of the column that you want to add to the browser, and then click Add. The column name appears in the Custom Message Attributes group box. Use the Remove and Remove All buttons to delete selected column names you have created. 4. Click OK to close the dialog box and confirmyour changes. When you return to the message browser, the options you checked will take effect. Related Topics: l Browsing Messages l View and edit custommessage attributes l Specify console message browser properties Change the default message browser limit The active and acknowledged messages browsers have a default limit of 50,000 messages that can be viewed at one time. Each open message browser, map view, or list view constitutes an MMC view that appears in a separate window within the MMC. The limit applies to the combined open views, so that if you have two message browser views open (or a message browser and a map view), the combined number of messages displayed in both views cannot exceed 50,000 messages. HP Operations Manager (9.00) Page 1035 of 1297 Online Help Customizing the Console A view can be active or inactive. An active view appears on top of other windows in the MMC and its title bar is colored blue. Any inactive views are located behind the active view, and their title bars are colored gray. To change an inactive view to the active view, left-click once in the inactive view. It will become active and appear on top of any other views. When the default message limit is exceeded, the oldest messages are deleted, at the rate of 10% at a time. The browser removes all messages in those views not being looked at (inactive views) and also removes the view. For example, if you have an active view and three inactive views in the background, to remain within the 50,000 message limit, the browser would first remove the inactive views, then remove 10% of the messages in the active view. To configure the browser display limit: 1. Fromthe console tree, select Operations Manager. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Console Properties dialog box which you can use to configure console settings. 4. In the Message Browser tab, specify the maximumlevel of displayed messages. 5. Click OK to save your changes and close the dialog box. HP Operations Manager (9.00) Page 1036 of 1297 Online Help Customizing the Console Web Console for HPOM The HP Operations Manager web console provides a quick and convenient way to view the status of nodes and services, to view messages, to launch tools, to view and print reports, and to launch HP Performance Manager. In addition, you can view the job queue for nodes and policies, display policies deployed to a selected node, view policy properties, view an inventory of nodes where a selected policy is deployed, and enable, disable, remove, or update a policy to the latest version. To access the complete HP Operations Manager for Windows functionality, use the native console or connect to a console using Microsoft Terminal Services. To log on to the web console l From a remote computer: a. In your web browser address or location field, type a URL in the following format: https://<hostname>/OVOWEB/ Where hostname is the name of the management server. So for example, if your server were named myserver, then your URL would be: https://myserver/OVOWEB/ Note: The server certificate that the web console uses by default is not froma trusted certificate authority. Therefore, you may see certificate errors in the web browser. If necessary, you can configure the browser to prevent the certificate errors. (See "Security Settings" (on page 1060).) b. After you enter the URL, depending on the security settings in your environment, you may have to log on. If the web browser or web console requires you to log on, type the Windows domain name and your user name in the following format. <domain>\<user name> For example, if the domain name is example and your user name is operator1, type your user name as follows: example\operator1 Alternatively, you may be able to log on as a local user without the domain name. You must be a member one of the following HP user groups: HP-OVE-OPERATORS HP-OVE-ADMINS l From the management server: Click Start, and then click All Programs HP HP Operations Manager Web Console. The web console opens in a web browser. HP Operations Manager (9.00) Page 1037 of 1297 Online Help Web Console for HPOM Web Console Overview The HP Operations Manager Web Console provides a quick and convenient display of important information about your managed nodes and services. When first opened, the console displays a series of buttons in the menu bar. You can readily access and respond to information about your managed environment by clicking the corresponding button in the menu bar to open the appropriate screen, as described below. Note that you can launch the Status, Messages, Tools, Reports and Policies selections in their own window. See the help topic Customize Launch for additional information. Status View the status of nodes and services, analyze the root cause of failure, and view impacted services. Messages View messages that result fromevents that occur on your monitored services and managed nodes, which show both default and user-defined node groups. Default node group folders (under HP Defined Groups) include External, (for capturing messages fromminimally configured nodes or forwarded messages), NNMManaged Nodes, SNMP, UNIX, Unknown, Virtual Nodes, and Windows. Take action to correct the problemthat caused the message, using the information available in the Properties pane about available corrective actions, message text, and deployed policies. Fromone screen, you can acknowledge, own, and disown messages, change their severity, and customize their display in the browser. Tools Launch tools that help you to performnecessary tasks in your environment (for example launching corrective actions or diagnostic tools). You can launch tools directly fromtheir tool group, or in the context of managed services, nodes, or messages. After you launch a tool, you can view the results to see if the tool failed or succeeded Reports If the HP Reporter integration is configured on the management server, you can view and print any of the many reports included with the web console to help you diagnose problems in your environment. Graphs If HP Performance Manager is available on the management server, you can access the graphs that it provides fromthe web console. See the HP Performance Manager help for further details. Policy Management and Deployment View the job queue for nodes and policies. Display policies deployed to a selected node, view policy properties, view an inventory of nodes where a selected policy is deployed, and enable, disable, remove, or update a policy to the latest version. View details of a deployment package and see which packages and subpackages are installed on any node. HP Operations Manager (9.00) Page 1038 of 1297 Online Help Web Console for HPOM User Roles Your view of information about nodes, services, messages, and policies in the browser is determined by the user role or roles your administrator may have assigned you to and by filters that you apply. User roles configure an operator's view of the environment to focus on specific assigned tasks. By defining roles for specified users, the administrator controls the activities that those users can perform. If you have not been assigned to any user role, your browser view is not restricted and you have access to all node instances and services and any associated messages. User roles are configured in the HP Operations Manager for Windows console and are fully explained in the online help available there. Multiple Sessions The web console does not support opening new windows within an existing browser. New browser windows must be opened by launching the new browser via the Start menu, or desktop, or other means. However, some user settings are saved based on the name of the user, and these settings will be shared across all sessions for a particular user. These settings include the status options, the message filters and options, and the global settings such as language and color scheme. To end a current session and log out, you must close the browser and reopen it. Refreshing the page or site does not initiate a new session. Management Server in a Cluster When the HPOMmanagement server is running in a cluster and a cluster failover occurs, the web console will detect this and the web session will be reset with a message to this effect. Analyzing Status Using the Web Console, you can view the hierarchy of existing services and the status of each service. You can also display a list of root causes and impacted elements so that you can trace a problemto its source and correct it. Use the Status Option screen to change the way status information is displayed. Related topics l "View Status" (on page 1039) l "Status Analysis" (on page 1040) l "Status Options" (on page 1041) View Status The Status Display shows the hierarchy of existing services in your environment and the current status of each service, represented by an icon showing current severity level. The arrows in the display represent children of the parent service. To viewthe status hierarchy You can view the status hierarchy as a table or a tree. The tree view is the default option. (To see the table view, click Options and select Table.) HP Operations Manager (9.00) Page 1039 of 1297 Online Help Web Console for HPOM To analyze root cause and impact Click Analyze to drill down for more detail about a selected server. Both root cause and impacted elements are provided. Related topics l "Status Options" (on page 1041) l "Status Analysis" (on page 1040) Status Analysis The Status Analysis screen provides a list of root causes and impacted elements that you can investigate for further details about a selected service that is showing signs of trouble. Click on any entry to drill down to the next level of detail. To find the root cause of a problem: 1. In the menu bar, click Status to open the Status Display screen. 2. Click Analyze to open the Status Analysis screen, which displays a detailed list of root causes and impacted elements for the selected service. If you started at the root of the tree, you will see impacted services for all elements. 3. Click on one of the listed root causes to open the message browser, which displays only the message associated with the cause of the problem. 4. Click the severity level for a message to display message properties in the lower portion of the browser. 5. Performthe appropriate action, if one is provided, and follow any instructions in the Instructions tab to resolve the situation. To determine which services are most severely impacted: 1. In the menu bar, click Status to open the Status Display screen. 2. Click Analyze to open the Status Analysis screen, which displays a detailed list of root causes and impacted elements for the selected service. If you started at the root of the tree, you will see impacted services for all elements. 3. Click on any impacted element to drill down for more information. For example: l Assume that Inventory is one of the impacted elements in the list. By clicking on Inventory, you can display a node name. Click on the node name, and you can display, for example, hardware elements. l Assume that CPU and Memory are red, indicating Critical status. l Select Memory, then select the Message link in the left workspace pane to open the Message Browser. l The console tree in the navigation pane shows your location in the hierarchy and the browser HP Operations Manager (9.00) Page 1040 of 1297 Online Help Web Console for HPOM displays only messages related to the memory problemyou selected. l For one of the messages displayed, click its severity link to display the message properties in the properties pane and the cause of the memory problem. Status Options You can change the way status information about services and nodes is displayed using the Status Options screen. To change status options 1. In the menu bar, click Status to open the Status Display screen. 2. Click Options... to open the Status Options screen. 3. Select any of the following options: Option Description Display Depth: Choose Table, Tree, or SVGtree view. The Table option shows two levels of hierarchy. The tree view shows one level. The SVG(scalable vector graphics) tree provides enhanced layout. You can also right-click services and nodes in an SVGto access a context menu. The context menu enables you to analyze the status, show messages, and view properties of the service or node. To use the SVGtree, you need a web browser that supports SVG(for example, Mozilla Firefox 3.5 or higher). Sort By: Sort by alphabetical name (the default) or status severity. You might choose to sort by severity to have an immediate visual cue of the nature of the problem. Sorted by severity, the display shows services or nodes with the Critical items shown first in the hierarchy. if you have also selected the Tree option, you will see only one level of severity (the highest), providing an at-a-glance view of the most serious problems. Element Type: You can view either Nodes or Services. You cannot view both at the same time. Display Icons: Select fromlarge, small, or LED representations of status severity. Hide Display Name Text: Select to display status icons without the accompanying text. 4. Click OK to save your changes. Browsing Messages Use the web console message browser to view and act on the messages received fromyour managed nodes and services. The console displays a tree of services, node groups, and managed HP Operations Manager (9.00) Page 1041 of 1297 Online Help Web Console for HPOM nodes in the console tree on the left side of your browser. The icons in the tree of managed nodes and services reflect the current message status of each service, node group, or node. You can also right click nodes and services in the tree to open a context menu that provides further options. For example: you can view properties of a node or service; you can view or analyze the status of a service; you can view a list of the services that a node hosts; you can view a node's package inventory. To browse messages 1. In the menu bar, click Messages to open the message browser. 2. Select the node, node group, or service for which you want to view messages. You can view messages for one node or service at a time. To view messages froma different node or service, select a different name. Tip: If you want to quickly find a particular node or service, you can search for it. To search the tree of nodes and services, click the find icon at the top right of the tree. After you select a node or service in the tree, the message browser displays all messages received fromthe selected node or service and all of its children. The message browser displays two categories of messages: l Active messages are unacknowledged messages you can act on to resolve problems in the managed environment using administrator-configured operator-intiated commands. l Acknowledged messages are typically resolved when the problemthat caused the message to appear has been resolved. If necessary, administrators can unacknowledge a message and make it active again. You can view both active and acknowledged messages in the browser and can filter the view to show only those messages that meet the criteria you set. Using the message browser, you can: l Filter the view of messages by time received, severity, message text, ownership, policy condition, message source, application, object, and group. Filters restrict the display of messages to those that meet the criteria you set, making it easy to see those that are most important to you. l Evaluate messages according to color-coded status. l View message text l View message properties l Own and disown messages l View, add, delete, and edit annotations l Change severity l Acknowledge/unacknowledge messages l Launch operator-initiated actions l View instructions For each message, the browser displays the following information by default: HP Operations Manager (9.00) Page 1042 of 1297 Online Help Web Console for HPOM l Number of duplicates l Message severity l Time the message was received l Message attributes such as ownership, available commands, instruction text, and policy information l Node sending the message l Service that the message affects l Application, message group, and object associated with the message l First 30 characters of the message (this value is customizable) Depending on the user role assigned to you, if any, you can use the Properties pane at the bottom of your browser to act on the displayed messages in a variety of ways. You will always be able to view the properties of a message, but might not have access to all the available actions, depending on your user role. Filter messages The messages that appear in your messages browser are received fromthe nodes managed by the management server, as configured by your administrator. However, by setting filters you can further customize this display to show only those messages that match the criteria you set. Messages can be filtered by one or more of these criteria: l Message text: Filter messages containing specific text. l Severity: Filter messages of the selected severity. l Ownership: Filter messages of various ownership. l Policy condition: Filter messages that either do or do not match any of the message conditions or suppressed conditions defined in the policies deployed on the managed nodes. l Time: Filter messages created at particular dates and times. l Message source: Filter messages of the selected service, node, or node group. l Message attributes: Filter messages on the application, object, or message group. l Custom message attribute (CMA): Filter messages on custommessage attributes. Because you can select multiple properties for a filter, you can create a filter to display just those messages that matter most to you. For example, you could create a filter that would display only messages froma particular service on a particular node, created between specified dates and times. There are two types of filters: l Public filters: Public filters are available to all users, but only HPOMadministrators can create, modify, save, and delete them. l Private filters: Any user can create, modify, save, and delete private filters for their own, personal use, if they have been granted the right to do so. HP Operations Manager (9.00) Page 1043 of 1297 Online Help Web Console for HPOM To apply a filter: 1. In the toolbar, click Messages. The message browser appears. 2. Click Filter. 3. Select a Time Range, State, or predefined Filter. To create a newfilter: 1. In the toolbar, click Messages. The message browser appears. 2. Click Filter, and then click Filters. The Edit Message Filters screen appears. 3. Select Public Filter if you are an HPOMadministrator and want the filter to be available to all users. 4. Specify filter properties in the following tabs: General a. If you want to filter by message text, enter the text in the Message Text Includes: box. Only messages that contain this specified text will display in the browser. For example, if you enter "error" in the Message Text Includes box, messages will be filtered on message text that contains the word "error," regardless of case. b. To filter on severity criteria, check one or more check boxes in the Include Severities group. c. To filter on ownership criteria, check one or more check boxes in the Ownership group. d. In the Policy Condition criteria, check one or both the Unmatched and Matched check boxes to filter for messages that either match or do not match any of the message conditions or suppressed conditions defined in the policies deployed on the managed nodes. Informyour administrator of any unmatched messages so that the corresponding message can be improved or corrective action provided. Time n Click All Messages to display messages regardless of the time they were created. n If you prefer to filter messages created during a specific interval of time, click Message(s) Received. o To filter messages by specific start and end times, click Within range, and then specify a date and time in From and To. o To filter messages froma specific number of months, click Within months and enter the number of months. o To filter messages froma specific number of days, click Within days and enter the number of days. Message Source Select one or more nodes, node groups, or services fromnode and service trees to display only messages fromthose nodes or services. HP Operations Manager (9.00) Page 1044 of 1297 Online Help Web Console for HPOM If you select a node group, messages fromall nodes included in the group are included. Services can be selected independently of their position in the tree's hierarchy. Message Properties a. Fromthe Property drop-down list, select the attribute for which you want to filter (Application, Object, or Group). b. In the Value box, type the application, object, or message group name, or select it fromthe drop-down list. c. Click Add to add the property to the Property list. d. To add more properties to the Property list, repeat the previous steps. CustomMessage Attributes a. Select the Name of the CMA, and then type a Value for which you want to filter. The list contains all the known CMA names. CMAs are available only if they have been received on the server and are already attached to messages in the database. b. Click Add to add your selections to the Property list. c. To add more properties to the Property list, repeat the previous steps. 5. Click OK to save your changes and return to the messages browser. 6. If you want to apply the filter to the messages browser, click Filter and then select the Filter in the list. Read the Browser Headline The browser headline banner across the top of the message browser labels the columns of information the browser displays. Use the headline to quickly identify these message details. Column Description checkbox Check this box to select messages for action. Use the buttons at the top of the message browser to performan action such as acknowledge a message. Note that the actions will only be applied to the checked messages viewable on the current page. D Specifies the duplicate count, that is the number of duplicate messages. Nothing is shown if the count is zero. Select Click the status icon beside the message for which you want to view details to display additional information in the Properties pane at the bottomof the browser. Severity Color-coded icons give at-a-glance message status. Created Specifies the date and time the message was created. Received Specifies the date and time the message was received on the management server. SUIAON The status column displays attributes for message states. The flags in the columns show message state and the availability of instructions, annotations, and actions for each message. (See "Message Attributes Key" (on page 1046) for HP Operations Manager (9.00) Page 1045 of 1297 Online Help Web Console for HPOM details.) Node Specifies the name of the node that issued the selected message. Service Specifies the service to which the message belongs. Application Specifies the application that detected the message or was affected by it. Group Specifies the message group to which the message belongs. Object Specifies the object that caused the message or was affected by it. Message Displays the message text, which you can view without scrolling by clicking an icon in the Select column for a selected message. This displays the entire message text in the Properties pane below the message browser. Message Attributes Key Message attributes are described in the Properties pane and displayed graphically in the message browser headline. The SUIAON column in the message browser shows at a glance which attributes are available for a selected message. Flags in the columns provide further information. If an attribute is not available for a message, the column for that attribute displays a hyphen (-). Value Flag S Owned Message State. A flag in this column indicates that a user has taken ownership of a message. The flags you might see in this column mean that a message is (O) owned by operator, (X) owned by others, (-) unowned, or (A) acknowledged. U Unmatched Message. A message that does not match either a message condition or a suppress condition. An X in this column indicates an unmatched message. I Help Instructions. The administrator provides instructions for messages to help with problemresolution. If available, you can view these instructions in the Instructions tab of the Message Properties pane. A Automatic Command. Indicates that an automatic command has been configured for the message and gives the status of the command. The attribute value shows whether a command succeeded (S), failed (F), is available (X), not started (N), discarded (D), a console command (C), or is running (R). O Operator-Initiated Command. Indicates that an operator-initiated command has been configured for the message and gives the status of the command. The attribute value shows whether a command is available (X), successful (S), failed (F), not started (N), discarded (D), a console command (C), or is running (R). N Annotations. Indicates if annotations exist for this message. You review the annotations to find procedures that resolved similar problems in the past. Operating on Messages In the message browser, you can performcertain operations on the messages displayed: HP Operations Manager (9.00) Page 1046 of 1297 Online Help Web Console for HPOM l Own one or multiple messages l Acknowledge one or multiple messages l Change the severity of one or multiple messages Own messages Owning a message means that you take responsibility for performing the actions associated with that message. As the owner, you have exclusive read-write access to the message. Other users may see this message in their browsers, but have limited access to it. Only the owner of a message (or the administrator) is authorized to: l Own Messages l Performoperator-initiated commands related to the message. l Disown the message. l Modify the message text. l Change message severity. You do not have to be the owner of a message to: l Acknowledge the message. l Annotate the message. However, if you acknowledge an unowned message, ownership will be assigned to you. To own a message 1. In the menu bar, click Messages to open the message browser. 2. In the message browser, select the message or messages by clicking the check box for each message that you want to own. 3. Click Own. The browser headline displays a letter Oin the S column to indicate that the message is owned. Other operators will see an X in that column. Alternatively, right-click a message, and then click Own. To disown a message 1. In the menu bar, click Messages to open the message browser. 2. In the message browser, select the message or messages by clicking the check box for each message that you want to disown. 3. Click Disown. The browser headline displays a hyphen (-) in the S column. Alternatively, right-click a message, and then click Disown. Acknowledge messages You acknowledge a message when the problems causing that message to appear are resolved. Typically, you acknowledge messages when you have finished working with them. You can set the browser filter to hide acknowledged messages that you are no longer working on. To view them again, change the filter setting to display acknowledged messages. HP Operations Manager (9.00) Page 1047 of 1297 Online Help Web Console for HPOM You might acknowledge a message because: l Any problems have been resolved and work on the message is finished. l Another message in the browser describes the same event. l Message severity is low and no action is required. To acknowledge a message 1. In the menu bar, click Messages to open the message browser. 2. Optional. In the console tree, select the node or service you are interested in to display messages for only that node or service in the message browser. 3. In the browser, select the message or messages by clicking the check box for each message that you want to acknowledge. 4. Click Acknowledge. When you acknowledge a message, you become the owner of that message. The S column in the browser headline shows an A for each acknowledged message. Alternatively, right-click a message, and then click Acknowledge. To unacknowledge a message 1. In the menu bar, click Messages to open the message browser. 2. In the message browser, click Filter and select Acknowledged fromthe State dropdown list. 3. Select the message or messages by clicking the check box for each message that you want to unacknowledge. 4. Click Unacknowledge. The S column in the browser headline shows a hyphen (-) for each unacknowledged message. Alternatively, right-click a message, and then click Unacknowledge. Change message severity You can easily change the severity for one or more messages in the Active messages browser. 1. In the menu bar, click Messages to open the message browser. 2. Select the message or messages by clicking the check box for each message for which you want to change the severity. 3. Click Change severity to... and select the new severity level. The severity icon in the browser display changes to show the new severity level. Edit View Settings You can change the way messages are displayed in the browser by specifying the columns to be displayed and the way messages are grouped in the browser. To edit the message browser view 1. In the menu bar, click Messages to open the message browser. 2. Fromthe console tree select the group for which you want to display messages. Messages HP Operations Manager (9.00) Page 1048 of 1297 Online Help Web Console for HPOM appear in the browser window. 3. Click Options... to open the Edit Message View Options screen. 4. Select the Page Mode you prefer. The default is Multi-page list, which displays 15 messages per page.You can change the number of messages per page. Alternatively, select Single-page list to show all messages on one page. 5. To specify the coloring of messages in the message browser, click one of the following options: n No coloring of messages Messages have no background color. n Color messages, highlight owned messages Messages that you own have a background color according to their status. Messages that other users own have a light gray background. n Color messages, highlight unowned messages Unowned messages have a background color according to their status. Messages that other users own have a light gray background. 6. Select or clear the Show Status check box. If you select this check box, the web console adds icons in the Nodes/Services tree, which show the severity of each node and service. 7. Use the Show Columns check boxes to indicate which columns will appear in the message browser. You can select any combination of options. You can also specify the field length of the message text column by entering a value in the characters wide box. 8. Select the Buffer Size. A smaller buffer will increase performance, but may mean that the message browser does not show all the messages that match the current filter. If the number of messages that match the filter exceeds the buffer size, the message browser notifies you. You can modify the filter to return fewer messages, or increase the buffer size. 9. Click OK. The browser will refresh and show the new settings. View Message Properties Click a message to access the Message Properties. The Properties tab shows you details about the selected message. Properties are read-only and include: l Severity: Shows the service level associated with the message (Critical, Major, Minor, Warning, Normal). l State: Shows whether the message is Active, Acknowledged, or Owned (owned and active). l Owner: The operator who is to take responsibility for the message. l Created: The date and time the message was generated on the agent system. This time always displays using the time zone of the agent at creation time (for example, 11:30 (CET/winter). This means that this time always displays in this fixed time zone. l First Received: The date and time the (first) message was received on the server. This time always displays using the current time zone of the management server (for example, 02:30 (PST/winter). This means that the time zone in which this time displays may change if the HP Operations Manager (9.00) Page 1049 of 1297 Online Help Web Console for HPOM management server time zone changes (for daylight savings time, for example). During daylight savings time, the time fromthe example would be recalculated to 03:30 (PST/summer). l Last Received: The date and time the last duplicate message was received on the server. This time always displays using the current time zone of the management server (for example, 02:30 (PST/winter). This means that the time zone in which this time displays may change if the management server time zone changes (for daylight savings time, for example). During daylight savings time, the time fromthe example would be recalculated to 03:30 (PST/summer). l Time of Last State Changed: Displays the time the state last changed, according to the time zone of the management server. l Message Text: Description of condition generating the message. l ID: The unique identifier for this message. l Node: The name of the node generating the message, if any. l Service: Uniquely identifies a service and maps messages to that service. All messages contributing to the severity calculation of this service contain this service's Service ID as a message attribute. l Group: The name of the group this message was assigned to by the administrator. l Object: The name of the object generating the message (for example, CPU). l Application: The name of the application generating the message, if any. l User of Last State Change: Displays the node name and user ID for the last user to own or acknowledge the message. Add Annotations Annotations are short notes that summarize the actions taken to resolve problems and can be used by others to resolve similar situations. You can add annotations to a message at any time and can review and modify existing annotations if your user role or roles permit. Messages that have annotations associated with themdisplay an X in the N column of the message browser. To add an annotation 1. In the menu bar, click Messages to open the message browser. 2. In the message browser, select the message you want to annotate. Message details display in the Properties pane. 3. In the Properties pane, click the Annotations tab. Any existing annotations are listed and identified by user ID. 4. To add a new annotation, click Add Annotation to open an empty editing window. 5. Type your annotation and click Save. Your new annotation is added to the list of existing annotations. HP Operations Manager (9.00) Page 1050 of 1297 Online Help Web Console for HPOM To delete an annotation Select the annotation fromthe list and click the X in the delete column. Confirmthe delete by clicking OK in the message that displays. The annotation is removed fromthe list. To edit an annotation 1. Click the document icon beside the name of the annotation you want to modify. In the editing window, type your text changes. 2. Click Save to save your changes and close the editing window. When you return to the previous window, you will see your text changes added to the annotation text. View duplicates Stored duplicates (duplicate message annotations) are listed in the duplicates tab. The list is read- only; you cannot add, delete or edit the list. Stored duplicates are reflected in the duplicates count column (D) of the message browser. Note that the D column may show more duplicates than are stored in the database. You can go fromone page to the next to view all the duplicates. View Message Instructions Message instructions are configured by your administrator to help you solve common problems. They might include details describing: 1. Automatic actions 2. Operator-initiated actions 3. Manual steps to follow for problemresolution Instructions are read-only and cannot be edited. To viewmessage instructions 1. In the message browser, select the message for which you want to view instructions. Message details display in the Properties pane. 2. Select the Instructions tab to view instructions configured by your administrator for this message. 3. To close the Instructions tab, select any of the other tabs in the Properties pane. View Message Forwarding Information Use the Forwarding tab in the Message Properties dialog to view the following information: Origin: The management server that intially received the message Sender: The management server that forwarded the message to the current server. Launch Commands If the administrator has configured operator-initiated commands for a message and has assigned you to an appropriate user role, you can run the operator-initiated commands as part of your HP Operations Manager (9.00) Page 1051 of 1297 Online Help Web Console for HPOM problem-solving strategy. You can determine whether commands are available for a selected message by glancing at the message browser headline status column, which also displays the status for the command. More information about the commands configured for a message is available fromthe Properties pane Actions tab, which shows the type of command, the command itself, and the location where the command runs. Operator-initiated commands can be launched by an operator and may require some user input. For example, actions requiring too much CPU should not be started without first evaluating systemload and requirements. To launch a command 1. In the menu bar, click Messages to open the message browser. 2. In the message browser, click the check box for the message for which you want to run a command. Message details display in the Properties pane. 3. Click the Actions tab to display a list of actions available for this message. 4. To run an operator-initiated command, click the Actions tab, then click Start. The Properties pane displays the action taken and its status. You can also verify that the command succeeded by looking in the message browser status column. The Ocolumn displays an S if the command succeeded. (For details see "Message Attributes Key" (on page 1046)). Display a Graph You can view performance data graphically if the selected message has an operator-initiated command to display graphed data. These graph actions are defined by the policies that send the message. Information about the commands configured for a message is available fromthe Properties pane Actions tab, which shows the type of command, the command itself, and the location where the command runs. When you launch the Display Graph command, the console opens a new window that contains the graph specified in the operator-initiated command. See "Launch Commands" (on page 1051) for instructions on how to launch a command. Note: Graphs are only available if HP Performance Manager is integrated with HPOM. Refresh the Browser When the browser window automatically refreshes, the browser replaces the current view with the refreshed view. This means that if you focused on some particular messages using the scroll bars, that view will be replaced when you refresh the browser, requiring you to scroll again to find the message. To minimize this problem, use one of the following options: l Use a setting which does not cause a scroll bar to be needed. For example, try 10 pages of 10 messages each instead of 100 messages. The default message display is 15 messages. If you HP Operations Manager (9.00) Page 1052 of 1297 Online Help Web Console for HPOM set the default to 14, you can prevent a partial message at the bottomof the screen that you must scroll to see. This setting is designed to allow the message list size to be customized so as not to scroll. l Lower the refresh rate in settings to allow enough time between refreshes for your task to be completed. l Disable refresh altogether and use the Refresh button in the message list to manually update it. Related topics l "Edit View Settings" (on page 1048) l "Customize and Manage the Web Console" (on page 1060) Applying Tools Tools are executables, scripts, and URL commands that help you to performnecessary tasks in your environment (for example launching corrective actions or diagnostic tools). HPOMprovides many tools to make managing your environment easier. Tools that are executables and scripts can run on managed nodes and management servers. Tools that are URL commands run on your local system. Some tools attempt to run executables and scripts on the local system. You can launch these tools using the main HPOMfor Windows console. You cannot launch these tools fromthe HPOMfor Windows Web Console. You can launch tools directly fromtheir tool group, or in the context of managed services, nodes, or messages. An administrator configures which tools are available to you using the main HPOMfor Windows console. After you launch a tool, you can view the results to see if the tool failed or succeeded using the Tool Status screen. Related topics l "Launch a Tool" (on page 1053) l "View Tool Status" (on page 1055) Launch a Tool Tools are executables, scripts, and URL commands that help you performnecessary tasks in your environment (for example launching corrective actions or diagnostic tools). An administrator configures which tools are available to you. You can launch tools directly fromtheir tool group, or in the context of managed services, nodes, or messages. The tools available to you are configured by your administrator. When you launch a tool, a wizard appears in the details pane, which guides you through the tool launch. Depending on the tool's configuration, you may need to provide the following details when you launch a tool: HP Operations Manager (9.00) Page 1053 of 1297 Online Help Web Console for HPOM l Target The administrator may allow you to select the nodes on which to run the tool. If you launch the tool in the context of a node, service that is hosted on a node, or message, the target is already implied, and so this wizard page does not appear. l Parameters The administrator may allow you to modify the tool's parameters. If the tool's parameters contain variables that represent nodes or services, you may need to select nodes and services from node and service trees. l Login The administrator may allow you to provide or modify the credentials under which the tool runs. To launch a tool from a tool group 1. In the menu bar, click Tools. A tree of tool groups appears. 2. Expand the appropriate tool group, and then click the tool that you want to launch. The tool launch wizard appears. If you want to quickly find a particular tool, you can search for it. To search the tree of tools, click the find icon at the top right of the tree. To launch a tool from a service or node 1. In the menu bar, click Messages. A tree of services and nodes appears. 2. Expand the appropriate service or node group. Right-click a service or node and then click Launch Tool. The Launch Tool dialog box opens. 3. In the Launch Tool dialog box, click the tool that you want to launch. The tool launch wizard appears. Note: The Launch Tool dialog box lists only those tools that the administrator has associated with the service or node. Note: If your browser supports scalable vector graphics, you can also launch tools fromthe context menu of nodes and services in the Status Display. (For more details, see Status Options.) To launch a tool from a message: 1. In the menu bar, click Messages. A tree of services and nodes appears. 2. Expand the appropriate service or node group, and then click a service or node. The details pane shows messages for that service or node. 3. Click a message in the list. The message properties appear below. 4. In the message properties, click the Tools tab. If you launch tools that are associated with the related service or node, the Launch Tool dialog box appears. Click the tool that you want to launch. The tool launch wizard appears. You can also launch any tools that the administrator has made available in the context of all messages. HP Operations Manager (9.00) Page 1054 of 1297 Online Help Web Console for HPOM View Tool Status After you launch a tool, the Tool Status screen appears. Alternatively, you can open this screen by clicking Tools in the menu bar. The Tool Status screen shows the status of all tools that you launched this session. (The details are no longer available after you close the session, or if your session expires.) When any tool is running, the Tool Status screen refreshes automatically. You can stop a tool that is running by clicking the stop icon. After a tool succeeds or fails, you can click the itemin the tool status list to see the tool output. However, some tools do not generate output. You can restart a tool by clicking the restart icon. Managing Policies and Deployment Policy management enables you to act on a specific policy on a selected node in a variety of ways: l View policy properties l View policies deployed on a managed node (Policy Inventory) l View the managed nodes that a policy is deployed on (Node Inventory) l Enable policies l Disable policies l Update policy versions l Deploy policies l Remove policies (undeploy) l Manage the policy Job Queue Deployment enables you to view details of a deployment package and to see which packages and subpackages are installed on any node. To view the job queue, nodes, policies, and deployment packages 1. In the menu bar, click Policies to open the Policies screen. 2. Choose one of the four options to performactions on policies, nodes, and deployment packages: n Select Job Queue to manage the active jobs. n Select Nodes to manage the policy inventory and deploy policy groups and policies to a managed node. n Select Policies to view policy properties, manage the policy's node inventory, and deploy a policy to node groups and managed nodes. n Select Deployment Packages to view details of a deployment package and to see which packages and subpackages are installed on any node. HP Operations Manager (9.00) Page 1055 of 1297 Online Help Web Console for HPOM Related topics l "Policy Management: Job Queue" (on page 1056) l "Policy Management: Nodes" (on page 1056) l "Policy Management: Policies" (on page 1057) l "Policy Management: Deployment Packages" (on page 1059) Policy Management: Job Queue Use the Job Queue screen to resume, cancel, and suspend jobs. The details pane displays a list of jobs showing State (pending, suspended, or active), Node, Job Type, Policy name (if applicable), Version, and Date. You can re-sort the information in each column by clicking on the column header. Note: The screen refreshes automatically based on the general refresh period of the web console. (For details see "Customize and Manage the Web Console" (on page 1060)). To act on one or more policies 1. In the menu bar, click Policies to open the Policies screen. 2. Click the check box beside each policy name for which you want to performan action. 3. Click the button for the action you want to perform: suspend, resume, or cancel. The display will update to show the latest status for the selected jobs. Policy Management: Nodes Use the Nodes section of the Policies tree to manage the policy inventory and deploy policies and policy groups to a specified node. Note: The screen refreshes automatically based on the general refresh period of the web console. (For details see "Customize and Manage the Web Console" (on page 1060)). To manage the policy inventory 1. In the menu bar, click Policies to open the Policies screen. 2. Expand the Nodes tree and select a node to display a list of policies deployed to that node on the Policy Inventory tab. The display shows the version number of the deployed policy, the latest version number, the state of the policy (enabled or disabled), and historical information about the date the policy was created and registered. You can change the sort order of the columns by clicking on the highlighted column name. 3. Optional. If another management server owns a policy on a node, this management server will not remove it by default. If you want this management server to remove any policies that other management servers own, select the Ignore policy owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. 4. Optional. If you know that the job to remove a policy will fail (for example, because the node is HP Operations Manager (9.00) Page 1056 of 1297 Online Help Web Console for HPOM unreachable), but you still want to remove the policy fromthe inventory on the management server, select the Force policy removal check box. 5. To enable, disable, remove, or update to latest version for one or more policies, click the check box beside each policy name you want to act on. 6. Click Enable, Disable, Remove, or Update to Latest. The display updates to show your changes. Update to latest applies the latest available version of the policy to this node. To deploy policies and policy groups to a managed node 1. In the menu bar, click Policies to open the Policies screen. 2. Expand the Nodes tree and select a managed node to which you want to deploy one or more policies. 3. Click the Policy Deployment tab in the details pane to view options for deployment. 4. Optional. If you want to deploy the policies to nodes that already have a more recent version of the policy, clear Deploy policy only if version is newer. 5. Optional. Select Disable policy after deployment if you want to deploy the policies, but immediately disable them. 6. Optional. If another management server owns a policy on a node, this management server will not remove it by default. If you want this management server to remove any policies that other management servers own, select the Ignore policy owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. 7. Optional. If you want to deploy event correlation policies to the management server itself (not to the local agent on the management server), select the management server in the Nodes tree and select the Configure server-based event correlation (ECS policies only) check box. If you select only the management server and not the check box, HPOMdeploys the policy to the agent on the management server. 8. Click the check box beside each policy or policy group you want to deploy to the selected node. Tip: To view the policy's properties, click the policy link in the deployment list to open a window containing a description of the selected policy. This helps you to verify that you are deploying the correct policy. 9. Click Deploy. Click the Job Queue link to view the policy deployment status. Related topics l "Policy Management: Job Queue" (on page 1056) Policy Management: Policies Use the Policies option in the Policies tree to view policy properties, manage a policy's node inventory, and deploy a policy to managed nodes and node groups. HP Operations Manager (9.00) Page 1057 of 1297 Online Help Web Console for HPOM Tip: If you want to quickly find a particular policy, you can search for it. To search the tree of policies, click the find icon at the top right of the tree. To viewpolicy properties 1. In the menu bar, click Policies to open the Policies screen. 2. Expand the Policies tree and select the policy for which you want to view properties. The details pane will show the Properties tab for the selected policy. 3. Select the policy version you want to use or click the Always use the latest version check box. If the check box is not selected, the drop-down list is active and will display all available versions of the policy for you to select from. To manage the policy's node inventory 1. In the menu bar, click Policies to open the Policies screen. 2. Expand the Policies tree and select the policy for which you want to view properties. The details pane will show the Properties tab for the selected policy. 3. Click the Node Inventory tab. The details pane lists the managed nodes that the selected policy is deployed to and shows the node name, version number, latest version number, policy state (enabled, disabled), job state, policy category, and the creation and registration date for the selected policy. 4. Optional. If another management server owns a policy on a node, this management server will not remove it by default. If you want this management server to remove any policies that other management servers own, select the Ignore policy owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. 5. Optional. If you know that the job to remove a policy will fail (for example, because the node is unreachable), but you still want to remove the policy fromthe inventory on the management server, select the Force policy removal check box. 6. To enable, disable, remove, update to selected version, or update to latest version, click the check box beside one ore more nodes in the list. 7. Click Enable, Disable, Remove, Change version to, or Update to latest. The display updates to show your changes. To deploy a policy to managed nodes or node groups 1. In the menu bar, click Policies to open the Policies screen. 2. Expand the Policies tree and select the policy for which you want to view properties. The details pane will show the Properties tab for the selected policy. 3. Select the Policy Deployment tab. 4. Optional. If you want to deploy the policies to nodes that already have a more recent version of the policy, clear Deploy policy only if version is newer. 5. Optional. Select Disable policy after deployment if you want to deploy the policies, but HP Operations Manager (9.00) Page 1058 of 1297 Online Help Web Console for HPOM immediately disable them. 6. Optional. If another management server owns a policy on a node, this management server will not remove it by default. If you want this management server to remove any policies that other management servers own, select the Ignore policy owner check box. To do this, you must have the user right to ignore policy ownership. The management server that you are connected to must be a primary or secondary manager of the node. 7. Optional. Select the desired policy version fromthe drop-down list. The default version is the current version. 8. Select the check boxes for the nodes or node groups to which you want to deploy the policy. 9. Click Deploy. Click the Job Queue link to view policy deployment status. Related topics l "Policy Management: Job Queue" (on page 1056) Policy Management: Deployment Packages A deployment package usually contains agents, programs, or instrumentation that are ready for installation on nodes. A package can contain individual files and also subpackages, which are collections of files. For each node, the management server maintains a package inventory, which enables you to see which packages exist on each node. Use the deployment package information in the details pane to view details of a deployment package and to see which packages and subpackages are installed on any node. Note: The screen refreshes automatically based on the general refresh period of the web console. (For details see "Customize and Manage the Web Console" (on page 1060)). To viewproperties of available packages 1. In the menu bar, click Policies to open the Policies screen. 2. Expand Deployment Packages and then click the deployment package that you want to view (for example, Operations-Agent). The properties of the deployment package open and display the name, description, and version of the package. To viewdetails of available packages 1. In the menu bar, click Policies to open the Policies screen. 2. Expand Deployment Packages and then click the deployment package for which you want to display details (for example, Operations-Agent). The properties of the deployment package open. 3. Click the Details tab. HP Operations Manager (9.00) Page 1059 of 1297 Online Help Web Console for HPOM 4. Optional. In the Details tab, click Showor Hide subpackages.The tab shows or hides details of subpackages accordingly. To viewinstalled packages 1. In the menu bar, click Policies to open the Policies screen. 2. Expand Deployment Packages and then click the deployment package for which you want to display the node inventory (for example, Operations-Agent). The properties of the deployment package open. 3. Click the Node Inventory tab. The tab display a list of packages installed on any node. Customize and Manage the Web Console You can customize the appearance of the web console in several ways using the Settings screen. To customize the web console 1. In the menu bar, click Settings. The Settings screen opens. 2. Select an option to customize the appearance of the web console: Option Description Language: Specify the language to be used in the display. The default is English. Skins: Change your console color scheme by specifying a new skin fromthe list. Graph Type: View any graphs associated with messages as either HTML or Java graphs. Note: Graphs are only available if HP Performance Manager is integrated with HPOM. Layout Selection Select whether you want the menu bar on the left side of the window or at the top. Default Message Sort Order Select whether you want to see messages sorted by severity or time received. Refresh Period: Select the console screen refresh rate that you prefer. You can refresh the console screen at any time by clicking the Refresh symbol (the small, green semi-circle) in the console tree. 3. Click Save to save any changes you make. Security Settings l "User authentication" (on page 1061) l "Session timeout interval" (on page 1062) l "SSL Encryption" (on page 1062) HP Operations Manager (9.00) Page 1060 of 1297 Online Help Web Console for HPOM User authentication HPOMuses Internet Information Services (IIS) on the management server to provide the web console functionality. IIS has integrated security and authentication settings, which enable administrators to choose the security mode that they prefer. By default, the web console is configured to use Windows authentication. When Windows authentication is enabled, IIS attempts to authenticate the current user automatically. If this automatic authentication is successful, users can access the web console without providing a user name and password. If automatic authentication is not possible, the web browser may request a user name and password to authenticate the user. Windows Authentication may be unsuitable in some environments (for example, if you need to open the web console froma computer that is in a different domain or subnet). If you decide that Windows authentication is unsuitable, you can use basic authentication, digest authentication, or anonymous authentication. Each of these authentication mechanisms provides different levels of security. When Windows authentication, basic authentication or digest authentication is enabled, HPOM relies on IIS to authenticate the user before allowing themto access the web console. In contrast, when anonymous authentication is enabled, IIS allows any user to access the web console. Therefore, when anonymous authentication is enabled, the web console performs the user authentication by displaying a logon page. For more details about the different types of authentication that you can use, see the IIS documentation that Microsoft provides, or the Microsoft web site. To configure authentication in IIS 7.0 1. On the management server, in the Server Manager, expand Roles Web Server (IIS), and then click Internet Information Services (IIS) Manager. 2. In Connections, expand <server name> Sites Default Web Site, and then click OVOWeb. 3. Under IIS, double-click Authentication. Enable or disable the authentication mechanisms as appropriate. To configure authentication in IIS 6.0 1. FromtheStart menu, select Adminstrative Tools. 2. Select Internet Information Services. 3. Select OVOWeb, then right-click to open the context menu. 4. Select Properties to open the Properties dialog box. 5. Select the Directory Security tab. 6. Click Edit to open the Authentication Method dialog box. 7. In the Authentication group box, check the type of authentication you prefer. HP Operations Manager (9.00) Page 1061 of 1297 Online Help Web Console for HPOM 8. Follow the instructions to enter a domain name. 9. Click OK to confirmyour settings and close the dialog box. Session timeout interval By default, web console sessions timeout after 20 minutes of user inactivity. The affect of the session timeout depends on the authentication method that the web console is configured to use. If you use anonymous authentication, when a session timeout occurs, the web console logs the user off. The user must provide their user name and password again in the web console logon page. If you use Windows authentication, basic authentication, or digest authentication, the web console's automatic refresh normally prevents a session timeout fromoccurring. If the user disables the automatic refresh option, the web console logs the user off when a session timeout occurs. However, the user can normally start a new session without providing their user name and password again, unless they close the browser. To configure the session timeout interval in IIS 7.0 1. On the management server, in the Server Manager, expand Roles Web Server (IIS), and then click Internet Information Services (IIS) Manager. 2. In Connections, expand <server name> Sites Default Web Site, and then click OVOWeb. 3. Under IIS, double-click ASP. 4. Expand Services Session Properties. 5. Change the value of Time-out, and then click Apply. To configure the session timeout interval in IIS 6.0 1. In Internet Information Services Manager, open the OVOWeb Properties dialog box, and then select the Virtual Directory tab. 2. Click Configuration to open the Application Configuration dialog box. 3. Select the App Options tab. 4. Type the desired timeout interval, in minutes, in the Session timeout box. 5. Click OK to confirmyour settings. SSL Encryption The web console uses HTTPS to encrypt communication between the management server and browser. However, because the server certificate that the web console uses by default is not froma trusted certificate authority, you normally see certificate errors in the web browser when you connect to the web console. In Internet Explorer, the error states that there is a problemwith the web site's security certificate. In Firefox, the error states that the connection is untrusted. In either case, you can continue to connect to the web console by following the instructions that the browser provides. HP Operations Manager (9.00) Page 1062 of 1297 Online Help Web Console for HPOM To prevent certificate errors for an individual web browser: l In Firefox, you can add an exception so that the security errors do not appear next time you connect to the web console. l In Internet Explorer 8, you can import the certificate so that the errors do not appear: a. Navigate to the following location, and save the target somewhere on your computer. https://<hostname>/ovoweb/certificate/cert.pfx Replace <hostname> with the hostname of the management server. b. In Internet Explorer, click Tools Internet Options. c. In the Content tab, click Publishers. The Certificates dialog box opens. d. Click the Trusted Root Certification Authorities tab, and then click Import. Follow the steps in the Certificate Import Wizard to import the file into the Trusted Root Certification Authorities certificate store. Note: If you connect to the web console using Internet Explorer on the management server, you may also need to add the URL to the list trusted sites in the Internet Options dialog box,and then restart Internet Explorer completely. To prevent certificate errors for all web browsers: To prevent the certificate errors without having to configure each individual web browser, you can obtain a server certificate froma trusted certificate authority, and then configure IISto use it. For more details on how to configure server certificates and SSL, see the IIS documentation that Microsoft provides. Customize launch You can launch the Web Console with the message browser in the context of a specific node, service, or message. Specify the node ID or primary node name in the URL /misc.asp?node=<node id | primary node name> Examples: /misc.asp?node={009A60BE-6527-45E3-92D8-ED1BBA156C08} /misc.asp?node=mgmt.example.com Specify a service ID in the URL /misc.asp?service=<service id> Example: /misc.asp?service={6146617E-E8AE-4C17-8B00-60BC80FD7EFB} Specify a message ID in the URL /misc.asp?message=<message id> Example: HP Operations Manager (9.00) Page 1063 of 1297 Online Help Web Console for HPOM /misc.asp?message=07488dc0-9636-71df-1596-1039465e0000 Specify a message ID and node ID or primary node name in the URL /misc.asp?message=<message id>&node=<node id | primary node name> Examples: /misc.asp?message=07488dc0-9636-71df-1596-1039465e0000&node={009A60BE- 6527-45E3-92D8-ED1BBA156C08} /misc.asp?message=07488dc0-9636-71df-1596- 1039465e0000&node=mgmt.example.com Specify a message ID and service ID in the URL /misc.asp?message=<message id>&service=<service id> Example: /misc.asp?message=07488dc0-9636-71df-1596- 1039465e0000&service={6146617E-E8AE-4C17-8B00-60BC80FD7EFB} Software Support Online The HP Software Support Online web site offers in-depth information on a variety of topics: l Troubleshooting, knowledge base search, known problems l Problemreporting and support information l User manuals, software updates and patches, demos l Training and education l Discussion forum Click this link to open the HP Software Support Online web site in a separate browser window. Web Console Supported Platforms The HP Operations Manager for Windows web console is supported on the following platforms: l Internet Explorer 8.0 or higher l Mozilla Firefox 3.5 or higher Reports Viewer Click Reports to display a list in the console tree of available reports you can view. Reports are preconfigured by your administrator; you cannot create new reports using the console. To view a report, click on the report name listed in the console tree to display the report in the browser. To print a report, right-click within the report to open the context menu, then select Print. To search for a report by name, expand the console tree so that all options are visible. Note: Reports are only available if HPReporter is integrated with HPOM. HP Operations Manager (9.00) Page 1064 of 1297 Online Help Web Console for HPOM HPOM Agent Application Integration Guide The HPOMAgent Application Integration Guide (AIG) provides information for integrating your applications into HP Operations agent. Note: The HP Operations agent API includes support for C/C++ and Java, as well as for every language that supports DCOMautomation (for example, VB, VBScript, JScript, and so on). However, the agent message streaminterface supports C APIs only. 32-bit APIs are built using Microsoft Visual Studio 2005. The information in this HPOMAgent Application Integration Guide is only for version 8.60 and lower of HP Operations agent. Review the following legal disclaimer notice before using any of the materials contained in the HPOMAgent Application Integration Guide. HPOM for Windows Agent Application Integration Guide YOUR USE OF THE AIG IS SUBJECT TO THE SOFTWARE LICENSE AGREEMENT STATED BELOW. YOU MAY ONLY USE THE AIG IF YOU READ AND AGREE TO THE SOFTWARE LICENSE AGREEMENT AND THE WARRANTY STATEMENT. SOFTWARE LICENSE AGREEMENT Licensed Software. The "Licensed Software" is part of the HP Operations Manager Software. It consists of a collection of APIs, source code and binary code that permits licensee to develop licensee's programs that interoperate with HP Operations Manager. License Grant. HP grants you a non-exclusive, non-transferable license to (i) use the Licensed Software solely for internal development of applications that integrate with HP Operations Manager for Windows and (ii) reproduce and distribute only the library of binary linking images contained in the Licensed Software and then, only as integrated into the application developed under this license grant. Ownership. The Licensed Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership in the Licensed Software and is not a sale of any rights in the Licensed Software. HP's third party suppliers may protect their rights in the event of any violation of these License Terms. WARRANTY STATEMENT NO WARRANTY. YOU AGREE THAT THE HPOMAGENT AIGIS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY DESCRIPTION. HP SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOU ASSUME THE ENTIRE RISK RELATINGTOTHE USE OR PERFORMANCE OF THE HPOMAGENT AIG. LIMITATION OF LIABILITY. IN NOEVENT SHALL HP BE LIABLE FOR ANY DIRECT, INDIRECT, GENERAL, SPECIAL, OR CONSEQUENTIAL DAMAGES (INCLUDINGLOSS OF PROFITS) WHETHER BASED ON CONTRACT, TORT OR ANY OTHER LEGAL THEORY. HP Operations Manager (9.00) Page 1065 of 1297 Online Help HPOMAgent Application Integration Guide Agent Command-Line Utilities These utilities can be executed on the HP Operations agent version 8.60 and lower. Note: The information in this HPOMAgent Application Integration Guide is only for version 8.60 and lower of HP Operations agent. bbc.ini NAME bbc.ini - Configuration file for HTTPS communication. DESCRIPTION bbc.ini is the configuration file of a node using HTTPS communication and is located at: /<OvInstallDir>/misc\xpl\config\defaults It consists of sections headed by namespaces which contain the settings for each namespace. The bbc.ini file contains the namespaces listed below. Possible and default settings are described for each namespace. bbc.cb The Communication-Broker Namespace. You can use the following parameters: string CHROOT_PATH = <path> On UNIX systems only, the chroot path is used by the ovbbccb process. If this parameter is set, the ovbbccbprocess uses this path as the effective root thus restricting access to a limited part of the file system. Default is <OvDataDir>. This parameter is ignored on MS Windows and Sun Solaris 7 systems. See the chroot man page for details on chroot. bool SSL_REQUIRED = false If this parameter is set to true, the communication broker requires SSL authentication for all administration connections to the communication broker. If this parameter is set to false, non- SSL connections are allowed to the communication broker. bool LOCAL_CONTROL_ONLY = false If this parameter is set to true, the communication broker only allows local connections to execute administrative commands such as start and stop. bool LOG_SERVER_ACCESS = false If this parameter is set to true, every access to the server is logged providing information about the sender's IP address, requested HTTP address, requested HTTP method, and response status. int SERVER_PORT = 383 By default this port is set to 383. This is the port used by the communication broker to listen for requests. If a port is set in the namespace [bbc.cb.ports], it takes precedence over this parameter. string SERVER_BIND_ADDR = <address> Bind address for the server port. Default is INADDR_ANY. bbc.cb.ports HP Operations Manager (9.00) Page 1066 of 1297 Online Help The Communication-Broker-Port Namespace. This parameter defines the list of ports for all Communications Brokers in the network that may be contacted by applications on this host. The default port number for all BBC CBs is 383. You can use the following parameters: string PORTS This configuration parameter must be the same on all nodes. To change the port number of a BBC CB on a particular host, the hostname must be added to this parameter, for example, name.hp.com:8000. You can use an asterisk "*" as a wild card to denote an entire network, for example; *.hp.com:8001. Note too, that either a comma "," or a semicolon ";" should be used to separate entries in a list of hostnames, for example; name.hp.com:8000, *.hp.com:8001. In these examples, all hostnames ending in "hp.com" will configure their BBC Communication Broker to use port 8001 except host "name" which will use port 8000. All other hosts use the default port 383. You can also use IP addresses and the asterisk wild card (*) to specify hosts. For example; 15.0.0.1:8002, 15.*.*.*:8003 bbc.http The HTTP Namespace for node-specific configuration. For application-specific settings, see the section bbc.http.ext.*. Note that application-specific settings in bbc.http.ext.* override node- specific settings in bbc.http. You can use the following parameters: int SERVER_PORT = 0 By default this port is set to 0. If set to 0, the operating systemassigns the first available port number. This is the port used by the application <app_Name> to listen for requests. Note that it only really makes sense to explicitly set this parameter in the bbc.http.ext.<app_Name> namespace, as the parameter is application specific with any other value than the default value. string SERVER_BIND_ADDR = <address> Bind address for the server port. Default is localhost. string CLIENT_PORT = 0 Bind port for client requests. This may also be a range of ports, for example 10000-10020. This is the bind port on the originating side of a request. Default is port 0. The operating systemwill assign the first available port. Note that MS Windows systems do not immediately release ports for reuse. Therefore on MS Windows systems, this parameter should be a large range. string CLIENT_BIND_ADDR = <address> Bind address for the client port. Default is INADDR_ANY. bool LOG_SERVER_ACCESS = false If this parameter is set to true, every access to the server is logged providing information about the sender's IP address, requested HTTP address, requested HTTP method, and response status. string PROXY Defines which proxy and port to use for a specified hostname. Format: proxy:port +(a)-(b);proxy2:port2+(a)-(b); ...; a: list of hostnames separated by a comma or a semicolon, for which this proxy shall be used. b: list of hostnames separated by a comma or a semicolon, for which the proxy shall not be used. The first matching proxy is chosen. HP Operations Manager (9.00) Page 1067 of 1297 Online Help It is also possible to use IP addresses instead of hostnames so 15.*.*.* or 15:*:*:*:*:*:*:* would be valid as well, but the correct number of dots or colons MUST be specified. IP version 6 support is not currently available but will be available in the future. string DOMAIN This defines the default DNS domain to use if no domain is specified for a target host. This domain name will be appended to hostnames not containing a DNS domain name, if a match for the hostname alone cannot be found. This will be done for PROXY lookups and lookups in the [cb.ports] table, for example if the hostname "merlin" is specified and the DOMAIN = "bbn.hp.com", then the [cb.ports] entries will first be searched for the match of "merlin". If there is no match found for the hostname "merlin", then a search will be made for "merlin.bbn.hp.com", "*.bbn.hp.com", "*.hp.com", "*.com" and "*", in that order. bbc.fx BBC File-Transfer Namespace for node-specific configuration. For application-specific settings, see the section bbc.fx.ext.*. Note that application-specific settings in bbc.fx.ext.* override node-specific settings in bbc.fx. You can use the following parameters: int FX_MAX_RETRIES = 3 Maximumnumber of retries to be attempted for the successful transfer of the object. string FX_BASE_DIRECTORY = <directory path> Base directory for which files may be uploaded or downloaded. Default directory is <OvDataDir>. string FX_TEMP_DIRECTORY = <directory path> Temporary directory where uploaded files are placed while upload is in progress. At completion of upload, the file will be moved to <directory path>. Default directory is <OvDataDir>/tmp/bbc/fx. string FX_UPLOAD_DIRECTORY = <directory path> Target directory for uploaded files. By default this is the base directory. The upload target directory may be overridden with this configuration parameter. Default directory is FX_BASE_ DIRECTORY. bbc.snf BBC Store-and-Forward Namespace for node-specific configuration. For application-specific settings, see the section bbc.snf.ext.*. Note that application-specific settings in bbc.snf.ext.* override node-specific settings in bbc.snf. You can use the following parameters: string BUFFER_PATH = <path> Specifies the SNF path were the buffered requests are stored. Default is: <OvDataDir>/datafiles/bbc/snf/<app_Name> int MAX_FILE_BUFFER_SIZE = 0 Specifies the maximumamount of disk space that the buffer is allowed to consume on the hard disk. 0 = No limit bbc.http.ext.* HTTP External-Communication Namespaces: bbc.http.ext.<compID>.<app_Name> and bbc.http.ext.<app_Name>. This is the Dynamic External-Communication Namespace for application-specific settings. Note that application-specific settings in bbc.http.ext.*override node-specific settings in bbc.http. HP Operations Manager (9.00) Page 1068 of 1297 Online Help See the section bbc.http for a list of the parameters you can use in the bbc.http.ext.* namespace. bbc.fx.ext.* The Dynamic File-Transfer (fx) Namespace for external-component and application-specific settings. Note that application-specific settings in bbc.fx.ext.* override node-specific settings in bbc.fx. File Transfer External Namespaces: bbc.fx.ext.<compID>.<app_Name> and bbc.fx.ext.<app_Name>. See the section bbc.fx for a list of the parameters you can use in the bbc.fx.ext.* namespace. bbc.snf.ext.* The Dynamic Store-and-Forward (snf) Namespace for external-component and application-specific settings. Note that application-specific settings in bbc.snf.ext.* override node-specific settings in bbc.snf. Store and Forward External Namespace: bbc.snf.ext.<compID>.<app_Name> and bbc.snf.ext.<app_Name>. See the section bbc.snf for a list of the parameters you can use in the bbc.snf.ext.* namespace. AUTHOR bbc.ini was developed by Hewlett-Packard Company. EXAMPLES PROXY=web-proxy:8088-(*.hp.com)+(*.a.hp.com;*) The proxy web-proxy is used with port 8088 for every server (*) except hosts that match *.hp.com, for example www.hp.com. If the hostname matches *.a.hp.com, for example, merlin.a.hp.com the proxy server will be used. SEE ALSO "bbcutil" (on page 1069) bbcutil NAME bbcutil - a tool for debugging a BBC-based server. SYNOPSIS bbcutil -h|-help bbcutil -version bbcutil -ovrg [<ovrg>] bbcutil -reg|-registrations [<hostname>|<ip>] [-v|-verbose] bbcutil -deregister {<path>|*} [-force] [-v|-verbose] HP Operations Manager (9.00) Page 1069 of 1297 Online Help bbcutil -ping {[<hostname>|<ip>[:<port>]] | [<uri>]} [count] [-v|- verbose] bbcutil -status {[<hostname>|<ip>[:<port>]] | [<uri>} [-v|-verbose]] bbcutil -migrate {[<namespace>] [<appname>] [<filename>]} [-v|- verbose] bbcutil -count|-size|-list [-p|-path <path>] [-t|-target <target>] [- v|-verbose] bbcutil -getcbport [<hostname>|<ip>] bbcutil -gettarget [<hostname>|<ip>] DESCRIPTION The bbcutil command helps you to debug a BBC-based server. The bbcutil command can be used to list all applications registered to a Communication Broker, to check whether specified communication services are alive, and to display details about the current state of the server. Parameters The bbcutil command incorporates the options in the following list. The syntax for the [<hostname>|<ip>][:<port>]] string, for example; in the options -registrations or - ping, can be a hostname and a port separated by a colon (:) but can also be a full URL path (including protocol), such as: https://merlin.guilford.mycom.com:383/com.hp.ov.coda bbcutil recognizes the following options: -h|-help Displays and describes the available options for the bbcutil command. -version Displays the version of the HP Software communication in use. -ovrg <ovrg> Executes a bbcutil command option in the context of the OV resource group specified by <ovrg>. This is an optional command. It can be used with other bbcutil commands. For example, bbcutil -ovrg testsrv -getcbport command returns the Communications Broker port number of the OV resource group, testsrv. -reg|-registrations [<hostname>|<ip>] Queries a Communications Broker on the node specified by <hostname> or <ip> and displays a list of all registered applications. If the hostname or IP address is not specified, localhost is assumed. -deregister {<path>|*} [-force] Deregisters the specified path fromthe Communications Broker on the localhost. You can use the asterisk character '*' to denote all paths. The specified path will not be deregistered if the application servicing the specified path is currently running. Use the -force option to override this behavior and force the path to be deregistered. -ping {[<hostname>|<ip>][:<port>]] | [<uri>]} [count] Pings the specified HP Software server process. A hostname or IP address with an optional port number or a URL may be given to locate the server process to ping. If a URL is given with the path of a valid process registered with the Communications Broker, the Communications HP Operations Manager (9.00) Page 1070 of 1297 Online Help Broker will automatically forward the ping to the registered process. Count specifies the number of times to execute the ping. The node may be specified with a hostname or IP address. Default for the node is "localhost". Default for the port is the Communications Broker port on the specified node. Default count is 1. -status {[<hostname>|<ip>[:<port>]] | [<uri>]} Displays the status of the specified HP Software server process. A hostname or IP address with an optional port number or a URI may be given to locate the server process. The node may be specified with a hostname or IP address. Default for the node is localhost. Default for the port is the Communications Broker on the specified node. -migrate {[<namespace>] [<appname>] [<filename>]} [-v|-verbose] Migrates the specified BBC configuration parameters. If no command parameters are specified the BBC 2 LLB and the BBC 4 CB parameters will be migrated to the namespace bbc.cb in the configuration database. The BBC 2/3 DEFAULT parameters will be migrated to the namespaces bbc.http, bbc.fx, and bbc.snf. BBC 4 CB parameters will override BBC 2 LLB parameters. The namespace specifies the BBC 2/3/4 namespace to migrate the parameters from. The <appname> specifies the application name to use in determining the BBC 5 target namespace. Parameters are migrated to the bbc.http.ext.<appname>, bbc.fx.ext.<appname>, and bbc.snf.ext.<appname> namespaces. The file name parameter specifies the file to read the parameters from. Default file name is the BBC 2 standard default.txt file and the standard BBC 4 Communications Broker settings.ini file. The BBC 4 settings.ini parameters override the BBC 2 default.txt parameters. -count Displays the number of requests in a store-and-forward buffer for the specified target, or the entire buffer if no target is specified. -size The -size option displays the size of a store-and-forward buffer. If -verbose is specified as well, the size of each individual request is displayed. If a target is specified, only the size of the requests to this target are displayed. -list The -list option displays all requests in a store-and-forward buffer for the specified target or the entire buffer if no target is specified. -p|-path <path> The -path option defines the path to the store-and-forward buffer. This parameter is used to set the BUFFER_PATH parameter. -t|-target <target> The -target option specifies the target URI, whose information you want to display. If no target is specified, information for all targets in the buffer is displayed. -verbose Shows more detailed output. -getcbport [<hostname>|<ip>] Displays the configured Communications Broker port number of the node specified by <hostname> or <ip>. If the hostname or IP address is not specified, localhost is assumed. If no Communication Broker port number is configured for the node, the default value 383 is displayed. -gettarget [<hostname>|<ip>] Displays the IP address of the target node and the Communications Broker port number, or the HTTP Proxy and port number, if a proxy is configured for the specified <hostname> or <ip>. AUTHOR HP Operations Manager (9.00) Page 1071 of 1297 Online Help bbcutil was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: 0 bbcutil exited normally with no error. 1 Command syntax error encountered. See command syntax for more details on possible values. 2 Command partially succeeded. 3 Command failed. See command output for more detailed information. 4 bbcutil could not complete the requested command due to an authorization error. 100 An exception was encountered causing the Communications Broker to exit. Corresponding error messages are written to stderror. EXAMPLES The following examples show you how to use the bbcutil command: l To show the status of Communication Broker on the local node: bbcutil -status l To query the communication server located at https://merlin.guilford.mycom.com:383/com.hp.ov.coda for details about the current state of the server: bbcutil -ping https://merlin.guilford.mycom.com:383/com.hp.ov.coda l To get the IP address and Communications Broker port number of a target node node1 bbcutil -gettarget node1 SEE ALSO "ovbbccb" (on page 1081) "bbc.ini" (on page 1066) opcagt The command opcagt administers the agent processes running on an HP Operations Manager managed node. This command can be integrated in the startup procedure of the computer. If used without any option, opcagt returns the current status of the agent services running on the local system. Command synopsis Windows opcagt [ -help | -h | -stop | -kill | -start | -restart | -cleanstart | -status | -type [-verbose]] HP Operations Manager (9.00) Page 1072 of 1297 Online Help Linux ./opcagt [-help | -stop | -kill | -start | -restart | -cleanstart | - status | -type [-verbose]] Options -help | -h Displays the opcagt options. -stop Stops the Event/Action Agent and Coda. -kill Stops the HPOMCore functionality. -start Starts the Event/Action Agent and Coda. -restart Restarts the HPOMCore functionality. -cleanstart Clears the agent's buffers and then starts the agent. This option discards any messages that the agent added to the message buffer but did not send. This option also removes any scheduled tasks that agent added to the action queue but did not start. -status Displays the status of Event/Action Agent and Coda. -type Displays the type of Event/Action Agent. -verbose Displays detailed information about the Event/Action Agent. -version Displays version information. Exit values This command exits with a value of zero after successful operation. If a failure occurs, the exit value is set to one and an appropriate message displays. In addition, the HP Operations agents record any warnings or errors in the local HPOMlog file: l Windows '%OvAgentDir%\log\OpC\opcerror' l UNIX /var/opt/OV/log/OpC/opcerror Restrictions This command can be run only by a user with administrative rights. Windows examples To start all agent services on the local system opcagt -start HP Operations Manager (9.00) Page 1073 of 1297 Online Help Related Topics: l opcmon l opcmsg opcmon The command opcmon forwards the current value of the monitored object to the monitoring agent of the HPOperations agent running on a local managed node. The monitoring agent checks this value against the configured threshold. According to the monitor configuration, the event is locally logged, suppressed, or forwarded to the message agent running on the local systemif the threshold is exceeded. The message agent forwards the message to the HPOMmanagement server, where the message can be reviewed in the message browser by the responsible operators. The monitoring agent checks the values received frommonitored objects once in every two seconds. When the opcmon command forwards multiple values to the monitoring agent between two successive checks, the monitoring agent accepts only the last value for further processing. If a local automatic command is set up to occur when the threshold is exceeded, this command is immediately started by the local HP Operations agent. The monitoring agent must be configured and operating on the managed node, otherwise the opcmon command will fail. Command synopsis opcmon [-help] <object_name>[-<shortname>]=<value> [-object <msg_ object>] [-option <variable>=<var_value>]* Options l -help Print usage message of opcmon. All other parameters are ignored. l <object_name>[-<shortname>]=<value> Object name is the name of the measurement threshold policy. When the measurement threshold policy has been configured for multiple instance data, the short name is used to uniquely identify each instance within the policy. l -object <msg_object> Value of the object text box which is part of an HP Operations message. Setting the object with the opcmon can be used for the object monitoring. l -option <variable>=<var_value> Sets the variable $OPTION(<variable>) to <var_value>. Within the message conditions this variable can be used to access the value passed with the opcmon call. Special characters must be escaped with a backslash "\". Exit Values This command exits with value zero (0) after successful execution. If something is wrong regarding the passed parameters, opcmon exits with value 2 and explain the problemon standard error. For other errors, the exit value is set to 1 and an appropriate error message is returned on standard error. Restrictions None. Examples opcmon cpu_load=78.4 HP Operations Manager (9.00) Page 1074 of 1297 Online Help opcmon DB_STATUS=1 opcmon disk_util=91.1 -object /tmp -option device=/dev/dsk/c0t6d0 - option addl_auto_actn="bdf /" Related Topics: l opcagt l opcmsg l Automation Wrapper: opcmon l Measurement threshold policies opcmsg The command opcmsg generates a message for HP Operations Manager. Before the message is submitted, it is interpreted by the HP Operations Message Interceptor on the local managed node where the command is executed. Depending on how you configure the message, the message can be: l Discarded l Locally logged l Forwarded to the management server l Forwarded to the management server, with local logging. The behavior of messages depends on the configuration of interceptors (or opcmsg policies). A message may be created, or may be suppressed. For example, you might have a suppress condition in the opcmsg policy, which for example suppresses all messages with application=Test. If you have such a condition and submit the call: opcmsg application=Test msg_text="Test message" then you will not get a message in the browser (it has been suppressed). The message interceptor must be configured with at least one Open Message interface policy and be running on the managed node, otherwise the opcmsg command will fail. Command synopsis opcmsg [-help] [-id] application=<application> object=<object name> msg_text="<message_text>" [severity=<severity label>] [msg_ grp=<message_group>] [node=<node Name>] [service_id=<service name> ] [-option variable=<value>]* Options You can specify any unique prefix for the available options. Note that the prefix for the option severity is s while the prefix for the option service_id is ser. l -help Print usage message of opcmsg. All other options are ignored and no message is submitted. l -id Return the message ID of the submitted message to stdout. This option also sets the OPCDATA_REMARK_FOR_ACK flag of the message, so that the manager information of the message is held by the message agent. l severity=<severity label> Specifies the severity of the message. Following severities are supported: normal, warning, minor, major, critical. By default severity normal is applied. HP Operations Manager (9.00) Page 1075 of 1297 Online Help l application=<application name> name of application (or script/program) which is affected by or has detected the event/problem. l msg_grp=<message group> Default message group to which the message belongs. By default, no message group is assigned. l object=<object name> Object which is affected by or has detected the event/problem. l msg_text=<message text> Descriptive text explaining the event/problemin more detail. l node=<node Name> Systemon which the event/problemis detected. By default the node name of the current systemis applied. l service_id=<service name> name of the service (as defined in the Service Editor) to which the message is mapped. l -option variable=<value> Sets the variable $OPTION(variable) to value. Within the message conditions this variable can be used to access the value passed with the opcmsg call. Special characters must be escaped. Exit Values This command exits with value zero after a message is successfully generated; in case of an internal error, 1 is returned and an error message displays. If a syntax or usage error is detected, 2 is returned and an error message displays. Restrictions This command can be run by any user. The message group (msg_grp), the object, and the application parameter should not be longer than 32 bytes, because this is the maximumsize HP Operations can handle with these parameters. Example To submit a normal message issued when a user logs onto the system, you could set up the following scheduled task opcmsg appl=ScheduledTask obj=login severity=normal msg_g=Security msg_t="%USERNAME% logged onto system %COMPUTERNAME%" Related Topics: l opcagt l opcmon l Automation Wrapper: opcmsg l Open message interface policies opcntprocs This programis used in a measurement threshold policy to check if a particular process is running on a managed node. The policy must use the source type Program, and run opcntprocs with the following parameters: opcntprocs <policy name> <process name> HP Operations Manager (9.00) Page 1076 of 1297 Online Help For example, to receive a message when the process RPCSS is not running, create a policy with the name myPolicyName, set the source type to Program, and type the following in the Program name text box: opcntprocs myPolicyName RPCSS Set the threshold of the policy so that a message is sent if the value returned is less than one (1). Usage example: -v verbose messages -l output sent to c:\temp\opcntprocs_<monitor name>.log -t trace details about API calls to logfile -h print usage information opctemplate The command opctemplate enables and disables policies on HP Operations managed nodes. If used without any option, opctemplate lists all deployed polices with type, name, and status. The command opctemplate lets you to enable and disable policies programmatically, directly on the managed node, without using the HP Operations Manager for Windows console. This is useful in situations where you want to use scripts or programs to disable policies, for example during regular scheduled outages or when packages in cluster environments switch. Enabling and disabling policies with opctemplate does not change the status of the node in the inventory. This means that the HP Operations Manager console does not get informed when policies are enabled and disabled locally on the node with opctemplate. Command synopsis opctemplate [-help] [-list] [( -enable | -disable ) policy_name ...] Option Short Description -list -l Lists all deployed policies with type, name, and status. This is the default -enable <policy_ name> -e Enables policies specified by <policy_name> on a managed node. -disable <policy_ name> -d Disables policies specified by <policy_name> on a managed node. The option <policy_name> can be replaced with any of the following symbolic names to specify all policies of a certain type: Name Policy type -all Policies of all types -all_logfile Windows Event Log policy -all_monitor Measurement Threshold policy HP Operations Manager (9.00) Page 1077 of 1297 Online Help -all_snmptrap SNMP Interceptor policy -all_opcmsg Open Message Interface policy -all_wbem Windows Management Interface policy -all_schedule Scheduled Task policy -all_svcdisc Service Discovery policy Exit Values This command exits with a value of zero (0) after successful operation. If a failure occurs, the exit value is set to one and an appropriate message displays. In addition, the HP Operations agents record any warning or error in the local HPOMlog file \usr\OV\log\OpC\<node>\opcerror (or /var/opt/OV/log/OpC/opcerror for UNIX operating systems). Restrictions This command can only be run by a user with administrative rights. The HP Operations agent must be running on the managed node to execute this command successfully. Examples To list all deployed templates: opctemplate -l To enable the "opcmsg" policy: opctemplate -e opcmsg To disable all SNMP Interceptor and Windows Event Log policies: opctemplate -d -all_snmptrap -all_logfile Related Topics: l Enable policy switching on DCE agents ovagtrep NAME ovagtrep - Enables configuration and control of the discovery agent and agent repository. SYNOPSIS ovagtrep [-clearAll] | [-run <policy name>] | [-publish] DESCRIPTION HP Operations Manager (9.00) Page 1078 of 1297 Online Help The discovery agent is an extension to the HTTPS agent, which runs service discovery policies that have been deployed froma management server. It stores the services that it discovers in the agent repository, which is a local data store of services that exist on the node. The agent synchronizes the services in the agent repository with the management server. The management server receives details of new, changed, and removed services only. Details of unchanged services are not resent. The ovagtrep command enables you to configure and control the discovery agent and agent repository. It has the following options: -clearAll Clears all services fromthe agent repository. The next time that the discovery agent runs service discovery policies, it will recreate the services. The agent then synchronizes the services with the management server. This is enables you to force the agent to synchronize unchanged services with the management server. -run <policy name> Runs a service discovery policy. Use this to run a policy at an unscheduled time, to discover any changes immediately. The agent sends details of changes to the management server. You can find the names of installed policies using ovpolicy. -publish Resends details of all the services that are currently in the agent repository to the management server. Use this for troubleshooting if services fail to appear on the management server. The discovery agent and agent repository are part of a component that is registered with the control service. You can start and stop the component with the commands ovc -start agtrep and ovc -stop agtrep. You can use the command ovconfchg to modify the following settings in the agtrep name space: ACTION_TIMEOUT <minutes> Sets the maximumnumber of minutes that a service discovery policy can run. If the policy runs any longer, the discovery agent stops running the policy and logs an error in the systemlog (<data_dir>/log/System.txt). INSTANCE_DELETION_THRESHOLD <value> Sets the number of times that service discovery policies must fail to discover existing services before the agent deletes the services fromthe agent repository. If a service discovery policy can no longer discover a service that exists in the agent repository, the discovery agent deletes the service fromthe agent repository only after the service discovery policy has run the number of times that you specify with this setting. For example, to set the action timeout to five minutes with the command ovconfchg -ns agtrep -set ACTION_TIMEOUT 5. After you change the action timeout or instance deletion threshold, restart the component with the command ovc -restart agtrep. AUTHOR ovagtrep was developed by Hewlett-Packard Company, LP. SEE ALSO "ovc" (on page 1090) "ovpolicy" (on page 1122) HP Operations Manager (9.00) Page 1079 of 1297 Online Help "ovconfchg" (on page 1102) ovappinstance NAME ovappinstance - return configuration parameters for application instances. SYNOPSIS ovappinstance -h | -help ovappinstance -v | -version ovappinstance -i | -instance <instance> {-st | -state} | {-h | -host} [-an | -appNamespace <appNamespace>] ovappinstance -is | -instances [-an | -appNamespace <appNamespace>] ovappinstance -ai | -activeInstances [-an | -appNamespace <appNamespace> ] ovappinstance -vc | -verifyConfig DESCRIPTION The ovappinstance command reads and displays the information contained in the APMXML configuration files. For information about the parameters you can use with the ovappinstance command, see "Parameters": for information about the options you can use with the ovappinstance command parameters, see "Options". Parameters The ovappinstance command recognizes the following parameters: -h | -help Displays the command parameters and options. -v | -version Displays the version of the command. -i | -instance <instance> Returns information about the specified application instance. -is | -instances Returns information about all application instances found. -ai | -activeInstances Returns information about all application instances found to be up and running. -vc | -verifyConfig Check s and report on the validity of the APMXML configuration file(s). Options You can use the following options with the ovappinstance command parameters: -st | -state Displays the outage state of the instance specified in <instance>. -h | -host HP Operations Manager (9.00) Page 1080 of 1297 Online Help Get either the virtual IP address of the instance <instance>. Alternatively, if the command is executed on a node, which is not configured as part of a high-availability cluster, get the FQDN or IP address of the local host. -an | -appNamespace Specify the name of the application namespace, whose information you want to display. Return Codes ovappinstance issues the following return codes: 0 All steps were completed successfully. 1 One or more steps failed. EXAMPLES The following examples show how to use the ovappinstance command. l To display a list of all application instances for a given application namespace: ovappinstance -instances -appNamespace <appNamespace> l To display a list of all application instances which are active (or running) in a given application namespace: ovappinstance -activeInstances -appNamespace <appNamespace> AUTHOR ovappinstance was developed by Hewlett-Packard Company. SEE ALSO "ovclusterinfo" (on page 1097) "ovconfpar" (on page 1106) "ovpolicy" (on page 1122) ovbbccb NAME ovbbccb - Controls HTTPS communication using Communication Broker proxies on local nodes. SYNOPSIS ovbbccb -h|-help ovbbccb -version ovbbccb -install|-remove [-v|-verbose] ovbbccb -daemon|-nodaemon [-debug] [-v|-verbose] ovbbccb -start|-stop <ovrg> [<hostname>|<ip>] [-v|-verbose] ovbbccb -kill|-reinit [<hostname>|<ip>] [-v|-verbose] ovbbccb -listovrg [<hostname>|<ip>] [-v|-verbose] HP Operations Manager (9.00) Page 1081 of 1297 Online Help ovbbccb -ping {[<hostname>|<ip>[:<port>]] | [<uri>} [-v|-verbose]] ovbbccb -status {[<hostname>|<ip>[:<port>]] | [<uri>} [-v|-verbose]] ovbbccb -retryfailedrcp -ovrg [<resource_group>] DESCRIPTION ovbbccb command is used to control HTTPS communication using Communication Broker proxies on local nodes. It controls starting of the Communication Broker as a background daemon process or in normal mode, stopping, and re-initializing of the Communication Broker. ovbbccb is also used to start and stop OV resource groups in the Communication Broker. ovbbccb can also be used to list all active OV resource groups and all applications registered to a Communication Broker, to check whether specified communication services are alive and to display details about the current state of the server. Parameters The ovbbccb command incorporates the options in the following list. The syntax for the [<hostname>|<ip>][:<port>]] string, for example; in the options -registrations or - ping, can be a hostname and a port separated by a colon (:) but can also be a full URL path including protocol. for example: https://merlin.guilford.mycom.com:383/com.hp.ov.coda ovbbccb recognizes the following options: -h|-help Displays and describes the available options for the ovbbccb command. -version Displays the version of the OV communication in use. -install Installs the Communications Broker programas a service on a Microsoft Windows machine. -remove Removes the Communications Broker programfromthe services on a Microsoft Windows machine. -daemon Starts the Communication Broker either as a background daemon process on a UNIX machine or a service on a Microsoft Windows machine. -nodaemon Starts the Communication Broker as a foreground process (default). -debug Disable Control-C signal handler for debugging. -verbose Shows more detailed output. -start <ovrg> [<hostname>|<ip>] Starts the OV resource group specified by <ovrg> in the Communication Broker on the host specified by <hostname> or <ip>. If the hostname or IP is not specified, ovbbccb uses the local host as the host. You must configure the resource group on a cluster node to use this option. -stop <ovrg> [<hostname>|<ip>] HP Operations Manager (9.00) Page 1082 of 1297 Online Help Stops the OV resource group specified by <ovrg> in the Communication Broker on the host specified by <hostname> or <ip>. If the hostname or IP is not specified, ovbbccb uses the local host as the host. You must configure the resource group on a cluster node to use this option. -kill [<hostname>|<ip>] Stops the Communication Broker on the host specified by <hostname> or <ip>. If the hostname or IP is not specified, ovbbccb used the local host as the host. You must set the LOCAL_CONTROL_ONLY parameter to false to make this option work on a remote node. -reinit [<hostname>|<ip>] The Communication Broker specified in <hostname> or <ip> reloads the configuration data and is re-initialized. If the hostname or IP is not specified, ovbbccb uses the local host as the host. The SIGHUP signal may also be used on UNIX systems to re-initialize the Communication Broker process. You must set the LOCAL_CONTROL_ONLY parameter to false to make this option work on a remote node. -listovrg [<hostname>|<ip>] Displays a list of all active OV resource groups for the Communication Broker on the node specified by <hostname> or <ip>. If the hostname or IP is not specified, ovbbccb uses the local host as the host. You must set the LOCAL_CONTROL_ONLY parameter to false to make this option work on a remote node. -ping {[<hostname>|<ip>[:<port>]] | [<uri>]} Pings the specified HP Software server process. A hostname or IP address with an optional port number or a URI may be given to locate the server process to ping. If a URI is given with the path of a valid process registered with the Communication Broker, the Communication Broker will automatically forward the ping to the registered process. The node may be specified with a hostname or IP address. Default for the node is "localhost". Default for the port is the HP Software Communication Broker port on the specified node. -status {[<hostname>|<ip>[:<port>]] | [<uri>]} [-v|-verbose] Displays the status of the specified HP Software server process. A hostname or IP address with an optional port number may be given to locate the server process. Default for the node is "localhost". Default for the port is the HP Software Communication Broker port on the specified node. The status message presents the details of all the active and attempted reverse channel connections. For every connection, the following details are listed: Source machine The details of the machine that tries to establish the reverse channel connection. Time and date The time and date when the node started trying to connect to the Communication Broker through a reverse channel. Time duration The time interval for which a node attempted to establish a connection to the Communication Broker through the reverse channel (in milliseconds). The verbose option displays the following details of every failed connection: Type of failure A connection failure can be a time-out, rejection, or a reset. This information helps you identify the true nature of the failure. HP Operations Manager (9.00) Page 1083 of 1297 Online Help Cause of failure The cause of failure helps you diagnose the underlying problemthat triggered the connection failure. Attempts The number of attempts made by the node to reinstate the communication is presented within parenthesis. -retryfailedrcp [-ovrg <resource_group>] This option starts to restore all failed reverse channel connections to the specified resource group. If you do not specify a resource group name, the command tries to restore all failed reverse channel connections to the default resource group. AUTHOR ovbbccb was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: 0 ovbbccb exited normally with no error. 1 Command syntax error encountered. See command syntax for more details on possible values. 2 Command partially succeeded. 3 Command failed. See command output for more detailed information. 4 The Communications Broker start command failed because a Communications Broker process is already running 5 The Communications Broker failed to start because a Local Location Broker process is already running. The HP Software Communications Broker is not supported on systems running the LLB. Stop the LLB before attempting to start the Communications Broker. 6 The Communications Broker failed to stop because the Communications Broker process is already stopped. 7 The Communications Broker failed to start due to a bind exception on the Communications Broker port to be opened. 8 The Communications Broker could not complete the command due to an authorization error. 100 An exception was encountered causing the Communications Broker to exit. Corresponding error messages are written to stderror. EXAMPLES The following examples show you how to use the ovbbccb command: HP Operations Manager (9.00) Page 1084 of 1297 Online Help l To start the Communication Broker as a daemon process on the local system: ovbbccb -daemon l To start the OV resource group WebCluster1 in the Communication Broker on host merlin: ovbbccb -start WebCluster1 merlin l To display the status of the specified HP Software server process: ovbbccb -status The following output appears: Status: OK (Namespace, Port, Bind Address, Open Sockets) <default> 383 ANY 2HP OpenView HTTP Communication Incoming Connections To machine1.example.hp.com: localhost:17282 76bb6662-2cd3-7531-1221-b67340fb721f BBC 06.10.209; ovbbccb 06.10.209 HP OpenView HTTP Communication Reverse Channel Connections Opened frommachine1.example.hp.com: machine31.example.hp.com:8188 BBC 06.10.143; ovbbcrcp 06.10.143 (1) 30 Jan 2009 15:38:13 GMT 317 ms machine32.example.hp.com:8196 BBC 06.10.143; ovbbcrcp 06.10.143 (1) 30 Jan 2009 15:38:13 GMT 241 ms Failed from: machine21.example.hp.com:8188 BBC 06.10.143; ovbbcrcp 06.10.143 (1) 30 Jan 2009 15:38:13 GMT 307 ms machine22.example.hp.com:8196 BBC 06.10.143; ovbbcrcp 06.10.143 (1) 30 Jan 2009 15:38:13 GMT 291 ms Pending from: machine11.example.hp.com:6244 Connection Refused / remote RCProxy not listening (1) 30 Jan 2009 15:37:58 GMT 3 ms machine12.example.hp.com:6252 Connection Refused / remote RCProxy not listening (1) 30 Jan 2009 15:37:58 GMT 2 ms SEE ALSO "bbcutil" (on page 1069) "bbc.ini" (on page 1066) ovbbcrcp NAME ovbbcrcp - a tool to manage Reverse Channel Proxy (RCP) and monitor RCP connections. HP Operations Manager (9.00) Page 1085 of 1297 Online Help SYNOPSIS ovbbcrcp -h|-help ovbbcrcp -v|-version ovbbcrcp -kill ovbbcrcp -status DESCRIPTION You can use the ovbbcrcp tool to manage RCPs and monitor RCP connections. Many HP BTO Software products that follow a client-server architecture use the Black Box Communication (BBC) component for communication. You can use a Reverse Channel Proxy (RCP) to satisfy the advanced security requirements for communication across trust zones separated by firewalls. An RCP allows you to establish a two-way communication (outbound and inbound) channel across a firewall configured to allow only outbound communication. The RCP functions as a channel between the BBC server and the requests to the BBC server. An established RCP channel is referred to as a reverse channel. A reverse channel through which RCPs request the BBC server to initiate more reverse channels is referred to as a reverse administration channel. You can deploy an RCP on one of the following: Any client systems A dedicated RCP server To establish a reverse channel, you must configure the BBC server, the BBC client, and the RCP. Configuring a BBC Server to Enable RCP Communication To enable communication fromclients to the BBC server through an RCP, you must configure each BBC server. The BBC server loads the configuration fromthe bbc.<server> namespace and establishes reverse administration channels during startup. Use the following options to configure a BBC server: ENABLE_REVERSE_ADMIN_CHANNELS- You can set this option to true to establish a permanent reverse administration channel with the RCPs specified in the RC_CHANNELS option. By default, this option is set to false for all BBC servers, except for the BBC Communication Broker (BBC CB). Refer to the following example for more information about this option. [bbc.cb] ENABLE_REVERSE_ADMIN_CHANNELS=true RC_CHANNELS=pnode:9090 The options specified in the example instructs BBC CB on the management server to contact the RCP on the pnode node and port 9090 when starting up. RC_CHANNELS- Use this option to specify the list of RCPs with which you can establish reverse channels. If the OvCoreID is specified, BBC validates this ID against the core ID of the RCP. You can specify multiple RCPs by separating the RCPs using the semicolon (;). You can specify the list of RCPs in the following format. HP Operations Manager (9.00) Page 1086 of 1297 Online Help <RCP_hostname>:<RCP_port>[,<RCP_OvCoreID>][;<RCP2>.....], where <RCP_hostname> specifies the RCP host name, <RCP_port> specifies the RCP port number, and <RCP_ OvCoreID> specifies the core ID of the RCP. You must use the -ovrg server option with the ovconfchg command if the OVOserver runs on a High Availability (HA) cluster. If the OVOserver runs as an HA resource group, then use the ovconfchg -ovrg server -ns bbc.cb -set RC_CHANNELS <value> command, where <value> specifies the RCPs specified in the RC_CHANNELS option. RC_MAX_WORKER_THREADS/RC_MIN_WORKER_THREADS- The Communication Broker uses different threads to enhance the performance of a reverse channel connection. The RC_MAX_ WORKER_THREADS option specifies the maximumnumber of threads that can be used by the Communication Broker and the RC_MIN_WORKER_THREADS option specifies the number of threads that will always remain active. By default, RC_MAX_WORKER_THREADS is set to one and RC_MIN_WORKER_THREADS is set to zero. You can set these options to higher values to enhance the reverse channel communication. RC_CHANNELS_CFG_FILES- Use this option to specify the list of configuration files. A configuration file can contain a list of one or more RCPs with which you can establish reverse channels. You must place the specified configuration files in the <OvDataDir>/conf.bbc directory, where <OvDataDir> specifies the name of the data directory. You must use this option in place of the RC_CHANNELS option if you use multiple RCPs that require a frequent hostname change. You can specify a list of configuration files by separating the configuration file names using the comma (,) in the following format: <filename>[,<filename>....], where <filename> specifies the name of the configuration file. Each line in the configuration file can contain only one RCP name. For each RCP, you must specify a port number. The OvCoreID is an optional parameter that you can specify, which must be separated fromthe port number by a comma as follows. <RCP_hostname>:<port>[,<RCP_ OvCoreID>] If you change only a few RCP host names inside one or more files specified in the RC_ CHANNELS_CFG_FILES option, you must use the ovconfchg command to trigger the BBC server to refresh the configuration as follows. ovconfchg ns bbc.cb -set ENABLE_REVERSE_ADMIN_CHANNELS true. RETRY_INTERVAL- Use this option to specify the retry interval in minutes to establish a reverse channel with an RCP. RC_ENABLE_FAILED_OVEVENT- Set this option to 'true' to forward the RCP connection failure messages to the HPOMmessage browser. Enabling Communication Broker Connections to the RCP The Communication Broker (ovbbccb) runs with /var/opt/OV as the root directory. The name service relevant configuration files that are necessary to open Transmission Control Protocol (TCP) connections are present in the /etc directory. This prevents ovbbccb fromcreating connections to the RCP. You must do as follows to resolve this problem: Create the directory named etc under /var/opt/OV Copy the name service relevant configuration files (for example, files such as resolv.conf, hosts, nsswitch.conf) from/etc to /var/opt/OV/etc HP Operations Manager (9.00) Page 1087 of 1297 Online Help Alternatively, you can also disable the ovbbccb chroot feature by running the following command. This method resolves the problemof preventing ovbbccb fromcreating connections to the RCP. ovconfchg -ns bbc.cb -set CHROOT_PATH / Configuring a BBC Client to Enable RCP Communication To configure a BBC client, you must specify the hosts that must be connected through an RCP. You can specify the list of RCPs in the XPL configuration database under the bbc.http namespace. Use the syntax of the normal proxy configuration to specify the RCP configuration. If you do not specify the port number of the RCP, it is assumed that BBC CB is running on the current node. If you configure the OvCoreID, BBC Client verifies the OvCoreID of the RCP. If the port number of the RCP is not specified in the configuration file or BBC CB, BBC fails to open the connection to RCP. You can configure a BBC client using the following options: PROXY- Use this option to specify the RCP and port name for a hostname. The format to specify this option is shown in the following example: PROXY=pnode.hp.com:9090-(pnode.hp.com,*.noallow.hp.com)+(*.hp.com) In the example shown above, the parameters specified are as follows: pnode.hp.com is the name of the RCP 9090 is the port number -(*.noallow.hp.com) specifies that the RCP must not be used to connect to all hostnames ending with .noallow.hp.com. You can separate multiple hostnames with commas (,) or semicolons (;). +(*.hp.com) specifies that the specified RCP must be used to connect to all hostnames ending with .hp.com. You can separate multiple hostnames with commas (,)or semicolons (;). The BBC client connects to the RCP that first matches the specified set of conditions. In the example shown in this section, the BBC client connects to any host name that ends with .hp.com by using the RCP on the systempnode and the port 9090. You can also use IP addresses instead of hostnames to specify the hosts. For example, +(15.*.*.*) specifies that the RCP must be used to connect to hosts with an IP address that starts with 15. You must not configure a normal proxy server and an RCP on the same system. You must also make sure that you specify the RCP systemname in the list of hostnames for which the RCP must not be used. This helps to ease the communication through the RCP. Configuring RCP You can use the following option in the bbc.rcp namespace to configure RCP. SERVER_PORT- Use this option to specify the RCP port number. Starting and Stopping RCPs You can start or stop the RCP process by using the ovc command. This command registers the RCP process as ovbbcrcp under the RCP category. HP Operations Manager (9.00) Page 1088 of 1297 Online Help By default, the ovbbcrcp process is not registered with HP Operations Control (OvCtrl). You must register the ovbbcrcp process with the ovctrl daemon by using the following command. ovcreg -add $OvInstallDir/newconfig/DataDir/conf/bbc/ovbbcrcp.xml The command ovcreg exists in the following directory on the managed node: l Nodes with a 32 bit Windows operating system: %OvInstallDir%\bin l Nodes with a 64 bit Windows operating system: %OvInstallDir%\bin\win64 l Nodes with a UNIXor Linux operating system: $OvInstallDir/bin $OvInstallDir and %OvInstallDir% are the directories in which HP BTOSoftware is installed. Refer to the following commands to start or stop an process: ovc -start ovbbcrcp- Use this command to start the RCP process. ovc -stop ovbbcrcp- Use this command to stop the RCP process. Parameters The ovbbcrcp command recognizes the following options: -h|-help Displays and describes the available options for the ovbbcrcp tool. -v|version Displays the version of the HP Software RCP. -kill Stops the RCP on the local node. -status Displays the RCP status. AUTHOR ovbbcrcp is developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: 0 ovbbcrcp exited normally with no error. 1 Command syntax error encountered. Refer to command syntax for more details on possible values. 2 Command partially successful. 3 Command failed. See command output for additional information. 4 HP Operations Manager (9.00) Page 1089 of 1297 Online Help The command to start RCP failed due to an existing RCP process. 6 The RCP failed to start due to a bind exception on the RCP port to be opened. 100 An exception encountered resulted in an RCP exit. Corresponding error messages are written to stderror. EXAMPLES The following example shows you how to use the ovbbcrcp tool. To display the status of the RCP: ovbbcrcp -status Status: OK (Namespace, Port, Bind Address, Open Sockets) bbc.rcp 9090 ANY 1 Admin Reverse Channel Connections Accepted machine.example.hp.com:383 e91b67e4-a337-750a-163c-c3bbd2c257cc BBC 06.00.030; ovbbccb 06.00.030 Admin Reverse Channel Connections Opened Normal Connections Incoming localhost:55464 e91b67e4-a337-750a-163c-c3bbd2c257cc BBC 06.00.030; ovbbcrcp 06.00.030 Outgoing Queued CONNECT connections +-----------------------------------+--------------------+ |Source Address | Target Address +-----------------------------------+-------------------- HTTP Tunnelled Connections +--------------------------+--------------------------+--+ | Source Address | Destination Address | Target Address| +--------------------------+--------------------------+--+ See Also "ovbbccb" (on page 1081) ovc NAME ovc HP Operations Manager (9.00) Page 1090 of 1297 Online Help - performactions on local components SYNOPSIS ovc -h|-help ovc -start [<target> ... ] [-boot]{[-async]|[-verbose]} ovc -stop [<target> ... ][-nostart]{[-async]| [-verbose]} ovc -restart [<target> ... ] ovc -kill [-verbose] ovc -status [<target> ... ] [-level <level>] ovc -trace [<target> ... ] ovc -notify <event> [<target> ...] [-value <value>] ovc -version DESCRIPTION ovc controls the starting and stopping, event notification, and status reporting of all components registered with the HP Operations Control service. A component can be a server process belonging to any of the products such as HP Operations Manager for Windows, HP Operations agents (for example, the Performance Agent or the Discovery Agent), an event interceptor, or an application delivered by an integrator. Each component must have an associated registration file providing HP Operations Manager with configuration and process information about the component. For more information about registration, ovcreg(1). A target can be either a component or a group of components, defined as a category. The ovc command first tries to initiate action on the category specified in target. If the category called target is not found, ovc then tries the individual component called target. Note that a category name must not match any component name. The HP Operations Control daemon or service automatically restarts any component that terminates unexpectedly if the AutoRestart option in the registration file of the component is set to true. If the HP Operations Control daemon or service is stopped using the -kill option, all registered components are stopped, too. Parameters ovc recognizes the following options: -h|-help Displays all available options for the ovc command. -start [<target> ... ] [-boot]{[-async]|[verbose]} Starts the selected components. <target> specifies a component or category. If <target> is not used, all components are started. If -boot is used, only components that start at boot time are started. The -async option starts the components asynchr- -onously. If you use the -verbose option, ovc command displays the progress of the command execution. You can use the - async or the -verbose option, but you must not include these options together in a command. -stop [<target> ... ] [-nostart]{[-async]|[verbose]} HP Operations Manager (9.00) Page 1091 of 1297 Online Help Stops the selected components. <target> specifies a component or category. If <target> is not used, all components are stopped except components, which belong to the CORE component group. If you specify the -nostart option and if the control daemon is not running, the command does not performany action. If you do not specify the -nostart option, the ovc - stop command starts the control daemon and ovbbccb components if these components are not running. The -async option starts the components asynchronously. If you use the - verbose option, the ovc command displays the progress of the command execution. You can use the -async or the -verbose option, but you must not include these options together in a command. -restart [<target> ... ] Stops components before they are restarted. <target> specifies a component or category. If <target> is not used, all components are stopped and restarted. -kill [-verbose] Stops all components registered with the HP Operations Control service. If you use the - verbose option, the ovc command displays the progress of the command execution. -notify <event> [<target> ... ] [-value <value>] Sends notification of an event with the value of <value> to the component or category specified by <target> ... . You can specify the <value> to the component that generates the event (event generator) and sends the event-related information to all components that request the event information (event subscribers). If target is not used, the event notification is sent to all components. If <value> is not used, only the event notification is sent. -trace <target> ... ] This option is reserved for use by HP Support. -status [<target> ... ] [-level <level>] Reports the status of a component or category specified by <target>. The status report contains the component's label, description, category, process ID, and STATE. Components can be in state: Stopped (0 in numeric format), Starting (1), Initializing (2), Running (3), Stopping (4), N/A (5) or Aborted (6). If <target> is not specified, the status of all components is returned. <level> specifies the type and quantity of information to display, as follows: Level 0 Status of registered components monitored by HP Operations Manager. Level 1 Status of registered components whether they are monitored by HP Operations Manager or not. Level 2 Status of registered components and a dump of their registration information. Level 3 ID of core processes. 0 (zero) indicates root, non-zero indicates non-root ownership. Level 4 Similar to level 0, but the STATE is reported in numeric format. Level 5 Similar to level 1, but the STATE is reported in numeric format. Level 6 Similar to level 0, but the output is not formatted Level 7 Similar to level 1, but the output is not formatted -version HP Operations Manager (9.00) Page 1092 of 1297 Online Help Prints the version of ovc AUTHOR ovc was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: 0 Success. 1 Not defined. 2 Ignored. 62 The UNIX daemon or Windows service is not running. 63 The Control daemon is being initialized. 64 Generic error. 65 Invalid target. 67 Operation aborted. 69 Missing prerequisite. 70 Authorization error. 71 Operation on prerequisite failed. 73 Invalid event. EXAMPLES The following examples show how to use the ovc command and some of its options to control and display important information about registered components. l To start the component registered as opcle: ovc -start opcle Before opcle itself starts, all the components that opcle depends on are started. l To start the component registered as opcle and display the progress of the command execution: ovc -start opcle -verbose Before opcle itself starts, all the components that opcle depends on are started. l To print the status of all registered components: HP Operations Manager (9.00) Page 1093 of 1297 Online Help ovc -status l To stop the component registered as opcle: ovc -stop opcle -verbose Before opcle itself stops, all the components that depend on opcle are stopped. This command starts the control daemon and ovbbccb components if these components are not running. l To stop the component registered as opcle using the ovc -stop[<target>...] - nostart option: ovc -stop opcle -nostart Before opcle itself stops, all the components that depend on opcle are stopped. This command does not performany action if the control daemon is not running. l To send the event RECONFIGURE to all running components: ovc -notify RECONFIGURE l To start all components (and their dependents) belonging to category SERVER and AGENT. ovc -start SERVER AGENT l To print the status of the component opcle and display the registration details: ovc -status opcle -level 2 SEE ALSO "ovcreg" (on page 1109) ovcert NAME ovcert - Manages certificates with the Certificate Client on an HTTPS-based node. SYNOPSIS ovcert -h|-help ovcert -importcert -file <file> [-pass <passphrase>] [-ovrg <ov_ resource_group>] ovcert -exportcert -file <file> [-alias <alias>] [-pass <passphrase>] [-ovrg <ov_resource_group>] ovcert -importtrusted -file <file> [-ovrg <ov_resource_group>] ovcert -exporttrusted -file <file> [-alias <alias>] [-ovrg <ov_ resource_group>] ovcert -certreq [-instkey <file> [-pass <passphrase>]] ovcert -list [-ovrg <ov_resource_group>] ovcert -remove <alias> [-f] [-ovrg <ov_resource_group>] ovcert -certinfo <alias> [-ovrg <ov_resource_group>] HP Operations Manager (9.00) Page 1094 of 1297 Online Help ovcert -check ovcert -status ovcert -updatetrusted ovcert -version DESCRIPTION The ovcert command is used to manage certificates with the Certificate Client on an HTTPS- based node. You can execute tasks such as initiating a new certificate request to the Certificate Server, adding node certificates and importing the private keys, and adding certificates to the trusted root certificates. Parameters The ovcert command incorporates the following options: -h|-help Displays usage help for the ovcert command options. -importcert -file <file> [-pass <passphrase>] [-ovrg <ov_resource_ group>] Adds the certificate located in the file <file> (in PKCS12 format) as node certificate and imports the private key which must be located in the same file as the private key for the node. The pass phrase for protecting the exported data using encryption specified during creation of the data to import must be specified as parameter <passphrase>. The optional <ov_resource_group> parameter can be specified to import an additional certificate on an HA system. As a result, the specified certificate will not be imported to the default location but to the HA default location for the specified package on the shared disk. -exportcert -file <file> [-alias <alias>] [-pass <passphrase>] [-ovrg <ov_resource_ group>] Exports the currently installed node certificate together with its private key to the file system location specified as parameter <file> (in PKCS12 format). The pass phrase for protecting the exported data using encryption specified during creation of the data to import must be specified as parameter <passphrase>. The optional <ov_resource_group> parameter can be specified to export an additional certificate on an HA system. As a result, not the default node certificate but the certificate installed for the specified HA package fromthe shared disk will be exported. -importtrusted -file <file> [-ovrg <ov_resource_group>] Adds the certificate located in the specified file (in PEMformat) to the trusted root certificates. The optional <ov_resource_group> parameter can be specified to import an additional root certificate on an HA system. As a result, the specified root certificates will not be imported to the default location but to the HA default location for the specified package on the shared disk. -exporttrusted -file <file> [-alias <alias>] [-ovrg <ov_resource_ group> Exports the trusted certificate to the file systemlocation specified as parameter <file> (in PEMformat). The pass phrase for protecting the exported data using encryption specified during creation of the data to import must be specified as parameter <passphrase>. HP Operations Manager (9.00) Page 1095 of 1297 Online Help The optional <ov_resource_group> parameter can be specified to export an additional certificate on an HA system. As a result, not the default node certificate but the certificate installed for the specified HA package fromthe shared disk will be exported. -certreq [-instkey <file> [-pass <passphrase>]] Initiates a new certificate request that is sent to the Certificate Server. The optional parameters <file> and <passphrase> can be used to initiate a certificate request that will be based on the installation key that is contained in the specified file. Such an installation key file can be generated with the ovcm tool on the certificate server. The installation key can be used to authenticate the node on the certificate server. Therefore, such a request may be granted automatically without human interaction. -list [-ovrg <ov_resource_group>] Displays the aliases of the installed certificates andtrusted certificates. -certinfo <alias> [-ovrg <ov_resource_group>] Displays information such as serial number, issuer, subject, and fingerprint for the certificate specified by <alias>. -remove <alias> [-ovrg <ov_resource_group>] Removes the certificate specified by <alias>. -check Checks whether all prerequisites for SSL communication are fulfilled, such as assigned OvCoreId, installed and valid certificate and private key, and installed and valid trusted certificate. On completion, the components checked and their status along with the final result are displayed. -status Contacts the Certificate Client and displays the current certificate status, which can one of the following possible values: - certificate installed - no certificate - pending certificate request - certificate request denied - undefined (if Certificate Client can not be contacted) -updatetrusted Retrieves the currently trusted certificates fromthe Certificate Server and installs themas trusted certificates on the node. -version Returns the version of the tool (the component version). AUTHOR ovcert was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: 0 All steps were successful. HP Operations Manager (9.00) Page 1096 of 1297 Online Help 1 One or more steps were not successful. Corresponding error messages are written to stderror. EXAMPLES The following examples show how to use the ovcert command: l To import the certificate, private key, and trusted certificates located in the file <file> to the system's key store: ovcert -importcert -file <file> l To add the certificate(s) located in <file> to the trusted certificates: ovcert -importtrusted -file <file> ovclusterinfo NAME ovclusterinfo - obtain information about clusters, cluster nodes, or high-availability (HA) resource groups. SYNOPSIS ovclusterinfo -h | -help ovclusterinfo -v | -version ovclusterinfo -a | -all ovclusterinfo -c | -cluster {-ty | -type} | {-nm | -name} | {-st | - state} | {-nds | -nodes} | {-rgs | -groups} ovclusterinfo -n | -node <node> {-id} | {-st | -state} ovclusterinfo -g | -group <group> {-id} | {-st | -state} | {-ls | - localState} | {-nds | -nodes} | {-vip | -virtualIPAddress} | {-an | - activeNode} DESCRIPTION The ovclusterinfo command obtains information about high-availability clusters, and cluster nodes, and resource groups including; the name, status, and type of the cluster and, in addition, the nodes configured in the cluster. The ovclusterinfo command also obtains information about high availability (HA) Resource Groups, including; the status, IP address, and the nodes, which the Resource Group contains. An HA Resource Group is a collection of resources, such as files and processes, that are available on one node in a cluster and can be switched to another cluster node as a single entity. Parameters The ovclusterinfo command accepts the following parameters: -h | -help Display all options for the ovclusterinfo command. -v | -version Display the version of the installed command. HP Operations Manager (9.00) Page 1097 of 1297 Online Help -c | -cluster Displays information about the named cluster. -a | -all Display all available information about the named cluster, nodes, and resource groups. -n | -node Display all available information about the named node in the cluster. -g | -group Display information about the named high-availability resource group. Options You can use the following options with the appropriate command parameters: -ty | -type Display the type of cluster which is installed. Possible values are: - Microsoft Clustering Services (Windows), - MC/ServiceGuard (HP-UX), - VERITAS Cluster Server (Solaris), - Sun Cluster (Solaris), - TRU64 Cluster (TCR), - Red Hat Advanced Server (RHAS), - HACMP (AIX), - Unknown. -nm |-name The name of the cluster. -st | -state The status of the cluster on the local node. This can be one of: - Cluster is up - Cluster is down - State unknown -nds | -nodes Displays the names of the nodes in the cluster on separate lines. Cluster configuration determines how the node information is displayed, for example; short or long hostnames, IP address, and so on. -rgs | -groups All resource groups in the cluster. -status The status of the HA resource group, defined by <rgname>, on the local node. -virtualIPaddress The virtual IP address of the HA resource group, defined by <rgname>. -nodes The list of all nodes to which the HA resource group, defined by <rgname>, can fail over. -activeNode HP Operations Manager (9.00) Page 1098 of 1297 Online Help The node that currently hosts the HA resource group, defined by <rgname>. AUTHOR ovclusterinfo was developed by Hewlett-Packard Company. EXAMPLES The following examples show how to use the ovclusterinfo command: l To display the name of the cluster: ovclusterinfo -cluster -name l To display the names of all HA resource groups in the cluster: ovclusterinfo -cluster -groups l To display the virtual IP address that is configured for the HA resource group haRG: ovclusterinfo -group haRG -virtualIPaddress l To display the name of the node where the HA resource group haRGis currently running. ovclusterinfo -group haRG -activeNode SEE ALSO "ovappinstance" (on page 1080) "ovconfpar" (on page 1106) "ovpolicy" (on page 1122) ovcm NAME ovcm - manages certificates with the Certificate Server in an HTTPS-based environment. SYNOPSIS ovcm -h|-help ovcm -version ovcm -newcacert [-ni] ovcm -importcacert -file <file> [-pass <passphrase>] ovcm -exportcacert -file <file> [-pass <passphrase>] ovcm -listpending [-l] ovcm -grant <reqid> ovcm -deny <reqid> ovcm -remove <reqid> ovcm -issue -file <file> -name <nodename> [-pass <passphrase>] [- coreid <OvCoreId>] [-ca] HP Operations Manager (9.00) Page 1099 of 1297 Online Help ovcm -genInstKey -file <file> [-context <context>] [-pass <passphrase>] DESCRIPTION The ovcm command is used to manage certificates with the Certificate Server in an HTTPS-based environment. You can execute tasks such as creating public/private key pairs for signing certificates, granting and issuing signed certificates and the corresponding private keys against certificate requests fromHTTPS nodes. Parameters The ovcm command incorporates the following options: -h|-help Displays all the command-line options for the ovcm command. -version Returns the version of the tool (the component version). -newcacert [-ni] Creates a new public/private key pair for signing certificates. If there is already a public/private key pair in use by the certification authority, you are asked whether this should be replaced. Use this option with care! An initial public/private key pair is automatically created when the Certificate Management component is installed. The -ni non-interactive option creates a new public/private key pair without operator interaction. If a public/private key pair already exists, the request is cancelled. -importcacert -file <file> [-pass <passphrase>] Imports a certificate for signing certificate requests together with its private key (both contained in one file in PKCS12 format). Use this option with care as the existing certificate and private key are replaced. This option is intended for restoring a backup of the current private key/certificate, for example, if the originals are damaged or destroyed, or for setting up a backup system. Use <file> to specify the name of the file (in PKCS12 format) to import from. Use <passphrase> to specify the text string you use to protect the data. If the -pass option is not used, you are prompted to enter the value of the pass phrase. -exportcacert -file <file> [-pass <passphrase>] Exports the certificate and the corresponding private key of the current certification authority to a file. This option is intended to be used for creating backups. The certification authority private key must be handled very carefully because of its importance to the whole communication environment. It should never be transmitted over the network or stored in an insecure place. Use <file> to specify the name of the file where the certificate data should be written to (in PKCS12 format). Use <passphrase> to specify the text string you use to protect the data. If the -pass option is not used, you are prompted to enter the value of the pass phrase. -listPending [-l] Displays the request IDs of all pending certificate requests. With the -l option, detailed information on every pending request is listed. -grant <reqid> The selected certificate request is granted and a signed certificate is sent to the requesting certificate client. HP Operations Manager (9.00) Page 1100 of 1297 Online Help The state of the pending certificate request with the request ID <reqid> is changed to granted. -deny <reqid> The selected certificate request is denied and a message is sent to the requesting certificate client. The state of the pending certificate request with the request ID <reqid> is changed to denied. -remove <reqid> The selected certificate request is removed fromthe pending pool. No message is sent to the requesting certificate client. The state of the pending certificate request with the request ID <reqid> is changed to removed. -issue -file <file> -name <nodename> [-pass <passphrase>] [-coreid <OvCoreId>] [-ca] Issues a signed certificate and the associated private key for a node and writes both to the file <file> (in PKCS12 format). The file can then be moved to a portable mediumand taken to the corresponding node. The <nodename> must be specified as additional information. The optional <OvCoreId> parameter can be used to specify the unique ID of the certificate. If this parameter is empty, a new OvCoreId value is generated for the certificate. The <passphrase> parameter is required to protect the generated certificate data. The pass phrase entered is used to calculate an encryption key that then is used to encrypt the generated certificate data. If the -pass option is not used, you are prompted to enter the value of the pass phrase. If you use the -ca option, you can use the issued certificate to sign other certificates. This may be necessary if you want to set up a second Certificate Server, which creates certificates that are trusted by all nodes that trust the root Certificate Server. -genInstKey -file <file> [-context <context>] [-pass <passphrase>] Creates a new installation key, which, together with some additional information is stored in the file <file>. The created file should then be securely transferred to the node system. On the target node, it can then be used to initiate a new certificate request that will be encrypted with the installation key. The certificate server will accept only one request that is encrypted with this key. This approach offers the advantage that the certificate request (including the private key) is generated on the node systemand the systemcan be authenticated by using the installation key. The optional parameter <context> can be used to add additional (application specific) information that is contained in the certificate request. The <passphrase> parameter is required to protect the generated installation key. The pass phrase entered is used to calculate an encryption key that then is used to encrypt the generated installation key. If the -pass option is not used, you are prompted to enter the value of the pass phrase. AUTHOR ovcm was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: HP Operations Manager (9.00) Page 1101 of 1297 Online Help 0 All steps were successful. 1 One or more steps were not successful. Corresponding error messages are written to stderror. EXAMPLES The following examples show how to use the ovcm command: l To create a new public/private key pair for the signing of certificates on the management-server system: ovcm -newcacert l To grant the certificate request <reqid> and send a signed certificate to the requesting certificate client: ovcm -grant <reqid> ovconfchg NAME ovconfchg - manipulates settings files, updates the configuration database, and triggers notification scripts SYNOPSIS ovconfchg -h | -help ovconfchg -version ovconfchg [-ovrg <OVRG>] [-edit | -job {-ns namespace {-set <attr> <value> | -clear <attr> | -clear -all} ... } ... ] DESCRIPTION Installed HP Operations Manager components have associated configuration settings files that contain one or more namespaces. A namespace is a group of configuration settings that belong to a component. ovconfchg manipulates the settings in either the system-wide configuration file or the configuration file for the specified OV Resource Group, local_settings.ini, updates the configuration database, settings.dat, and triggers notification scripts. If ovconfchg is called without options, or only with -ovrg, no settings are changed but an update is triggered anyway. This is to allow updating after default settings files have been added, removed, or updated. When ovconfchg runs, all configuration settings are read and merged in memory. Default definitions are used to make corresponding checks, as well as to emit and log warnings in the event of a violation. During this process, file locks are used to prevent parallel updates. A new configuration database is then created containing the merged data. Parameters ovconfchg recognizes the following options: -h | -help HP Operations Manager (9.00) Page 1102 of 1297 Online Help Displays all the options for the ovconfchg command. -version Displays the version of the ovconfchg command. -ovrg <OVRG> If the parameter you want to change belongs to an OV resource group, use -ovrg to specify the name of the resource group. Otherwise, system-wide settings files are opened. -edit Starts a text editor to edit the settings file, local_settings.ini. The text editor used is determined by the $EDITOR environment variable. If $EDITOR is not set, vi starts on UNIX and Notepad starts on Windows. A temporary copy of the file is created for editing. After the changes are made, the file is validated for syntax errors. The syntax rule for validation is that the namespace and attribute names should contain only letters (a-z, A-Z), digits (0-9), period(.) and underscore(_) characters. If the validation fails, the line number of the error is reported and the user will be prompted to correct the file. If Yes, the file will be reopened for making the necessary changes. If No, the original settings file remains unchanged. If the validation is successful, the changes are saved into the original settings file. Do not configure binary values using this option. This can corrupt the file. It is also recommended to restrict the data entered using this option to US-ASCII (7-bit only) subset. Do not open the settings file directly in a text editor and change it. This can corrupt the file. -job Create an update job file only and do not synchronize. -ns | -namespace <namespace> Sets a namespace for the -set and -clear options. -set <attr> <value> Sets an attribute value in the namespace specified by the -namespace option. The local or OV resource settings file is updated accordingly. -clear <attr> Clears the local setting for the attribute attr in the namespace specified by the -namespace option. The local settings file is updated accordingly. -clear -all Clears all local settings. The local settings file is updated accordingly. AUTHOR ovconfchg was developed by Hewlett-Packard Company. FILES The ovconfchg command uses the following files to store local settings: l <DataDir>/conf/xpl/config/local_settings.ini l <ShareDir>/<OVRG>/conf/xpl/config/local_settings.ini The ovconfchg command uses the following files to store database configuration settings: HP Operations Manager (9.00) Page 1103 of 1297 Online Help l <DataDir>/datafiles/xpl/config/settings.dat l <ShareDir>/<OVRG>/datafiles/xpl/settings.dat EXAMPLES The following examples show how to use the ovconfchg command: l To assign the value 12 to the attribute COUNT, and assign the value "red blue white" to the attribute COLORS in the namespace, tst.lib: ovconfchg -ns tst.lib -set COUNT 12 -set COLORS "red blue white" l To clear the attribute COUNT in the namespace tst.lib: ovconfchg -ns tst.lib -clear COUNT l To remove all locally configured attributes fromthe namespace tst.lib: ovconfchg -ns tst.lib -clear '*' l For the OV resource group server, assign the value 50 to the attribute COUNT in the namespace tst.lib: ovconfchg -ovrg server -ns tst.lib -set COUNT 50 SEE ALSO "ovconfget" (on page 1104) ovconfget NAME ovconfget - returns specified attributes fromthe configuration database. SYNOPSIS ovconfget -h | -help ovconfget -version ovconfget [-ovrg <OVRG>] [<namespace> [<attr>]] DESCRIPTION Installed HP Software components have associated configuration settings files that contain one or more namespaces and apply systemwide or for a specified OV Resource Group. A namespace is a group of configuration settings that belong to a component. All configurations specified in the settings files are duplicated in the settings.dat configuration database. For each specified namespace, ovconfget returns the specified attribute or attributes and writes themto stdout. Used without arguments, ovconfget writes all attributes in all namespaces to stdout. Parameters ovconfget recognizes the following options: -h | -help HP Operations Manager (9.00) Page 1104 of 1297 Online Help Displays the options for the ovconfget command -version Displays the component version -ovrg <OVRG> Specifies the named OV Resource Group <OVRG>. <namespace> <attr> Obtains the specified attribute in the specified namespace for the named OV Resource Group <OVRG> and writes themto stdout. If namespace is used without specifying an attribute, <attr>, ovconfget writes the contents of the database for the specified namespace. If neither <attr> nor <namespace> is specified, ovconfget writes the complete contents of the configuration database to stdout. AUTHOR ovconfget was developed by Hewlett-Packard Company. FILES The ovconfget command uses the following files to read configuration-database settings: l <DataDir>/datafiles/xpl/config/settings.dat l <ShareDir>/<OVRG>/datafiles/xpl/settings.dat EXAMPLES The following examples show how to use the ovconfget command: l To return the value of the Port attribute in the tst.settings namespace, for example: 9012 ovconfget tst.settings Port 9012 l To return all attributes in the tst.settings namespace as multiple lines in the formof attr=value, for example: ovconfget tst.settings Port=9012 Protocols=HTTP FTP HTTPS MaxFileSize=128 l To return all attributes in all namespaces on multiple lines, for example: ovconfget [tst.lib] LibraryPath=/opt/OV/lib:/opt/OV/lbin/tst/var/opt/OV/tmp [tst.settings] Port=9012 Protocols=HTTP FTP HTTPS MaxFileSize=128 SEE ALSO HP Operations Manager (9.00) Page 1105 of 1297 Online Help "ovconfchg" (on page 1102) ovconfpar NAME ovconfpar - set and return configuration parameters remotely SYNOPSIS ovconfpar -get [-host <hostname> [-targetid [<id>]...] -ovrg <OVRG> - ns <namespace> ] ovconfpar -change [-host <hostname> [-targetid [<id>]...] -ovrg <OVRG>] -ns <namespace> [ [-set <attr> <value>]... | [-clear [<attr>] ]... ] ovconfpar -help ovconfpar -version DESCRIPTION ovconfpar reads and sets configuration parameters for installed HP Software components. For information about the parameters you can use with the ovconfpar command, see "Parameters": for information about the options you can use with the ovconfpar command parameters, see "Options". Parameters The ovconfpar command recognizes the following parameters: -get <options> Returns the value or values of one or more keys for the specified namespaces. -change <options> Sets different key-value pairs for multiple namespaces. -version Displays the version of the command. -help Displays the help information. Options You can use the following options with the ovconfpar command parameters: -host <hostname> [-targetid <id>] The host name and target ID of the remote machine. -ovrg <OVRG> If the parameter you want to get or change belongs to an OV resource group, use -ovrg to specify the name of the resource group. -ns <namespace> The name of the namespace, whose configuration parameters you want to get or change. -set <attr> <value> ... Set the named attribute to the specified value for the specified namespace. -clear [<attr>] ... HP Operations Manager (9.00) Page 1106 of 1297 Online Help Clear the named attribute(s) fromthe specified namespace. If no attribute is specified, all attributes are cleared for the specified namespace. Return Codes ovconfpar issues the following return codes: 0 All steps were successfully. -1 One or more steps failed. EXAMPLES The following examples show how to use the ovconfpar command. l To set the key ovo_port_range to 12345 in the namespace ovo.server: ovconfpar -set -ns ovo.svr01 -set ovo_port_range 12345 l To set the key ovo_port_range to 12345 in the namespaces ovo.svr01 and ovo.svr02: ovconfpar -set -ns ovo.svr01 -set ovo_port_range 12345 -ns ovo.svr02 -set ovo_port_range 12345 l To set the key MaxFileSize to 128 and the key Protocol to HTTP in the namespace ovo.svr01: ovconfpar -set -ns ovo.svr01 -set MaxFileSize 128 -ns ovo.svr01 -set Protocol HTTP l To display all keys and their values for all namespaces: ovconfpar -g l To display the value for MaxFileSize in the ovo.svr01 namespace: ovconfpar -g -ns ovo.svr01 MaxFileSize l To display the values in the ovo.svr01 namespace: ovconfpar -g -ns ovo.svr01 AUTHOR ovconfpar was developed by Hewlett-Packard Company. SEE ALSO "ovappinstance" (on page 1080) "ovclusterinfo" (on page 1097) "ovpolicy" (on page 1122) ovcoreid NAME ovcoreid - Manages the unique node identifier OvCoreId on the local node. SYNOPSIS HP Operations Manager (9.00) Page 1107 of 1297 Online Help ovcoreid -show [-ovrg <OV_Resource_Group>] ovcoreid -create [-force] [-ovrg <OV_Resource_Group>] ovcoreid -set <OvCoreId> [-force] [-ovrg <OV_Resource_Group>] ovcoreid -version ovcoreid -h|-help DESCRIPTION The ovcoreid command is used to display existing OvCoreId values and, in addition, create and set new OvCoreId values on the local node. Parameters The ovcoreid command accepts the following parameters and options: -show [-ovrg <OV_Resource_Group>] Displays the current OvCoreId of the system(configuration setting CORE_ID in namespace [sec.core]). This is the default if no parameters are specified. If the OvCoreId you want to show belongs to an OpenView Resource Group, use the -ovrg option to specify the name of the Resource Group. If an OV Resource Group is specified, the corresponding configuration settings will be read or modified as well. If you specify a non-existent OV Resource Group, ovcoreid displays the local OvCoreId. -create [-force] [-ovrg <OV_Resource_Group>] Generates a new OvCoreId. If a CORE_ID value already exists, the existing OvCoreId is only overridden when -force is specified. If the OvCoreId you want to show belongs to an OpenView Resource Group, use the -ovrg option to specify the name of the Resource Group. If an OV Resource Group is specified, the corresponding configuration settings will be read or modified as well. If you specify a non-existent OV Resource Group, ovcoreid displays an error. -set [-force] [-ovrg <OV_Resource_Group>] Sets a specific OvCoreId. The -force option must be used if an OvCoreId value has already been set. If the OvCoreId you want to show belongs to an OpenView resource group, use the -ovrg option to specify the name of the resource group. If an OV Resource Group is specified, the corresponding configuration settings will be read or modified as well. -version Returns the version of the tool (the component version). -h|-help Display all available command options. AUTHOR ovcoreid was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: 0 All steps were successful. 1 If -create or -set is used without -force and a value for OvCoreId already exists. HP Operations Manager (9.00) Page 1108 of 1297 Online Help 2 One or more steps were not successful. Corresponding error messages are written to stderror. Note: Changing the OvCoreId of a systemis analogous to giving the systema new identity and is an action that should only be executed if the consequences are fully understood. Changing the OvCoreId of a systemrequires a number of significant changes including the need for a new certificate, and having to do appropriate reconfiguration of the HP Software server(s). EXAMPLES The following examples show you how to use the ovcoreid command: l To display the OvCoreId for the local node: ovcoreid -show l To create and set a new OvCoreId on the local node: ovcoreid -create l To set the specified OvCoreId on the local node: ovcoreid -set <OvCoreId> SEE ALSO "ovconfget" (on page 1104) "ovconfchg" (on page 1102) ovcreg NAME ovcreg - component registration tool SYNOPSIS ovcreg -h|-help ovcreg -check [<filename>] ovcreg -add [<filename>] ovcreg -del [<component>] ovcreg -version DESCRIPTION ovcreg is used to register a component with (and de-register the component from) the OvCtrl. The ovcreg command can also be used to check a component registration file for syntactical correctness. If the OvCtrl daemon (ovcd) is running at the time of registration, it will be informed about the new component only if the -add option was applied and the component is not started. The OvCtrl shows the new component the next time the ovc command is called with the -status option. HP Operations Manager (9.00) Page 1109 of 1297 Online Help If the OvCtrl daemon (ovcd) is running, the component will be stopped if the -del(ete) option was applied. NOTE: this option will not stop CORE components, which are denoted by the option CoreProcess in the registration file. CORE components should be stopped with ovc command and the -kill option. Parameters ovcreg recognizes the following options: -h|-help Displays all available options for the ovcreg command. -check [<filename>] Checks the syntax of <filename>. <filename> must not contain more than one component. -add [<filename>] Checks the syntax of <filename> and stores a copy in the configuration directory. Adding a component with a name which is already registered with the OvCtrl will overwrite the original registration with the new one. <filename> must not contain more than one component. -del [<component>] Stops and de-registers the specified <component> fromthe OvCtrl and deletes the specified <component> registration file. NOTE: the delete option does not stop CORE components. -version Displays the version of ovcreg AUTHOR ovcreg was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: 0 Success - The syntax of the file is correct and the registration file is successfully added or deleted. 1 Wrong usage 2 Parsing error 3 Error deleting registration file 5 Error writing XML file 6 Component is not registered 7 Error stopping component 8 Error deleting component FILES HP Operations Manager (9.00) Page 1110 of 1297 Online Help Registration files for components registered with the OvCtrl for the supported platforms reside in the following locations: l AIX, HP-UX, Linux, Solaris: /var/opt/OV/conf/ctrl/*.xml l True64: /usr/var/opt/OV/conf/ctrl/*.xml l Windows: C:\Program Files\HP\HP BTO Software\conf\ctrl\*.xml Note that the user can change the specified default location for the registration files on machines running Microsoft Windows. EXAMPLES The following examples show how to use the ovcreg command and some of its options to control and display important information about registered components. l To check the syntax of the component registration file: opcle.xml: ovcreg -check opcle.xml l To check the syntax of the component registration file, opcle.xml, and add the component defined in the component registration file, opcle.xml to the OvCtrl: ovcreg -add opcle.xml l To stop and de-register the component registered as opcle: ovcreg -del opcle SEE ALSO "ovc" (on page 1090) ovdeploy NAME ovdeploy - performs tasks related to software installation on local and remote hosts. SYNOPSIS ovdeploy -install -pkg <package_descriptor> |-file <filename>... |-dir <dirname> [[-sourcerootdir <symbolic_name>] [-sourcedir <dirname>] [- targetrootdir <symbolic_name>] [-targetdir <dirname>] [-force] [-perm <file_permissions>] [-host <name_or_ip>] [-instserv <name_or_ip>] [- targetid <id>] [-cmd_timeout <time_in_milli_sec>]] ovdeploy -remove -pkg <package_name> |-file <filename> |-dir <dirname> [[-targetrootdir <symbolic_name>] [-targetdir <dirname>] [-force] [- host <name_or_ip>] [-instserv <name_or_ip>] [targetid <id>] [-ovrg <id>] [-cmd_timeout <time_in_milli_sec>]] HP Operations Manager (9.00) Page 1111 of 1297 Online Help ovdeploy -upload -pkg <package_descriptor> |-file <filename> |-dir <dirname> [[-sourcerootdir <symbolic_name>] [-sourcedir <dirname>] [- targetrootdir <symbolic_name>] [-targetdir <dirname>] [-force] [-perm <file_permissions>] [-host <name_or_ip>] [-instserv <name_or_ip>] [- targetid <id>] [-cmd_timeout <time_in_milli_sec>]] ovdeploy -download -pkg <package_descriptor> |-file <filename> |-dir <dirname> [[-sourcerootdir <symbolic_name>] [-sourcedir <dirname>] [- targetrootdir <symbolic_name>] [-targetdir <dirname>] [-force] [-perm <file_permissions>] [-host <name_or_ip>] [-instserv <name_or_ip>] [- targetid <id>] [-ovrg <id>][-cmd_timeout <time_in_milli_sec>]] ovdeploy -inv [-host <name_or_ip>] [-invtype <inventory_type>] [-all] ovdeploy -reg -pkg <package_descriptor>[ [-sourcerootdir <symbolic_ name>] [-sourcedir <dirname>] [-force] [-host <name_or_ip>] [-targetid <id>] [-ovrg <id>]] ovdeploy -unreg -pkgname <package_name> [[-force] [-host <name_or_ip>] [-targetid <id>] [-ovrg <id>]] ovdeploy -exec -file <filename> [[-targetrootdir <symbolic_name>] [- targetdir <dirname>] [-shell] [-host <name_or_ip>] [-targetid <id>] [- ovrg <id>] [-cmd_timeout <time_in_milli_sec>]] ovdeploy -cmd -file <filename> [-host <name_or_ip>] [-par <params>] [- cmd_timeout <time_in_milli_sec>][-targetrootdir <symbolic_name>] [- targetdir <dirname>]] ovdeploy -get <node_attribute> [-node <name_or_ip>] ovdeploy -env <environment_var> [-node <name_or_ip>] DESCRIPTION ovdeploy manages objects on local and remote hosts. An object can be a file, a directory, or a package. A package can be a file, a group of files, a directory or group of directories or a combination of all. You use ovdeploy to install, remove, up or download, and register or unregister objects on the local and remote hosts you are managing. You can also use the ovdeploy command to list package inventories and execute commands on specified files. Parameters ovdeploy recognizes the following options: -install <options> Installs the specified object. -remove <options> Removes one or more objects. -upload <options> Uploads one or more objects froma target node. -download <options> Downloads one or more objects froma target node. -inv <options> HP Operations Manager (9.00) Page 1112 of 1297 Online Help Returns a list of installed objects on a target node either to stdout or in the formof an XML file written to the local directory. -reg <options> Adds a specified package name to the list of registered package names on a target node. -unreg <options> Removes a specified package name fromthe list of registered package names on a target node. -exec <options> Executes a specified file on a specified host and returns the result of the action to stdout. -cmd <options> Executes a specified command or file on a different shell on the specified host and returns the results of the action on stdout. -get <options> Displays the value of an environment variable on a specified node. The environment variable can be, for example, PATH or OvInstallDir. The value of the environment variable can be obtained only if that variable is set on the specified node. -env <options> The -list option displays all requests in a store-and-forward buffer for the specified target or the entire buffer if no target is specified. Options The following options may be used in conjunction with the command parameters indicated in the Parameters section: -all Returns the complete inventory in XML format. The complete inventory comprises the package descriptors of all packages that have been installed on the node. If not used, only the name and version of each registered package is returned. -dir <dirname> The name of a directory to be installed, removed, up or downloaded, registered or unregistered. The contents of the directory will also be installed, removed, up/downloaded. -file <filename>... The name of a file to be installed, removed, up or downloaded, registered or unregistered, or executed. With the -install parameter, multiple files can be specified. -force With the -install parameter, it installs the specified object even if an object already exists on the target node with the same or higher version. With the -remove parameter, it must be used with -dir, and removes all subdirectories. -host <target_host> The name or IP address of the target host. If not used, the local host is assumed. -instserv <name_or_ip> Name or IP address of an installation server. If an installation server is specified, the specified file is not copied fromthe local host to the target host. Instead, it is copied fromthe installation server to the target host. -invtype [depl|native] HP Operations Manager (9.00) Page 1113 of 1297 Online Help depl returns to stdout the inventory of objects installed using the deploy command. native returns to stdout the inventory of objects installed using the operating system's native installation program. -ovrg <id> The ID of an OV resource group, if applicable. -perm <nnn> Sets file permissions of an installed, up/downloaded, un/registered file. This parameter takes three digits. The first digit specifies the owner permission, the second digit specifies the group permission, and the third digit specifies public permissions. The allowable digits are: 0 No permissions. 1 Execute. 2 Write. 3 Execute and write. 4 Read. 5 Execute and read. 6 Read and write. 7 Read, write, and execute. -pkg <package_descriptor> The full path and name of the package descriptor file. The package descriptor file contains a list of all the files that are to be installed, removed, up or downloaded, registered or unregistered and their locations. -shell Used with the -exec parameter to execute in a shell the file specified by <file>. For UNIX systems, /bin/sh -c is used. For a MS Windows system%ComSpec/cmd.exe /c is used. -sourcerootdir <symbolic_name> The symbolic path name used to create an absolute file path for the source file. -sourcedir <dirname> Used to create an absolute file path for the source file. If a source root directory is specified, the source directory is appended to it. If no source root directory is specified, the source directory is appended to the default directory, $OvDataDir/installation/incoming/files/. -cmd_timeout <time_in_milli_sec> Sets the timeout (in milliseconds) for individual commands executed fromovdeploy command. If this option is not set, the value specified for COMMAND_TIMEOUT under depl namespace of configuration settings of the target systemwill be used for individual commands (which has a default value of 10 minutes). This option applies to package install and remove commands, - exec, and -cmd commands. -targetrootdir <symbolic_name> HP Operations Manager (9.00) Page 1114 of 1297 Online Help A symbolic path name used to create an absolute file path for the target root directory. -targetdir <dirname> The name of the directory on the target node where the object is to be installed, removed, up or downloaded, registered or unregistered. -targetid <id> The target ID of the target node. Symbolic Pathnames ovdeploy supports symbolic names that can be used with the sourcerootdir and targetrootdir options. You can use symbolic names to specify a directory without needing to know where the directory is located on a particular node platform, for example; the HP Software installation directory is: ovinstall. It is defined for all supported node platforms but the actual location might be different on each platform. Supported symbolic path names are: Bin <installdir>/bin Contrib <installdir>/contrib current <CurrentDir> Data <DataDir> dataarchive <DataDir>/datafiles/archive datacertificates <DataDir>/certificates dataconf <DataDir>/conf datafiles <DataDir>/datafiles dataimages <DataDir>/images datainstallation <DataDir>/installation datainstrumentation <DataDir>/bin/instrumentation datalog <DataDir>/log datapackages <DataDir>/packages datapolicies <DataDir>/datafiles/policies datatemp <DataDir>/tmp datatmp HP Operations Manager (9.00) Page 1115 of 1297 Online Help <DataDir>/tmp datawww <DataDir>/www depl <DataDir>/installation deplincoming <DataDir>/installation/incoming> deplincomingfiles <DataDir>/installation/incoming/files deplincomingpackages <DataDir>/installation/incoming/packages deplinventory <DataDir>/installation/inventory depluploadinventory <DataDir>/installation/upldinventory deplpackages <DataDir>/installation/packages Depltemp <DataDir>/installation/temp deplbbcfxupload <DataDir>/installation/temp/bbc/fx/upload deplupload <DataDir>/installation/temp/bbc/fx/upload examples <DataDir>/examples Help <DataDir>/help include <DataDir>/include install <InstallDir> Java <InstallDir>/java Lbin <InstallDir>/lbin Lib <InstallDir>/lib licenseagreements <InstallDir>/license-agreements Man <InstallDir>/man Misc <InstallDir>/misc Msg HP Operations Manager (9.00) Page 1116 of 1297 Online Help <InstallDir>/msg newconfig <InstallDir>/newconfig nonov <InstallDir>/nonOV ovdata <DataDir> ovinstall <InstallDir> packages <InstallDir>/packages paperdocs <InstallDir>/paperdocs releasenotes <InstallDir>/ReleaseNotes resources <InstallDir>/resources Root <RootDir> support <InstallDir>/support> systemp <SystemTempDir> systmp <SystemTempDir> systemtmp <SystemTempDir> wwhtdocs <InstallDir>/www/htdocs wwwimages <InstallDir>/www/images AUTHOR ovdeploy was developed by Hewlett-Packard Company. EXAMPLES The following examples show how to use the ovdeploy command: l To install the package testpackage.xml, located in the /tmp directory, to the node test.com. ovdeploy -install -pkg /tmp/testpackage.xml -node test.com l To install the file testfile, located in the /tmp directory, to the node test.com. ovdeploy -install -file /tmp/testfile -node test.com HP Operations Manager (9.00) Page 1117 of 1297 Online Help l To deploy the file testfile, located in the /tmp directory, to the /opt/OV/bin directory on the node test.com. ovdeploy deploy -file /tmp/testfile -targetdir /opt/OV/bin -node test.com l To delete the file /opt/OV/bin/testfile fromthe host test.com. ovdeploy -remove -file testfile -targetdir /opt/OV/bin -node test.com l To delete the file $OvDataDir/installation/incoming/files/test/testfile from the host test.com. The absolute path of the file is created fromthe specified target directory. No target root directory was specified, so the default target root directory is used. ovdeploy -remove -file testfile -targetdir test -host test.com l To delete the package testpkg1 fromthe host test.com. ovdeploy -remove -pkg testpkg1 -host test.com l To copy the file testfile to the default target directory on the local host. The default target directory is $OvDataDir/installation/incoming/files/. ovdeploy -upload -file /tmp/testfile l To copy all files that are specified in the package descriptor package1.xml to the default package upload directory on the host test.com. The directory containing the specified package descriptor file and all files specified in it is the bin directory. ovdeploy -upload -pkg package1.xml -sourcerootdir bin -host test.com l To copy the files in the /tmp/testdir directory on the host test.com to the directory /opt/OV/bin on the local host. ovdeploy -download -dir /tmp/testdir -targetdir /opt/OV/bin -node test.com l If testpackage1 and testpackage2 have been installed on the local machine, the following is returned: ovdeploy -inv NAME VERSION TYPE ARCHITECTURE testpackage1 05.00.050 package windows 4.0 testpackage2 01.00.050 package windows 4.0 l To display the native package inventory of the local host. For example: ovdeploy -inv -invtype native HP OpenView BBC Package 5.0.50 HP OpenView Performance Access Package 10.00.123 l To register the package package1.xml by copying the package descriptor to the inventory directory. If the package descriptor already exists, an error is returned to stdout. ovdeploy -reg -pkg /tmp/package1.xml l To unegister the package testpack2 fromthe host test.com. HP Operations Manager (9.00) Page 1118 of 1297 Online Help ovdeploy -unreg -pkgname testpack2 -host test.com l To execute the file run on the local host and returns the output to stdout. ovdeploy -exec -file /tmp/run l To execute the file run.sh with the shell on the host test.com. ovdeploy -exec -shell -file run.sh -targetrootdir bin -node test.com l To set the timeout value for the -exec command for my_exe.exe file on host node1. ovdeploy -exec -file C:\my_exe.exe -node node1 -cmd_timeout 9000000 l To find out which operating systemis running on the host node1. ovdeploy -get ostype -node node1 l To find the value set for the environment variable OvInstallDir on host node1. ovdeploy -env OvInstallDir -node node1 ovlogdump NAME ovlogdump - dumps a specified binary log file as text in the current locale to the console SYNOPSIS ovlogdump -h|-help ovlogdump -version ovlogdump [<binary_logfile_name>] ovlogdump -merge -tofile <binary_logfile_name> -fromfiles <binary_ logfile1_name> <binary_logfile2_name>... DESCRIPTION The ovlogdump command dumps a binary log file as text in the current locale to the console. To view the contents of a log file, specify its location and name; else, the system.bin file is dumped to the console by default. By default, all the log files are stored in the following location: On Windows: C:\Documents and Settings\All Users\Application Data\HP\HP BTO Software\log On UNIX: /var/opt/OV/log If permissions are inadequate for the default locations, the log files are stored in the <OvDataDir>/log/public directory. During application logging, if multiple log files are created, you can use the -merge option to merge these files into a single binary log file. HP Operations Manager (9.00) Page 1119 of 1297 Online Help Parameters ovlogdump recognizes the following options: [<binary_logfile_name>] The name and location of the binary log file to be dumped. If the log file name is not specified, system.bin file in the <OVDataDir>/log/ directory is displayed on the console by default. -merge -tofile <binary_logfile_name> -fromfiles <binary_logfile1_name> <binary_logfile2_name>.... Merges application log files specified by <binary_logfile1_name>.... into a single binary log file specified by <binary_logfile_name>. This option is not supported for merging systemlog files. -h|-help Displays all available options for the ovlogdump command. -version Displays the version of the ovlogdump command. AUTHOR ovlogdump was developed by Hewlett-Packard Company. ovoreqcheckagt The tool ovoreqcheckagt enables local HP Operations agent prerequisite checking fromthe command line on the node. It parses requirements fromthe local configuration file, checks the node, and prints out the report in either a detailed or summarized format. The default location of the configuration file is the current directory. You can specify a customfile with -cfg <config_ file>. UNIX-specific Information The tool consists of three files: ovoreqcheckagt, ovoreqcheckagt.awk, and ovoreqcheck.cfg. These files must be transferred fromthe agent package directory on the server (for example, %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Unix) to the node where the agent prerequisites will be checked. The ovoreqcheckagt script needs to be made executable with the command chmod +x ./ovoreqcheckagt. Windows-specific Information The tool consists of two files: ovoreqcheckagt.exe and ovoreqcheck.cfg. These files must be transferred fromthe agent package directory on the server (for example, %OvShareDir%Packages\HTTPS\PrerequisiteCheck\Windows) to the node where the agent prerequisites will be checked. Command Synopsis ovoreqcheckagt (-det | -sum) -agt_comm_type <agent_comm_type> -agt_bin_format <agent_bin_format> [-cfg <config_file>] ovoreqcheckagt -req <system> -agt_comm_type <agent_comm_type> -agt_bin_format <agent_bin_format> [-cfg <config_file>] ovoreqcheckagt -allsystems [-cfg <config_file>] ovoreqcheckagt -ver ovoreqcheckagt -help HP Operations Manager (9.00) Page 1120 of 1297 Online Help Option Description -help Prints tool usage and description. -det Prints detailed result of requirements and recommendations validation. All prerequisites are displayed regardless if they have passed or failed. -sum Prints summary result of requirements and recommendations validation. Only failed prerequisites are displayed. -req <system> Shows requirements and recommendations for the specified operating system. -allsystems Prints the list of all supported systems. -agt_comm_type <agent_comm_ type> Specifies the agent communication type for this node. If you specify -det or -sum, this parameter is required. Valid values for <agent_comm_ type> are DCE and HTTPS. -agt_bin_ format <agent_ bin_format> Specifies the agent binary format for this node. If you specify -det or - sum, this parameter is required. Valid values for <agent_bin_format> are as follows: l Alpha l IPF32 l IPF64 l PA-RISC l PowerPC l SPARC l x64 l x86 -cfg <config_ file> Specifies a customconfiguration file (default file is .\ovoreqcheck.cfg). -ver Prints the version of the ovoreqcheckagt tool. Exit Values Exit value indicates prerequisite checking status: 0 - All checked prerequisites (requirements and recommendations) are OK. 1 - All requirements are OK; at least one recommendation has failed. 2 - All requirements are OK; at least one recommendation could not be checked. 3 - At least one requirement has failed. 55 - No prerequisites specified for <system> system. HP Operations Manager (9.00) Page 1121 of 1297 Online Help 101 - Client does not have administrative privileges on the node. Prerequisites can be checked only with administrative rights. 102 - At least one requirement could not be checked (it is unknown whether requirement is OK or not); all other successfully checked requirements are OK. 103 - Checked node is not available; either there is no network connection or firewall ports are not opened. 104 - Node (name) cannot be resolved 105 - The platform/OS version on node xxx may not yet be supported - consult the latest support matrix ; if platformis supported ignore prerequisite check and check prerequisites manually. 106 - Nodes platformproperties (SystemType, Operating System, Version) are not set. 107 - Cannot discover platform. ovpolicy NAME ovpolicy - installs, manages, and removes both local and remote policies. SYNOPSIS ovpolicy -help ovpolicy -version ovpolicy -install [-host <hostname> [-targetid [<id>]...] {-enabled|- disabled} -chkvers -add-category [<cat1>]... {-remove-category [<cat>]... |-remove-all-categories} -force-cat -add-attribute [<name> <value>]... -remove-attribute [<name> <value>]...| -remove-all-attributes -force-attr -set-owner <owner> -force-owner -no-notify] {-file [<file>]...|-dir [<dir>]...} [-ovrg <ov_res_group>] ovpolicy -remove [-no-notify -host <hostname> [-targetid [<id>]...] [- ovrg <ov_res_group>] <SELECTION> ovpolicy [-enable |-disable] [-no-notify -host <hostname> [-targetid [<id>]...] [-ovrg <ov_res_group>] <SELECTION> ovpolicy [-addcategory |-removecategory] <cat>... [-no-notify -host <hostname> [-targetid [<id>] [-ovrg <ov_res_group>]] <SELECTION> ovpolicy -removeallcategories [<cat>]... [-no-notify -host <hostname> [-targetid [<id>]...] [-ovrg <ov_res_group>]] <SELECTION> ovpolicy [-addattribute |-removeattribute] <name> <value>... [-no- notify -host <hostname> [-targetid [<id>]...][-ovrg <ov_res_group>]] <SELECTION> ovpolicy -removeallattributes [-no-notify -host <hostname> [-targetid [<id>]...][-ovrg <ov_res_group>]] <SELECTION> HP Operations Manager (9.00) Page 1122 of 1297 Online Help ovpolicy [-setowner | -removeowner <owner>] [-no-notify -host <hostname> [-targetid [<id>]...][-ovrg <ov_res_group>]] <SELECTION> ovpolicy -notify [-host <hostname> [-targetid [<id>]...][-ovrg <ov_ res_group>]] ovpolicy -list [-level <0|1|2|3|4> -host <hostname> [-targetid [<id>]...][-ovrg <ov_res_group>]] DESCRIPTION ovpolicy installs, manages, and removes, local and remote policies. A policy is a set of one or more specifications rules and other information that help automate network, system, service, and process management. Policies can be deployed to managed systems, providing consistent, automated administration across the network. Policies can be grouped into categories, for example; to assign policies to a special policy group for simple enable and disable actions. Each category can have one or more policies. Policies can also have one or more attributes, an attribute being a name value pair. You use ovpolicy to, among other functions, install, remove, enable, and disable local policies. For information about the parameters supported by the ovpolicy command, see "Parameters": for information about parameter options, see "Options". Parameters ovpolicy recognizes the following parameters: -install Installs one or more policies using a single policy file specified with -file or multiple policy files specified with -dir. -remove Removes one or more policies. -enable Enables one or more policies. -disable Disables one or more policies. Note that the -disable option only disables a policy, it does not remove a policy fromthe file system. -addcategory Adds all category strings to the policy. You can add multiple categories using a blank-separated list. -removecategory Removes the specified category strings fromthe policy. You can remove multiple categories using a blank-separated list. -removeallcategories Deletes all categories. -addattribute Adds a category attribute to the policy. You can add multiple attribute names using a blank- separated list. -removeattribute Removes category attribute fromthe policy. You can remove multiple attribute names using a blank-separated list. HP Operations Manager (9.00) Page 1123 of 1297 Online Help -removeallattributes Deletes all category attributes. -setowner Sets the owner of a policy. -removeowner Removes the owner of a policy. -list Lists the installed policies. -notify Triggers any notifications to the OV control service, if there are any outstanding or suppressed notifications fromprevious policy operations. -version Displays the version number of the command. -h | -help Displays the help information. Options You can use the following options with the allowed ovpolicy command parameters: -add-attribute Add an attribute <name> with the value defined in <value> to the specified installed policy. -add-category <cat1> [<cat2> ... <catN>] Adds all category strings to the policy. This is a blank-separated list. -chkvers Check and compares the version of the already installed policy and the policy you want to install. If -chkvers is used, the new policy is not installed if the current installed version is the same or higher. If -chkvers is not used, the new policy overwrites the current policy with the same policy_id, regardless of the version number. -chkvers does not overwrite the categories, owner, or status of a current policy. To overwrite the categories, owner, and status associated with a policy owner, use -forcecat, and -forceowner respectively. -dir <dirname> If you specify a directory name, all policy files fromthat directory are used. A line is printed to stdout for each successfully installed policy. -enabled|-disabled If either -enabled or -disabled is used, the new policy acquires the status that is defined in the policy header. If neither -enabled nor -displayed is used, the new policy acquires the status of the currently installed policy (if any). Note that this option overwrites the status defined in the policy-header installation file. So, if the new policy is already installed on the target system, the new version assumes the status of the installed version. -file <filename> Specifies a policy file name to be used. A line is printed to stdout for the successfully installed policy. -force-attr Allows you to remove category attributes that are set on a current installed policy. By default, the attributes fromcurrent installed policies are used. If there is no current installed policy, the attributes set in the header file of the new policy are used. HP Operations Manager (9.00) Page 1124 of 1297 Online Help -force-cat Allows you to remove categories that are set on a current installed policy. By default, the categories fromcurrent installed policies are used. If there is no current installed policy, the categories set in the header file of the new policy are used. -force-owner Overwrites the policy owner regardless of the settings for the installed policy. -host <hostname> [-targetid <ids>] This option specifies the hostname of the managed node. If no hostname is specified, the local host is assumed. -targetid specifies one or more target IDs. -level Specifies the type of information to be returned with the -list parameter, as follows: 0 Policy type, policy name, status, policy version. This is the default setting. 1 Policy type, policy name, status, policy version, policy_ID. 2 Policy type, policy name, status, policy version, policy_ID, category. 3 Policy type, policy name, status, policy version, policy_ID, category, owner. 4 Policy type, policy name, status, policy version, policy_ID, category, owner, attributes. -no-notify When -no-notify is used, ovpolicy does not trigger any notifications. -remove-category <cat1> [<cat2> ... <catN>] Removes the specified category strings fromthe policy. Using the -remove-category option with an empty string deletes all categories. This is a blank-separated list. -remove-all-categories Removes the specified category strings fromthe policy. -remove-attribute Remove the category attribute <name> with the value defined in <value> fromthe specified installed policy. -remove-all-attributes Allows you to remove all category attributes that are set on a current installed policy. If there is no current installed policy, the attributes set in the header file of the new policy are used. -set-owner <owner> Sets the owner of a policy. -set-owner with an empty string deletes the owner. -ovrg <ovrg_res_group> Sets the name of the OV resource group. The <SELECTION> option is one of the following: <SELECTION>-all|-owner <owner>|-owner <owner> -polname <name>|-polid <uuid> |-polname <[type:]name>|-poltype <typename>|-category <category> |-attribute <name> [value] -all All installed policies. HP Operations Manager (9.00) Page 1125 of 1297 Online Help -owner <owner> The policy owner <owner> -owner <owner> -polname <name> The policy owner <owner> and the policy name -owner <name> -polid <id> The ID of the policy. -polname [<policy_type_name>:]<policy name> The name of the policy. If policy_type_name is used, the section applies to all policies of the specified type. -poltype <policy_type_name> The name of the type of policy. -category <category_name> The name of the category to be used. -attribute <name> <value> The name of the policy attribute and value to be used. Return Codes ovpolicy recognizes the following return codes: 0 All steps were successful. 1 One or more steps were not successful. AUTHOR ovpolicy was developed by Hewlett-Packard Company. EXAMPLES The following examples show you how to use the ovpolicy command: l To list all policies on a node. ovpolicy -list l To disable the HP-UX syslog policy. ovpolicy -disable -polname "HPUX ovsyslog" l To enable all trap policies. ovpolicy -enable -poltype ovsnmptrap l To install all policies located in the current working directory. ovpolicy -install -dir . l To install all policies located in the /tmp/sap_policies directory with a status of disabled. ovpolicy -install -disable -dir /tmp/sap_policies l To reinstall all policies located in the /tmp/xyz directory, independent of the former owner. ovpolicy -install -forceowner -dir /tmp/xyz HP Operations Manager (9.00) Page 1126 of 1297 Online Help l To remove all policies fromthe local host. ovpolicy -remove -all l To remove all installed policies that are owned by the management server ovpolicy -remove -owner mgtsvr ovrc NAME ovrc - performactions on remote components SYNOPSIS ovrc -h|-help ovrc -host <name_or_ip> [-tid <ids>] -start [<target> ... ] ovrc -host <name_or_ip> [-tid <ids>] -stop [<target> ... ] ovrc -host <name_or_ip> [-tid <ids>] -restart [<target> ... ] ovrc -host <name_or_ip> [-tid <ids>] -status [<target> ... ] [-level <level>] ovrc -host <name_or_ip> [-tid <ids>] -notify <event> [<target> ...] [-value <value>] ovrc -version DESCRIPTION ovrc controls the starting, stopping, event notification, and status reporting of all components on remote hosts. A component can be a server process belonging to any of the products such as HP Operations Manager, HP Operations agents (for example, the Performance Agent or the Discovery Agent), an event interceptor, or an application delivered by an integrator. Each component must have an associated registration file (see ovcreg(1)) providing HP Software with configuration and process information about the component. In the -host option, you can specify the fully qualified hostname or IP address of the remote node. If the hostname or IP address is not specified, the requested operation is performed on the local node, where the command is run. To performan action, a target can be either a component or a group of components, defined as a category. The ovrc command first tries to run the requested operation on the category specified in target. If the category called target is not found, ovrc tries to start the individual component target. A category name must not match any component name. You can also use the -tid option to specify a target ID (CORE ID) of the remote host specified in the -host option. The CORE ID is a unique identification for a node. You can use the CORE ID with the -tid option to make sure that the remote host that receives the request is correct. Parameters ovrc recognizes the following options: HP Operations Manager (9.00) Page 1127 of 1297 Online Help -h|-help Displays all available options for the ovrc command. -start [<target> ... ] Starts the selected components. <target> specifies a component or category. If <target> is not used, all components are started. -stop [<target> ... ] Stops the selected components. <target> specifies a component or category. If <target> is not used, all components are stopped except components which are CORE processes. -restart [<target> ... ] Stops components before they are restarted. If <target> is not used, all components are stopped and restarted. -notify <event> [<target> ... ] [-value <value>] Sends notification of an event with the value of <value> to the component or category specified by <target>. If <target> is not used, the event notification is sent to all components. If <value> is not used, only the event notification is sent. -status [<target> ... ] [-level <level>] Reports the status of a component or category specified by <target>. The status report contains the component's label, description, category, process ID, and STATE. Components can be in one of the following state: Stopped (0 in numeric format), Starting (1), Initializing (2), Running (3), Stopping (4), N/A (5) or Aborted (6). If <target> is not specified, the status of all components is returned. <level> specifies the type and quantity of information to display, as follows: Level 0 Status of registered components monitored by HP Software. Level 1 Status of registered components whether they are monitored by HP Software or not. Level 2 Status of registered components and a dump of their registration information. Level 3 ID of core processes. 0 (zero) indicates root, non-zero indicates non-root ownership. Level 4 Similar to level 0, but the STATE is reported in numeric format. Level 5 Similar to level 1, but the STATE is reported in numeric format. Level 6 Similar to level 0, but the output is not formatted Level 7 Similar to level 1, but the output is not formatted -version Prints the version of ovrc. AUTHOR ovrc was developed by Hewlett-Packard Company. EXIT STATUS The following exit values are returned: HP Operations Manager (9.00) Page 1128 of 1297 Online Help 0 Success 1 Not defined 2 Ignored 64 Generic error 65 Invalid target 67 Operation aborted 69 Missing prerequisite 70 Authorization error 71 Operation on prerequisite failed 73 Invalid event EXAMPLES The following examples show how to use the ovrc command and some of its options to control and display important information about registered components. l To display the status of category SERVER on a remote systemwith the hostname; mach.hp.com: ovrc -host mach.hp.com -status SERVER l To stop the component registered as opcle on a local host: ovrc -stop opcle Before opcle itself stops, components that depend on opcle are stopped. SEE ALSO "ovc" (on page 1090) "ovcreg" (on page 1109) ovswitchuser NAME ovswitchuser - Runs the HP Operations agent processes under a non-administrative account (not the root account). SYNOPSIS HP Operations Manager (9.00) Page 1129 of 1297 Online Help Note: Stop all HP Software processes on the systembefore applying an ovswitchuser command to change the user/account that you want to use for the HP Software processes. Use the command: ovc -kill ovswitchuser -h | -help ovswitchuser -v | -version On UNIX systems: ovswitchuser.sh -existinguser <userName> | -existinguserID <userID> - existinggroup <groupName> | -existinggroupID <groupID>[-passwd <passwd>] | -setgroup <package> On Windows systems: Note: On Windows, the user that is specified with ovswitchuser needs to have the Log On as a Service permission. cscript ovswitchuser.vbs -existinguser <userName> | -existinggroup <groupName> | [-passwd <passwd>] DESCRIPTION Caution: Usage restrictions and further considerations may apply depending on the HP Software product being used. Some HP Software products must be run under the root/Administrative account. Do not use the ovswitchuser functionality in these environments. Refer to the product documentation before attempting to change the user account with the ovswitchuser tool. By default, the HP Software core processes run under the root/Administrator account. The ovswitchuser command allows you to run the HP Software processes under a non- administrative account. The group ownership of all registered HP Software component product files and directories of <OVDataDir> is changed. The specified user is added to the group and the core HP Software processes are started under this user account. Boot scripts are changed to allow Daemons/Services to run under non-root/non-Administrative accounts and modifies the operating- system-specific registration of deamons/services so that HP Software processes start under the specified user. The ovswitchuser command also stores information about the specified group in the HP Software configuration file. The non-root concept relies on the user under which the agent runs belonging to a specific UNIX group. Therefore the group bits of any files that are created by HP Software applications must be set. This allows HP Software applications to be run under dedicated users if required, while sharing the same resources, for example log files. Therefore, it is recommended to set the umask appropriately for the users that are used to run HP Software applications. A umask setting of 02 is preferable. 022 would cause problems when multiple applications are run under different users. If all HP Software applications run under the same user, the umask setting is not required. If the OV Communication Broker is running, the port that it uses must be 1024 or greater or set the switchuser bit to ovbbccb. You may need to change the port number on both communication systems. Refer to product documentation for exact details. To check if the Communication Broker is running, execute the command: HP Operations Manager (9.00) Page 1130 of 1297 Online Help /opt/OV/bin/ovc -status It is running if there is the following entry: ovbbccb OVCommunicationBroker CORE (****) Running If the Communication Broker is running, set the port number to 1024 or greater or set the switchuser bit to ovbbccb. An example command for the node mynode is given below. Refer to the Communication Broker man pages for further details. ovconfchg -ns bbc.cb.ports -set PORTS mynode:1024 It is also recommended that the domain for the systemis also specified. For example: ovconfchg -ns bbc.http -set DOMAIN mydomain.com For further information, refer to the ovconfget(1), ovconfchg(1), bbc.ini(4), and ovbbccb(1) man pages. Parameters ovswitchuser recognizes the following options: -h | -help Displays the options for the ovswitchuser command. -version Displays the version number of the cross platformcomponent. -existinguser <userName> Specifies an existing user <userName> who can run the HP Software processes. -existinguserID <userID> The -existinguserID option is for UNIX only. Specifies an existing user <userID> under which to run the HP Software processes. -existinggroup <groupName> Specifies an existing group <groupName> that can run the HP Software processes. The <userName> specified with the -existinguser parameter is added to this group if the <userName> does not belong to this group. -existinggroupID <groupID> The -existinggroupID option is for UNIX only. Specifies an existing group <groupID> under which to run the HP Software processes. [-passwd <passwd>] The -passwd option is for Microsoft Windows only. If you use the -passwd option to specify the password of the user <userName> defined in - existinguser, the password is used as logon for the HP Software services, which are started. Note that, for security reasons, a password is required to start the HP Software Services. So, if you choose not to specify a password here, you will have to enter the password manually in the Services dialog when you start the HP Software Services after the ovswitchuser command completes. -setgroup <package> Sets group ownership for the specified package defined in the XPL config AUTHOR ovswitchuser was developed by Hewlett-Packard Company. EXAMPLES HP Operations Manager (9.00) Page 1131 of 1297 Online Help The following examples show how to use the ovswitchuser command: l To set ownership of all the installed package files to the group defined in <groupName>=OV_ group and the user defined in <userID>=1000: ovswitchuser.sh -existinguserID 1000 -existinggroup OV_group SEE ALSO "ovconfchg" (on page 1102) "ovconfget" (on page 1104) "bbc.ini" (on page 1066) "ovbbccb" (on page 1081) ovtrccfg NAME ovtrccfg - enables the tracing mechanismfor supported applications on the local machine. SYNOPSIS ovtrccfg -app|-application <application_name> [-cm|-component <component_name>] [-gc|-generate_configuration <filename>][-sink <filename>] ovtrccfg -cf|-configuration <filename> ovtrccfg -off ovtrccfg -version ovtrccfg -h|-help ovtrccfg -vc DESCRIPTION The ovtrccfg command helps you enable and configure the tracing mechanismto record the state of a supported application on the systemwhere an HP Software product is installed. By default, trace log files are placed into the application's home directory after you enable the tracing mechanism. When you configure the tracing mechanismwith the gc option, all configuration details are directed to a trace configuration (.tcf) file. You can create and modify trace configuration files with the command or with a text editor. In the trace configuration file, you can specify the location of trace log files with the sink option. When you start the tracing process without a configuration file, all available trace levels and categories are enabled. If you want to enable only select levels of tracing, you must use a trace configuration file. The tracing mechanismprovides the following different levels of tracing: Info Enable traces marked as information. Warn HP Operations Manager (9.00) Page 1132 of 1297 Online Help Enable traces marked as warning. Error Enable traces marked as error. Support Enable the normal tracing. The trace output includes informational notifications, warnings, and error messages. This option is recommended for troubleshooting problems. This level of tracing can be enabled for a long duration as the overhead to capture the trace output is minimal with this option. In addition, you can use the location, stack, developer, and verbose levels when detailed trace messages are requested by HP Support. Parameters The ovtrccfg command accepts the following parameters and options: -app|-application <application_name> This option helps you enable the tracing mechanismfor select HP Software applications. These applications are essentially programs, daemons, processes, and services that are used by different HP Software products. -cm|-component <component_name> You can enable tracing of select components of an application with the cm option. By default, all components of an application are traced by the tracing mechanism. You can use the wildcard character (*) with this option. For example, the ovtrccfg -app coda -cm xpl* command starts tracing for all the components, which belong to the coda application, with the names that begin with xpl. -cf|-configuration <filename> You can enable the tracing mechanismaccording to the rules specified in a configuration file. The configuration files are stored on the same systemwith the extension .tcf. -sink <filename> The sink option helps you direct the trace log files to a location of your choice on the local system. All trace log files generated with the command are placed into the location specified with the sink option. -gc|-generate_configuration <filename> The gc option creates a trace configuration file (.tcf) that can be edited to set the desired tracing configuration. -off The off option helps you disable the tracing process. If you use the off option without any other options, the entire tracing mechanismstops. You can use the app and cm options with the off option to conditionally exclude select applications and components when you enable tracing. For example, the "ovtrccfg -app o* -off ovc*" command enables tracing for all applications with the names that begin with "o," but excludes the applications with the names that begin with "ovc." Similarly, the "ovtrccfg -app ovoadif -cm e* -off eaagt.misc" command enables the tracing mechanismfor all components with the names that begin with "e," which belong to the application "ovoadif," except the component eaagt.misc. -vc This option displays the current tracing status of all the supported applications available on the system. -version HP Operations Manager (9.00) Page 1133 of 1297 Online Help This option displays the version of this command. -h|-help Displays all available command options. AUTHOR ovtrccfg is developed by Hewlett-Packard Company. EXAMPLE The following examples show how to use the ovtrccfg command: l Enable the tracing mechanismfor all applications with the names that begin with o: ovtrccfg -app o* l Enable the tracing mechanismfor the coda application and direct the trace log files to the /opt/OV/support directory: ovtrccfg -app coda -sink /opt/OV/support/output.trc l Enable the tracing mechanismon the local systembased on the rules set in the trace configuration file config.tcf: ovtrccfg -cf config.tcf ovtrcmon NAME ovtrcmon - helps you view the trace messages fromtrace files and enables you to store the trace messages into another file on the same system. SYNOPSIS ovtrcmon [-h|-help] -fromfile <source_file> -tofile <target_file>] -short|-long|-verbose|[-fmt <format_name>] DESCRIPTION The ovtrcmon command helps you view the contents of a trace file and lets you store the file content into another file on the same machine. When you start the tracing mechanismwith the ovtrccfgcommand, trace messages get captured into trace files in the binary format. To read the contents of a trace file, you can use the "ovtrcmon -fromfile <source_file> -fmt <format>" command. Alternatively, you can store the contents of a trace file into a new file in a readable format with the "ovtrcmon -fromfile <source_file> -tofile <target_ file> -fmt <format>" command. With the help of the configuration file $OvDataDir/conf/xpl/trc/ovtrcmon.cfg, you can specify a customized format of your choice that you want to use while viewing and storing the contents of trace files. You can use the following keywords while configuring this file: Severity The trace file captures trace messages with different severity levels. This keyword helps you filter the trace messages based on the severity level. Available severity levels are: Info, Warn, Error, Support, Location, Stack, Developer, and Verbose. Count HP Operations Manager (9.00) Page 1134 of 1297 Online Help The serial number for a particular trace message. Tic A high-resolution elapsed time value. LocalTime The local equivalent date and time of the trace message. UTCTime The UTC time of the trace message. Pid The process ID of the traced application. Tid The thread ID of the traced application. Component The name of the component issuing the trace message. Category An arbitrary name assigned by the traced application or one of several categories provided by the tracing mechanism. Source The line number and file name of the source generating the trace. Stack A description of the calling stack in the traced application. TrcMsg Trace message description. Attribute Attribute of the trace message. Application Name of the traced application. Machine Name of the machine where the traced application resides. Formatting You can use one of four types of formatting on the trace output. The Formatting keyword helps you generate the output in the following formats: CSV Comma separated values. This keyword presents the output in a standard delimited format with double quotes (") around the text. formatted A printf-like output format. fixed This keyword presents the output with fixed-width fields and whitespace padding. Field widths are specified after the keyword fixed with commas. For example, fixed,w1,w2,..wn ]. xml Presents the trace output in the XML format. Parameters The ovtrcmon command accepts the following parameters: -fromfile <source_file> HP Operations Manager (9.00) Page 1135 of 1297 Online Help With this parameter, you can specify the name of the binary trace file. -tofile <target_file> With this parameter, you can specify the name of the file where you want to direct the contents of the trace file. -long Displays or stores the following details fromthe trace file: Severity, Component, Category, and trace description. -short Displays or stores only the trace description fromthe trace file. -verbose Displays or stores all details available in the trace file. -fmt With this parameter, you can view the contents of the trace file in a pre-configured format. You must specify the format definitions in the $OvDataDir/conf/xpl/trc/ovtrcmon.cfg file. You must declare <format_name> in this configuration file. -h|-help Displays all available command options. AUTHOR ovtrcmon is developed by Hewlett-Packard Company. EXAMPLE The following examples show how to use the ovtrcmon command: l View the trace messages in the $OvDataDir/log/example1.trcfile in the format format1, which is defined in the $OvDataDir/conf/xpl/trc/ovtrcmon.cfg file: ovtrcmon -fromfile $OvDataDir/log/example1.trc -fmt format1 l View only the descriptions of the trace messages in the $OvDataDir/log/example1.trc file: ovtrcmon -fromfile $OvDataDir/log/example1.trc -short l Store the available trace messages in the $OvDataDir/log/example1.trc file into the $OvDataDir/log/trace.txt file in the format format1, which is defined in the $OvDataDir/conf/xpl/trc/ovtrcmon.cfg file: ovtrcmon -fromfile $OvDataDir/log/example1.trc -tofile $OvDataDir/log/trace.txt -fmt format1 HP Operations Manager (9.00) Page 1136 of 1297 Online Help Agent Command-Line API The HPOMAutomation Wrapper adds interfaces to some command line API tools for HP Operations agent to make these tools accessible through the Windows Scripting Host. The functionality of these tools is available through a scripting language such as VBScript. Command line API tool Automation wrapper object opcmsg OVOAutomation.opcmsg opcmon OVOAutomation.opcmon opcmack OVOAutomation.opcmack Note: The information in this HPOMAgent Application Integration Guide is only for version 8.60 and lower of HP Operations agent. Related Topics: l Automation Wrapper: opcmsg l Automation Wrapper: opcmon l Automation Wrapper: opcmack Automation Wrapper: opcmsg The automation interfaces for the HPOMcommand line tools have the same functionality as the tools themselves. The automation interface is basically a wrapper around the HPOMInterface API, which is part of the HPOMApplication Integration Guide (AIG). For example, you can submit a message to HP Operations Manager for Windows using the automation wrapper for opcmsg, as follows. The object OVOAutomation.opcmsg generates a message for HP Operations Manager. Before the message is submitted, it is interpreted by the HP Operations Message Interceptor on the local managed node where the command is executed. Depending on how you configured the message interceptor, the message can be: l Discarded l Locally logged l Forwarded to the management server l Forwarded to the management server, with local logging. The message interceptor must be configured and running on the managed node or the send() function of the object OVOAutomation.opcmsg will fail. The following parameters and functions are available for the object: Parameter Access Type Description Application In Name of application or script/programwhich is affected by or detected the event/problem. HP Operations Manager (9.00) Page 1137 of 1297 Online Help Object In Object which is affected by or has detected the event/problem. MessageText In Descriptive text explaining the event/problemin more detail. Severity In Specifies the severity of the message. The following severities are supported: normal, warning, minor, major, and critical. By default, severity normal is applied. MessageGroup In Default message group to which the message belongs. By default, no message group is assigned. Nodename In Systemon which the event/problemis detected. By default, the name of the current systemis applied. ServiceName In Name of the service (as defined in the Service Editor) to which the message is mapped. OptVar In Optional variable to be used in the message interceptor. Separate mutliple variables with spaces. MessageId Out Unique ID of the message generated by HP Operations Manager. Parameter cannot be retrieved before calling functions Functions Description Send() Sends the message to the Message Action Server. All mandatory parameters have to be set before calling this function. Example Dim msgObj Set msgObj = CreateObject("OVOAutomation.Opcmsg") msgObj.MessageText = "My automated message" msgObj.Application = "My automated application" msgObj.MessageGroup = "My Message Group" msgObj.Object = "My Object" msgObj.Nodename = "HOSTNAME" msgObj.Severity = "warning" msgObj.ServiceName = "My Service" OptVar = "VariableName=VariableText" OptVar = "CMA1=myCmaOne CMA2=myCmaTwo CMA3=myCmaThree" msgObj.Send() Restrictions This function can be run by any user. The message group (msg_grp), the object, and the application parameter must not be longer than 32 bytes; this is the maximumsize HP Operations can handle with these parameters. Examples The examples are available on the management server in the following directory: HP Operations Manager (9.00) Page 1138 of 1297 Online Help %OvInstallDir%\examples\OvOW\DevelopmentKit\Agent\VBScript Related topics l opcagt l Open message interface policies Automation Wrapper: opcmon The automation interfaces for the HPOMcommand line tools have the same functionality as the tools themselves. The automation interface is basically a wrapper around the HPOMInterface API, which is part of the HPOMApplication Integration Guide (AIG). The object OVOAutomations.Opcmon offers the following parameters and functions: Parameter Access Type Object name* In ObjValue* In MsgObject* In OptVar In Functions Description Send() Sends the message to the Message Action Server. All mandatory parameters have to be set before calling this function. Example The following script sends a monitor value to the monitor agent. Dim msgObj Set msgObj = CreateObject("OVOAutomation.Opcmon") msgObj.Object = "MyPolicyObject" msgObj.ObjValue = 7 msgObj.MsgObject = "My Message object" msgObj.Send() Restrictions This function can be run by any user. The message group (msg_grp), the object, and the application parameter must not be longer than 32 bytes; this is the maximumsize HP Operations can handle with these parameters. Examples The examples are available on the management server in the following directory: %OvInstallDir%\examples\OvOW\DevelopmentKit\Agent\VBScript HP Operations Manager (9.00) Page 1139 of 1297 Online Help Automation Wrapper: opcmack The automation interfaces for the HPOMcommand line tools have the same functionality as the tools themselves. The automation interface is basically a wrapper around the HPOMInterface API, which is part of the HPOMApplication Integration Guide (AIG). The object OVOAutomations.Opcmack offers the following parameters and functions: Parameter Access Type MessageId* In Functions Description Acknowledge Acknowledges the specified message. All mandatory parameters have to be set before calling this function. Example Dim ackObj Set ackObj = CreateObject("OVOAutomation.Opcmack") ackObj.MessageId = "MY_MESSAGE_ID" ackObj.Acknowledge() Restrictions This function can be run by any user. The message group (msg_grp), the object, and the application parameter must not be longer than 32 bytes; this is the maximumsize HP Operations can handle with these parameters. Examples The examples are available on the management server in the following directory: %OvInstallDir%\examples\OvOW\DevelopmentKit\Agent\VBScript HP Operations Manager (9.00) Page 1140 of 1297 Online Help Agent C APIs The Agent C Application Programming Interfaces (APIs) enable you to integrate you own applications and programs with HP Operations agents version 8.60. Note: The HP Operations agent API includes support for C/C++ and Java, as well as for every language that supports DCOMautomation (for example, VB, VBScript, JScript, and so on). However, the agent message streaminterface supports C APIs only. 32-bit APIs are built using Microsoft Visual Studio 2005. The information in this HPOMAgent Application Integration Guide is only for version 8.60 and lower of HP Operations agent. Libraries on the Managed Nodes Instrumentation programs which use the HP Operations Agent APIs must be developed on a systemwith an HP Operations Agent installed, so that the HPOMshared libraries and opcapi.h header files are both available. Examples of how to use the API functions fromC, Java, and VB Script are available in the following folder on the management server: %OvInstallDir%\examples\OVOW\DevelopmentKit\Agent Platforms that support multi-threaded environments, for example DCE, must also supply reentrant systemcalls that work in this environment. Some platforms only supply reentrant libraries which also work for single-threaded applications. Some have separate libraries-a standard library and a reentrant library; for example, libc and libc_r, or libsocket and libsocket_r. On platforms with two sets of libraries, it is important to link the application using the standard library to the crt0 object file, and the reentrant library using the crt0_r object file. crt0 and crt0_r contain code that is executed before main() and is responsible for setting up or initializing the environment before calling any of the library APIs. Mixing reentrant and non-reentrant crt0 and libraries is not allowed. The HP Operations agent for DCE is a multi-threaded application and thus requires and uses reentrant libraries. Consequently, the HPOMlibrary libopc_r is using reentrant calls fromvarious libraries. To use the APIs in the HPOMlibrary, they must be linked correctly. Applications that use the DCE HPOMlibrary must be linked as a multi-threaded application; see below for details for each managed node platform. HP Operations Manager (9.00) Page 1141 of 1297 Online Help Include file locations Operating system DCE agents HTTPS agents Windows %OvAgentDir%\include\opcapi.h %OvInstallDir%include\opcapi.h HPUX /opt/OV/include/opcapi.h /opt/OV/include/opcapi.h Linux /opt/OV/include/opcapi.h /opt/OV/include/opcapi.h Solaris /opt/OV/include/opcapi.h /opt/OV/include/opcapi.h Tru64 /usr/opt/OV/include/opcapi.h /usr/opt/OV/include/opcapi.h AIX Not applicable. /usr/lpp/include/opcapi.h Libraries for DCE agents Platform Library Link options Windows %OvAgentDir%\lib\opcapi.lib Add library path $(OvAgentDir)\lib and library module opcapi.lib to the Microsoft Visual Studio project file. HPUX PA /opt/OV/lib/libopc_r.sl -L/opt/OV/lib -lopc_r -lnsp HPUX IA /opt/OV/lib/hpux32/libopc_ r.so -L/opt/OV/lib/hpux32 -lopc_r -lnsp Linux /opt/OV/lib/libopc_r.so -L/opt/OV/lib -lopc_r -lnsp Solaris /opt/OV/lib/libopc_r.so -L/opt/OV/lib -lopc_r -lnsp Tru64 /usr/opt/OV/lib/libopc_r.so -L/usr/opt/OV/lib -lopc_r -lnsp Lightweight libraries for HTTPS agents HTTPS agents version 8.53 or higher provide lightweight libraries, which use less memory and provide better performance than previous libraries. Link the lightweight libraries if you develop new applications that use HPOperations Agent APIs. The lightweight libraries provide the same interfaces as the previous libraries. Therefore, you can recompile existing applications to link the lightweight libraries. Examples of how to use the lightweight libraries are available in the following folder on nodes that have the HTTPS agent version 8.53 or higher: <OvInstallDir>/examples/copcagtapi Operating system Libraries HP Operations Manager (9.00) Page 1142 of 1297 Online Help Windows a b 32 bit %OvInstallDir%\bin\libopcagtapi.dll 64 bit %OvInstallDir%\bin\win64\libopcagtapi.dll HPUX PA b /opt/OV/lib/libopcagtapi.sl HPUX IA b /opt/OV/lib/hpux32/libopcagtapi.so Linux ab 32 bit /opt/OV/lib/libopcagtapi.so 64 bit c /opt/OV/lib64/libopcagtapi.so Solaris b 32 bit /opt/OV/lib/libopcagtapi.so 64 bit d /opt/OV/lib64/libopcagtapi.so Tru64 b /usr/opt/OV/lib/libopcagtapi.so AIX b 32 bit /usr/lpp/OV/lib/libopcagtapi.a 64 bit d /usr/lpp/OV/lib64/libopcagtapi.a a On operating systems for which the agent provides both 64 bit and 32 bit lightweight libraries, link the appropriate library for your program(for example, link the 32 bit libraries to a 32 bit program, even if the programruns on a 64 bit operating system). b To use the lightweight library on UNIX and Linux operating systems, you must also link the following HP BTOSoftware shared library: Operating system Libraries HPUX PA /opt/OV/lib/libOvXpl.sl HPUX IA /opt/OV/lib/libOvXpl.so Linux 32 bit /opt/OV/lib/libOvXpl.so 64 bit /opt/OV/lib64/libOvXpl.so Solaris 32 bit /opt/OV/lib/libOvXpl.so 64 bit d /opt/OV/lib64/libOvXpl.so Tru64 /usr/opt/OV/lib/libOvXpl.so AIX 32 bit /usr/lpp/OV/lib/libOvXpl.so 64 bit d /usr/lpp/OV/lib64/libOvXpl.so c The 64 bit libraries that are included with 32 bit Linux agents do not support message stream interface functions. To compile a 64 bit application that uses message streaminterface functions, link the 64 bit libraries froma 64 bit Linux agent. d Available in HTTPS agents version 8.60 or higher. HP Operations Manager (9.00) Page 1143 of 1297 Online Help Legacy libraries for HTTPS agents HTTPS agents version 8.52 or lower provide libraries that use more resources than the lightweight libraries. HP intends to remove these legacy libraries in a forthcoming version of the HTTPS agent. You should therefore only use the legacy libraries if your application must be compatible with HTTPS agent version 8.52 or lower. Operating system Libraries Windows 1 2 32 bit %OvInstallDir%\bin\opcapi.dll %OvInstallDir%\bin\libopc.dll 64 bit %OvInstallDir%\bin\win64\opcapi.dll %OvInstallDir%\bin\win64\libopc.dll HPUX PA 3 /opt/OV/lib/libopc_r.sl HPUX IA 3 /opt/OV/lib/hpux32/libopc_r.so Linux 2 3 32 bit /opt/OV/lib/libopc_r.so 64 bit 4 /opt/OV/lib64/libopc_r.so Solaris 3 /opt/OV/lib/libopc_r.so Tru64 3 /usr/opt/OV/lib/libopc_r.so AIX 3 /usr/lpp/OV/lib/libopc_r.a 1 On Windows operating systems, libopc.dll is the agent library, and opcapi.dll is the agent API library. 2 On operating systems for which the agent provides both 64 bit and 32 bit libraries, link the appropriate libraries for your program(for example, link the 32 bit libraries to a 32 bit program, even if the programruns on a 64 bit operating system). 3 To use the legacy libraries on UNIX and Linux operating systems, you must also link the following HP BTOSoftware shared libraries: Operating system Libraries HPUX PA /opt/OV/lib/libOvBbc.sl /opt/OV/lib/libOvConf.sl /opt/OV/lib/libOvCtrl.sl /opt/OV/lib/libOvCtrlUtils.sl /opt/OV/lib/libOvDepl.sl /opt/OV/lib/libOvSecCm.sl /opt/OV/lib/libOvSecCore.sl /opt/OV/lib/libOvXpl.sl HPUX IA Solaris /opt/OV/lib/libOvBbc.so /opt/OV/lib/libOvConf.so /opt/OV/lib/libOvCtrl.so /opt/OV/lib/libOvCtrlUtils.so HP Operations Manager (9.00) Page 1144 of 1297 Online Help /opt/OV/lib/libOvDepl.so /opt/OV/lib/libOvSecCm.so /opt/OV/lib/libOvSecCore.so /opt/OV/lib/libOvXpl.so Linux 32 bit /opt/OV/lib/libOvBbc.so /opt/OV/lib/libOvConf.so /opt/OV/lib/libOvCtrl.so /opt/OV/lib/libOvCtrlUtils.so /opt/OV/lib/libOvDepl.so /opt/OV/lib/libOvSecCm.so /opt/OV/lib/libOvSecCore.so /opt/OV/lib/libOvXpl.so 64 bit /opt/OV/lib64/libOvBbc.so /opt/OV/lib64/libOvConf.so /opt/OV/lib64/libOvCtrl.so /opt/OV/lib64/libOvCtrlUtils.so /opt/OV/lib64/libOvDepl.so /opt/OV/lib64/libOvSecCm.so /opt/OV/lib64/libOvSecCore.so /opt/OV/lib64/libOvXpl.so Tru64 /usr/opt/OV/lib/libOvBbc.so /usr/opt/OV/lib/libOvConf.so /usr/opt/OV/lib/libOvCtrl.so /usr/opt/OV/lib/libOvCtrlUtils.so /usr/opt/OV/lib/libOvDepl.so /usr/opt/OV/lib/libOvSecCm.so /usr/opt/OV/lib/libOvSecCore.so /usr/opt/OV/lib/libOvXpl.so AIX /usr/lpp/OV/lib/libOvBbc.so /usr/lpp/OV/lib/libOvConf.so /usr/lpp/OV/lib/libOvCtrl.so /usr/lpp/OV/lib/libOvCtrlUtils.so /usr/lpp/OV/lib/libOvDepl.so /usr/lpp/OV/lib/libOvSecCm.so /usr/lpp/OV/lib/libOvSecCore.so /usr/lpp/OV/lib/libOvXpl.so 4 The 64 bit libraries that are included with 32 bit Linux agents do not support message stream interface functions. To compile a 64 bit application that uses message streaminterface functions, link the 64 bit libraries froma 64 bit Linux agent. Compiler versions and options for agent APIs To use the HP Operations Agent APIs, you must use the correct compiler version and options. The following tables list the compiler versions and options for each platform. HP Operations Manager (9.00) Page 1145 of 1297 Online Help Microsoft Windows Server 2003 on x86 (32 bit) Compiler Microsoft Visual Studio 2005 TeamEdition plus VS2005 Service Pack 1 Required compiler options l /GR enable RTTI l /MD Mutithreaded DLL (Use for release version) l /MDd Debug Multithreaded DLL (use for debug versions) l /EHa enable C++ exception handling l /W3 Warning level 3 l /Wp64 Detect 64-bit portability issues l /GF Enable string pooling l /J Default unsigned char l /Zc:wchar_t wchar_t is a native type l /Gd Use __cdecl calling convention. l /analyze Enterprise code analysis Other requirements Embed the manifest for all DLLs, loadable modules, and executables into the binary using mt.exe. Microsoft Windows Server 2003 on x64 (64 bit) Compiler Microsoft Visual Studio 2005 TeamEdition plus VS2005 Service Pack 1 Required compiler options l /GR enable RTTI l /MD Mutithreaded DLL (Use for release version) l /MDd Debug Multithreaded DLL (use for debug versions) l /EHa enable C++ exception handling l /W3 Warning level 3 l /Wp64 Detect 64-bit portability issues l /GF Enable string pooling l /J Default unsigned char l /Zc:wchar_t wchar_t is a native type l /Gd Use __cdecl calling convention. l /analyze Enterprise code analysis Other requirements Embed the manifest for all DLLs, loadable modules, and executables into the binary using mt.exe. HP Operations Manager (9.00) Page 1146 of 1297 Online Help Microsoft Windows Itanium (64 bit) Compiler Microsoft Visual Studio 2005 TeamEdition. Itaniumcross-compiler with VS2005 SP 1 Required compiler options l /GR enable RTTI l /MD Mutithreaded DLL (Use for release version) l /MDd Debug Multithreaded DLL (use for debug versions) l /EHa enable C++ exception handling l /W3 Warning level 3 l /Wp64 Detect 64-bit portability issues l /GF Enable string pooling l /J Default unsigned char l /Zc:wchar_t wchar_t is a native type l /Gd Use __cdecl calling convention. l /analyze Enterprise code analysis Other requirements l Build Windows Server 2003 Itaniumbinaries on an x86 systemusing a cross compiler. l Embed the manifest for all DLLs, loadable modules, and executables into the binary using mt.exe. HP-UX 11.11, 11.23 PA (32 bit API) Compiler aCC A.03.80 Required compiler options l -AP use older C++ runtime libraries (Note: this is the default) l -mt for thread-safe code Recommended options l -Aa enables newly supported ANSI C++ standard features l -D__HPACC_STRICTER_ANSI__ enables additional ANSI compliance of STL l +hpxstd98 enables new, standards compliant compilation mode Other requirements Runtime patch PHSS_33945 HP Operations Manager (9.00) Page 1147 of 1297 Online Help HP-UX 11.23 IA64 (in native IPF mode) (32 Bit API) Compiler HP aC++ Compiler (Version: A.06.05) Required compiler options l -AA use ANSI-standard STL and IOStreams (this is the default) l -mt for thread-safe code l +DD64 create 64 bit mode binaries (only for HPUX11.23_IPF64 executables) Recommended options l -Aa enable newly supported ANSI C++ standard features (this is only necessary if AA is not used explicitly) l +DSitanium2 optimize code for Itanium2 CPU (also runs on Itanium1) Other requirements l Build patch PHSS_33350 11.23 aC++ Runtime (IA: A.06.05) l Build patch PHSS_33352 11.23 Integrity Unwind Library SuSE Linux ES 9, SuSE 9.1, 9.2, 9.3, RedHat Enterprise Linux 4.0 (32 or 64 bit API) Compiler gcc version 3.3.3-43 (Standard compiler of SuSE Linux ES 9) Required compiler options -lpthread Executables must be linked with the pthread library if any directly or indirectly used shared library is dependent on the pthread library, even if the executable itself is a single-threaded application. Other requirements To compile 32 bit binaries on a 64 bit system, use the m32 compiler switch. SuSE Linux ES 10, RedHat Enterprise Linux 5.0 (64 bit CPU required) (64 Bit API) Compiler gcc version 4.1.0 (Standard compiler of SuSE Linux ES 10) Required compiler options -lpthread Executables must be linked with the pthread library if any directly or indirectly used shared library is dependent on the pthread library, even if the executable itself is a single-threaded application. Other requirements To compile 32 bit binaries on a 64 bit system, use the m32 compiler switch. SuSE Linux ES 10, RedHat Enterprise Linux 5.0 (Itanium) (64 bit API) Compiler gcc version 4.1.0 (Standard compiler of SuSE Linux ES 10) Required compiler options -lpthread Executables must be linked with the pthread library if any directly or indirectly used shared library is dependent on the pthread library, even if the executable itself is a single-threaded application. HP Operations Manager (9.00) Page 1148 of 1297 Online Help SuSE Linux ES 10, RedHat Enterprise Linux 5.0 (x64 or Itanium) (32 Bit API) Compiler gcc version 3.3.3-43 (Standard compiler of SuSE Linux ES 9) Required compiler options -lpthread Executables must be linked with the pthread library if any directly or indirectly used shared library is dependent on the pthread library, even if the executable itself is a single-threaded application. Other requirements To compile 32 bit binaries on a 64 bit system, use the m32 compiler switch. HP Operations Manager (9.00) Page 1149 of 1297 Online Help Solaris 9, 10 (SPARC) (32 and 64 bit API) Compiler Sun Studio 11 Required compiler options -mt for thread-safe code Other requirements Build patches: l 122149 Update checking binary l 124862 Debuginfo handling l 120760 Compilers Back-End l 121017 C++ l 121019 Fortran 95 l 121021 Fortran 95 Libraries l 121015 C 5.8 compiler l 121023 dbx l 120761 Performance Analyzer l 122135 Sun Performance Library l 122142 Sun Studio IDE Runtime patches: l 117557 OpenMP support libmtsk l 108434 32-bit shared library patch for C++ l 108435 64-bit shared library patch for C++ l 111721 SunOS 5.8 Math Library libmpatch l 109147 Linker patch l 111697 SCCS and make l 114802 Assembler l 108652 X11 Xsun For Solaris 8: l 108434-08 SunOS 5.8: 32-Bit Shared library patch for C++ l 108993-25 LDAP2 client, libc, libthread, libnsl libraries patch l 109147-15 SunOS 5.8: Linker catch HP Operations Manager (9.00) Page 1150 of 1297 Online Help Solaris 10 (x86/x64 32 bit) Compiler Sun Workshop Compiler 11 Required compiler options options l -mt for thread-safe code l -fast xtarget=pentium (option sequence is important) Other requirements Compiler patches: l 122148 Update checking binary l 124859 Debug info handling l 120759 Compilers Back-End l 121018 C++ l 121020 Fortran 95 l 121022 Fortran Libraries l 121016 C 5.8 compiler l 121616 dbx l 120762 Performance Analyzer l 122136 Sun Performance Library l 122143 Sun Studio IDE Operating systempatches: l 118677 SunOS 5.10_x86: SCCS and make utilities l 118345 SunOS 5.10_x86: ld & libc.so.1 l 119961 SunOS 5.10_x86: Assembler l 119964 SunOS 5.10_x86 Shared library patch for C++_x86 l 120754 SunOS 5.10_x86 libmtsk l 121621 MediaLib HP Operations Manager (9.00) Page 1151 of 1297 Online Help AIX 6.1 (64 bit) Compiler IBMVisual Age C++ Professional / C for AIX Compiler, Version 9.0. Required compiler options l xlC_r compile thread-safe code l -qrtti=all enable RTTI Other requirements l Runtime : AIX 6.1 TL2 l xlC.aix61.rte 10.1.0.2 C F XL C/C++ Runtime for AIX 6.1 l xlC.rte 10.1.0.2 C F XL C/C++ Runtime AIX 5.3 (32 bit) Compiler IBMVisual Age C++ Professional / C for AIX Compiler, Version 5.0. Required compiler options l xlC_r compile thread-safe code l -qrtti=all enable RTTI AIX 5.3 (64 bit API) Compiler IBMVisual Age C++ Professional / C for AIX Compiler, Version 9.0. Required compiler options l xlC_r compile thread-safe code l -qrtti=all enable RTTI Java Compiler Sun JDK 1.5_14 Other requirements Required Java runtime for AIX 6.1 is JRE 1.6 minimum Using APIs in Internationalized Environments All HPOMAPI functions are internationalized. This means that they will initialize the language setting, check the codeset for compatibility, and convert codesets if necessary, provided your API programs support Native Language Support (NLS) environments. When writing API programs for internationalized environments, you must ensure that your programs do select the appropriate locale. In C programs, you do this by calling the function setlocale() at the beginning of your program. It is recommended to use setlocale(LC_ALL,""). The category LC_ALL names the program's entire locale. "" adopts the setting of the current shell. HP Operations Manager (9.00) Page 1152 of 1297 Online Help Data API The HPOMData API provides a set of functions to set and get information in the formof HPOM data structures. Direct access to HPOMobjects is not supported. This API is used for: l HPOMData Structures (See HPOMData Structures for more information.) Usage To use the functions, include the header file opcapi.h in your application. Each routine returns an error/status code. Prerequisites The API functions can be issued by any user. For some attribute values a maximumlength applies as noted with the appropriate attribute selector described in HPOMData Structures. Multithread Usage All functions of the HPOMData API are safe to be called by multithreaded applications, and are thread-safe for both POSIX Threads and DCE User Threads. They are neither async-cancel, async-signal, nor fork-safe, and cannot be safely called kernel threads. opcdata_clear() #includeopcapi.h intopcdata_clear( opcdata *data /*in/out*/ ); Parameters data Points to the data area that will be cleared. Description Frees an re-initializes all fields in data. Note: This function changes the pointer to the data structure. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: parameter data is invalid; probably NULL OPC_ERR_CANT_INIT: unable to initialize OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.07.50 and later HP Operations Manager (9.00) Page 1153 of 1297 Online Help opcdata_copy() #include opcapi.h int opcdata_copy( const opcdata data, /*in*/ opcdata *copy /*out*/ ); Parameters data HPOMdata structure that will be copied. copy Copy of data. Description The API creates a copy of the data area and returns it in copy. It creates a complete copy, that is, the string fields of data are copied and not shared between data and copy. The allocated memory has to be deallocated using opcdata_free() before using this function. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: data is NULL or of wrong type OPC_ERR_INVALID_OUTPARAM: copy is invalid; probably NULL OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures opcdata_create() #includeopcapi.h int opcdata_create( int data_type, /*in*/ opcdata *data /*out*/ ); Parameters data_type Specifies the type of the allocated data area; see HPOMData Structures for a list of supported data structures. data HP Operations Manager (9.00) Page 1154 of 1297 Online Help HPOMdata structure. Description This function allocates and initializes a data structure. To get or set attributes, the respective routines must be called. The memory used for the area must be deallocated by calling opcdata_ free(). Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_OUTPARAM: data is invalid; probably NULL OPC_ERR_CANT_INIT: unable to initialize OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures opcdata_free() #includeopcapi.h int opcdata_free( opcdata *data /*in/out*/ ); Parameters data Pointer to the data area that will be deallocated. data will be reset to NULL. Description The function opcdata_free() deallocates memory previously allocated by one of the functions opcif_read(), opcdata_create(), and opcdata_copy(). Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: data is NULL or of wrong type Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures HP Operations Manager (9.00) Page 1155 of 1297 Online Help opcdata_generate_id() #includeopcapi.h intopcdata_generate_id( opcdata data /*in*/ ,constintattribute /*in*/ ); Parameters data Pointer to the opcdata structure. attribute Specified which ID should be set. Description Generates an HPOMuuid and puts it into the ID field (specified in attribute) of the given opcdata structure. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: Input parameter was not valid. Versions HPOMfor Windows A.07.50 and later opcdata_get_double() #includeopcapi.h double*opcdata_get_double( const opcdata data, /*in*/ int attribute /*in*/ ); Parameters data HPOMdata structure containing the queried attribute. attribute Specifies the attribute that is queried. Description The function opcdata_get_double() returns the value of a double attribute in data. Returns the real value, or, OPC_DOUBLE_UNDEF if no value could be retrieved because data was empty or attribute was not allowed. Note that the real value could also be OPC_DOUBLE_ UNDEF. If an error occurs, for example an invalid attribute is specified, the function returns 0.0.. HP Operations Manager (9.00) Page 1156 of 1297 Online Help Versions HPOMfor Windows A.07.50 and later See Also OPCDTYPE_MONITOR_MESSAGE opcdata_get_error_msg() #includeopcapi.h char*opcdata_get_error_msg( const interror_code /*in */ ,char** p_error_msg /*out*/ ,int* p_error_msg_size /*out*/ ); Parameters error_code OPC_ERR_XXX error code. p_error_msg Pointer to allocated error message string; memory must be freed by caller. p_error_msg_size Size of allocated memory in bytes. Description Returns error text (description) relating to the given error code. The output is localized. This function is thread-safe. Note: The memory allocated by this function must be freed by the caller. Return Values string String contains error description. Versions HPOMfor Windows A.07.50 and later opcdata_get_long() #includeopcapi.h long opcdata_get_long( const opcdata data, /*in*/ int attribute /*in*/ ); Parameters data Data structure containing the queried attribute. attribute HP Operations Manager (9.00) Page 1157 of 1297 Online Help Specifies the attribute that is queried. Description Returns the value of the numeric attribute in data. Return Values Returns the integer value of the attribute; if the routine fails, a value of -1 is returned. Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures opcdata_get_str() #includeopcapi.h char*opcdata_get_str( const opcdata data, /*in*/ int attribute /*in*/ ); Parameters data Data structure containing the queried attribute. attribute Specifies the attribute that is queried. Description Instead of a status value, the function opcdata_get_str() returns a pointer to the desired string value. This function can, therefore, be used directly in another function call. Return Values Returns a character pointer to the value of the defined attribute in the data area. The pointer points into the internal data area. Modification of the attribute is only allowed using opcdata_set_str(); direct access to the string is not supported. Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures opcdata_report_error() #includeopcapi.h char *opcdata_report_error( const interror_code /*in*/ ); HP Operations Manager (9.00) Page 1158 of 1297 Online Help Parameters error_code OPC_ERR_XXX error code. Description Returns the error text (description) relating to the given error code. Note: The memory allocated by this function must be freed by the caller. Return Values string string contains error description; memory must be freed by caller Versions HPOMfor Windows A.07.50 and later opcdata_set_double() #includeopcapi.h int*opcdata_set_double( opcdata data, /*in/out*/ int attribute, /*in*/ double value /*in*/ ); Parameters data HPOMdata structure containing the attribute to be set attribute Specifies the attribute. value Contains the value of the attribute to be set. Description The function opcdata_set_double() sets the numeric float attribute in data to value. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: data is NULL, attribute is NULL, value is NULL Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures opcdata_set_long() #includeopcapi.h HP Operations Manager (9.00) Page 1159 of 1297 Online Help intopcdata_set_long( opcdata data, /*in/out*/ int attribute, /*in*/ long value /*in*/ ); Parameters data HPOMdata structure containing the attribute to be set. attribute Specifies the attribute. value Contains the value of the attribute to be set. Description Use the opcdata_set_long() routine to set the numeric long attribute in data to value. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: data is NULL, attribute is invalid Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures opcdata_set_str() #includeopcapi.h int*opcdata_set_str( opcdata data, /*in*/ int attribute, /*in*/ constchar *value /*in*/ ); Parameters data HPOMdata structure. attribute Select the attribute that is set. value Specify the value of the attribute. Description Use the function opcdata_set_str() to set the string attribute to a copy of value. HP Operations Manager (9.00) Page 1160 of 1297 Online Help Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: data is NULL, attribute is invalid, value is NULL OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.07.50 and later See Also HPOMData Structures opcdata_type() #includeopcapi.h intopcdata_type( opcdatadata /*in*/ ); Parameters data Points to an initialized data area. Description Returns the opcdata type in data. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: data is invalid; probably NULL Versions HPOMfor Windows A.07.50 and later opcreg_copy() #includeopcapi.h int opcreg_copy( constopcregcond reg_cond, /*in*/ opcregcond *copy /*out*/ ); Parameters reg_cond Pointer to the registration condition to copy. copy HP Operations Manager (9.00) Page 1161 of 1297 Online Help Address of the pointer to the copied condition. Description The function opcreg_copy() creates a complete copy of a registration condition and returns it. The allocated memory has to be deallocated using opcreg_free(). Return Values OPC_ERR_OK: No error occurred. OPC_ERR_NO_MEMORY: Memory allocation error. OPC_ERR_INVALID_OUTPARAM: One of the output parameters is NULL or not of the correct type. Versions HPOMfor Windows A.07.50 and later See Also opcreg_create() opcreg_free() opcreg_get_long() opcreg_get_str() opcreg_set_long() opcreg_set_str() opcreg_create() #includeopcapi.h int opcreg_create( opcregcond *reg_cond /*out*/ ); Parameters reg_cond HPOMregistration condition structure. Description This routine creates an empty registration condition. The actual structure of this data area is hidden fromthe user. To get or set attributes, the respective routines must be called. The memory used for the area has to be deallocated by calling opcreg_free(). Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_OUTPARAM: reg_cond is invalid OPC_ERR_NO_MEMORY: HP Operations Manager (9.00) Page 1162 of 1297 Online Help allocation of memory failed Versions HPOMfor Windows A.07.50 and later See Also opcreg_copy() opcreg_free() opcreg_get_long() opcreg_get_str() opcreg_set_long() opcreg_set_str() opcreg_free() #includeopcapi.h int opcreg_free( opcregcond *reg_cond /*in/out*/ ) Parameters reg_cond Address of the pointer to the registration condition. Description The function opcreg_free() deallocates the memory associated with a registration condition. Return Values OPC_ERR_OK: No error occurred. OPC_ERR_INVALID_OUTPARAM: One of the output parameters is NULL or not of the correct type. Versions HPOMfor Windows A.07.50 and later See Also opcreg_create() opcreg_copy() opcreg_get_long() opcreg_get_str() opcreg_set_long() opcreg_set_str() HP Operations Manager (9.00) Page 1163 of 1297 Online Help opcreg_get_long() #includeopcapi.h int opcreg_get_long( constopcregcond reg_cond, /*in*/ int field /*in*/ ); Parameters reg_cond Registration condition containing the numeric value. field Specifies the attribute in the registration condition. Description Use the function opcreg_get_long() to access the attribute values of a condition. Return Values Returns the requested long value, or, if not successful -1. Versions HPOMfor Windows A.07.50 and later See Also opcreg_create() opcreg_free() opcreg_copy() opcreg_get_str() opcreg_set_long() opcreg_set_str() opcreg_get_str() #includeopcapi.h int *opcreg_get_str( constopcregcond reg_cond, /*in*/ int field /*in*/ ); Parameters reg_cond Registration condition containing the string. field Specifies the attribute in the registration condition. Description HP Operations Manager (9.00) Page 1164 of 1297 Online Help Use the function opcreg_get_str() to access the string attribute of a registration condition. Return Values Returns a pointer to the requested string or if not successful a NULL pointer. Versions HPOMfor Windows A.07.50 and later See Also opcreg_create() opcreg_free() opcreg_copy() opcreg_get_long() opcreg_set_long() opcreg_set_str() opcreg_set_long() #includeopcapi.h int opcreg_set_long( constopcregcond reg_cond, /*in/out*/ int field, /*in*/ long value /*in*/ ); Parameters reg_cond Registration condition containing the string. field Selects the attribute in the registration condition. value Specifies the value of the attribute in the registration condition. Description The function opcreg_set_long() sets the value of a numeric field of a registration condition. Return Values OPC_ERR_OK: No error occurred. OPC_ERR_INVALID_FIELD: Invalid value used for field. Versions HPOMfor Windows A.07.50 and later See Also opcreg_create() HP Operations Manager (9.00) Page 1165 of 1297 Online Help opcreg_free() opcreg_copy() opcreg_get_long() opcreg_get_str() opcreg_set_str() opcreg_set_str() #includeopcapi.h int *opcreg_set_str( constopcregcond reg_cond, /*in/out*/ int field, /*in*/ constchar *value /*in*/ ); Parameters reg_cond Registration condition containing the string. field Selects the attribute in the registration condition. value Specifies the value of the attribute in the registration condition. Description The function opcreg_set_str() sets the value of a string field of a registration condition. Return Values OPC_ERR_OK: No error occurred. OPC_ERR_INVALID_FIELD: Invalid value used for field. Versions HPOMfor Windows A.07.50 and later See Also opcreg_create() opcreg_free() opcreg_copy() opcreg_get_long() opcreg_get_str() opcreg_set_long() HP Operations Manager (9.00) Page 1166 of 1297 Online Help Interface API The HPOMInterface API provides access to the HPOMagent message streaminterface (MSI) on the managed node. The agent MSI makes it possible to read HPOMmessages fromthe internal agent message stream and to write messages into the internal agent message stream. All MSI types establish a connection to the HP Operations agent. This interface is divided into the types: l OPCAGTIF_EXTMSGPROC_READ This interface type is used for non-destructive read operations on the HPOMinternal message flow. Only messages that are allowed to be output on the Agent MSI are accessible using this interface type. This type of interface is typically used by statistical analysis tools or additional display facilities. l OPCAGTIF_EXTMSGPROC_READWRITE This interface type is used to read messages fromHPOM's internal message flow, to modify / create messages, and to write themback to the HPOMprocesses. Only messages which are allowed to be output on the MSI are accessible using this interface type. Messages tagged with 'copy to' remain in HPOM's message flow, whereas messages tagged with 'divert to' are taken out of the flow. This type of interface could be used by event correlation engines. l OPCAGTIF_EXTMSGPROC_WRITE Interface instances of this type are used for write-only applications, to feed messages into HPOM's message flow. This type of interface could also be used to encapsulate the opcif_ write() routine in a command line interface. Prerequisites The API functions must be issued by the agent user. Multithread Usage All functions of the Interface API are safe to be called by multithreaded applications and are thread safe for both POSIX Threads and DCE User Threads. They are neither async-cancel, async-signal, nor fork-safe, and cannot be called safely in kernel threads. opcreg_copy() is not thread safe for POSIX threads or for DCE User Threads. Registration Conditions of the HPOM Interface API HPOMprovides a user-accessible data type to define registration conditions as the mechanismto register with the HPOMInterfaces. HPOMprovides a set of APIs to create an empty condition, modify or query condition fields and to duplicate or delete a condition definition frommemory. Related Topics: l Security considerations for the HPOMInterface API l Agent Message StreamInterface (MSI) HP Operations Manager (9.00) Page 1167 of 1297 Online Help Security considerations Applications that have read-write access to the HPOMmessage streamcan cause serious damage to the systemand other applications. It is therefore important that you take the following security considerations into account when working with the HPOMInterface APIs. Authorization mechanism An appropriate authorization mechanismat the API level guarantees that only authorized users can apply the APIs. However, as the checking of a user ID belongs to the OS level with its superuser concept, this conflicts somewhat with the existing HPOMconcept where the administrator is responsible for the configuration of user roles. HPOMallows users with a user ID of zero (uid 0), typically root on UNIX, and users that are in the Administrators group on Windows to access the HPOMInterface APIs and to define actions for messages that are sent to the management server. Enable and disable the agent MSI functionality The HPOMfor Windows administrator can enable and disable the agent Message StreamInterface (MSI) functionality. By default the interfaces are disabled. Automatic and operator-initiated commands The HPOMadministrator can configure whether actions can be defined by an application that is writing to the agent MSI. By default, it is not allowed to define actions. Specify output to the agent MSI for each message You can also define whether each message is allowed for output to the agent MSI in the HPOMfor Windows policy editors. For example, an administrator can prevent the output of certain messages so that external applications do not receive secure information by reading these messages fromthe HPOMmessage flow. Related Topics: l Agent Message StreamInterface (MSI) opcif_close() #includeopcapi.h int opcif_close( int interface_id /*in*/ ); Parameters interface_id Specifies which interface instance is used. Description Call the opcif_close() API to terminate the connection to the interface. If the interface is opened in read/write mode and OPCIF_CLOSE_FORWARD is specified in the opcif_open() call, all HP Operations Manager (9.00) Page 1168 of 1297 Online Help data in the interface queue is forwarded before the queue is removed; if not, data in the input queue is discarded. Message Events and Application Responses are always discarded if the interface instance is closed. Return Values OPC_ERR_OK OK OPC_ERR_CANT_INIT initialization of queues failed OPC_ERR_INVALID_INTERFACE_ID no such interface opened Versions HPOMfor Windows A.07.50 and later See Also HPOMInterfaces Data API HPOMData Structures opcif_get_pipe() #includeopcapi.h intopcif_get_pipe( int interface_id, /*in*/ int pipefd /*out*/ ); Parameters interface_id Specifies which interface instance is used. pipefd Returns the file descriptor of the selected output interface queue. Description A programreading fromseveral input files needs the pipe file descriptor of its interface input queue. This descriptor is then used as part of the parameters to select(2) or fcntl(2). The function opcif_get_pipe() returns this value. For convenience reasons, an application that reads only fromthe HPOMinterface can specify OPCIF_READ_WAIT in the opcif_open() call. Return Values OPC_ERR_OK OK OPC_ERR_CANT_INIT initialization of queues failed HP Operations Manager (9.00) Page 1169 of 1297 Online Help OPC_ERR_INVALID_OUTPARAM pipefd is NULL OPC_ERR_INVALID_INTERFACE_ID no such interface opened Versions HPOMWindows A.07.50 and later See Also HPOMInterfaces opcif_open() #includeopcapi.h int opcif_open( int interface_type, /*in*/ constchar *instance, /*in*/ int mode, /*in*/ int max_entries, /*in*/ int *interface_id /*out*/ ); Parameters interface_type Specifies the type of interface to use from: Agent Message StreamInterface Used by external message processors (for example, event correlation engines): l OPCAGTIF_EXTMSGPROC_READ l OPCAGTIF_EXTMSGPROC_READWRITE l OPCAGTIF_EXTMSGPROC_WRITE instance Name of the interface instance which is registered for one of the interface types above. The name is limited to a length of 12 alpha-numeric characters because it is also part of the queue file name. mode To specify whether the interface is opened if the HPOMprocesses are not running. Use either: l OPCIF_ALWAYS (default) l OPCIF_AGT_RUNNING The following options specify whether the opcif_read() API will wait for available data or not; in the WAIT case, the calling process will be blocked until data is available or the process receives an interrupt: l OPCIF_READ_WAIT (default) l OPCIF_READ_NOWAIT HP Operations Manager (9.00) Page 1170 of 1297 Online Help To specify the handling of unread messages if the connected process closes the interface or aborts, use one of the following options: l OPCIF_CLOSE_FORWARD (default) l OPCIF_CLOSE_DISCARD In the first case, messages in the read-queue are appended to the write-queue; in the second, these messages are discarded when the external programcloses the interface. It is possible to combine these options using the '|' operator. max_entries Specifies the maximumnumber of entries in the read-queues. If this number is exceeded, HPOMstops writing to the queue. When the reading process has emptied the queue, it is notified by an error value returned by opcif_read(). The application must then disconnect and reopen the interface. To disable this check, specify 0 for max_entries. interface_id The returned value must be used in subsequent calls to the APIs to refer to this instance of the interface. Description Use the function opcif_open() to connect to an instance of one of the following interfaces: l Agent Message StreamInterface Return Values OPC_ERR_OK: interface correctly opened OPC_ERR_INVALID_OUTPARAM: pointer to interface_id is invalid OPC_ERR_ACCESS_DENIED: access denied OPC_ERR_INVALID_INTERFACE_INSTANCE: instance name contains invalid characters, or is too long OPC_ERR_INVALID_INTERFACE_TYPE: no such interface type OPC_ERR_CANT_INIT: initialization of queues failed OPC_ERR_CANT_OPEN_READQUEUE: unable to open readqueue OPC_ERR_CANT_OPEN_WRITEQUEUE: unable to open writequeue OPC_ERR_CANT_INFORM_MSGA: informing message agent failed OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.07.50 and later See Also HP Operations Manager (9.00) Page 1171 of 1297 Online Help HPOMInterfaces opcif_read() #includeopcapi.h int opcif_read( int interface_id, /*in*/ opcdata data /*in/out*/ ); Parameters interface_id Specifies which interface instance is used. data HPOMdata structure. Description The function opcif_read() reads a message fromthe queue of the specified interface instance. If the interface instance has been opened with OPCIF_READ_WAIT, the calling process is blocked until the information is available. The API returns an error if the application receives an interrupt signal. The data parameter specified in the call must be created with opcdata_create(). Memory for the actual message data is allocated, and if memory was assigned to data before the call to opcif_read(), it is deallocated. Return Values OPC_ERR_OK: OK OPC_ERR_CANT_INIT: initialization of queues failed OPC_ERR_INVALID_INTERFACE_ID: no such interface opened OPC_ERR_INVALID_OUTPARAM: data is NULL or is of wrong type OPC_ERR_WRONG_MSITYPE: interface assigned to interface_id is of wrong type OPC_ERR_EINTR: reading frompipe failed OPC_ERR_MSI_BUF_FULL: number of messages exceeds specified number in max_entries while opening OPC_ERR_NO_DATA: queue is empty OPC_ERR_CANT_READ_MSG: reading message, event, or response failed OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.07.50 and later HP Operations Manager (9.00) Page 1172 of 1297 Online Help See Also HPOMInterfaces HPOMData Structures opcif_register() #includeopcapi.h int opcif_register( int interface_id, /*in*/ constopcregcond reg_cond , /*in*/ long *cond_id /*out*/ ); Parameters interface_id Specifies which interface instance is used. reg_cond l Messages: Defines the combination of message attributes that are checked; NULL registers for all messages l Message Events: Defines an event mask and the restriction of message events of messages for certain operators l Application Responses Defines a certain application response specified by the application response ID cond_id Returns an ID to reference this condition in a subsequent call to opcif_unregister(); NULL is allowed if the API user is not interested in the ID (for example, if opcif_unregister()is not called later on). Description The function opcif_register() is used by an external application to register for the following attributes. See also opcregcond. l Message Attributes HPOMsupports registration for message type, message group, node name, object, severity and application attributes. You can also combine attributes (logical AND), and '|' within an attribute (logical OR). Multiple registrations (logical OR of registration conditions) are also possible by using a sequence of API calls. The following attributes are supported: n OPCREG_MSGTYPE n OPCREG_GROUP n OPCREG_NODENAME n OPCREG_OBJECT HP Operations Manager (9.00) Page 1173 of 1297 Online Help n OPCREG_SEVERITY n OPCREG_APPLICATION Return Values OPC_ERR_OK: OK OPC_ERR_CANT_INIT: initialization of queues failed OPC_ERR_INVALID_INTERFACE_ID: no such interface opened OPC_ERR_CANT_INFORM_MSGA: informing message agent failed Versions HPOMfor Windows A.07.50 and later See Also HPOMInterfaces opcif_unregister() #includeopcapi.h int opcif_unregister( int interface_id, /*in*/ long cond_id /*in*/ ); Parameters interface_id Specifies which interface instance is used. cond_id Specifies the registration condition to be removed; 0 unregisters for all messages, message events or application responses. Description To cancel prior registrations for messages, the external application calls opcif_unregister() with the value of reg_cond that was specified in the call to the registration API. As the registration mechanismis a positive filter, removing a registration condition does not mean that messages matched by this condition are filtered out after opcif_unregister() is called; instead, just that positive filter condition is cancelled. By unregistering a condition for message events or application responses, information matching the unregistered condition will no longer received. Return Values OPC_ERR_OK: OK OPC_ERR_CANT_INIT: HP Operations Manager (9.00) Page 1174 of 1297 Online Help initialization of queues failed OPC_ERR_INVALID_INTERFACE_ID: no such interface opened OPC_ERR_CANT_INFORM_MSGM: informing message manager failed Versions HPOMfor Windows A.07.50 and later See Also HPOMInterfaces opcif_write() #includeopcapi.h int opcif_write( int interface_id, /*in*/ constopcdata data /*in*/ ); Parameters interface_id Specifies which interface instance is used. data HPOMdata structure. Description Use the function opcif_write() to write a message to the HPOMInterface. Depending on the type of interface, the message is written into the message queue of the message agent. This function can only be used for interfaces of the following types: l OPCSVIF_EXTAGT_MESSAGE Return Values OPC_ERR_OK: OK OPC_ERR_CANT_INIT: initialization of queues failed OPC_ERR_INVALID_INTERFACE_ID: no such interface opened OPC_ERR_INVALID_OPCDATA_TYPE: data must be of type OPCDTYPE_MESSAGE OPC_ERR_CANT_WRITE_MSG: unable to write message OPC_ERR_WRONG_MSITYPE: interface type is invalid for this operation Versions HP Operations Manager (9.00) Page 1175 of 1297 Online Help HPOMfor Windows A.07.50 and later See Also HPOMInterfaces HPOMData Structures opcreg_copy() #includeopcapi.h int opcreg_copy( constopcregcond reg_cond, /*in*/ opcregcond *copy /*out*/ ) Parameters reg_cond HPOMregistration condition structure. copy Copy of reg_cond. Description The API creates a copy of the condition and returns it in copy. The allocated memory has to be deallocated using opcreg_free(). copy must be freed using opcreg_free() before calling this function. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_OUTPARAM: copy is invalid OPC_ERR_NO_MEMORY: allocation of memory failed Versions HPOMfor Windows A.07.50 and later See Also opcreg_create() opcreg_free() opcreg_get_long() opcreg_get_str() opcreg_set_long() opcreg_set_str() opcreg_create() #includeopcapi.h HP Operations Manager (9.00) Page 1176 of 1297 Online Help int opcreg_create( opcregcond *reg_cond /*out*/ ); Parameters reg_cond HPOMregistration condition structure. Description This routine creates an empty registration condition. The actual structure of this data area is hidden fromthe user. To get or set attributes, the respective routines must be called. The memory used for the area has to be deallocated by calling opcreg_free(). Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_OUTPARAM: reg_cond is invalid OPC_ERR_NO_MEMORY: allocation of memory failed Versions HPOMfor Windows A.07.50 and later See Also opcreg_copy() opcreg_free() opcreg_get_long() opcreg_get_str() opcreg_set_long() opcreg_set_str() opcreg_free() #includeopcapi.h int opcreg_free( opcregcond *reg_cond /*in/out*/ ); Parameters reg_cond HPOMregistration condition structure. Description The function opcreg_free() deallocates memory previously allocated by opcreg_create(), opcreg_copy(), or opcreg_set_...(). Return Values HP Operations Manager (9.00) Page 1177 of 1297 Online Help OPC_ERR_OK: OK OPC_ERR_INVALID_OUTPARAM: reg_cond is invalid Versions HPOMfor Windows A.07.50 and later See Also opcreg_copy() opcreg_create() opcreg_get_long() opcreg_get_str() opcreg_set_long() opcreg_set_str() opcreg_get_long() #includeopcapi.h long opcreg_get_long( constopcregcond reg_cond, /*in*/ int field /*in*/ ); Parameters reg_cond HPOMregistration condition structure. field Selects the attribute that is queried. Description Use the routine opcreg_get_long() to access the attribute values of a condition. Return Values Returns the integer value of the attribute; if the routine fails, - 1 is returned. Versions HPOMfor Windows A.07.50 and later See Also opcreg_copy() opcreg_create() opcreg_free() opcreg_get_str() opcreg_set_long() HP Operations Manager (9.00) Page 1178 of 1297 Online Help opcreg_set_str() opcreg_get_str() #includeopcapi.h char*opcreg_get_str( constopcregcond reg_cond, /*in*/ int field /*in*/ ); Parameters reg_cond HPOMregistration condition structure. attribute Selects the attribute that is queried. Description Use the routine opcdata_get_str() to access the attribute values of a condition. Return Values Returns a character pointer to the value of the defined attribute in the data area. The pointer points into the internal data area. Modification of the attribute is only allowed using opcreg_set_str(); direct access to the string is not supported, however, it is not possible to prevent the user from committing direct modifications. Versions HPOMfor Windows A.07.50 and later See Also opcreg_copy() opcreg_create() opcreg_free() opcreg_get_long() opcreg_set_long() opcreg_set_str() opcreg_set_long() #includeopcapi.h intopcreg_set_long( opcregcond reg_cond, /*in/out*/ int field, /*in*/ long value /*in*/ ); Parameters HP Operations Manager (9.00) Page 1179 of 1297 Online Help reg_cond HPOMregistration condition structure. field Select the attribute that is set. value Specify the value of the attribute. Description Use the function opcreg_set_long() to set attributes to a certain value. Return Values OPC_ERR_OK OK OPC_ERR_INVALID_FIELD field is invalid Versions HPOMfor Windows A.07.50 and later See Also opcreg_copy() opcreg_create() opcreg_free() opcreg_get_long() opcreg_get_str() opcreg_set_str() opcreg_set_str() #includeopcapi.h int*opcreg_set_str( opcregcond reg_cond, /*in/out*/ int field, /*in*/ constchar *value /*in*/ ); Parameters reg_cond HPOMregistration condition structure. field Select the attribute that is set. value Specify the value of the attribute. Description Use the function opcreg_set_str() to set attributes to a certain value. HP Operations Manager (9.00) Page 1180 of 1297 Online Help Return Values OPC_ERR_OK OK OPC_ERR_INVALID_FIELD field is invalid Versions HPOMfor Windows A.07.50 and later See Also opcreg_copy() opcreg_create() opcreg_free() opcreg_get_long() opcreg_get_str() opcreg_set_long() Agent Message API HPOMprovides a set of APIs to handle messages on managed nodes. These functions enable you, for example, to send messages and acknowledge themat a later time. See Agent Monitor API for functions to send monitor values. Data Structures OPCDTYPE_MESSAGE_ID OPCDTYPE_MESSAGE Usage The managed node processes must be running. To use the functions, include the header file opcapi.h in your application. Prerequisites Each opdata structure must be allocated using opcdata_create() before it can be used in any of these functions. After the execution of your program, each opcdata structure must be freed using opcdata_free(). Multithread Usage All function of the Agent Message API are safe to be called by multithreaded applications, and are thread-safe for both POSIX Thread and DCE User Threads. They are neither async-cancel, async- signal, nor fork-safe, and cannot be safely called in kernel threads. Agent Configuration Operations on messages out of managed nodes require to send these message operations to the manager. Unfortunately it is not possible to deliver the responsible manager of a message fromthe HP Operations Manager (9.00) Page 1181 of 1297 Online Help message ID. Additionally, the configuration could be changed since the message was sent so that it is necessary to send the message operation to all managers. This can produce a lot of network load. To prevent this, the message agent holds information about the manager to which the messages were sent. After a defined time, the information is deleted to save memory, disk space, and processing time. This time is configurable with a nodeinfo policy using the parameter OPC_ STORE_TIME_FOR_MGR_INFO. The specified value is the time in hours, with a default setting of one hour if this parameter is not changed. OPC_STORE_TIME_FOR_MGR_INFO 2 The storage of the manager information must be enabled for each message to be sent by setting the message parameter OPCDATA_DATA_INFOto OPC_REMARK_FOR_ACK. opcdata_set_long(message, OPCDATA_DATA_INFO, OPC_REMARK_FOR_ACK); See Also opcmsg() opcagtmsg_send() opcagtmsg_ack() opcagtmsg_ack() #includeopcapi.h intopcagtmsg_ack( opcdata message_id /*in*/ ); Parameters message_id Message ID of type OPCDTYPE_MESSAGE_ID. Description Use the function opcagtmsg_ack() to acknowledge a message out froma managed node. A message operation will be sent to the message agent. If the message attribute OPCDATA_DATA_INFO of a previously sent message was set to OPC_ REMARK_FOR_ACK, the message agent holds the information about the responsible manager in its memory. If this attribute was not set, the message operation will be sent to all managers. Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: message_id is NULL OPC_ERR_INVALID_OPCDATA_TYPE: message_id is not of type OPCDTYPE_MESSAGE_ID OPC_ERR_INCOMPLETE_PARAM: message ID is not set HP Operations Manager (9.00) Page 1182 of 1297 Online Help OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.06.00 and later See Also opcagtmsg_send() opcmsg() OPCDTYPE_MESSAGE_ID opcagtmsg_send() #includeopcapi.h intopcagtmsg_send( opcdata message /* in/out */ ); Parameters message Message of type OPCDTYPE_MESSAGE. Description Use the function opcagtmsg_send() to send a message, created on the managed node, to its responsible manager. The message must be of type OPCDTYPE_MESSAGE. The message ID can be retrieved fromthe message object using opcdata_get_str() immediately after the send call was executed. Only the message attributes Severity, Application, Message Group, Object, Message Text, Option Strings and Node are used in opcagtmsg_send(). If you want to save the information about the responsible manager, remark the message to be acknowledged later. To do this, set OPCDATA_DATA_INFO to OPC_REMARK_FOR_ACK. After opcagtmsg_send() was called with OPC_REMARK_FOR_ACK it is possible to get the ID of the sent message using: opcdata_get_str()(message, OPCDATA_MSGID) Return Values OPC_ERR_OK: OK OPC_ERR_APPL_REQUIRED: attribute OPCDATA_APPLICATION not set OPC_ERR_OBJ_REQUIRED: attribute OPCDATA_OBJECT not set OPC_ERR_TEXT_REQUIRED: attribute OPCDATA_MSGTEXT not set OPC_ERR_INVAL_SEVERITY: HP Operations Manager (9.00) Page 1183 of 1297 Online Help set severity invalid OPC_ERR_MISC_NOT_ALLOWED: message group 'misc' not allowed OPC_ERR_INVALID_INPARAM: message is NULL message is not of type OPCDTYPE_MESSAGE OPC_ERR_WRONG_OPTION_VARS: The field OPCDATA_OPTION_VAR of the message has an incorrect format. It can only contain assignments separated by spaces. OPC_ERR_NO_MEMORY: memory allocation failed Versions HPOMfor Windows A.06.00 and later See Also opcagtmsg_ack() opcmsg() OPCDTYPE_MESSAGE opcmsg() #includeopcapi.h intopcmsg( constint severity, /*in*/ constchar* application, /*in*/ constchar* object, /*in*/ constchar* msg_text, /*in*/ constchar* msg_group, /*in*/ constchar* nodename, /*in*/ ); Parameters severity Severity level of the new message. The following severities are supported: OPC_SEV_NORMAL OPC_SEV_WARNING OPC_SEV_MINOR OPC_SEV_MAJOR OPC_SEV_CRITICAL. application Application of the message source. object Object of the message source. msg_text Message text. HP Operations Manager (9.00) Page 1184 of 1297 Online Help msg_group Message group. nodename Name of the node originating the message. Description Use the function opcmsg() to send a message, created on the managed node, to the management server. This function does not return the message ID so that it is not possible to acknowledge the message later, on the managed node. Return Values OPC_ERR_OK: OK OPC_ERR_APPL_REQUIRED: The application parameter is not set. OPC_ERR_OBJ_REQUIRED: The object parameter is not set. OPC_ERR_TEXT_REQUIRED: The msg_text parameter is not set. OPC_ERR_INVAL_SEVERITY: The severity parameter value is invalid OPC_ERR_MISC_NOT_ALLOWED: message group 'misc' is not allowed OPC_ERR_NO_MEMORY: out of memory Versions HPOMfor Windows A.06.00 and later See Also opcagtmsg_ack() opcagtmsg_send() Agent Monitor API HPOMprovides a set of functions to send monitor values to the monitor agent. Data Structures OPCDTYPE_MONITOR_MESSAGE Usage To use these functions, the managed node processes must be running. To use the functions, include the header file opcapi.h in your application. Prerequisites Each opdata structure must be allocated using opcdata_create() before it can be used in any of these functions. HP Operations Manager (9.00) Page 1185 of 1297 Online Help Multithread Usage All functions of the Agent Monitor API are safe to be called by multithreaded applications, and are thread-safe for both POSIX Threads and DCE User Threads. They are neither async-cancel, async-signal, nor fork-safe, and cannot be safely called in kernel threads. opcmon() opcagtmon_send() opcagtmon_send() #includeopcapi.h intopcagtmon_send( opcdata mon_msg /* in */ ); Parameters mon_msg Monitor message/value of type: OPCDTYPE_MONITOR_MESSAGE. Description Use the function opcagtmon_send() to send a monitor value, created on the managed node, to the monitor agent. The mon_msg must be of type OPCDTYPE_MONITOR_MESSAGE. Only the message attributes Monitor Name, Monitor Value, Object and Option String are used in opcagtmon_send(). Return Values OPC_ERR_OK: OK OPC_ERR_INVALID_INPARAM: mon_msg is NULL mon_msg is not of type OPCDTYPE_MONITOR_MESSAGE OPC_ERR_OBJNAME_REQUIRED: attribute OPCDATA_MON_VAR not set OPC_ERR_NO_AGENT: agent is not running OPC_ERR_NO_MEMORY: out of memory OPC_ERR_WRONG_OPTION_VARS: attribute OPCDATA_OPTION_VAR not set correctly Versions HPOMfor Windows A.06.00 and later See Also opcmon() OPCDTYPE_MONITOR_MESSAGE HP Operations Manager (9.00) Page 1186 of 1297 Online Help opcmon() #includeopcapi.h intopcmon( constchar *objname, /* in */ constdouble monval /* in */ ); Parameters objname Name of the monitored object. monval Actual value of the monitored object. Description Use the function opcmon() to send a monitor value, created on the managed node, to its responsible management server. Return Values OPC_ERR_OK: OK OPC_ERR_OBJNAME_REQUIRED: objname is NULL OPC_ERR_NO_AGENT: agent is not running OPC_ERR_NO_MEMORY: out of memory Versions HPOMfor Windows A.06.00 and later Data Structures HPOMprovides a set of data structures which hold information about HPOMobjects. l OPCDTYPE_MESSAGE l OPCDTYPE_MESSAGE_ID l OPCDTYPE_MONITOR_MESSAGE The attributes of each of these data types are described in the following tables. The tables show which of the attributes can only be retrieved and which can be set. l Functions to retrieve attributes n opcdata_get_long() n opcdata_get_str() n opcdata_get_double() HP Operations Manager (9.00) Page 1187 of 1297 Online Help l Functions to set attributes n opcdata_set_long() n opcdata_set_str() n opcdata_set_double() The description also includes information about the type of the attribute value (long, string, or double), and, if the attribute value is a string, the maximumcharacter length (for example, str[32]). The available predefined values are defined in the include file opcapi.h OPCDTYPE_MESSAGE Table: OPCDTYPE_MESSAGE lists the attributes that are available for the Message Attribute data structure. OPCDTYPE_MESSAGE Attribute Scope Type Properties Description OPCDATA_ DATATYPE get long Returns the type of the opcdata object. OPCDATA_ SEVERITY get/set long Severity of the message. Possible values are: l OPC_SEV_UNCHANGED l OPC_SEV_UNKNOWN l OPC_SEV_NORMAL l OPC_SEV_WARNING l OPC_SEV_CRITICAL l OPC_SEV_MINOR l OPC_SEV_MAJOR OPCDATA_ CREATION_TIME get/set long Time the message was created. The time is in UNIX format (seconds since Epoch). Default: the (local) time when the message was created. OPCDATA_ RECEIVE_TIME get long Time the message was received by the management server. OPCDATA_ AACTION_ACK get/set long Auto Acknowledge after successful execution of the Automatic Action 0 (default): do not auto-acknowledge 1: auto-acknowledge. OPCDATA_ AACTION_ ANNOTATE get/set long Defines whether HPOMcreates start and end annotations for the automatic HP Operations Manager (9.00) Page 1188 of 1297 Online Help action. Possible values for the attribute are: 0 (default): do not create annotations 1: create annotations. OPCDATA_ AACTION_STATUS get/set long Status of the automatic action: l OPC_ACTION_UNDEF (default): no automatic action for this message defined. l OPC_ACTION_DEF: the automatic action for this message is defined but was not yet started. l OPC_ACTION_STARTED: the automatic action for this message is defined and was already started. l OPC_ACTION_FINISHED: the automatic action was started and completed successfully. l OPC_ACTION_FAILED: the automatic action was started and failed. OPCDATA_ OPACTION_ACK get/set long Automatically acknowledge a message after a successful execution of the operator-initiated action. Possible values: 0 (default): do not auto-acknowledge 1: auto-acknowledge. OPCDATA_ OPACTION_ ANNOTATE get/set long Defines whether HPOMcreates start and end annotations for the operator- initiated action. Possible values for the attribute are: 0 (default): do not create annotations 1: create annotations. OPCDATA_ OPACTION_ STATUS get long Status of the action: l OPC_ACTION_UNDEF l OPC_ACTION_DEF l OPC_ACTION_STARTED l OPC_ACTION_FINISHED l OPC_ACTION_FAILED OPCDATA_ ESCALATED get long Message was escalated: l OPC_ESCALATED_TO l OPC_ESCALATED_FROM HP Operations Manager (9.00) Page 1189 of 1297 Online Help The escalation server can be retrieved using OPCDATA_ESCALATION_ SERVER. OPCDATA_ NOTIFICATION get/set long Notification. OPCDATA_ TROUBLETICKET get/set long Forward message to Trouble Ticket system. OPCDATA_MSG_ LOG_ONLY get/set long Message is Server Log Only. OPCDATA_ TROUBLETICKET_ ACK get/set long Acknowledge message after forwarding it to the Trouble Ticket System. OPCDATA_MSI_ OUTPUT get/set long The message will be forwarded to the MSI. OPCDATA_INSTR_ IF_TYPE get/set long Type of the Instruction Interface: l OPC_INSTR_NOT_SET l OPC_FROM_OPC l OPC_FROM_OTHER l OPC_FROM_INTERNAL OPCDATA_ UNMATCHED get long Defines whether the message matches a condition. Possible values are: 0 (default): the message was sent to the server because it matched a match condition 1: the message did not match a match condition of the assigned templates, but was forwarded nevertheless. OPCDATA_TIME_ ZONE_DIFF get/set long Time difference to GMT in seconds. OPCDATA_ FORWARDED_FROM get long This flag signals whether another management server has forwarded the message. OPCDATA_IS_ READONLY get long The message is read only (TRUE) or can be acknowledged on this server. HP Operations Manager (9.00) Page 1190 of 1297 Online Help OPCDATA_ MSGSRC_TYPE get long Defines the Message Source Type, the source which originated this message, for example, the monitor agent. Possible values are: l OPC_CONSOLE_SRC: MPE/iX console. l OPC_OPCMSG_SRC: opcmsg(1|3) template l OPC_LOGFILE_SRC: logfile l OPC_MONITOR_SRC: monitor agent l OPC_SNMPTRAP_SRC: SNMP trap interceptor l OPC_SVMSI_SRC: server MSI l OPC_AGTMSI_SRC: agent MSI l OPC_LEGLINK_SRC: legacy link interface l OPC_SCHEDULE_SRC: scheduler OPCDATA_TIME_ OWNED get long Time an operator took ownership of a message. OPCDATA_DATA_ INFO get/set long Additional information about the message: l OPC_REMARK_FOR_ACK OPCDATA_MSG_ STATUS get long Status of the message: l OPC_MSG_ACTIVE l OPC_MSG_HISTORY OPCDATA_ ACKNOWLEDGE_ TIME get long Time when the message was acknowledged. OPCDATA_NUM_ ANNOTATIONS get long Number of annotations. OPCDATA_ APPLICATION get/set str L Application which produced the message. Default: empty string. OPCDATA_GROUP get/set str Message group. Default: empty string. OPCDATA_ MSGTEXT get/set str L Message Text. Default: empty string. OPCDATA_ ORIGMSGTEXT get/set str L Original Message Text. Allows you to set additional source information for a message. It is only useful if the message HP Operations Manager (9.00) Page 1191 of 1297 Online Help text was reformatted but the HPOM operator can access the original text as it appeared before formatting. Default: empty string. OPCDATA_ MSGTYPE get/set str Message Type. This attribute is used to group messages into subgroups (for example, to denote the occurrence of a specific problem). This information may be used by event correlation engines. Default: empty string. OPCDATA_ NODENAME get/set str Name of the node producing the message. The message is only handled by the HPOMmanager if this systemis part of the HPOMNode Bank. Default: local node name. OPCDATA_OBJECT get/set str L Object name to use for the HPOM message. Default: empty string. OPCDATA_MSGSRC get str Message source. For example, the name of the encapsulated logfile if the message originated fromlogfile encapsulation or the interface name if the message was sent using an instance of the Message StreamInterface. Default: empty string. OPCDATA_MSGID get str The unique ID of the message. OPCDATA_ AACTION_NODE get/set str Defines the node on which the automatic action should run. Default: value of OPCDATA_NODENAME. OPCDATA_ AACTION_CALL get/set str L Command to use as automatic action for the HPOMmessage. Default: empty string. OPCDATA_ OPACTION_NODE get/set str Defines the node on which the operator- initiated action should run. Default: value of OPCDATA_NODENAME. OPCDATA_ OPACTION_CALL get/set str L Command to use as operator-initiated action for the HPOMmessage. Default: empty string. Call of the operator-initiated action. OPCDATA_INSTR_ IF get/set str Name of the external instruction text interface. The external instruction text interface must be configured in HPOM. Default: empty string. HP Operations Manager (9.00) Page 1192 of 1297 Online Help OPCDATA_INSTR_ PAR get/set str L Parameters for a call to the external instruction text interface. Default: empty string. OPCDATA_OWNED_ BY get str Name of the operator who owns the message. OPCDATA_ ESCALATION_ SERVER get str The escalation server. OPCDATA_ OPTION_VAR set str L A string containing the optional parameters used for resolving the $OPTION variables by the message interceptor. The string should have the format [<var>=<value>]* with <var> and <value> not containing spaces or the '=' character. OPCDATA_ ACKNOWLEDGE_OP get str Name of operator who has acknowledged the message. OPCDATA_MSG_ KEY get/set str L Additional message attribute for customized message handling. OPCDATA_ SERVICE_NAME get/set str Specifies the service name. OPCDATA_ ORIGMSGID get str Unique identifier of the original message. This is set when the message ID was changed because of a message change. OPCDATA_ ESCALATED_BY get str Name of the operator who escalated the message. Default: empty string. OPCDATA_NUM_ DUPLICATES get long Number of duplicate messages of this message. OPCDATA_LAST_ REC_TIME get long Contains the time when the last duplicate message was received. OPCDATA_MSG_ KEY_RELATION get/set str L Specifies the message key relation. Can contain patterns. OPCDATA_MSG_ KEY_RELATION_ ICASE get/set long Case sensitivity of message key relation: 0=case-sensitive, !=0 not case- sensitive. OPCDATA_MSG_ KEY_RELATION_ SEPS get/set str Field separators for message key relations. OPCDATA_MSG_ GEN_NODENAME get string Name of the node where the event occurred. HP Operations Manager (9.00) Page 1193 of 1297 Online Help OPCDATA_MSG_ GEN_IP_ADDRESS get long IP address of the node where the event occurred. OPCDATA_MSG_ GEN_NETWORK_ TYPE get long Network type of the node where the event occurred. OPCDTYPE_MESSAGE_ID Table: OPCDTYPE_MESSAGE_ID lists the attributes that are available for the Message ID data structure. OPCDTYPE_MESSAGE_ID Attribute Scope Type Properties Description OPCDATA_MSGID OPCDATA_ID get/set str Unique identifier of a message (Message ID). OPCDTYPE_MONITOR_MESSAGE Table: OPCDTYPE_MONITOR_MESSAGE lists the attributes that are available for the Monitor Message data structure. OPCDTYPE_MONITOR_MESSAGE Attribute Scope Type Properties Description OPCDATA_ MON_VAR set str Name of the monitored object. OPCDATA_ MON_ VALUE set double Monitor value. OPCDATA_ OPTION_ VAR set str L A string containing the optional parameters used for resolving the $OPTION variables by the monitor agent. The string should have the format [<var>=<value>]* with <var> and <value> not containing spaces or the '=', '(' or ')' characters. OPCDATA_ OBJECT set str L Message object. opcregcond HPOMprovides a user-accessible data type to define registration conditions as the mechanismto register with the HPOMInterfaces. HP Operations Manager (9.00) Page 1194 of 1297 Online Help Table: opcregcond lists the registration conditions of the function opcif_register(), see also opcif_register() for more information. opcregcond Attribute Scope Type Properties Description OPCREG_ APPLICATION get/set str Registers for the message attribute application. OPCREG_APP_ RESPONSE_ID get/set str Registers for application responses with the ID=OPCREG_APP_RESPONSE_ID. OPCREG_GROUP get/set str Registers for the message attribute message group. OPCREG_MSG_ EVENT_MASK get/set long Registers for events matching OPCREG_ MSG_EVENT_MASK. OPCREG_ MSGTYPE get/set str Registers for the message attribute message type. OPCREG_ NODENAME get/set str Registers for the message attribute node. OPCREG_OBJECT get/set str Registers for the message attribute object. OPCREG_ OPERATOR get/set str Registers for the message events of certain operators. OPCREG_ SEVERITY get/set long Registers for the message attribute severity. HP Operations Manager (9.00) Page 1195 of 1297 Online Help Agent Java API HPOMprovides a set of Java classes on the HP Operations agent for the following purposes: l Create and send a message to the HPOMmanagement server. l Acknowledge a previously sent message. l Send a monitor value to the HP Operations agent. Note: The HP Operations agent API includes support for C/C++ and Java, as well as for every language that supports DCOMautomation (for example, VB, VBScript, JScript, and so on). However, the agent message streaminterface supports C APIs only. 32-bit APIs are built using Microsoft Visual Studio 2005. The information in this HPOMAgent Application Integration Guide is only for version 8.60 and lower of HP Operations agent. JAR files The JAR files jopcagtbase.jar and jopcagtmsg.jar that are necessary to use the APIs are installed together with the agent on the managed node. Examples Examples of how the API classes can be used fromJava are available in the following directory on the HPOMfor Windows management server: %OvInstallDir%\examples\OVOW\DevelopmentKit\Agent\Java To use the Java classes on Windows nodes To use the Java HPOMclasses: l The -classpath parameter used for the javac and java commands must include the jopcagtbase.jar and jopcagtmsg.jar files. l The PATH systemvariable must include the directory where the shared library files reside. The agent installation does this automatically. See "%OvAgentDir%/www/htdocs/jdoc_agent/index.html" for a javadoc style class documentation. To compile and run the example code: 1. Change to the folder %OvInstallDir%\examples\OVOW\DevelopmentKit\Agent\Java on the management server. 2. Compile the example code, type: javac -classpath "%OvAgentDir%/java/jopcagtbase.jar:%OvAgentDir%/java/jopcagtmsg.jar" <java source code file> 3. Run the example code, type: HP Operations Manager (9.00) Page 1196 of 1297 Online Help java -classpath ".:%OvAgentDir%/java/jopcagtbase.jar:%OvAgentDir%/java/jopcagtmsg.jar" <java class> where <java source code file> is either JOpcAgtMsgTest.java or JOpcMonValueTest.java; <java class> is either JOpcAgtMsgTest or JOpcMonValueTest To use the Java classes onn UNIX or Linux nodes To build the managed node sample program, copy the source files to the managed node. The HP Operations agent software must be installed on the managed node - otherwise the HPOMJAR files are not present. Copy the sample programs to any location (for example, /tmp). To use the Java HPOMAPI wrapper classes: l The -classpath parameter used for the javac and java commands must include the jopcagtbase.jar and jopcagtmsg.jar files. l The PATH systemvariable must include the directory where the shared library files reside. The agent installation does this automatically. See "/opt/OV/www/htdocs/jdoc_agent/index.html" for a javadoc style class documentation. To compile and run the example code: 1. Copy the source code to the managed node into a temporary directory and cahnge to the directory. 2. Compile the example code with, type: javac -classpath "/opt/jar/jopcagtbase.jar:/opt/jar/jopcagtmsg.jar" <java source code file> 3. Run the example code, type: java -classpath ".:/opt/jar/jopcagtbase.jar:/opt/jar/jopcagtmsg.jar" <java class> where <java source code file> is either JOpcAgtMsgTest.java or JOpcMonValueTest.java; <java class> is either JOpcAgtMsgTest or JOpcMonValueTest Related Topics: l JOpcAgentMessage l JOpcMonValue com.hp.openview.ib.api.jopc Class JOpcAgentMessage java.lang.Object | +--com.hp.openview.ib.api.jopc.JOpcObject | +--com.hp.openview.ib.api.jopc.JOpcMessage | +--com.hp.openview.ib.api.jopc.JOpcAgentMessage All Implemented Interfaces: HP Operations Manager (9.00) Page 1197 of 1297 Online Help java.lang.Cloneable, JOpcApiDefinition public class JOpcAgentMessage extends JOpcMessage Provides a object oriented java class, corresponding to the HPOMAPI "Agent Message API". Most of the described behavior in this API documentation is very similar to the one provided by this class. Native API description: HPOMprovides a set of APIs to handle messages on managed nodes. These functions enable you, for example, to send messages and acknowledge themat a later time. The managed node processes must be running. Constructor Summary JOpcAgentMessage() Constructs a new JOpcAgentMessage. Method Summary void acknowledge() Acknowledge a message out froma managed node. void send() Send a message, created on the managed node, to its responsible manager. Methods inherited from class com.hp.openview.ib.api.jopc.JOpcMessage getApplication, getDataInfo, getDataType, getGroup, getMsgid, getMsgtext, getNodename, getObject, getServiceName, getSeverity, setApplication, setDataInfo, setGroup, setMsgid, setMsgtext, setNodename, setObject, setOptionVar, setServiceName, setSeverity Constructor Detail JOpcAgentMessage public JOpcAgentMessage() throws JOpcException Constructs a new JOpcAgentMessage. Method Detail send public void send() throws JOpcException HP Operations Manager (9.00) Page 1198 of 1297 Online Help Send a message, created on the managed node, to its responsible manager. Native API description: send a message, created on the managed node, to its responsible manager. The message must be of type OPCDTYPE_MESSAGE. The message ID can be retrieved fromthe message object using opcdata_get_str() immediately after the send call was executed. Only the message attributes Severity, Application, Message Group, Object, Message Text, Option Strings and Node are used in opcagtmsg_ send(). The API programmust run as user opc_op or root (if not, customer programhas to setuid). After opcagtmsg_send() was called it is possible to get the ID of the sent message using: opcdata_get_str()(message, OPCDATA_MSGID) If you want to save the information about the responsible manager, remark the message to be acknowledged later. To do this, set OPCDATA_ DATA_INFOto OPC_REMARK_FOR_ACK. Throws: JOpcException - if native method return != OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_APPL_REQUIRED: attribute OPCDATA_APPLICATION not set OPC_ERR_OBJ_REQUIRED: attribute OPCDATA_OBJECT not set OPC_ERR_TEXT_REQUIRED: attribute OPCDATA_MSGTEXT not set OPC_ERR_INVAL_SEVERITY: set severity invalid OPC_ERR_MISC_NOT_ALLOWED: message group misc. not allowed OPC_ERR_INVALID_INPARAM: message is NULL message is not of type OPCDTYPE_ MESSAGE OPC_ERR_NO_MEMORY: memory allocation failed or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. acknowledge public void acknowledge() throws JOpcException Acknowledge a message out froma managed node. Native API description: Acknowledge a message out froma managed node. Therefore a message operation will be sent to the message agent and forwarded to the message interceptor. If the message attribute OPCDATA_DATA_INFOof a previously sent message was set to OPC_REMARK_FOR_ ACK, the message agent holds the information about the responsible manager in its memory. If this attribute was not set, the message operation will be sent to all managers. The API program must run as user opc_op or root. If not, the customer programmust set the user ID (setuid). Throws: JOpcException - if native method return != OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: message_id is NULL OPC_ERR_INVALID_OPCDATA_TYPE: message_id is not of type OPCDTYPE_MESSAGE_ID HP Operations Manager (9.00) Page 1199 of 1297 Online Help OPC_ERR_INCOMPLETE_PARAM: message ID is not set OPC_ERR_NO_MEMORY: memory allocation failed or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. com.hp.openview.ib.api.jopc Class JOpcMonValue java.lang.Object | +--com.hp.openview.ib.api.jopc.JOpcObject | +--com.hp.openview.ib.api.jopc.JOpcMonValue All Implemented Interfaces: java.lang.Cloneable, JOpcApiDefinition public class JOpcMonValue extends JOpcObject Provides a object oriented java class, corresponding to the HPOMAPI "Agent Monitor API". Most of the described behavior in this API documentation is very similar to the one provided by this class. Native API description: To use these functions, the managed node processes must be running. Constructor Summary JOpcMonValue() constructs a new JOpcMonValue Method Summary void send() Submits a monitor value to the local HPOMmonitor agent. void setMonValue(doubleaValue) Sets the Monitor value. void setMonVar(java.lang.StringaValue) Sets Name of the monitored object.. void setObject(java.lang.StringaValue) Sets the Message object. void setOptionVar(java.lang.StringaValue) Sets A string containing the optional parameters used for resolving the $OPTION variables by the monitor agent. HP Operations Manager (9.00) Page 1200 of 1297 Online Help Constructor Detail JOpcMonValue public JOpcMonValue() throws JOpcException constructs a new JOpcMonValue Method Detail send public void send() throws JOpcException Submits a monitor value to the local HPOMmonitor agent. Native API description: Use the function opcagtmon_send() to send a monitor value, created on the managed node, to its responsible manager. The message must be of type OPCDTYPE_MONITOR_MESSAGE. Only the message attributes Monitor Name, Monitor Value, Object and Option String are used in opcagtmon_send(). The API programmust be run as user opc_op or root. If not, the customer programmust set the user ID (setuid). Throws: JOpcException - if native method return != OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: mon_msg is NULL mon_msg is not of type OPCDTYPE_ MONITOR_MESSAGE OPC_ERR_OBJNAME_REQUIRED: attribute OPCDATA_MON_VAR not set OPC_ERR_NO_AGENT: agent is not running OPC_ERR_NO_MEMORY: out of memory OPC_ERR_WRONG_OPTION_VARS: attribute OPCDATA_OPTION_VAR not set correctly or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native api data structure. setMonVar public void setMonVar(java.lang.StringaValue) throws JOpcException Sets Name of the monitored object.. HP Operations Manager (9.00) Page 1201 of 1297 Online Help setMonValue public void setMonValue(doubleaValue) throws JOpcException Sets the Monitor value. setOptionVar public void setOptionVar(java.lang.StringaValue) throws JOpcException Sets A string containing the optional parameters used for resolving the $OPTION variables by the monitor agent. The string should have the format [<var>=<value>]* with <var> and <value> not containing spaces, equal signs ("="), open parens ("("), or closed parens (")"). setObject public void setObject(java.lang.StringaValue) throws JOpcException Sets the Message object. com.hp.openview.ib.api.jopc Class JOpcException java.lang.Object | +--java.lang.Throwable | +--java.lang.Exception | +--com.hp.openview.ib.api.jopc.JOpcException All Implemented Interfaces: java.io.Serializable public class JOpcException extends java.lang.Exception Used for exception handling within the HPOMJava API classes. No public constructors - instances will be thrown by API only. Method Summary java.lang.String getMessage() get the corresponding message of the exception reason JOpcException[] getNestedExceptions() Get nested exceptions. HP Operations Manager (9.00) Page 1202 of 1297 Online Help int getReason() get the reason of the exception java.lang.String getStack() Methods inherited from class java.lang.Throwable fillInStackTrace, getLocalizedMessage, printStackTrace, printStackTrace, printStackTrace, toString Methods inherited from class java.lang.Object clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait Method Detail getMessage public java.lang.String getMessage() get the corresponding message of the exception reason Overrides: getMessage in class java.lang.Throwable Returns: the message string getReason public int getReason() get the reason of the exception Returns: the reason getStack public java.lang.String getStack() getNestedExceptions public JOpcException[] getNestedExceptions() Get nested exceptions. This may occur for HPOMAPI operations on arrays of objects. Then the C API may return OPC_ERR_NOT_COMPLETELY_DONE and the individual objects have to asked for their status. To simplify this, the Java API generates individual exceptions for the HP Operations Manager (9.00) Page 1203 of 1297 Online Help offending objects which can be queried with this method. If the nested exceptions are of class JOpcObjException they also point to the offending objects - see JOpcObjException.getObject(). If there are no nested exception the method returns null. Returns: the array of nested exceptions. com.hp.openview.ib.api.jopc Class JOpcMessage java.lang.Object | +--com.hp.openview.ib.api.jopc.JOpcObject | +--com.hp.openview.ib.api.jopc.JOpcMessage All Implemented Interfaces: java.lang.Cloneable, JOpcApiDefinition Direct Known Subclasses: JOpcAgentMessage public abstract class JOpcMessage extends JOpcObject Provides a object oriented java class with getter() and setter(), corresponding to the HPOMData Structure "OPCDTYPE_MESSAGE". This data structure is needed in context of HPOMAPIs "Agent Message API" . Constructor Summary JOpcMessage() constructs a new JOpcMessage Method Summary java.lang.String getApplication() Will load application which produced the message. long getDataInfo() Will load additional information about the message. long getDataType() Will load the type of the opcdata object. java.lang.String getGroup() Will load message group. java.lang.String getMsgid() Will load The unique ID of the message. java.lang.String getMsgtext() Will load message text. HP Operations Manager (9.00) Page 1204 of 1297 Online Help java.lang.String getNodename() Will load Name of the node producing the message. java.lang.String getObject() Will load Object name to use for the HPOMmessage. java.lang.String getServiceName() Will load the service name. long getSeverity() Will load severity of the message. void setApplication(java.lang.StringaValue) Sets application which produced the message. void setDataInfo(longaValue) Sets additional information about the message. void setGroup(java.lang.StringaValue) Sets message group. void setMsgid(java.lang.StringaValue) Set the unique ID of the message. void setMsgtext(java.lang.StringaValue) Sets message text. void setNodename(java.lang.StringaValue) Sets Name of the node producing the message. void setObject(java.lang.StringaValue) Sets Object name to use for the HPOMmessage. void setOptionVar(java.lang.StringaValue) Sets A string containing the optional parameters used for resolving the $OPTION variables by the message interceptor. void setServiceName(java.lang.StringaValue) Sets the service name. void setSeverity(longaValue) Sets severity of the message. Constructor Detail JOpcMessage public JOpcMessage() throws JOpcException constructs a new JOpcMessage Method Detail HP Operations Manager (9.00) Page 1205 of 1297 Online Help getDataType public long getDataType() throws JOpcException Will load the type of the opcdata object. getSeverity public long getSeverity() throws JOpcException Will load severity of the message. Possible values are: OPC_SEV_UNCHANGED OPC_SEV_UNKNOWN OPC_SEV_NORMAL OPC_SEV_WARNING OPC_SEV_CRITICAL OPC_SEV_MINOR OPC_SEV_MAJOR setSeverity public void setSeverity(longaValue) throws JOpcException Sets severity of the message. Possible values are: OPC_SEV_UNCHANGED OPC_SEV_UNKNOWN OPC_SEV_NORMAL OPC_SEV_WARNING OPC_SEV_CRITICAL OPC_SEV_MINOR OPC_SEV_MAJOR getDataInfo public long getDataInfo() throws JOpcException Will load additional information about the message. OPC_REMARK_FOR_ACK HP Operations Manager (9.00) Page 1206 of 1297 Online Help setDataInfo public void setDataInfo(longaValue) throws JOpcException Sets additional information about the message. OPC_REMARK_FOR_ACK getApplication public java.lang.String getApplication() throws JOpcException Will load application which produced the message. Default: empty string setApplication public void setApplication(java.lang.StringaValue) throws JOpcException Sets application which produced the message. Default: empty string getGroup public java.lang.String getGroup() throws JOpcException Will load message group. Default: empty string. setGroup public void setGroup(java.lang.StringaValue) throws JOpcException Sets message group. Default: empty string. getMsgtext public java.lang.String getMsgtext() throws JOpcException Will load message text. Default: empty string. setMsgtext public void setMsgtext(java.lang.StringaValue) throws JOpcException Sets message text. Default: empty string. HP Operations Manager (9.00) Page 1207 of 1297 Online Help getNodename public java.lang.String getNodename() throws JOpcException Will load Name of the node producing the message. The message is only handled by the HPOM manager if this systemis part of the HPOMNode Bank. Default: local node name. setNodename public void setNodename(java.lang.StringaValue) throws JOpcException Sets Name of the node producing the message. The message is only handled by the HPOM manager if this systemis part of the HPOMNode Bank. Default: local node name. getObject public java.lang.String getObject() throws JOpcException Will load Object name to use for the HPOMmessage. Default: empty string. setObject public void setObject(java.lang.StringaValue) throws JOpcException Sets Object name to use for the HPOMmessage. Default: empty string. getMsgid public java.lang.String getMsgid() throws JOpcException Will load The unique ID of the message. setMsgid public void setMsgid(java.lang.StringaValue) throws JOpcException Set the unique ID of the message. Applies to operations dealing with just a reference to a message (for example, acknowledge(), own(), and so on). Cannot be used to set a message ID before sending it on the managed node. HP Operations Manager (9.00) Page 1208 of 1297 Online Help setOptionVar public void setOptionVar(java.lang.StringaValue) throws JOpcException Sets A string containing the optional parameters used for resolving the $OPTION variables by the message interceptor. The string should have the format [<var>=<value>]* with <var> and <value> not containing spaces or the '=' character. getServiceName public java.lang.String getServiceName() throws JOpcException Will load the service name. setServiceName public void setServiceName(java.lang.StringaValue) throws JOpcException Sets the service name. com.hp.openview.ib.api.jopc Class JOpcObject java.lang.Object | +--com.hp.openview.ib.api.jopc.JOpcObject All Implemented Interfaces: java.lang.Cloneable, JOpcApiDefinition Direct Known Subclasses: JOpcMessage, JOpcMonValue public abstract class JOpcObject extends java.lang.Object implements java.lang.Cloneable, JOpcApiDefinition base class of opc objects. Supports generic behavior and attribute getting and setting. Constructor Summary protected JOpcObject(intaOpcDataType) Method Summary HP Operations Manager (9.00) Page 1209 of 1297 Online Help protected long addListElement(intaAttrType) Native API description: Adds an element of the correct type to the specified list in the opcdata structure. java.lang.Object clone() Creates and returns a copy of this object. protected long deleteListElement(intaAttrType, longaIndex) Native API description: Deletes an element of the specified list in the opcdata structure. boolean equals(java.lang.ObjectaObj) Indicates whether some other object is "equal to" this one. protected void finalize() as fallback, to avoid memory leak in native adapter/API layer in case of non released JOpcObjects protected long getListLength(intaAttrType) Returns the number of elements in an embedded list of a HPOM opcdata structure. protected long getLong(intaAttrType) Returns the value of the numeric attribute protected java.lang.String getString(intaAttrType) Returns the desired string value. protected java.lang.String getString(intaAttrType, intaElmType, long aIndex) protected void setDouble(intaAttrType, doubleaAttrValue) sets the numeric float attribute protected void setLong(intaAttrType, longaAttrValue) Sets the numeric long attribute. protected void setString(intaAttrType, java.lang.StringaName) Sets the desired string value. protected void setString(intaAttrType, java.lang.StringaValue, intaElmType, longaIndex) void terminate() release resources in native adapter/API layer allocated while object construction (JOpcObject and derived classes). java.lang.String toString() Returns a string representation of all get-methods including method()-name and value. HP Operations Manager (9.00) Page 1210 of 1297 Online Help protected void type() Native API description: Returns the opcdata type in data. static java.lang.String version() Returns the what string of the HPOMlibrary that is used in this version. Constructor Detail JOpcObject protected JOpcObject(intaOpcDataType) throws JOpcException Method Detail version public static java.lang.String version() throws JOpcException Returns the what string of the HPOMlibrary that is used in this version. Returns: the what string / version Throws: JOpcException - if native method return != OPC_ERR_OK. or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. getString protected java.lang.String getString(intaAttrType) throws JOpcException Returns the desired string value. Native API description: Instead of a status value, the function opcdata_get_str() returns a pointer to the desired string value. This function can, therefore, be used directly in another function call. Parameters: aAttrType - attribute that is queried Returns: the desired string Throws: JOpcException - if native method return != OPC_ERR_OK. or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. HP Operations Manager (9.00) Page 1211 of 1297 Online Help setString protected void setString(intaAttrType, java.lang.StringaName) throws JOpcException Sets the desired string value. Parameters: aAttrType - attribute to be set aName - value to be set Throws: JOpcException - if native method return != OPC_ERR_OK. or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. type protected void type() throws JOpcException Native API description: Returns the opcdata type in data. Throws: JOpcException - if native method return != OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: data is invalid; probably NULL or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. getLong protected long getLong(intaAttrType) throws JOpcException Returns the value of the numeric attribute Parameters: aAttrType - attribute that is queried Returns: the long value Throws: JOpcException - if native method return == -1. JOpcException reasons (negative values): if the routine fails, a value of -1 is returned. HP Operations Manager (9.00) Page 1212 of 1297 Online Help setLong protected void setLong(intaAttrType, longaAttrValue) throws JOpcException Sets the numeric long attribute. Parameters: aAttrType - attribute to be set aAttrValue - value to be set Throws: JOpcException - if native method return != OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: data is NULL, attribute is invalid or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. setDouble protected void setDouble(intaAttrType, doubleaAttrValue) throws JOpcException sets the numeric float attribute Parameters: aAttrType - attribute to be set aAttrValue - value to be set Throws: JOpcException - if native method return != OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: data is NULL, attribute is NULL, value is NULL or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. getString protected java.lang.String getString(intaAttrType, intaElmType, longaIndex) throws JOpcException HP Operations Manager (9.00) Page 1213 of 1297 Online Help setString protected void setString(intaAttrType, java.lang.StringaValue, intaElmType, longaIndex) throws JOpcException getListLength protected long getListLength(intaAttrType) throws JOpcException Returns the number of elements in an embedded list of a HPOMopcdata structure. Parameters: aAttrType - Specifies the list in the data structure. Returns: number of elements in the list Throws: JOpcException - if native method return < OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: parameter data is invalid; probably NULL list is invalid or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. addListElement protected long addListElement(intaAttrType) throws JOpcException Native API description: Adds an element of the correct type to the specified list in the opcdata structure. The element type is specified with the list. After adding the element, the new length of the list will be returned. Parameters: aAttrType - Specifies the list in the data structure. Returns: new length of the list Throws: JOpcException - if native method return < OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: Input parameter was not valid ( < 0 ) or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. HP Operations Manager (9.00) Page 1214 of 1297 Online Help deleteListElement protected long deleteListElement(intaAttrType, longaIndex) throws JOpcException Native API description: Deletes an element of the specified list in the opcdata structure. This function returns the new number of elements in the list. Parameters: aAttrType - Specifies the list in the data structure. aIndex - Specifies the element in the list. Returns: the new number of elements in the list. Throws: JOpcException - if native method return < OPC_ERR_OK. JOpcException reasons (negative values): OPC_ERR_INVALID_INPARAM: parameter data is invalid; probably NULL list or index is invalid or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. terminate public void terminate() release resources in native adapter/API layer allocated while object construction (JOpcObject and derived classes). finalize protected void finalize() as fallback, to avoid memory leak in native adapter/API layer in case of non released JOpcObjects Overrides: finalize in class java.lang.Object equals public boolean equals(java.lang.ObjectaObj) Indicates whether some other object is "equal to" this one. Overrides: equals in class java.lang.Object Parameters: HP Operations Manager (9.00) Page 1215 of 1297 Online Help aObj - the reference object with which to compare. Returns: true if this object is the same as the obj argument; false otherwise. clone public java.lang.Object clone() throws java.lang.CloneNotSupportedException Creates and returns a copy of this object. Native API description: The API creates a copy of the data area and returns it in copy. It creates a complete copy, that is, the string fields of data are copied and not shared between data and copy. The allocated memory has to be deallocated using opcdata_free() before using this function. This function cannot be used to copy a data area of type OPCDTYPE_CONTAINER. If it is necessary to copy a whole container, the application must do this using iterator and container functions. Overrides: clone in class java.lang.Object Returns: a clone of this instance. Throws: java.lang.CloneNotSupportedException - if the object's class does not support the Cloneable interface. or if a field contains an improper value, the exception reason is a positive value corresponding to the JOpcApiDefinition interface identifying the attribute name of the native API data structure. toString public java.lang.String toString() Returns a string representation of all get-methods including method()-name and value. The format of the returned string is <method-name> = <value>; separated by a new line (\n). Further / detailed requirements: - method name has to start with get - method must not have a parameter - method must have return type String or Long - method must not be static Overrides: toString in class java.lang.Object Returns: a string of all get-methods com.hp.openview.ib.api.jopc Interface JOpcApiDefinition All Known Implementing Classes: JOpcObject HP Operations Manager (9.00) Page 1216 of 1297 Online Help public interface JOpcApiDefinition Field Summary staticint OPC_ERR_ACCESS_DENIED staticint OPC_ERR_ACTION_FAILED staticint OPC_ERR_ACTION_RUNNING staticint OPC_ERR_ALREADY_DONE staticint OPC_ERR_APPL_NOT_FOUND staticint OPC_ERR_APPL_REQUIRED staticint OPC_ERR_APPLGROUP_NOT_FOUND staticint OPC_ERR_CANT_ADD_TEMPLATE staticint OPC_ERR_CANT_CONNECT_DB staticint OPC_ERR_CANT_CONNECT_DM staticint OPC_ERR_CANT_DISCONNECT staticint OPC_ERR_CANT_GET_LOCAL_ADDR staticint OPC_ERR_CANT_GET_MGMTSV_ADDRESS staticint OPC_ERR_CANT_INFORM_MSGA staticint OPC_ERR_CANT_INFORM_MSGM staticint OPC_ERR_CANT_INFORM_UI staticint OPC_ERR_CANT_INIT HP Operations Manager (9.00) Page 1217 of 1297 Online Help staticint OPC_ERR_CANT_INIT_MUTEX staticint OPC_ERR_CANT_LOCK_MUTEX staticint OPC_ERR_CANT_OPEN_FILE staticint OPC_ERR_CANT_OPEN_PIPE staticint OPC_ERR_CANT_OPEN_QUEUE staticint OPC_ERR_CANT_OPEN_READQUEUE staticint OPC_ERR_CANT_OPEN_WRITEQUEUE staticint OPC_ERR_CANT_READ_MSG staticint OPC_ERR_CANT_READ_QUEUE staticint OPC_ERR_CANT_WRITE_FILE staticint OPC_ERR_CANT_WRITE_MSG staticint OPC_ERR_CANT_WRITE_QUEUE staticint OPC_ERR_DATABASE_ERROR staticint OPC_ERR_DB_INCONSISTENT staticint OPC_ERR_DB_WARNING staticint OPC_ERR_DEADLOCK staticint OPC_ERR_DUMMY_FUNCTION_CALLED staticint OPC_ERR_EINTR HP Operations Manager (9.00) Page 1218 of 1297 Online Help staticint OPC_ERR_ESCALATION_FAILED staticint OPC_ERR_FUNC_NOT_IMPL_YET staticint OPC_ERR_GROUP_NAME_EXISTS staticint OPC_ERR_INCOMPLETE_PARAM staticint OPC_ERR_INVAL_NODE staticint OPC_ERR_INVAL_SEVERITY staticint OPC_ERR_INVALID_ANNOTATION staticint OPC_ERR_INVALID_APPLICATION staticint OPC_ERR_INVALID_CHARSET staticint OPC_ERR_INVALID_COMMAND staticint OPC_ERR_INVALID_DESCRIPTION_LENGTH staticint OPC_ERR_INVALID_EXEC_USER staticint OPC_ERR_INVALID_FIELD staticint OPC_ERR_INVALID_FILE staticint OPC_ERR_INVALID_ID staticint OPC_ERR_INVALID_INPARAM staticint OPC_ERR_INVALID_INTERFACE_ID staticint OPC_ERR_INVALID_INTERFACE_INSTANCE HP Operations Manager (9.00) Page 1219 of 1297 Online Help staticint OPC_ERR_INVALID_INTERFACE_TYPE staticint OPC_ERR_INVALID_INTERVAL staticint OPC_ERR_INVALID_MESSAGE_GROUP staticint OPC_ERR_INVALID_MINMAX staticint OPC_ERR_INVALID_MODE staticint OPC_ERR_INVALID_MSG_GENERATION staticint OPC_ERR_INVALID_NAME staticint OPC_ERR_INVALID_NAME_LENGTH staticint> OPC_ERR_INVALID_NODE_GROUP staticint OPC_ERR_INVALID_OPCDATA_TYPE staticint OPC_ERR_INVALID_OUTPARAM staticint OPC_ERR_INVALID_PARAM staticint OPC_ERR_INVALID_PATH staticint OPC_ERR_INVALID_PROG_OR_MIB staticint OPC_ERR_INVALID_TEMPLATE_TYPE staticint OPC_ERR_INVALID_USER staticint OPC_ERR_LAST_REFERENCE staticint OPC_ERR_LAYOUTGROUP_IS_HOLDING_AREA staticint OPC_ERR_LAYOUTGROUP_NOT_EMPTY HP Operations Manager (9.00) Page 1220 of 1297 Online Help staticint OPC_ERR_LAYOUTGROUP_NOT_FOUND staticint OPC_ERR_LOCKED_BY_OTHER staticint OPC_ERR_MISC_NOT_ALLOWED staticint OPC_ERR_MLM_NAME_REQUIRED staticint OPC_ERR_MSG_IS_READONLY staticint OPC_ERR_MSG_NOT_ACTIVE staticint OPC_ERR_MSG_OWNED_BY_ANOTHER_USER staticint OPC_ERR_MSI_BUF_FULL staticint OPC_ERR_NAME_EXISTS staticint OPC_ERR_NO_ACTION_DEFINED staticint OPC_ERR_NO_AGENT staticint OPC_ERR_NO_ANNOTATIONS staticint OPC_ERR_NO_DATA staticint OPC_ERR_NO_ELEMENT staticint OPC_ERR_NO_ESCALATION_DEFINED staticint OPC_ERR_NO_LOGIN staticint OPC_ERR_NO_MEMORY staticint OPC_ERR_NO_OPERATOR_DEF HP Operations Manager (9.00) Page 1221 of 1297 Online Help staticint OPC_ERR_NO_PIPE_NAME staticint OPC_ERR_NO_QUEUE_NAME staticint OPC_ERR_NO_TRANSACTION staticint OPC_ERR_NODE_NOT_FOUND staticint OPC_ERR_NODEHIER_NOT_FOUND staticint OPC_ERR_NOT_ACKNOWLEDGED staticint OPC_ERR_NOT_COMPLETELY_DONE staticint OPC_ERR_OBJ_REQUIRED staticint OPC_ERR_OBJECT_ALREADY_ASSIGNED staticint OPC_ERR_OBJECT_ALREADY_EXISTS staticint OPC_ERR_OBJECT_NOT_ASSIGNED staticint OPC_ERR_OBJECT_NOT_FOUND staticint OPC_ERR_OBJECT_NOT_UNIQUE staticint OPC_ERR_OBJNAME_REQUIRED staticint OPC_ERR_OK staticint OPC_ERR_OUT_OF_RANGE staticint OPC_ERR_PROFILE_NOT_FOUND staticint OPC_ERR_STRING_TOO_LONG HP Operations Manager (9.00) Page 1222 of 1297 Online Help staticint OPC_ERR_SV_NOT_RUNNING staticint OPC_ERR_SYNTAX_ERROR staticint OPC_ERR_TEXT_REQUIRED staticint OPC_ERR_TRANSACTION_ALREADY_OPEN staticint OPC_ERR_USER_NOT_FOUND staticint OPC_ERR_WRONG_MSITYPE staticint OPC_ERR_WRONG_OPTION_VARS staticint OPC_SEV_CRITICAL staticint OPC_SEV_MAJOR staticint OPC_SEV_MINOR staticint OPC_SEV_NORMAL staticint OPC_SEV_UNCHANGED staticint OPC_SEV_UNKNOWN staticint OPC_SEV_WARNING staticint OPCDATA_ID staticint OPCDATA_MESSAGE_ID Field Detail OPC_ERR_OK public static final int OPC_ERR_OK HP Operations Manager (9.00) Page 1223 of 1297 Online Help OPC_ERR_APPL_REQUIRED public static final int OPC_ERR_APPL_REQUIRED OPC_ERR_OBJ_REQUIRED public static final int OPC_ERR_OBJ_REQUIRED OPC_ERR_TEXT_REQUIRED public static final int OPC_ERR_TEXT_REQUIRED OPC_ERR_INVAL_SEVERITY public static final int OPC_ERR_INVAL_SEVERITY OPC_ERR_OBJNAME_REQUIRED public static final int OPC_ERR_OBJNAME_REQUIRED OPC_ERR_MISC_NOT_ALLOWED public static final int OPC_ERR_MISC_NOT_ALLOWED OPC_ERR_INVAL_NODE public static final int OPC_ERR_INVAL_NODE OPC_ERR_NO_MEMORY public static final int OPC_ERR_NO_MEMORY OPC_ERR_NO_AGENT public static final int OPC_ERR_NO_AGENT OPC_ERR_CANT_INIT public static final int OPC_ERR_CANT_INIT OPC_ERR_NO_QUEUE_NAME public static final int OPC_ERR_NO_QUEUE_NAME HP Operations Manager (9.00) Page 1224 of 1297 Online Help OPC_ERR_CANT_OPEN_QUEUE public static final int OPC_ERR_CANT_OPEN_QUEUE OPC_ERR_CANT_WRITE_QUEUE public static final int OPC_ERR_CANT_WRITE_QUEUE OPC_ERR_NO_PIPE_NAME public static final int OPC_ERR_NO_PIPE_NAME OPC_ERR_CANT_OPEN_PIPE public static final int OPC_ERR_CANT_OPEN_PIPE OPC_ERR_CANT_GET_LOCAL_ADDR public static final int OPC_ERR_CANT_GET_LOCAL_ADDR OPC_ERR_CANT_INIT_MUTEX public static final int OPC_ERR_CANT_INIT_MUTEX OPC_ERR_CANT_LOCK_MUTEX public static final int OPC_ERR_CANT_LOCK_MUTEX OPC_ERR_CANT_READ_QUEUE public static final int OPC_ERR_CANT_READ_QUEUE OPC_ERR_INVALID_INPARAM public static final int OPC_ERR_INVALID_INPARAM OPC_ERR_INVALID_OUTPARAM public static final int OPC_ERR_INVALID_OUTPARAM OPC_ERR_INVALID_FIELD public static final int OPC_ERR_INVALID_FIELD HP Operations Manager (9.00) Page 1225 of 1297 Online Help OPC_ERR_NO_ELEMENT public static final int OPC_ERR_NO_ELEMENT OPC_ERR_INCOMPLETE_PARAM public static final int OPC_ERR_INCOMPLETE_PARAM OPC_ERR_INVALID_INTERFACE_TYPE public static final int OPC_ERR_INVALID_INTERFACE_TYPE OPC_ERR_INVALID_INTERFACE_INSTANCE public static final int OPC_ERR_INVALID_INTERFACE_INSTANCE OPC_ERR_INVALID_INTERFACE_ID public static final int OPC_ERR_INVALID_INTERFACE_ID OPC_ERR_INVALID_OPCDATA_TYPE public static final int OPC_ERR_INVALID_OPCDATA_TYPE OPC_ERR_CANT_OPEN_READQUEUE public static final int OPC_ERR_CANT_OPEN_READQUEUE OPC_ERR_CANT_OPEN_WRITEQUEUE public static final int OPC_ERR_CANT_OPEN_WRITEQUEUE OPC_ERR_CANT_INFORM_MSGM public static final int OPC_ERR_CANT_INFORM_MSGM OPC_ERR_CANT_INFORM_MSGA public static final int OPC_ERR_CANT_INFORM_MSGA OPC_ERR_CANT_READ_MSG public static final int OPC_ERR_CANT_READ_MSG HP Operations Manager (9.00) Page 1226 of 1297 Online Help OPC_ERR_CANT_WRITE_MSG public static final int OPC_ERR_CANT_WRITE_MSG OPC_ERR_WRONG_MSITYPE public static final int OPC_ERR_WRONG_MSITYPE OPC_ERR_NO_DATA public static final int OPC_ERR_NO_DATA OPC_ERR_EINTR public static final int OPC_ERR_EINTR OPC_ERR_MSI_BUF_FULL public static final int OPC_ERR_MSI_BUF_FULL OPC_ERR_SV_NOT_RUNNING public static final int OPC_ERR_SV_NOT_RUNNING OPC_ERR_ACCESS_DENIED public static final int OPC_ERR_ACCESS_DENIED OPC_ERR_NO_LOGIN public static final int OPC_ERR_NO_LOGIN OPC_ERR_CANT_CONNECT_DB public static final int OPC_ERR_CANT_CONNECT_DB OPC_ERR_NO_OPERATOR_DEF public static final int OPC_ERR_NO_OPERATOR_DEF OPC_ERR_CANT_DISCONNECT public static final int OPC_ERR_CANT_DISCONNECT HP Operations Manager (9.00) Page 1227 of 1297 Online Help OPC_ERR_INVALID_ID public static final int OPC_ERR_INVALID_ID OPC_ERR_NO_ANNOTATIONS public static final int OPC_ERR_NO_ANNOTATIONS OPC_ERR_ALREADY_DONE public static final int OPC_ERR_ALREADY_DONE OPC_ERR_NOT_ACKNOWLEDGED public static final int OPC_ERR_NOT_ACKNOWLEDGED OPC_ERR_DATABASE_ERROR public static final int OPC_ERR_DATABASE_ERROR OPC_ERR_CANT_INFORM_UI public static final int OPC_ERR_CANT_INFORM_UI OPC_ERR_CANT_CONNECT_DM public static final int OPC_ERR_CANT_CONNECT_DM OPC_ERR_MSG_OWNED_BY_ANOTHER_USER public static final int OPC_ERR_MSG_OWNED_BY_ANOTHER_USER OPC_ERR_NO_ESCALATION_DEFINED public static final int OPC_ERR_NO_ESCALATION_DEFINED OPC_ERR_ESCALATION_FAILED public static final int OPC_ERR_ESCALATION_FAILED OPC_ERR_ACTION_RUNNING public static final int OPC_ERR_ACTION_RUNNING HP Operations Manager (9.00) Page 1228 of 1297 Online Help OPC_ERR_NO_ACTION_DEFINED public static final int OPC_ERR_NO_ACTION_DEFINED OPC_ERR_ACTION_FAILED public static final int OPC_ERR_ACTION_FAILED OPC_ERR_OBJECT_NOT_FOUND public static final int OPC_ERR_OBJECT_NOT_FOUND OPC_ERR_OBJECT_NOT_UNIQUE public static final int OPC_ERR_OBJECT_NOT_UNIQUE OPC_ERR_OBJECT_ALREADY_EXISTS public static final int OPC_ERR_OBJECT_ALREADY_EXISTS OPC_ERR_OUT_OF_RANGE public static final int OPC_ERR_OUT_OF_RANGE OPC_ERR_DB_WARNING public static final int OPC_ERR_DB_WARNING OPC_ERR_DB_INCONSISTENT public static final int OPC_ERR_DB_INCONSISTENT OPC_ERR_INVALID_NODE_GROUP public static final int OPC_ERR_INVALID_NODE_GROUP OPC_ERR_INVALID_MESSAGE_GROUP public static final int OPC_ERR_INVALID_MESSAGE_GROUP OPC_ERR_NOT_COMPLETELY_DONE public static final int OPC_ERR_NOT_COMPLETELY_DONE HP Operations Manager (9.00) Page 1229 of 1297 Online Help OPC_ERR_CANT_OPEN_FILE public static final int OPC_ERR_CANT_OPEN_FILE OPC_ERR_CANT_ADD_TEMPLATE public static final int OPC_ERR_CANT_ADD_TEMPLATE OPC_ERR_WRONG_OPTION_VARS public static final int OPC_ERR_WRONG_OPTION_VARS OPC_ERR_SYNTAX_ERROR public static final int OPC_ERR_SYNTAX_ERROR OPC_ERR_CANT_WRITE_FILE public static final int OPC_ERR_CANT_WRITE_FILE OPC_ERR_INVALID_USER public static final int OPC_ERR_INVALID_USER OPC_ERR_TRANSACTION_ALREADY_OPEN public static final int OPC_ERR_TRANSACTION_ALREADY_OPEN OPC_ERR_NO_TRANSACTION public static final int OPC_ERR_NO_TRANSACTION OPC_ERR_STRING_TOO_LONG public static final int OPC_ERR_STRING_TOO_LONG OPC_ERR_NAME_EXISTS public static final int OPC_ERR_NAME_EXISTS OPC_ERR_GROUP_NAME_EXISTS public static final int OPC_ERR_GROUP_NAME_EXISTS HP Operations Manager (9.00) Page 1230 of 1297 Online Help OPC_ERR_MSG_NOT_ACTIVE public static final int OPC_ERR_MSG_NOT_ACTIVE OPC_ERR_MSG_IS_READONLY public static final int OPC_ERR_MSG_IS_READONLY OPC_ERR_INVALID_NAME public static final int OPC_ERR_INVALID_NAME OPC_ERR_INVALID_ANNOTATION public static final int OPC_ERR_INVALID_ANNOTATION OPC_ERR_INVALID_APPLICATION public static final int OPC_ERR_INVALID_APPLICATION OPC_ERR_INVALID_PARAM public static final int OPC_ERR_INVALID_PARAM OPC_ERR_LOCKED_BY_OTHER public static final int OPC_ERR_LOCKED_BY_OTHER OPC_ERR_DEADLOCK public static final int OPC_ERR_DEADLOCK OPC_ERR_OBJECT_ALREADY_ASSIGNED public static final int OPC_ERR_OBJECT_ALREADY_ASSIGNED OPC_ERR_OBJECT_NOT_ASSIGNED public static final int OPC_ERR_OBJECT_NOT_ASSIGNED OPC_ERR_NODEHIER_NOT_FOUND public static final int OPC_ERR_NODEHIER_NOT_FOUND HP Operations Manager (9.00) Page 1231 of 1297 Online Help OPC_ERR_LAYOUTGROUP_NOT_FOUND public static final int OPC_ERR_LAYOUTGROUP_NOT_FOUND OPC_ERR_NODE_NOT_FOUND public static final int OPC_ERR_NODE_NOT_FOUND OPC_ERR_USER_NOT_FOUND public static final int OPC_ERR_USER_NOT_FOUND OPC_ERR_PROFILE_NOT_FOUND public static final int OPC_ERR_PROFILE_NOT_FOUND OPC_ERR_APPL_NOT_FOUND public static final int OPC_ERR_APPL_NOT_FOUND OPC_ERR_APPLGROUP_NOT_FOUND public static final int OPC_ERR_APPLGROUP_NOT_FOUND OPC_ERR_LAYOUTGROUP_NOT_EMPTY public static final int OPC_ERR_LAYOUTGROUP_NOT_EMPTY OPC_ERR_LAYOUTGROUP_IS_HOLDING_AREA public static final int OPC_ERR_LAYOUTGROUP_IS_HOLDING_AREA OPC_ERR_LAST_REFERENCE public static final int OPC_ERR_LAST_REFERENCE OPC_ERR_CANT_GET_MGMTSV_ADDRESS public static final int OPC_ERR_CANT_GET_MGMTSV_ADDRESS OPC_ERR_MLM_NAME_REQUIRED public static final int OPC_ERR_MLM_NAME_REQUIRED HP Operations Manager (9.00) Page 1232 of 1297 Online Help OPC_ERR_INVALID_NAME_LENGTH public static final int OPC_ERR_INVALID_NAME_LENGTH OPC_ERR_INVALID_DESCRIPTION_LENGTH public static final int OPC_ERR_INVALID_DESCRIPTION_LENGTH OPC_ERR_INVALID_COMMAND public static final int OPC_ERR_INVALID_COMMAND OPC_ERR_INVALID_INTERVAL public static final int OPC_ERR_INVALID_INTERVAL OPC_ERR_INVALID_FILE public static final int OPC_ERR_INVALID_FILE OPC_ERR_INVALID_PATH public static final int OPC_ERR_INVALID_PATH OPC_ERR_INVALID_MODE public static final int OPC_ERR_INVALID_MODE OPC_ERR_INVALID_CHARSET public static final int OPC_ERR_INVALID_CHARSET OPC_ERR_INVALID_EXEC_USER public static final int OPC_ERR_INVALID_EXEC_USER OPC_ERR_INVALID_PROG_OR_MIB public static final int OPC_ERR_INVALID_PROG_OR_MIB OPC_ERR_INVALID_MINMAX public static final int OPC_ERR_INVALID_MINMAX HP Operations Manager (9.00) Page 1233 of 1297 Online Help OPC_ERR_INVALID_MSG_GENERATION public static final int OPC_ERR_INVALID_MSG_GENERATION OPC_ERR_INVALID_TEMPLATE_TYPE public static final int OPC_ERR_INVALID_TEMPLATE_TYPE OPC_ERR_FUNC_NOT_IMPL_YET public static final int OPC_ERR_FUNC_NOT_IMPL_YET OPC_ERR_DUMMY_FUNCTION_CALLED public static final int OPC_ERR_DUMMY_FUNCTION_CALLED OPC_SEV_UNCHANGED public static final int OPC_SEV_UNCHANGED OPC_SEV_UNKNOWN public static final int OPC_SEV_UNKNOWN OPC_SEV_NORMAL public static final int OPC_SEV_NORMAL OPC_SEV_WARNING public static final int OPC_SEV_WARNING OPC_SEV_CRITICAL public static final int OPC_SEV_CRITICAL OPC_SEV_MINOR public static final int OPC_SEV_MINOR OPC_SEV_MAJOR public static final int OPC_SEV_MAJOR HP Operations Manager (9.00) Page 1234 of 1297 Online Help OPCDATA_ID public static final int OPCDATA_ID OPCDATA_MESSAGE_ID public static final int OPCDATA_MESSAGE_ID HP Operations Manager (9.00) Page 1235 of 1297 Online Help Agent Message Stream Interface (MSI) The agent-based message streaminterface (MSI) enables external applications to read and change incoming messages on the managed node before they are sent to the management server. This can help to reduce the amount of network traffic considerably. A typical external application might be an event correlation engine, for example HP Event Correlation Services. If you develop your own MSI applications using the Interface APIs provided, you must install the applications on the managed node. You must then enable the agent MSI on the managed node and specify for each policy that generates a message whether the agent should divert or copy the message to the MSI. Otherwise, the message bypasses the MSI. Note: The agent MSI supports C APIs only. 32-bit APIs are built using Microsoft Visual Studio 2005. The information in this HPOMAgent Application Integration Guide is only for version 8.60 and lower of HP Operations agent. Enable the Agent Message Stream Interface On the management server, create a nodeinfo policy containing the following parameters. Then deploy the nodeinfo policy to the managed nodes on which you want to enable the MSI. l HTTPS agents ;XPL config [eaagt] OPC_AGTMSI_ENABLE = TRUE OPC_AGTMSI_ALLOW_AA = FALSE (optional) OPC_AGTMSI_ALLOW_OA = FALSE (optional) OPC_MSI_CREATE_NEW_MSGID = 2 (optional) l DCE agents OPC_AGTMSI_ENABLE TRUE OPC_AGTMSI_ALLOW_AA FALSE (optional) OPC_AGTMSI_ALLOW_OA FALSE (optional) OPC_MSI_CREATE_NEW_MSGID 2 (optional) Parameter Default Value Description OPC_ AGTMSI_ ENABLE FALSE Enables the agent MSI. OPC_ AGTMSI_ ALLOW_ AA FALSE Allows automatic commands in messages. If set to FALSE, the agent discards the commands in the messages. OPC_ AGTMSI_ ALLOW_ OA FALSE Allows operator initiated commands in messages. If set to FALSE, the agent discards the commands in the messages. HP Operations Manager (9.00) Page 1236 of 1297 Online Help OPC_ MSI_ CREATE_ NEW_ MSGID 2 Determines how message IDs are created when messages are sent to the agent MSI. 1 = Create a new message ID each time a message attribute is changed or the API copy-operator is called. 2 = Do not create a new message ID when message attributes change if this message was diverted and sent to only one instance. If you apply the API copy-operator to a message, the copy is no longer diverted and later attribute changes lead to a new message ID. For changed messages, the attribute OPCDATA_ORIGMSGID contains the original message ID (otherwise it contains a null ID). 3 = Same as 2, except that the API copy-operator immediately creates a new message ID for the copy. 4 = Do not modify message IDs. The API-user is responsible for modifying the message IDs. Tip: You can also use the ovconfchg command-line tool to set these parameters on HTTPS agents; for example, ovconfchg -ns eaagt OPC_AGTMSI_ENABLE TRUE. Related Topics: l Order of access to the MSI l Interface API l Developing agent policies Order of access to the MSI You can control the order in which application instances can read and change the streamof incoming messages. An application instance with a lower order number is able to read, change, and delete messages before an application instance with a higher order number. To specify the order in which application instances access the message stream, create a text file called msiconf on the managed node. List all registered MSI application instances in this file and assign an appropriate order number to each application instance. Registered MSI applications that are not listed in the msiconf file are given an order number of zero (0). The HP Operations agent reads the msiconf file whenever an MSI instance opens or closes a connection to the agent MSI. Specify the order of access to the MSI 1. On the managed node, create a text file that specifies each application instance and the corresponding order number: <application_instance><order_number> <application_instance> corresponds to the name of the MSI application registered with the HP Operations agent. The instance name can contain up to 13 alphanumeric characters. HP Operations Manager (9.00) Page 1237 of 1297 Online Help <order_number> specifies the order in which the registered MSI application receives a message fromthe HP Operations agent (lowest to highest). Specify an order number in the range -127 to 127. Use newlines to separate application instances, and use spaces or tabs to separate application instances fromorder numbers. If multiple application instances have the same order number, the management server forwards messages to all the application instances at the same time. Caution: Forwarding messages to multiple application instances at the same time can have undesirable results with diverted messages, because there will be two messages in the message streamwith the same message ID. The same problemcan also occur with messages that are copied to the MSI, if at least two application instances receive the same message in parallel and do not modify it. 2. Optional. Add comments on lines that begin with the number sign (#). 3. Save the file in the following directory on the managed node: n On nodes with a Windows operating system: %OvDataDir%\conf\OpC\msiconf n On nodes with a UNIX or Linux operating system: /var/opt/OV/conf/OpC/msiconf msiconf example counter -10 evtcorr 0 proca 10 procb 10 enhtt 20 Related Topics: l Agent Message StreamInterface (MSI) l Interface API HP Operations Manager (9.00) Page 1238 of 1297 Online Help Adapters and Integrations Other HP BTOSoftware products, such as HP Performance Manager and HP Reporter integrate with HP Operations Manager for Windows. This section lists and describes available integrations, adapters, and add-on modules. HP Performance Manager Integration HPPerformanceManager is a web-based tool that enables you to analyze systemperformance and resource utilization using graphs. HPPerformanceManager provides preformatted graphs and also enables you to design your own graphs. For details of the versions supported for integration with HP Operations Manager for Windows, see the support matrix at HP Software Support Online. This version of HPOMdoes not include a built-in graph designer or viewer. However, the license to use HPOMincludes a separate license key for HP Performance Manager. The included license key enables you to install and use HP Performance Manager on the same computer as your HPOM management server. (The license key for HP Performance Manager is different to the license key for the HPOMmanagement server.) If you install HP Performance Manager on the same computer as your HPOMmanagement server, the Graphs snap-in appears in the HPOMconsole tree. You can access the graphs that HP Performance Manager generates, directly fromthe HPOMconsole. Also, HP Performance Manager can load the list of nodes and node groups fromHPOM. HP Operations agents gather and store performance data locally on nodes. HP Performance Manager can connect to any nodes that have an HPOMagent, and request performance data to generate graphs fromthat node. You can associate graphs with node groups, services, and service types. This enables you to more easily access appropriate reports for those node groups and services. Each time you request a graph, HP Performance Manager requests the performance data fromthe node, and generates the graph immediately. Related Topics: l Configure HP Performance Manager integration l Show graphs l Node group reports and graphs properties l Configure reports and graphs for services l Configure reports and graphs for service types Configure HP Performance Manager integration If you install HP Performance Manager on the same computer as your HPOMmanagement server, the installation configures the integration between HPOMand HP Performance Manager automatically. For more details, see the HP Performance Manager Installation Guide, which is available fromthe HP Performance Manager installation media or the product manuals search page at HP Software Support Online. HP Operations Manager (9.00) Page 1239 of 1297 Online Help Adapters and Integrations After you install HP Performance Manager, the Graphs snap-in appears in the HPOMconsole tree. You can configure whether operators can view graphs by setting the Graphs can be viewed check box in their user roles. Reconfigure the HP Performance Manager ports in HPOM The default ports that HPOMuses to connect to HP Performance Manager are preconfigured on the HPOMmanagement server. If you reconfigure HP Performance Manager to use different ports, you can reconfigure HPOMto connect to a these ports. 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click HP Performance Manager Integration. A list of values appears. 3. Optional. Set the value of HTTP Port. 4. Optional. Set the value of HTTPS Port. 5. Click Apply. Enable file downloads in Group Policy To be able to export graphs fromthe HP Performance Manager Graph Design Wizard fromwithin the HPOMconsole, you must first configure your web browser to allow file downloads fromthe Internet Zone. You can do this locally on the computer that runs the remote console, or globally for all computers in the domain. 1. Start Group Policy Object Editor. 2. Navigate to the following policy object: Local Computer Policy User Configuration Administrative Templates Windows Components Internet Explorer Internet Control Panel Security Page Internet Zone Allow file downloads 3. Enable the Allow file downloads policy to allow file downloads fromthe Internet Zone. Note: The HPOMconsole requests graphs directly fromthe HP Performance Manager server using standard Windows web browsing components. For each computer that runs an HPOM console, the Internet Options in Windows must be correctly configured to communicate with the HP Performance Manager web server. Related Topics: l Configure general information for user roles Show graphs HPOMenables you to access the graphs that HP Performance Manager generates, directly from the HPOMconsole. You can do this fromthe following starting points: l the Graphs snap-in l a node group l a service l a message HP Operations Manager (9.00) Page 1240 of 1297 Online Help Adapters and Integrations You can configure whether reports appear in a new window or the details pane. To do this, open the Console Properties dialog and set the Show results in new window check box. To showa graph from the Graphs snap-in 1. In the console tree, expand Graphs. The console tree shows the available graph families. 2. Expand a graph family. The console tree shows the graph categories. 3. Click a graph category. The details pane shows the available graphs. Tip: You may need to click Refresh to update the list of available graphs. 4. Double-click a graph. The Show Graph wizard opens. 5. In the node tree, select the nodes that you want to see a graph for. To open several graphs at the same time, select node groups or multiple nodes. Click Next. 6. Select a Date Range that corresponds to the period you want to analyze. 7. Select a Granularity to specify how much detail you need. 8. Optional. Select the Periodically update data in graph checkbox to have your graph automatically refreshed. Clearing this check box can increase graph performance. 9. Click Show. A new window opens, which shows the graph. If you selected node groups or multiple nodes, each graph appears on a separate tab in this window. Tip: Expand Temporary Graphs in the console tree for a list of reports that you viewed recently. Click any graphs that you want to review. To showa graph for a node group 1. In the console tree, right-click a node group, and then click All Tasks Show Graph... The Show Graph wizard opens. 2. The Show Graph wizard shows a tree that contains all graphs that are available for this node group. Expand the graph family and graph category for the graph that you need. 3. Click a graph in the tree, and then click Next. A node tree appears. 4. In the node tree, the nodes in the node group are preselected. You can optionally change the preselection. Click Next. 5. Select a Date Range that corresponds to the period you want to analyze. 6. Select a Granularity to specify how much detail you need. 7. Optional. Select the Periodically update data in graph checkbox to have your graph automatically refreshed. Clearing this check box can increase graph performance. 8. Click Show. A new window opens, which shows the graph for each node that you selected. Each graph appears on a separate tab in this window. Note: You can only show a graph for a node group after the administrator associates graphs with the node group. (For more information, see View node group reports and graphs properties.) HP Operations Manager (9.00) Page 1241 of 1297 Online Help Adapters and Integrations To showa graph from a service 1. In the console tree, right-click the service, and then click All Tasks Show Graph... or in the service map, right-click the service, and then click Show Graph.... The Show Graph wizard opens. 2. The Show Graph wizard shows a tree that contains all graphs that are available for this node group. Expand the graph family and graph category for the graph that you need. 3. Click a graph in the tree, and then click Next. A node tree appears. 4. In the node tree, select the nodes that you want to see a graph for. To open several graphs at the same time, select node groups or multiple nodes. Click Next. 5. Select a Date Range that corresponds to the period you want to analyze. 6. Select a Granularity to specify how much detail you need. 7. Optional. Select the Periodically update data in graph checkbox to have your graph automatically refreshed. Clearing this check box can increase graph performance. 8. Click Show. A new window opens, which shows the graph for each node that you selected. Each graph appears on a separate tab in this window. Note: You can only show graphs froma service after the administrator associates a graph family or graph category with the service or service type. (For more information, see Configure reports and graphs for service types.) To showa graph from a message In the message browser, you can right-click a message, and then click Show Graph Nodes... or Show Graph Services.... The Show Graph wizard opens. For some messages, the operator-initiated command shows a graph. To start an operator-initiated command, right-click the message, and then click Commands Start Operator Initiated. You can define operator-initiated commands that launch graphs in measurement threshold policies. Tip: To print a graph fromthe HP Performance Manager window, click Graphs Show Print View. Your default Internet browser opens, with a view of the graph for you to print using the browser's print command. Related topics l Specify console general properties l Configure start actions in measurement threshold policies HP Reporter Integration HP Reporter is a flexible management reporting solution for the distributed IT environment. The license to use HPOMincludes a separate license key for HP Reporter. (The license key for HP Reporter is different to the license key for the HPOMmanagement server.) The HP Operations Reports for Windows reports package contains report templates for event and service reports for use with HP Reporter. These provide short-, medium-, or long-termviews of your IT environment. You can use the reports, for example, to analyze trends in the following ways: HP Operations Manager (9.00) Page 1242 of 1297 Online Help Adapters and Integrations l Identify potential bottlenecks in your IT system, so that you can take action before problems appear. l Make accurate predictions for future upgrades. l Collect accurate information to measure service levels. Note: The HP Operations Reports for Windows support unplanned outages. The following reports provide information on unplanned outages: l Node Outage Messages l OutageMess Overview l Service Outage Messages Other reports exclude information on nodes and services that are in unplanned outage mode. The following reports exclude information on nodes and services that are in unplanned outage mode: l AppSeverity l AckOper l AppMessTrend l ConfMessUnassMess l ConfMessUnassMessOP l ConfMessTTandITI l MessGrpTrend l MessLoadOper l MessSeverityTrend l NodeGrpTrend l NodeSeverity l PeakHours l ServTrend l ServSeverity l TopShakyServices HPOMalso enables you to access any of the other reports that HP Reporter generates, directly fromthe HPOMconsole. You can install HP Reporter on the same computer as your HPOMmanagement server (32 bit only), or on a different computer. For details of the versions supported for integration with HPOM, see the support matrix at HP Software Support Online. You may need to configure HP Reporter with details of the HPOMmanagement server, and install the HPOMreports package. (If you install the HPOMmanagement server on a computer that already has HP Reporter installed, the HPOM installation installs the reports package automatically. Otherwise, you can install the reports package fromthe installation media.) HP Operations Manager (9.00) Page 1243 of 1297 Online Help Adapters and Integrations After you configure the HP Reporter integration, the Reports snap-in appears in the console tree. HP Reporter adds your HPOMmanaged nodes and node groups to its database of discovered systems, and begins to gather data fromthem. HP Reporter uses the gathered data and report templates to generate reports. HP Reporter generates some reports that aggregate data fromall discovered nodes. It is also often useful to have a report that aggregates data froma particular subset of nodes. HPOMenables you to associate a report template with a node group using the console. HP Reporter then generates the reports for the node group, and any subgroups. However, HP Reporter runs jobs that gather data and generate reports according to a schedule. (This is by default once a night, but you can reschedule the jobs and start themon demand fromthe HP Reporter interface.) Therefore, after you make changes to nodes and node groups in the HPOMconsole, there is a delay before HP Reporter updates the reports to show the changes. You can also associate reports with services, and service types using the HPOMconsole. This does not configure HP Reporter to generate any new reports, but enables you to more easily access appropriate reports for those services. Note: HP Reporter also enables you to generate reports for individual nodes. However, you can access these only fromthe HP Reporter interface. Related Topics: l Put nodes into unplanned outage mode l Put services into unplanned outage mode l Configure HP Reporter integration l Show reports l View node group reports and graphs properties l Configure reports and graphs for services l Configure reports and graphs for service types Configure HP Reporter integration HP Reporter software is not installed by default with HPOM. You can install HP Reporter on the same computer as your HPOMmanagement server (32 bit only), or on a different computer. The HP Reporter installation media is included with the HPOMinstallation media bundle. Configure HP Reporter with details of HPOM After you install HP Reporter, you must configure HP Reporter with details of the HPOM management server. For more details, see the HP Reporter Installation and Special Integrations Guide. (In the HP Reporter interface, click Help Reporter Document Set or check the product manuals search page at HP Software Support Online.) After you configure HP Reporter with details of HPOM, the Reports snap-in appears in the HPOM console tree. You can configure whether operators can view reports by setting the Reports can be viewed check box in their user roles. HP Operations Manager (9.00) Page 1244 of 1297 Online Help Adapters and Integrations Install HPOM reports package The 32 bit version of HPOMprovides a reports package for use with HP Reporter. If you install the HPOMmanagement server on a computer that already has HP Reporter installed, the HPOM installation installs the package automatically. Otherwise, you can find the reports package installer in the following location on the HPOMinstallation media for 32 bit installations: \Packages\FoundationCore\HPOMServiceReports\HPOvMgrRpt-<version number>-WinNT4.0-release.msi The HPOMinstallation media for 64 bit installations does not include the reports package. You can install the reports package on a 32 bit HP Reporter computer using the HP Operations Smart Plug- ins DVD. Configure the HP Reporter server name and port in HPOM HP Reporter automatically configures its server name and port on the HPOMmanagement server if installed on the same computer as the HPOMmanagement server. If installed on a different computer or if these details later change, you can configure HPOMto connect to a different server or port. 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click HP Reporter Integration. A list of values appears. 3. Optional. Set the value of Port. (The default port of the HP Reporter web server is port 80.) 4. Set the value of Server name. Note: If you set an empty Server name, the Reports snap-in disappears fromthe console tree. 5. Click Apply. Note: The HPOMconsole requests reports directly fromthe HP Reporter server using Windows components. For each computer that runs an HPOMconsole, the Internet Options (for example, proxy settings) in Windows must be correctly configured to communicate with the HP Reporter web server. Related Topics: l Configure general information for user roles Show reports HPOMenables you to access the reports that HP Reporter generates, directly fromthe HPOM console. You can do this fromthe following starting points: l the Reports MMC Microsoft Management Console snap-in l a node group l a service l a message You can configure whether reports appear in a new window or the details pane. To do this, open the Console Properties dialog and set the Show results in new window check box. HP Operations Manager (9.00) Page 1245 of 1297 Online Help Adapters and Integrations To showreports from the Reports snap-in 1. In the console tree, expand Reports. The console tree shows the available report families. 2. Expand a report family. The console tree shows the report categories. 3. Click a report category. The details pane shows the available reports. For each report, the list shows which templates are available for the report definition (all, group, and system). 4. Double-click a report. The report appears in a new window or the details pane. If there is more than one template for the report definition, the default report appears. TIP: Expand Temporary Reports in the console tree for a list of reports that you viewed recently. Click any reports that you want to review. To showa report for a node group 1. In the console tree, right-click a node group, and then click All Tasks Show Report... The Show Report wizard opens. 2. The Show Report wizard shows a tree that contains all reports that are available for this node group. Expand the node group, report family, and report category for the report that you need. 3. Click the report in the tree, and then click Show. The report appears in a new window or the details pane. NOTE: You can only show a report for a node group after the administrator associates reports with the node group. (For more information, see Node group reports and graphs properties.) There is then a delay before the reports are available because HP Reporter generates reports according to a schedule. To showa report from a service 1. In the console tree, right-click the service, and then click All Tasks Show Report... or in the service map, right-click the service, and then click Show Report.... The Show Report wizard opens. 2. The Show Report wizard shows a tree that contains a report family. Expand the report family and a report category for the report that you need. 3. Click the report in the tree, and then click Show. The report appears in a new window or the details pane. NOTE: You can only show reports froma service after the administrator associates a report family or report category with the service or service type. (For more information, see Configure reports and graphs for service types.) To showa report for a message In the message browser, you can right-click a message, and then click Show Report Nodes... or Show Report Services.... The Show Report wizard opens. HP Operations Manager (9.00) Page 1246 of 1297 Online Help Adapters and Integrations Tip: To print a report that is currently showing, press CTRL + P. Related Topics: l Specify console General properties Configure service logging The management server calculates the current status of each service, based on active messages that contain the service's ID. By default, the management server does not store service statuses in the database. However, the service reports that HPOMprovides require data on how the status of services change over time. Therefore if you intend to use service reports, you must configure the service logger to store status changes of the services that you are interested in. You configure the service logger using a tool, which you launch fromthe console. The service logger itself runs as a Windows service (OvServiceLogger), which checks service statuses every five minutes and logs changes. To configure service logging 1. In the console tree, expand Tools HP Operations Manager Tools Service Logging. 2. In the details pane, double-click ServiceLogger Service GUI. The Service Logger Configuration dialog appears. 3. Select the check box of each service that you want service reports for. You can uniquely identifiy services using their service IDs. Service names are not necessarily unique. 4. Click OK. 5. Wait until HP Reporter next runs the jobs that gather data and generate reports. This is by default once a night. 6. In the console tree, expand Reports OVO/Windows History OVO/Windows Services. 7. Double-click a report. A new window opens, which shows the report. Related Topics: l Configure HP Reporter integration HP NNMi Adapter HP NNMi Adapter forwards incidents fromHP Network Node Manager i Software (NNMi) into the HP Operations Manager (HPOM) for Windows active messages browser. It also provides easy access to the NNMi console fromwithin HPOM. The HPOMintegration with HP NNMi is available in two implementations: l HPOM agent implementation When using the HPOMagent implementation, the HP NNMi Adapter forwards NNMi incidents as SNMPv2 traps to an HPOMagent on the NNMi management server. The HPOMagent filters the SNMPv2 traps and sends themas messages to the HPOMmanagement server. The configuration of the HPOMagent determines which HPOMmanagement server receives the message. HP Operations Manager (9.00) Page 1247 of 1297 Online Help Adapters and Integrations The HPOMagent implementation of the HP NNMi-HPOMintegration is available as of NNMi version 8.12. This implementation is the preferred solution for integrating HPOMwith NNMi. l HPOM web service implementation When using the HPOMweb service implementation, the HP NNMi Adapter forwards NNMi incidents to the HPOMactive messages browser and synchronizes incidents between NNMi and HPOM. You can also configure filters in NNMi that enable incidents to be forwarded to HPOMonly when they meet certain criteria. The web service implementation of the HP NNMi-HPOMintegration is available as of NNMi version 8.03. The HPOMagent implementation is the preferred solution for integrating HPOM with NNMi. Note: If the HPOMagent and the web service implementations of the HP NNMi-HPOMintegration both send messages to the same HPOMmanagement server, you might not see all messages from both implementations in the HPOMactive messages browser. For this reason, HP does not support running both implementations of the HP NNMi-HPOMintegration to the same HPOM management server concurrently. You can see the forwarded NNMi incidents in the HPOMactive messages browser. These messages in the HPOMbrowser are associated with the original incidents reported in NNMi. So fromwithin HPOMyou can launch the NNMi incident browser showing the original incident. Each NNMi incident has a unique identity, so that even where HPOMis consolidating events across multiple NNMi management server installations, you can trace a particular incident back to its origin in NNMi and investigate it. The HP NNMi Adapter is installed automatically with HPOMfor Windows, but you need to enable the HPOMagent or web service implementation before you can use it. HP NNMi Web Tools HPOMprovides HP NNMi Web Tools for accessing forms, views, and tools in the NNMi console. You can access the HP NNMi web tools fromnodes in the HPOMconsole, and fromthe active and acknowledged message browsers. For example, you can open an NNMi incident directly fromthe HPOMactive messages browser. The NNMi web tools give users access to the NNMi console: l Users can open an NNMi incident formin the context of a selected message. l Users can launch an NNMi view (for example, the Layer 2 Neighbor view) in the context of a selected message or node. l Users can launch an NNMi tool (for example, status poll) in the context of a selected message or node. Custom Message Attributes The HP NNMi-HPOMintegration includes custommessage attributes with each HPOMmessage. View custommessage attributes Custom message attribute Description OPR_CI_INFO If available, the UCMDB (Universal Configuration Management HP Operations Manager (9.00) Page 1248 of 1297 Online Help Adapters and Integrations Database) ID of either the node or source object. condition_name The name of the condition producing this message as defined by the policy. (Agent implementation only.) nnm.assignedTo If assigned, the user ID of the NNMi user owning the incident. nnm.category The NNMi incident category assigned to the incident or event. Out of the box categories include: com.hp.nms.incident.category.Accounting com.hp.nms.incident.category.Application Status com.hp.nms.incident.category.Configuration com.hp.nms.incident.category.Fault com.hp.nms.incident.category.Performance com.hp.nms.incident.category.Security com.hp.nms.incident.category.Status nnm.emittingNode.name The hostname or IP address of the node the incident or event is associated with. nnm.emittingNode.uuid The NNMi assigned UUID (Universally Unique Identifier) of the node the incident/event is associated with. nnm.incident.uuid The NNMi assigned UUID of the incident. nnm.name The name of the incident or event as configured in NNMi. nnm.origin Identifies the originator of the incident or event. nnm.priority Agent implementation: top(1) high(2) medium(3) low(4) none(5) Web service implementation: com.hp.nms.incident.priority.Top com.hp.nms.incident.priority.High com.hp.nms.incident.priority.Medium com.hp.nms.incident.priority.Low com.hp.nms.incident.priority.None nnm.server.name Hostname or IP address of the NNMi server that forwarded the event. nnm.server.port The NNMi application server port number. nnm.source.name The NNMi assigned name of the object or device the incident or event is associated with. nnm.source.type The NNMi assigned type of the object or device the incident or event is com.hp.ov.nms.model.core.Node com.hp.ov.nms.model.core.Interface HP Operations Manager (9.00) Page 1249 of 1297 Online Help Adapters and Integrations nnm.source.uuid The NNMi assigned UUID of the object or device the incident or event is associated with. Related Topics: l Agent implementation of the NNMi Adapter l Web service implementation of the NNMi Adapter l Enable the agent implementation l Enable the web service implementation l NNMi web tools Agent implementation of the NNMi Adapter When using the HPOMagent implementation, the HP NNMi Adapter forwards NNMi incidents as SNMPv2 traps to an HPOMagent on the NNMi management server. The HPOMagent filters the SNMPv2 traps and and sends themas messages to the HPOMmanagement server. The configuration of the HPOMagent determines which HPOMmanagement server receives the message. The HPOMagent implementation of the HP NNMi-HPOMintegration is available as of NNMi version 8.12. This implementation is the preferred solution for integrating HPOMwith NNMi. Note: If the HPOMagent and the web service implementations of the HP NNMi-HPOMintegration both send messages to the same HPOMmanagement server, you might not see all messages from both implementations in the HPOMactive messages browser. For this reason, HP does not support running both implementations of the HP NNMi-HPOMintegration to the same HPOM management server concurrently. In NNMi, incidents can be generated directly by NNMi (called management events) or generated fromSNMP traps. The NNMi northbound interface makes these incidents available as SNMPv2 traps. The HPOMagent listens at the northbound interface for these SNMPv2 traps. An SNMP Interceptor policy determines how the agent filters and processes the SNMPv2 traps. The SNMP Interceptor policy is based on an SNMP Interceptor policy file that you generate on the NNMi management server. The SNMP Interceptor policy file includes an SNMPv2 trap definition for each of the management events and SNMP traps in the current NNMi configuration. The HPOM agent sends traps that pass the filters of the policy as messages to the HPOMmanagement server. The HP NNMi-HPOMintegration provides a one-way flow of NNMi incidents to HPOM. When the lifecycle state of an incident changes to closed in NNMi, NNMi forwards a close event to HPOM. HPOMacknowledges the message for the original incident in the HPOMactive messages browser. NNMi sends only one copy of each management event or SNMP trap to the HPOMagent. If you configure the HP NNMi-HPOMintegration to forward all received SNMP traps and the HPOM management server receives SNMP traps directly fromdevices that NNMi manages, HPOM receives duplicate device traps. You can set the policies to correlate SNMP traps fromNNMi with those that HPOMreceives directly frommanaged devices. You can see the forwarded NNMi incidents in the HPOMactive messages browser. The tools in the HP NNMi Web Tools group provide access to NNMi views in the context of the selected message. Information embedded in each message supports this cross-navigation: HP Operations Manager (9.00) Page 1250 of 1297 Online Help Adapters and Integrations l The nnmi.server.name and nnmi.server.port custommessage attributes in the message identify the NNMi management server. l The nnmi.incident.uuid custommessage attribute identifies the incident in the NNMi database. The original trap source appears in the Object column of the HPOMactive messages browser and in the nnm.source.name custommessage attribute. A number of tools, in the HP NNMi Web Tools group, are integrated into HPOMfor Windows. You can access NNMi web tools fromnodes in the HPOMconsole, and fromthe active and acknowledged message browsers. Related Topics: l Enable the agent implementation l NNMi web tools Enable the agent implementation The HP NNMi Adapter is installed automatically with HP Operations Manager for Windows. The HP NNMi-HPOMintegration uses the nnmi-northbound integration module and the nnmopcexport.ovpl tool, which are part of NNMi 8.12 or higher. NNMi and HPOMmust be installed on separate computers. The NNMi management server and the HPOMmanagement server computer can be of the same or different operating systems. The HPOMagent requires a license and must be installed on the NNMi management server computer. For the most recent information about supported hardware platforms and operating systems, see the support matrixes for both products at HP Software Support Online. To enable the agent implementation 1. On the NNMi management server, use nnmopcexport.ovpl to generate an SNMP Interceptor policy file and transfer it to the HPOMmanagement server. See the HP NNMi Software Deployment Guide for details. 2. On the HPOMmanagement server, configure HPOMto receive messages fromNNMi: a. Add a node for the NNMi management server and install an HTTPS agent on the node. b. Import the SNMP Interceptor policy file into HPOM: "%OvBinDir%\ImportPolicies" /f <SNMP Interceptor policy file> [/g <policy group>] c. Deploy the NNMi SNMP Interceptor policy to the agent on the NNMi server node. d. On the HPOMmanagement server, configure an external node for the devices or systems that send SNMP traps to NNMi. Set up one external node to catch all messages sent fromthe NNMi servers, eliminating the need to configure each device or systemin HPOMfor Windows as a separate managed node. For initial testing, set the node filter to <*>.<*>.<*>.<*> (for an IP filter) HP Operations Manager (9.00) Page 1251 of 1297 Online Help Adapters and Integrations or <*> (for a name filter). After you validate the integration, restrict the external node filter to match your network. 3. On the NNMi management server, configure the HPOMagent with a customport for receiving SNMP traps fromNNMi. See the HP NNMi Software Deployment Guide for details. 4. On the NNMi management server, configure NNMi incident forwarding to HPOM. See the HP NNMi Software Deployment Guide for details. 5. Optional. On the HPOMmanagement server, add custommessage attributes for NNMi incidents to the active messages browser. a. In the browser, right-click any column heading, and then click Options. b. In the Enter Custom Message Attributes list, select an attribute, and then click Add. The custommessage attributes for NNMi incidents begin with the text nnm. c. Optional. Change the order in which the custommessage attributes appear in the messages browser, for example by dragging a column heading to the new location. 6. Optional. On the HPOMmanagement server, configure the NNMi server name and port number. This configuration information is needed to launch NNMi web views and forms with the URL tools configured in the HP NNMi Web Tools group. 7. Optional. On the HPOMmanagement server, enable the By Node tools group under HP NNMi Web Tools by associating selected nodes or node groups in HPOMfor Windows that are managed by NNMi and that are set up in HPOMfor Windows to receive messages forwarded fromNNMi. Related Topics: l Configuring nodes l Import OVOfor UNIX templates l Configure SNMP conditions l Deploy a policy or policy group l Change the message browser column display l Configure the NNMi server name and port l Enable tools in the By Node tool group Web service implementation of the NNMi Adapter The web service implementation of the HP NNMi Adapter automatically forwards NNMi incidents to the HPOMactive messages browser and synchronizes incidents between HP Network Node Manager i Software (NNMi) and HP Operations Manager for Windows (HPOM). You can configure filters in NNMi that enable incidents to be forwarded to HPOMonly when they meet certain criteria. The web service implementation of the HP NNMi-HPOMintegration is available as of NNMi version 8.03. The HPOMagent implementation is the preferred solution for integrating HPOMwith NNMi. Note: If the HPOMagent and the web service implementations of the HP NNMi-HPOMintegration both forward messages to the same HPOMmanagement server, you might not see all messages HP Operations Manager (9.00) Page 1252 of 1297 Online Help Adapters and Integrations fromboth implementations in the HPOMactive messages browser. For this reason, HP does not support running both implementations of the HP NNMi-HPOMintegration to the same HPOM management server concurrently. The HPOMweb service implementation supports a "many-to-many" arrangement. Each NNMi management server can forward incidents to multiple HPOMmanagement servers. Likewise, each HPOMmanagement server can receive incidents frommultiple NNMi management servers. The integration interprets the unique identifier of an incident to determine the source NNMi management server. The web service implementation of the HP NNMi Adapter uses an HP NNMi-HPOMintegration module, which is installed and configured on the NNMi management server. HP Operations Manager Incident Web Service comes with HPOM, and is installed automatically with the HPOM installation. HPOMIncident Web Service integrates NNMi with HPOM, and provides the means by which incidents forwarded fromNNMi are received by HPOM. A number of tools, in the HP NNMi Web Tools group, are integrated into HPOMfor Windows. You can access NNMi web tools fromnodes in the HPOMconsole, and fromthe active and acknowledged message browsers. Related Topics: l Agent implementation of the NNMi Adapter l Enable the web service implementation l Synchronization of Incident Updates l NNMi web tools Enable the web service implementation The HP NNMi Adapter is installed automatically with HP Operations Manager for Windows, along with HP Operations Manager Incident Web Service. The installation process also automatically configures Microsoft Internet Information Server (IIS) and creates an IIS certificate. This certificate ensures secure access to the HPOMIncident Web Service, and is valid for 20 years. The HPOMmanagement server installation automatically configures IIS to meet the needs of all integrated web applications. Further configuration is not necessary. For more information about IIS requirements, see the Installation and Migration Guide, which is available on the installation media in the folder \Documentation\HPOM Guides\en. For information about user authentication and security in general, see the NNMi Deployment Reference and Security for Web Service Clients in the HPOMWeb Services online help. To enable the web service implementation 1. On the NNMi management server, follow the configuration steps appropriate for your version of NNMi: n HP NNMi 8.10 and higher configuration steps i. Configure NNMi incident forwarding to HPOM. ii. Customize the integration. See the NNMi Deployment Guide for details. HP Operations Manager (9.00) Page 1253 of 1297 Online Help Adapters and Integrations n HP NNMi 9.00 and higher configuration steps i. Configure NNMi incident forwarding to HPOM. ii. Customize the integration. See the NNMi Deployment Reference for details. 2. On the HPOMmanagement server, configure the NNMi server nodes. You need to configure the NNMi nodes in HPOMfor Windows. This identifies the nodes from which incidents originate (emitting nodes), and allows HPOMfor Windows to receive incidents, forwarded by NNMi, fromthese emitting nodes. Note: If you do not set up the emitting nodes of forwarded incidents in the HPOMdatabase, then all incidents forwarded fromthe NNMi server will be discarded by the HPOMmanagement server. You can configure the NNMi nodes in two ways: n As managed nodes. Add a managed node for each NNMi node that will be named as a source node in the NNMi incidents that are forwarded to this HPOMmanagement server. Also add a managed node for each NNMi management server that will forward incidents to this HPOMmanagement server. Note: For the HP NNM7.x integration, it was a requirement to deploy an agent fromthe HPOMmanagement server to the NNMmanagement server. For the web service implementation of the HP NNMi-HPOMintegration, it is no longer essential to do so. n As an external node. One external node can be set up to catch all forwarded NNMi incidents, eliminating the need to configure each systemin HPOMfor Windows as a separate managed node. For initial testing, set the node filter to <*>.<*>.<*>.<*> (for an IP filter) or <*> (for a name filter). After you validate the integration, restrict the external node filter to match your network. 3. Optional. On the HPOMmanagement server, add custommessage attributes for NNMi incidents to the active messages browser. a. In the browser, right-click any column heading, and then click Options. b. In the Enter Custom Message Attributes list, select an attribute, and then click Add. The custommessage attributes for NNMi incidents begin with the text nnm. c. Optional. Change the order in which the custommessage attributes appear in the messages browser, for example by dragging a column heading to the new location. 4. Optional. On the HPOMmanagement server, configure the NNMi server name and port number. This configuration information is needed to launch NNMi web views and forms with the URL tools configured in the HP NNMi Web Tools group. 5. Optional. On the HPOMmanagement server, enable the By Node tools group under HP NNMi Web Tools by associating selected nodes or node groups in HPOMfor Windows that are managed by NNMi and that are set up in HPOMfor Windows to receive messages forwarded fromNNMi. Related Topics: HP Operations Manager (9.00) Page 1254 of 1297 Online Help Adapters and Integrations l Configuring nodes l Change message browser column display l Configure the NNMi server name and port l Enable tools in the By Node tool group Synchronization of incident updates When configured to do so, NNMi forwards incidents to one or more HPOMmanagement servers. NNMi will acknowledge an incident to one or more HPOMinstallations if that incident's lifecycle state changes to closed. NNMi will unacknowledge an incident to one or more HPOMinstallations if that incident's lifecycle state changes fromclosed. Updates to these forwarded incidents are sent fromthe HPOMmanagement server back to the NNMi management server to synchronize the lifecycle state of the incident. Incident lifecycle state changes are synchronized fromNNMi to HPOMand back to NNMi as follows: Trigger Result In HPOM, the message is acknowledged. In NNMi, the corresponding incident's lifecycle state is set to Closed. In HPOM, the message is unacknowledged. In NNMi, the corresponding incident's lifecycle state is set to Registered. In NNMi, incident's lifecycle state is set to Closed. In HPOM, the corresponding message is acknowledged. In NNMi, the incident's lifecycle state is changed fromClosed to any other state. In HPOM, the corresponding message is unacknowledged. Related Topics: l Enable the web service implementation NNMi web tools There are a number of tools, in the HP NNMi Web Tools group, that are integrated into HPOMfor Windows. These tools are divided into three tool groups. HP NNMi web tools require a web browser supported by NNMi to be installed on HPOMconsoles. Check the NNMi documentation for supported web browser versions. Tool Group Description General Tools in the General group require that the NNMi server name and port number are correctly configured in the HP NNMi adapter namespace of the Server Configuration dialog. To start a tool in this group, double-click it. By Incident You must start tools in the By Incident group in the context of a forwarded NNMi HP Operations Manager (9.00) Page 1255 of 1297 Online Help Adapters and Integrations incident. All the information required (incident identity, source NNMi server name, and port number) is contained in the custommessage attributes in the message forwarded to the HPOMfor Windows message browser. By Node Tools in the By Node group require that the NNMi server name and port number are correctly configured in the HP NNMi adapter namespace of the Server Configuration dialog. You must start tools in this group in the context of a node, and the node must first be associated with the By Node group in the HP NNMi Web Tools tool group to enable the tools. Related Topics: l NNMi Web Tools: General l NNMi Web Tools: By Incident l NNMi Web Tools: By Node l Change server configuration values l Enable the agent implementation l Enable the web service implementation l Configure the NNMi server name and port l Enable tools in the By Node tool group NNMi Web Tools: General The available HP NNMi Web Tools in the General group are listed below. See the HP Network Node Manager Online Help for more details about these tools. Tools in the General group require that the NNMi server name and port number are configured correctly in the HP NNMi adapter namespace of the Server Configuration dialog. HP NNMi Web Tool Action Performed Show my incidents Launches the My Open Incidents view in a web browser. Show NNMi console Launches the NNMi console in a web browser. Show NNMi server status Launches a report of the current status of all NNMi server processes and services in a web browser. Show open root cause incidents Launches the Open Root Cause Incidents view in a web browser. Show sign in audit log Displays the current configuration for a node in a web browser (tracks log on and log out activity for each user account). HP Operations Manager (9.00) Page 1256 of 1297 Online Help Adapters and Integrations To launch tools in the General tool group 1. Make sure that the NNMi server name and port number are configured correctly in the HP NNMi adapter namespace of the Server Configuration dialog. 2. Double-click the tool you want to start. Related Topics: l Configure the NNMi server name and port l Enable the agent implementation l Enable the web service implementation NNMi Web Tools: By Incident The available HP NNMi Web Tools in the By Incident group are listed below. See the HP Network Node Manager Online Help for more details about these tools. You must start tools in the By Incident group in the context of a forwarded NNMi incident. A message forwarded by NNMi contains custommessage attributes about the identity of the incident, the NNMi server name, and the server port number. HP NNMi Web Tool Action Performed Layer 2 Neighbors to related NNMi node Launches a Troubleshooting View in web browser, showing the Layer 2 Neighbors of the node fromwhich the corresponding NNMi incident originated. Layer 3 Neighbors to related NNMi node Launches a Troubleshooting View in web browser, showing the Layer 3 Neighbors of the node fromwhich the corresponding NNMi incident originated. Show related NNMi incident Launches an NNMi Incident Form, corresponding to a selected message, in a web browser. Show related NNMi node Launches a Node Formin a web browser, showing the NNMi setup information for the node fromwhich the corresponding NNMi incident originated. To launch tools in the By Incident tool group 1. Right-click a message, forwarded by NNMi, in the HPOMfor Windows message browser. 2. Select Launch Tool, then select Message. 3. In the Select the Tool to Execute dialog box, expand the HP NNMi Web Tools group, select the tool in the By Incident group that you want to run, and then click Launch. Related Topics: l Enable the agent implementation l Enable the web service implementation HP Operations Manager (9.00) Page 1257 of 1297 Online Help Adapters and Integrations l NNMi web tools NNMi Web Tools: By Node The available HP NNMi Web Tools in the By Node group are listed below. See the HP Network Node Manager Online Help for more details about these tools. Tools in the By Node group require that the NNMi server name and port number are configured correctly in the HP NNMi adapter namespace of the Server Configuration dialog. You must start tools in the By Node group in the context of a node, and the node must first be associated with the By Node group in the HP NNMi Web Tools tool group to enable the tools. HP NNMi Web Tool Action Performed Ping node Launches the ping command and shows the real-time results of the ping fromthe NNMi server to a selected node in a web browser. Show Layer 2 Neighbors Launches a Troubleshooting View in a web browser, showing the Layer 2 Neighbors of a selected node. Show Layer 3 Neighbors Launches a Troubleshooting View in a web browser, showing the Layer 3 Neighbors of a selected node. Show node communication configuration Launches the real-time results of the ICMP and SNMP configuration report in a web browser, showing the communication configuration of a selected node. Show node configuration poll Launches the configuration poll of a selected node, showing the real-time results of a node s configuration in a web browser. Show node information Launches a Node Formin a web browser, giving details about the selected node for troubleshooting purposes. Show node status poll Launches the real-time check and results of a selected node's status in a web browser. Traceroute to node Launches the real-time results of a Trace Route fromthe NNMi server to a selected node in a web browser. To launch tools in the By Node tool group 1. Make sure that the NNMi server name and port number are configured correctly in the HP NNMi adapter namespace of the Server Configuration dialog. 2. Make sure that the selected node is associated with the By Node tool group. 3. Right-click the node, select All Tasks, and then select Launch Tool. The Select the Tool to Execute dialog box opens. 4. In the Select the Tool to Execute dialog box, expand the HP NNMi Web Tools group, and double-click the tool in the By Node group that you want to run. Related Topics: HP Operations Manager (9.00) Page 1258 of 1297 Online Help Adapters and Integrations l Configure the NNMi server name and port l Enable tools in the By Node tool group l Enable the agent implementation l Enable the web service implementation l NNMi web tools Configure the NNMi server name and port You need to specify the NNMi server name and port number in HPOMfor Windows. This configuration information is needed to launch NNMi web views and forms with the URL tools configured in the General and By Node tool groups. You do this by changing the server configuration settings. To configure the NNMi server name and port 1. In the console tree, right-click Operations Manager, and then click Configure Server.... The Server Configuration dialog box opens. 2. Click Namespaces, and then click HP NNMi adapter. A list of values appears. 3. In NNMi server hostname, type the hostname of the NNMi server. 4. In NNMi server port, type the port number of the NNMi server. 5. Click Apply. Related Topics: l Change server configuration values l NNMi Web Tools: General l NNMi Web Tools: By Node Enable tools in the By Node tool group You must start HP NNMi Web Tools in the tool group By Node in the context of a node. Before you can use these tools in the context of a node, you need to associate the node with the By Node tool group. This association should be done for all nodes that are managed by NNMi and that have been configured in HPOMfor Windows to receive incidents forwarded by NNMi. Tip: You can also associate a group of nodes with the tools in the By Node tool group (for example, by grouping all NNMi nodes in a single node group in HPOMfor Windows). In this way, all nodes in this node group are associated with the tool group. To enable tools in the By Node tool group 1. Fromthe list of managed nodes in the Configure Managed Nodes dialog box, select the node or node group you want to configure. 2. Right-click to open the shortcut menu. 3. Select Properties to open the Node Properties dialog box. HP Operations Manager (9.00) Page 1259 of 1297 Online Help Adapters and Integrations 4. Select the Tools tab. Expand the HP NNMi Web Tools group and select the By Node check box. 5. Click OK to save your changes and close this dialog box. Related Topics: l Configure tools for managed nodes l NNMi Web Tools: By Node HP BAC Adapter You can collect performance and availability data froman existing HPOMmanagement server and view the data in HP Business Availability Center applications. The purpose of the HP BAC Adapter is to connect to the HPOMmessage infrastructure, to receive events fromHPOM, and to forward these events to the HP SiteScope system. Related Topics: l Installing the HP BAC Adapter l Configuring the HP BAC Adapter l Tuning the HP BAC Adapter l Starting and stopping the HP BAC Adapter l Uninstalling the HP BAC Adapter Installing the HP BAC Adapter The HP Business Availability Center Adapter (HP BAC Adapter) is installed using an installation wizard that guides you through the procedure and prompts for information you must specify. Install the HP BAC Adapter only after the HPOMinstallation is complete. Read the instructions before you begin so that you are familiar with the information you must supply during installation. Note: If HPOMis installed in a cluster environment, you must Install the HP BAC Adapter on each cluster node separately. To install the HP BAC Adapter 1. To start the installation process, select: Start All Programs HP HP Operations Manager BAC Adapter The Welcome page opens. 2. Click Next to go to the License Agreement page. 3. Read the license agreement statement and click I accept the terms in the license agreement. Then click Next to continue. 4. In the Destination Folder page, click Next. HP Operations Manager (9.00) Page 1260 of 1297 Online Help Adapters and Integrations 5. In the Ready to Install the Program page, click Install to begin the installation. 6. When the Installer Completed page opens, click Finish to close the wizard. Related Topics: l Configuring the HP BAC Adapter l Tuning the HP BAC Adapter l Starting and stopping the HP BAC Adapter l Uninstalling the HP BAC Adapter Configuring the HP BAC Adapter Once installed, the HP Business Availability Center Adapter (HP BAC Adapter) must be configured on the HPOMmanagement server before it can be used. Note: If the HP BAC Adapter is installed in a cluster environment, you must configure the HP BAC Adapter on each cluster node separately. All configuration settings on all cluster nodes must be identical. To configure the HP BAC Adapter 1. Configure the hostname or IP address of the HP SiteScope systemon which the HPOMEvent Monitor is installed: ovconfchg -ns opc.bac -set TargetHost <hostname> 2. Configure the port if you are using a port other than the default (9000): ovconfchg -ns opc.bac -set TargetHost <hostname> -set TargetPort <port> Note: If you change this setting, make sure to update the HPOMEvent Monitor. 3. Configure the HPOMEvent Monitor on the HP SiteScope systemas described in the HP BAC documentation. Related Topics: l Installing the HP BAC Adapter l Tuning the HP BAC Adapter l Starting and stopping the HP BAC Adapter l Uninstalling the HP BAC Adapter Tuning the HP BAC Adapter You can tune the HP Business Availability Center Adapter (HP BAC Adapter) by running utilities fromthe command line on the HPOMmanagement server. To check the current settings To check the current settings, type: ovconfget opc.bac HP Operations Manager (9.00) Page 1261 of 1297 Online Help Adapters and Integrations To change a parameter To change a parameter, type: ovconfchg -ns opc.bac -set <variable name> <value> Values for <variable name> and <value> are listed in the following table: Variable Name Default Value Description TargetHost <empty> Host name of the HP SiteScope receiver. No connection is attempted if this is empty. TargetPort 9000 Port number of the HP SiteScope receiver. No connection is attempted if this is 0. CacheMax 1000 Maximumnumber of messages stored in cache memory to avoid database lookups. CacheKeep 500 If cache size reaches CacheMax, only the most-recently-used messages in CacheKeep are kept in the cache. All others are removed fromthe cache. Connection Timeout 300 If no new messages or message changes are transmitted to the HP SiteScope receiver, the connection is closed after this number of seconds. MinWaitTime 15 If the connecting to the HP SiteScope receiver failed, the HPOM BAC Adapter waits this many seconds the first time after connection failure before retrying to connect. The wait time is doubled after each retry, up to MaxWaitTime. MaxWaitTime 120 Maximumnumber of seconds to wait after connection failures before retry. When doubling the wait time after connection failures exceeds MaxWaitTime, the wait time is no longer doubled and MaxWaitTime is used instead. MaxQueueLen 1000 If the connection to the HP SiteScope receiver has been lost and new messages or message changes come in, these messages and message changes are buffered in a memory queue. If the number of entries in that queue reaches MaxQueueLen, the oldest entries are removed fromthe queue. NodeKeepTime 900 The HPOMBAC Adapter looks up IP addresses fromhostnames. In addition, HPOMfor Windows hostnames also need to be looked up fromthe HPOMdatabase. These IP addresses and hostnames are stored in a memory cache. Since hostnames and IP addresses of systems can be changed, entries in that cache are invalidated (and afterwards looked up again) after NodeKeepTime seconds. Related Topics: HP Operations Manager (9.00) Page 1262 of 1297 Online Help Adapters and Integrations l Installing the HP BAC Adapter l Configuring the HP BAC Adapter l Starting and stopping the HP BAC Adapter l Uninstalling the HP BAC Adapter Starting and stopping the HP BAC Adapter The HP Business Availability Center Adapter (HP BAC Adapter) service is automatically started after it is installed. If the HP BAC Adapter disconnects fromHP SiteScope during operation, it tries to reconnect to the HP SiteScope at regular intervals. In the meantime, events are stored within the HP BAC Adapter. If the HP BAC Adapter terminates fromHP SiteScope during operation, the events not yet sent to HP SiteScope are lost. Note: Since the HP BAC Adapter is linked with HPOMAPI libraries, it might be necessary to stop the HP BAC Adapter before installing HPOMpatches, and start it after the patch installation. To start or stop the HP BAC Adapter The HP BAC Adapter runs as a Windows service. 1. On the HPOMmanagement server, click Start Settings Control Panel Administrative Tools Services. 2. Right-click the service HP OpenView Operations Message Forwarder to BAC and select Start or Stop To viewHP BAC Adapter log messages The HP BAC Adapter writes log messages into the log file %OvDataDir%\log\System.txt. Log file entries use the process name opc2bac for messages logged by the HP BAC Adapter. Related Topics: l Installing the HP BAC Adapter l Configuring the HP BAC Adapter l Tuning the HP BAC Adapter l Uninstalling the HP BAC Adapter Uninstalling the HP BAC Adapter If you must remove the HP Business Availability Center Adapter (HP BAC Adapter) files fromthe HPOMmanagement server, performthe following procedure. Note: If the HP BAC Adapter is installed in a cluster environment, you must remove the HP BAC Adapter fromeach cluster node separately. HP Operations Manager (9.00) Page 1263 of 1297 Online Help Adapters and Integrations To remove the HP BAC Adapter 1. On the HPOMmanagement server, open Windows Control Panel. 2. Double-click Add or Remove Programs or Programs and Features. 3. Remove the HP OpenView Operations, BAC Integration program. Related Topics: l Installing the HP BAC Adapter l Configuring the HP BAC Adapter l Tuning the HP BAC Adapter l Starting and stopping the HP BAC Adapter HP SiteScope Adapter Note: The information in this section of the online help is for HPSiteScope Adapter version 2.00 and earlier. HP SiteScope Adapter 2.00 supports HP SiteScope version 10.x and earlier. For information about integrating HP SiteScope 11.00 and later, see the section Sending Events in Using SystemAvailability Management in the HP Business Service Management Documentation Library. HP SiteScope Adapter integrates HP SiteScope servers, monitors, and monitor groups with HP Operations Manager (HPOM). The HP SiteScope Adapter recognizes HP SiteScope monitors and monitor groups in the monitoring environment by utilizing the service discovery technology native to HPOM. These monitors and monitor groups are made available to the HPOMconsole for presentation in service map form. HP SiteScope collects data frommonitoring targets (for example, servers, application software) using agentless data collection. Using the collected data, HP SiteScope can send alerts to HPOMby means of the HP SiteScope Adapter. HP SiteScope Adapter components are intended to run on the HP SiteScope server set up as an HPOMmanaged node. This includes the adapter setup application, the HP SiteScope alert forwarder script, and the HP SiteScope alert text template. After installing the HP SiteScope Adapter on the HPOMmanagement server, HP SiteScope Adapter tools and policies are available fromthe HPOMconsole. The HP SiteScope Adapter provides a variety of tools in two major tool groups: l SiteScope Integration tools for execution on the selected managed nodes, for example, for configuring the HP SiteScope alert forwarding application, launching the HP SiteScope user interface fromthe HPOMconsole, and starting or stopping the HP SiteScope service. l Monitor Group tools for running on services in HPOMthat have been created for HP SiteScope monitors or monitor groups. The HP SiteScope Adapter provides a variety of policies contained in three policy groups: l SiteScope Monitor Alert policies for the HP SiteScope alert forwarding application, that transformHP SiteScope alerts to HPOMmessages. l SiteScope Monitor Config Discovery policies to assign and deploy policies to HP SiteScope HP Operations Manager (9.00) Page 1264 of 1297 Online Help Adapters and Integrations servers running as HPOMmanaged nodes for which service discovery should be executed. l SiteScope Server Health policies for monitoring essential HP SiteScope processes. Following installation of the HP SiteScope Adapter, you need to deploy the necessary policies to the managed nodes. When you have deployed the HP SiteScope Adapter to the HP SiteScope server system, you can implement HP SiteScope alerts for monitors or monitor groups, to forward the alerts to HPOMusing the HP SiteScope Adapter. The following diagramprovides a simplified illustration of how the HP SiteScope Adapter fits into a typical monitoring environment. Related Topics: l Service Discovery l Tools HP Operations Manager (9.00) Page 1265 of 1297 Online Help Adapters and Integrations l SiteScope Integration Policies l Implementing HP SiteScope Adapter Alerts Service Discovery The HP SiteScope Adapter takes advantage of the embedded service discovery and modeling technology native to HPOM. This allows for automatic and dynamic mapping of service models - including the ongoing maintenance and updating of the service map and its dependencies. The service discovery component of the HP SiteScope Adapter runs hourly on each HP SiteScope server managed node to which it has been deployed. HP SiteScope monitor groups, and monitors within each monitor group, are recognized by the discovery process and made available to the HPOMconsole for presentation in service map form. The following HPOMexample shows the service map representation of an HP SiteScope server with several monitors and monitor groups. Related Topics: l Troubleshooting the HP SiteScope Adapter Tools The HP SiteScope Adapter provides the following tools for execution fromthe HPOMconsole. SiteScope Integration tool group The following tools are available fromthe SiteScope Integration tools group. You can run the tools in the SiteScope Integration group directly for a selected node. HP Operations Manager (9.00) Page 1266 of 1297 Online Help Adapters and Integrations l Configure SiS2OM Adapter: Launches a script delivered by HP SiteScope Adapter on the managed node that copies relevant HP SiteScope Adapter components to SiteScope-specific directories. The script also prepares a configuration file used by the adapter during the process of forwarding alerts. Do not run the Configure SiS2OM Adapter tool until deployment of the HP SiteScope Adapter fromHPOMfor Windows has copied files to the managed node, as described in Creating the HP SiteScope Adapter Configuration. l Configure SiteScope Directory (Unix): The default directory location for installation of HP SiteScope on Solaris or Linux is /opt/SiteScope. However, it is possible to install HP SiteScope at a non-default location. When deploying the HP SiteScope Adapter to Solaris or Linux managed nodes on which HP SiteScope is installed in a non-default directory, you must be run this tool prior to running the Configure SiS2OM Adapter tool. l SiteScope Configuration: Launches the HP SiteScope interface on the systemthe HPOMfor Windows console is running on. It opens HP SiteScope with the default top level view. This tool is run by right-clicking on a service in HPOMfor Windows that has been created for an HP SiteScope server or monitor group. l Start SiteScope: Starts the HP SiteScope service on the selected nodes. l Stop SiteScope: Stops the HP SiteScope service on the selected nodes. l Unconfigure SiS2OM Adapter: Removes all SiteScope Adapter components fromSiteScope- specific directories that have previously been copied there during the configuration phase. Monitor Group Tools group The following tools are available fromthe Monitor Group Tools tool group. The tools in the Monitor Group Tools group must be run fromwithin the service map context. l View Group Dashboard: Run this tool by right-clicking on a service in HPOMthat has been created for an HP SiteScope monitor group. The tool starts the HP SiteScope user interface on the systemthe HPOMconsole is running on. It opens HP SiteScope at the corresponding HP SiteScope monitor group view. l View Monitor Dashboard: Run this tool by right-clicking on a service in HPOMthat has been created for an HP SiteScope monitor. (You cannot run this tool on a SiteScope monitor group.) The tool starts the HP SiteScope user interface in a web browser on the systemthe HPOM console is running on. It opens HP SiteScope at the corresponding HP SiteScope Monitor view. Related Topics: l HP SiteScope Adapter for HPOMfor Windows SiteScope Integration Policies The HP SiteScope Adapter ships with a set of predefined policies arranged in policy groups. There are policies available for the alert forwarding application, service discovery and monitoring of essential HP SiteScope services. This section describes the different policy sub-groups in the SiteScope Integration policy group, and their intended applications. For a list of default message attributes set by the HP SiteScope Adapter and the related SiteScope monitor alert forwarding policies, see Message Attributes. For a list of predefined policy condition variables that you can use for customizations, see Variables in HP SiteScope Adapter Monitor Alert Policy Conditions. HP Operations Manager (9.00) Page 1267 of 1297 Online Help Adapters and Integrations For details about how to implement meaningful alert forwarding, see Implementing HP SiteScope Adapter Alerts. SiteScope Monitor Alerts The HP SiteScope Adapter contains a variety of Open Message Interface policies that transform HP SiteScope alerts to qualified HPOMevents, necessary for HP SiteScope monitor alert forwarding. These Open Message Interface policies are contained in the SiteScope Monitor Alerts policy group, which contains the following policy sub-groups: l per monitor class l development + test l advanced mapping for OMi l adapter 1.x conform Note: Note that for all policies that generate events that are mapped to HPOMnode configuration items, these specific items must be available on the HPOMmanagement server to make the events visible. SiteScope Monitor Class Policy Group: per monitor class The per monitor class policy group contains predefined HPOMpolicies for each HP SiteScope monitor class. For every SiteScope monitor of a certain class to which alerts are to be forwarded, you can deploy the corresponding policy. This enables you to make very fine adjustments on event level with the benefit of policy manageability. Additionally, the policies map the out-going events to HPOMmanaged nodes that are the monitoring targets of the HP SiteScope monitors. All events originating fromthese policies have message keys to enable severity-based auto-acknowledgment of events coming froma single monitor, and duplicate counting in the HPOMmessage browser. Development and Testing Policy Group: development + test The development + test policy group consists of a single policy that is intended for development and test purposes. All incoming events fromall HP SiteScope monitors and monitor groups equipped with alert actions are forwarded with no modification. The events are mapped to the HPOMmanaged node representing the HP SiteScope server. No acknowledgment is performed. HP OMi-Specific Policy Group: advanced mapping for OMi The advanced mapping for OMi policy group consists of a single policy that is intended to be used only when: l HPOMis connected to HP Operations Manager i (HP OMi) l and HP SiteScope 10.00 is already integrated with HP Business Availability Center (BAC) 8.xx. In this case, the HP SiteScope Adapter can provide HP OMi with advanced information about the UCMDB configuration item(CI) being monitored by the SiteScope monitor. This information can be utilized by HP OMi to performproper event mapping. The policy forwards all alerts coming fromall HP SiteScope monitors and monitor groups that are equipped with alert actions. Events are mapped to the respective service element and automatically acknowledged by monitor source and HP Operations Manager (9.00) Page 1268 of 1297 Online Help Adapters and Integrations severity level. The events are further mapped to the HPOMnode configuration element representing the HP SiteScope monitoring target. Backward-Compatible Policy Group: adapter 1.x conform The HP SiteScope Adapter incorporates a special policy that enables backward compatibility with the previous version of HP SiteScope Adapter. The adapter 1.x conformpolicy sub-group consists of a single policy responsible for forwarding alerts fromthe HP SiteScope Adapter in a similar way to the previous adapter version. The policy conditions only distinguish between normal and non- normal incoming events fromall SiteScope alerts forwarded by the adapter. All events fromHP SiteScope monitors and monitor groups that are equipped with alert actions are forwarded to the HPOMmanagement server, and matched to the HPOMnode representing the HP SiteScope server. The events are equipped with message keys and are mapped to the respective service element and auto-acknowledged by source and severity level on a per-monitor basis. The event text consists only of the SiteScope monitor run result. SiteScope Monitor Config Discovery The SiteScope Monitor Config Discovery policy group contains the Discover SiteScope policy sub- group. Use this policy to assign policies to nodes or node groups running an HP SiteScope server for which discovery should be executed. After assigning the policies, you add the node or node group to the list of distribution targets, and then deploy the policies. SiteScope Server Health The SiteScope Server Health policy group contains two distinct HPOMService/Process Monitoring policies for monitoring critical HP SiteScope server processes: l SiteScope Server UNIX: for deployment on HP SiteScope servers with a UNIX operating system, to monitor how the SiteScope Server Engine is running. l SiteScope Server Windows: for deployment on HP SiteScope Servers with a Windows operating system, to check that the SiteScope Tomcat WebServer process is running. If the SiteScope Engine or Tomcat WebServer process stops, an HPOMevent is generated and sent to the active message browser. You can run the included action to restart the HP SiteScope server processes. Alternatively, you can do this manually. As soon as the policies determine that the processes are running again, another HPOMevent is sent to the HPOMacknowledged message browser, and any previous events fromthese policies are automatically acknowledged in the active message browser. Related Topics: l Implementing HP SiteScope Adapter alerts Installing the HP SiteScope Adapter Full implementation of the HP SiteScope Adapter requires the following steps: 1. Install the HP SiteScope Adapter on the HPOMmanagement server. To install the HP SiteScope Adapter in a clustered HPOMenvironment, special installation steps are necessary. For more information, see Installing the HP SiteScope Adapter in a Cluster Environment. HP Operations Manager (9.00) Page 1269 of 1297 Online Help Adapters and Integrations 2. Deploy the HP SiteScope Adapter to managed nodes. 3. Configure HP SiteScope to use the script alerts. The HP SiteScope Adapter is installed using an installation wizard that guides you through the procedure and prompts for information you must specify. Install the HP SiteScope Adapter only after the HPOMinstallation is complete. Read the instructions before you begin so that you are familiar with the information you must supply during installation. To install the HP SiteScope Adapter 1. To start the installation process, select: Start All Programs HP HP Operations Manager SiteScope Adapter The Welcome page opens. 2. Click Next to go to the License Agreement page. 3. Read the license agreement statement and click I accept the terms in the license agreement. Then click Next to continue. 4. In the Destination Folder page, click Next. 5. In the Ready to Install the Program page, click Install to begin the installation. 6. When the Installer Completed page opens, click Finish to close the wizard. Following successful installation of the HP SiteScope Adapter on the HPOMmanagement server system, you will see a SiteScope Integration policy group in the Policy groups folder, and also a SiteScope Integration tools group in the Tools folder. To determine the HP SiteScope version After installation, it may be necessary to determine the version of HP SiteScope Adapter installed on the HPOMserver for support, patch installation, or other reasons. 1. Log on to the HPOMfor Windows server system, using an account with Administrator permissions. 2. Run the Control Panel. 3. Select Add or Remove Programs. 4. Select HPOM SiteScope Adapter. 5. Select Click here for support information. Related Topics: l Deploying the HP SiteScope Adapter l Implementing HP SiteScope Adapter alerts l Installing the HP SiteScope Adapter in a cluster environment l Uninstalling the HP SiteScope Adapter HP Operations Manager (9.00) Page 1270 of 1297 Online Help Adapters and Integrations Installing the HP SiteScope Adapter in a Cluster Environment To install the HP SiteScope Adapter in a cluster environment, complete the following steps. To install the HP SiteScope Adapter in a cluster environment 1. Select a cluster node and designate this systemas the first cluster node to be installed. This node must be the owner of the HPOMcluster resource group. Use the Microsoft Cluster Administrator to move the group if necessary. When removing the HP SiteScope Adapter from a cluster environment, it is important that the software is removed fromthe first installed node last. 2. Install the HP SiteScope Adapter on the first cluster node as described in Installing the HP SiteScope Adapter. 3. Move the HPOMresource group to the next cluster node. Use the Microsoft Cluster Administrator to switch the group. 4. On the now active cluster node, install the HP SiteScope Adapter software as described in Installing the HP SiteScope Adapter. 5. Repeat steps 2 to 4 on all subsequent cluster nodes. Related Topics: l Installing the HP SiteScope Adapter l Deploying the HP SiteScope Adapter l Implementing HP SiteScope Adapter Alerts l Uninstalling the HP SiteScope Adapter Uninstalling the HP SiteScope Adapter To remove the HP SiteScope Adapter files fromthe HPOMmanagement server, performthe following procedures. To remove the HP SiteScope Adapter on the management server 1. Uninstall the HP SiteScope Adapter policies from the managed nodes. In the console tree, right-click the policy group SiteScope and select All Tasks Uninstall from. 2. Set the HP SiteScope alert actions not to call the HP SiteScope Adapter alert forwarding application. 3. Remove HP SiteScope Adapter alert forwarding components from HP SiteScope- specific directories on the managed nodes. For this task, run the HPOMtool Unconfigure SiS2OMAdapter. 4. Uninstall the HP SiteScope Adapter on the management server. HP Operations Manager (9.00) Page 1271 of 1297 Online Help Adapters and Integrations a. Log on to the HPOMserver system, using an account with Administrator permissions. b. Open the Windows Control Panel. c. Double-click Add or Remove Programs or Programs and Features. d. Right-click HPOM SiteScope Adapter. e. Select Remove or Uninstall. This removes all HP SiteScope Adapter installation components fromthe HPOMfor Windows management server. 5. Delete the HP SiteScope Adapter tools and policies. After the uninstallation, delete the HP SiteScope Adapter tools and policy groups manually in the HPOMconsole. To remove the HP SiteScope Adapter from the HP SiteScope servers 1. Detach the HP SiteScope monitors. After HP SiteScope Adapter has been removed fromthe HPOMserver system, it is recommended that HP SiteScope monitors on managed nodes be detached fromthe SendOVOscript alerts. This will prevent undefined messages frombeing sent to the message browser on the HPOMserver system. 2. Delete the script alerts. To completely remove the HP SiteScope Adapter fromthe managed nodes, delete the script alerts fromthe HP SiteScope scripts directory on the HP SiteScope servers. To remove the HP SiteScope Adapter in cluster environments Before being able to remove the HP SiteScope Adapter froma cluster node, the following prerequisites have to be met: l The HP SiteScope Adapter software on the cluster node installed first must be removed last. All other nodes can be handled in any order. l The node must be the owner of HPOMresource group when removing the HP SiteScope Adapter. Use the Microsoft Cluster Administrator to move the group if necessary. Related Topics: l Installing the HP SiteScope Adapter l Installing the HP SiteScope Adapter in a Cluster Environment l Tools l SiteScope Integration Policies and Message Attributes Upgrading the HP SiteScope Adapter If you are upgrading froman earlier version of the HP SiteScope Adapter (lower than version 2.00), performan uninstallation as described in the appropriate product documentation. After the uninstallation, install HP SiteScope Adapter 2.00. HP Operations Manager (9.00) Page 1272 of 1297 Online Help Adapters and Integrations Binaries are replaced during installation. If you have not customized policies, no further action is required, regardless of whether you want to use the new features of HP SiteScope Adapter version 2.00, or continue to use the existing policies. If you have customized policies, consider the following when upgrading: l If you do not want to use the new features of HP SiteScope Adapter version 2.00, you can continue to use the existing policies. In this case, you must configure the new SiteScope Alert Action to run in a mode compatible with earlier versions of the adapter (see Backward Compatible Policy Group: adapter 1.x conform). l If you want to use the new features of HP SiteScope Adapter version 2.00, you need to apply the customizations to the new policies manually. Related Topics: l Deploying the HP SiteScope Adapter l Implementing HP SiteScope Adapter alerts l Installing the HP SiteScope Adapter in a Cluster Environment l Uninstalling the HP SiteScope Adapter Deploying the HP SiteScope Adapter Following installation of the SiteScope Adapter on the HPOMmanagement server, you must deploy the policies associated with HP SiteScope Adapter to HPOMmanaged nodes. The following prerequisites must be satisfied prior to deploying the HP SiteScope Adapter policies: l HP SiteScope servers must be available as HPOMmanaged nodes. l HPOMagents must be up and running on the HPOMmanaged nodes. The agent software version must be greater than or equal to versions listed in the support matrices listed at HP Software Support Online. Note: The HP SiteScope Adapter makes use of the Operations agent perl, which is installed on UNIX nodes in the following location: /opt/OV/nonOV/perl/a/bin/perl The user account the SiteScope server is executed in must have executable rights on the HPOMagent perl. l For Linux HPOMmanaged nodes only, a valid shell must be accessible for the agent user, as described in the following note: Note: Linux HPOMmanaged nodes only: a shell must be accessible through /usr/bin/sh for the HPOMagent user. Create a symbolic link to a valid shell. To deploy the HP SiteScope Adapter to managed nodes, you must: 1. Deploy agent instrumentation. 2. Create the HP SiteScope Adapter configuration by running the Configure SiS2OMAdapter tool. 3. Deploy policies for matching SiteScope monitor classes. Related Topics: l Implementing HP SiteScope Adapter Alerts HP Operations Manager (9.00) Page 1273 of 1297 Online Help Adapters and Integrations Deploying Agent Instrumentation As the first step for deploying the HP SiteSCope Adapter to the managed nodes, you must deploy the HP SiteScope Adapter components to the HPOMmanaged nodes representing the HP SiteScope server. The HP SiteScope server configures an HPOMdeployment category which you select in the Deploy Instrumentation dialog. To deploy the SiteScope Adapter components to the HPOMmanaged nodes representing the HP SiteScope server, performthe following steps: 1. In the console tree pane of the HPOMconsole, right-click the HPOMmanaged node representing the HP SiteScope server to wish you wish to deploy the HP SiteSCope Adapter components. 2. Fromthe menu, select All Tasks Deploy instrumentation. The Deploy Instrumentation dialog box opens. 3. Fromthe list of Instrumentation Files in the Deploy Instrumentation dialog box, select SiteScope. 4. Select OK to close the Deploy Instrumentation dialog box, and to deploy the instrumentation. Related Topics: l Deploying the HP SiteScope Adapter l Creating the HP SiteScope Adapter Configuration l Deploying Policies to HP SiteScope Servers l Uninstalling the HP SiteScope Adapter Creating the HP SiteScope Adapter Configuration Follow the steps below to move the required files to the SiteScope directories and create an Adapter configuration. Note that in step 3 below there is some special handling for UNIX nodes if HP SiteScope is installed at a non-default directory location (the default is /opt/SiteScope). The steps below require that multiple selected UNIX nodes all have SiteScope installed at the same directory location. If multiple selected UNIX nodes have more than one SiteScope installation directory, the deployment will fail. In this situation, you need to execute the steps below multiple times, once for each unique UNIX SiteScope installation directory. To create the SiteScope Adapter configuration, performthe following steps: 1. In the console tree pane of the HPOMconsole, open Tools. 2. In the console tree pane of the HPOMconsole, select the SiteScope Integration folder to highlight it. 3. If you are deploying to a Solaris or LINUX managed node on which HP SiteScope is installed at a non-default directory location: a. Double-click Configure SiteScope Directory (Unix). The Select where to launch this tool window appears. b. In the Select where to launch this tool window, select the node that runs the HP SiteScope HP Operations Manager (9.00) Page 1274 of 1297 Online Help Adapters and Integrations server. c. Select Launch. The Edit Parameters window opens. d. In the Parameters field of the Edit Parameters window, assign a value for the directory path to which the alerts should be copied and select Launch. The Tool Status window opens. 4. In the SiteScope Integration tool group, locate the tool Configure SiS2OM Adapter and double-click it. 5. In the Select where to launch this tool window, select the HPOMnode on which you want to launch the tool. 6. Select Launch. The Tool Status window provides you with some information about the tool you just executed. 7. Select Close to close the Tool Status window. Related Topics: l Deploying the HP SiteScope Adapter l Deploying Agent Instrumentation l Deploying Policies to HP SiteScope Servers l SiteScope Alert Text Templates Deploying Policies to HP SiteScope Servers Follow the steps below to deploy the HP SiteScope Adapter policies to managed nodes running HP SiteScope fromthe HPOMconsole. Deploying Policies 1. In the console tree pane of the HPOMconsole, open Policy management Policy groups SiteScope Integration. 2. In the console tree pane, right-click SiteScope Monitor Config Discovery, then select All Tasks. 3. Deploy the discovery policy to the managed node(s) running HP SiteScope. Select Deploy on. The Deploy policies on window opens. Fromthe Deploy policies on window, select nodes running the HP SiteScope server. 4. Select OK. The discovery policy is deployed and the Deploy policies on window closes. The discovered SiteScope configuration should appear as an HPOMservice tree. 5. Deploy additional policies for intercepting HP SiteScope alerts, monitoring the Tomcat WebServer process for HP SiteScope, and monitoring the HP SiteScope Engine process. a. Under SiteScope Integration in the console tree pane, locate the policy group SiteScope SiteScope Server Health. b. Depending on the HP SiteScope server platform, choose either SiteScope Server UNIX or SiteScope Server Windows. Right-click your selection, select All Tasks Deploy On. The Deploy policies on window appears again. HP Operations Manager (9.00) Page 1275 of 1297 Online Help Adapters and Integrations c. Fromthe Deploy policies on window, select nodes running the HP SiteScope server and click OK. The additional policies are deployed and the Deploy policies on window closes. Deploying Policies per Monitor Class The per monitor classpolicy sub-group in the SiteScope Monitor Alerts policy group contains predefined HPOM policies for each HP SiteScope monitor class. 1. In the console tree pane of the HPOMconsole, open Policy management Policy groups SiteScope Integration SiteSCope Monitor Alerts. 2. Select the policy sub-group per monitor class. 3. For each HP SiteScope monitor that should forward alerts to HPOM, determine the corresponding monitor class and choose the appropriate HPOMpolicy to deploy. In the details pane, right-click the chosen HP SiteScope monitor, then select All Tasks Deploy on. The Deploy policies on window opens. View example screen 4. Fromthe Deploy policies on window, select the deployment nodes. 5. Select OK to close the Deploy policies on window, and to deploy the policy. View example screen HP Operations Manager (9.00) Page 1276 of 1297 Online Help Adapters and Integrations Events intercepted by these policies are mapped to HPOMnode configuration items and service elements. Automatic acknowledgement is performed by source and event severity on a per-monitor basis. The policies are also equipped with custommessage attributes (CMAs) that are used by HP OMi for CI resolution when HPOMis set up to work with HP OMi. Related Topics: l Deploying Agent Instrumentation l Creating the HP SiteScope Adapter Configuration Implementing HP SiteScope Adapter Alerts This section describes the concepts behind alert forwarding, and provides a brief example showing implementation of HP SiteScope Adapter alerts with script actions and how to forward themto HPOM. Refer to HP SiteScope product documentation for further information on HP SiteScope configuration. Note: This release of the HP SiteScope Adapter does not support use of the HP SiteScope International Version setting on Solaris and Linux managed nodes. This setting is controlled fromthe HP SiteScope user interface within General Preferences. An incorrect setting can result in garbled text within presentation of service data fromSolaris and Linux nodes. Alert Forwarding Concepts The HP SiteScope Adapter ships with a variety of HPOMpolicies for intercepting the alerts sent by the HP SiteScope Adapter alert forwarding application. The general alert forwarding workflow is described in this section. View workflow HP Operations Manager (9.00) Page 1277 of 1297 Online Help Adapters and Integrations The SiteScope Server has a configured set of SiteScope monitors. You can configure a SiteScope monitor alert for each monitor or group of monitors. The alert is triggered if certain threshold conditions are met. The SiteScope monitor alerts have certain alert actions associated. The status of a SiteScope monitor execution triggers such an action. If the monitor execution triggers an alert, a SiteScope alert text file is written. The format of the SiteScope alert text file is determined by a SiteScope alert text template which is shipped with the HP SiteScope Adapter instrumentation. In case of the HP SiteScope Adapter, each of the possible monitor statuses good, warning, error and unavailable are fetched in separate actions in one single alert. Each action is of type script. This means that if the alert action is triggered, a script is called by means of shell execution. The script invokes the SiS2OM Adapter Alert Forwarder. Due to the nature of the implementation, the adapter is called by a start-up wrapper script. The adapter gets its configuration fromthe start-up wrapper and, of course, fromHP SiteScope itself. The HP SiteScope Adapter reads the alert text file, and, based on information regarding monitoring target and relevant parameters, determines the HPOMevent message text to send. It also normalizes the message text to remove problematic characters and to achieve a uniformmessage text format. It uses the opcmsg binary interface to pass the event to the HPOMagent message interceptor. The HPOMagent applies policies on the incoming event. If the given conditions are met, the agent forwards the event to the HPOMmanagement server. HPOMpolicies play a central role in successful alert forwarding. A number of policies are available to match events on a per-monitor class basis. If you want to use these policies, you need to deploy themaccording to the monitor class of the SiteScope monitors. You can also copy conditions between monitors. The policies of the groups per monitor class and advanced mapping for OMi utilize a uniformformat message text. A common set of policy condition variables is available in case you need to make customizations. HP Operations Manager (9.00) Page 1278 of 1297 Online Help Adapters and Integrations SiteScope Alerts with Alert Actions Once you have deployed the HP SiteScope Adapter to the HP SiteScope server system, you can configure HP SiteScope alerts for monitors, or monitor groups, to forward the alerts to HPOMusing the HP SiteScope Adapter. In HP SiteScope, you typically configure one alert for each monitor or monitor group of interest. The alert itself will contain one or more script actions based on the monitor status which reflects the severity of the event being forwarded. The following screenshot shows such an alert configuration. View example configuration screen All actions trigger the HP SiteScope Adapter alert forwarding application in the same manner. During the adapter configuration, the necessary HP SiteScope Adapter files were placed in HP SiteScope-specific dierectories. Consequently, you can select the HP SiteScope Adapter alert forwarding application as a script in the Alert Action dialog box. View example Alert Action: Script dialog box HP Operations Manager (9.00) Page 1279 of 1297 Online Help Adapters and Integrations An important setting of the Alert Action dialog box is the Trigger Frequency. The trigger frequency setting in the above example triggers the action only when the monitor status changes. This prevents unnecessary event forwarding to HPOM, and reduces the processing load on the HP SiteScope server, the HPOMagent and the HPOMmanagement server. In the SiteScope Administration UI, you can copy the alert to other monitors and monitor groups. Creating an HP SiteScope Alert Using the HP SiteScope user interface, follow the steps below to create an HPOMforwarder alert for an individual HP SiteScope monitor or monitor group: 1. In the Monitors tree, select the monitor or monitor group for which the alert is to be created. 2. Right-click and select New Alert fromthe menu, or select the Alerts tab. View example dialog box HP Operations Manager (9.00) Page 1280 of 1297 Online Help Adapters and Integrations 3. In theNew Alert window, name the alert and create a new Alert Action by selecting New Alert Action. View example New Alert dialog box HP Operations Manager (9.00) Page 1281 of 1297 Online Help Adapters and Integrations 4. In the Action Type dialog box, select Script as the Action Type. View example Action Type dialog box HP Operations Manager (9.00) Page 1282 of 1297 Online Help Adapters and Integrations 5. In the Alert Action: Script dialog box, select sis2om_alert.bat (for HP SiteScope servers on Windows systems) or sis2om_alert.sh (for HP SiteScope servers on UNIX systems) fromthe Script menu. View example Alert Action: Script dialog box HP Operations Manager (9.00) Page 1283 of 1297 Online Help Adapters and Integrations 6. Choose the appropriate template fromthe Template menu. For short event texts, when only a limited set of information is to be forwarded to HPOM, select the OM-SiSAlert template. If more information about the monitor execution is required, select the OM-SiSAlert_full template. 7. Select an appropriate schedule for the alert fromthe Schedule menu. 8. In the Status Trigger settings, select an appropriate alert category condition: error, warning, or good (reset). 9. In the Trigger Frequency settings, select a trigger frequency appropriate for the alert. View example Alert Action: Script dialog box HP Operations Manager (9.00) Page 1284 of 1297 Online Help Adapters and Integrations 10. Select OK to save the new action. 11. Repeat the above steps as required to add alerts for error, warning, and good (reset) conditions. 12. Finally, select OK to save the alert. The alert can now be copied to different monitors or groups of monitors in the HP SiteScope user interface. Related Topics: l Deploying the HP SiteScope Adapter HP Operations Manager (9.00) Page 1285 of 1297 Online Help Adapters and Integrations HPOM Node Configuration Example Most HP SiteScope Adapter policies attempt to generate HPOMevents mapped to an HPOMnode configuration element. The HP SiteScope Adapter alert forwarder application determines a valid monitoring target fromthe HP SiteScope alert text. The HP SiteScope monitoring target is heavily dependent on the monitor class. For example, a URL monitor naturally has a URL as monitoring target, whereas a CPU monitor targets a host identified by a hostname. The different per-monitor class policies delivered with the adapter perform the actual transformation fromHP SiteScope monitoring target to HPOMnode target. View a screenshot example, showing the SiS URL Monitor policy condition The condition shown above extracts the URL fromthe incoming event and puts it into the variable which is used as the node parameter of the sent event. In this case, HPOMneeds to have an external HPOMnode set up with a node name pattern that exactly matches URL monitored. As an example, we are assuming the URL http://www.hp.comis monitored by HP SiteScope. The monitor run results are made available as HPOMevents using the HP SiteScope Adapter and the policy shown in the above example. View a screenshot example, showing the external node name pattern HP Operations Manager (9.00) Page 1286 of 1297 Online Help Adapters and Integrations Any further refinements of the mapping of the HP SiteScope monitoring target to the HPOMnode are performed by the policies that come with the HP SiteScope Adapter. For example, if only the hostname part of a URL is required to be used as the node name in HPOM, the URL Monitor policy condition would extract it out of the complete URL using the HPOMpolicy pattern matching mechanism. View a screenshot example, showing the policy condition that performs this task HP Operations Manager (9.00) Page 1287 of 1297 Online Help Adapters and Integrations Related Topics: l Deploying the HP SiteScope Adapter l Implementing HP SiteScope Adapter Alerts Troubleshooting the HP SiteScope Adapter This section contains troubleshooting tips focused on two areas: l HPOM service discovery Service discovery for HP SiteScope Adapter consists of regularly scheduled collection of the status of HP SiteScope monitors and monitor groups, and providing this information to the HPOMserver for presentation in service tree format. For details about how to verify that HP SiteScope is properly configured for service discovery, see Service Tree not Updated with HP SiteScope Monitor or Monitor Group Status. For information about log files, see Service Discovery Log Files. l HP SiteScope Alert Forwarding For tips about troubleshooting alert forwarding problems, see No Alerts are Forwarded to the HPOMManagement Server. Related Topics: l Service Tree not Updated with HP SiteScope Monitor or Monitor Group Status l Service Discovery Log Files l No Alerts are Forwarded to the HPOMManagement Server HP Operations Manager (9.00) Page 1288 of 1297 Online Help Adapters and Integrations Service Tree Not Updated with HP SiteScope Monitor or Monitor Group Status HP SiteScope Adapter service discovery runs once per hour. Therefore, it may take an hour for any changes to be reflected in the HPOMservice tree. SiteScope must be configured to provide configuration data for service discovery. Use the following steps to verify that SiteScope is properly configured for service discovery: To verify HP SiteScope configuration 1. In the HP SiteScope user interface, click Preferences. 2. Click General Preferences. 3. In General Preferences, verify that Enable Configuration Files is selected. 4. If Enable Configuration Files is not selected, click Edit, then select Enable Configuration Files. Select OK. Related Topics: l Service Discovery Log Files Service Discovery Log Files Data in logs is available to assist in troubleshooting service discovery problems, as shown below. Logs on the Management Server Review the file %OvShareDir%\logOvSVCDiscServer.log for error messages. Logs on Agents Review the following log files: l Windows Agents %OvAgentDataDir%\log\javaAgent.log %OvAgentDataDir%\log\OvSvcDiscAgt.log l Solaris or Linux Agents /var/opt/OV/log/javaAgent.log /var/opt/OV/log/OvSvcDiscAgt.log Manual Execution of Service Discovery HP SiteScope Adapter gathers monitor and monitor group information fromHP SiteScope with the tool sis_disc.pl. Please note that the application requires HPOMagent perl and must therefore be invoked using the provided startup script sis2om_perl.bat. This file has the same name on both Windows and UNIX managed nodes. On Windows nodes, sis_disc.pl is stored at the following location: %OvAgentDataDir%\bin\instrumentation\ HP Operations Manager (9.00) Page 1289 of 1297 Online Help Adapters and Integrations On UNIX nodes, sis_disc.pl is stored at the following location: /var/opt/OV/bin/instrumentation/ Logging fromthis tool can be done by running with the -d switch on the command line, as follows: sis2om_perl.bat sis_disc.pl -d A log file named sis_disc.log is created in the same directory as the sis_disc.pl file resides in. Review the log file for any error messages indicating errors encountered while reading the HP SiteScope configuration files. Related Topics: l Service Tree Not Updated with HP SiteScope Monitor or Monitor Group Status No Alerts are Forwarded to the HPOM Management Server If there are no alerts forwarded to the HPOMmanagement server, check the following: l Verify that the HP SiteScope Adapter components are correctly installed on the HP SiteScope server. l Verify that the the matching SiS2OMpolicies are present and enabled on the HPOMagent policy inventory. l Verify that the start-up wrapper script sis2om_alert.bat (on HP Sitecope servers on Windows systems) or sis2om_alert.sh (on HP SiteScope servers on UNIX systems), that was created during adapter configuration, exists in the default location SiteScope_ Installdir/scripts. l Verify that the trigger settings of the alert actions are set appropriately. During development, it is appropriate to execute the action each time the trigger condition is met. In production environments, it is usually preferable to only execute the action once the status of the monitor changes. l In the HP SiteScope user interface/Dashboard of the monitoring group, verify that the alert action has been performed successfully. l Verify that there is a suitable HPOMnode configuration itemthat the event can be mapped to. If the target set by the HP SiteScope Adapter alert forwarder application is unclear, the SiS2OM dev+test policy, located in the policy group development + test, forwards the events as they come fromthe forwarder, and include the target string. The policy uses this information to intercept the event, and to performcustomizations if necessary. l Verify that the incoming SiS2OMadapter events are processed by the correct policy. It is possible that other OpenMessage interface policies may intercept the incoming events. You may need to establish 'gatekeeper' conditions in existing policies (suppress on match condition). l Enable the debug mode of the HP SiteScope Adapter by setting the DEBUGconfiguration item in the start-up wrapper to ON. This produces debug-relevant traces in the log file. The default location of the log file is specified in the start-up wrapper script: SiteScope_ installdir\logs\SiS2OM.log, where SiteScope_installdir is the directory where the The debug output also includes the complete opcmsg command line. l Use the SiS2OMdev+test policy, located in the policy group development + test, for more detailed information about the incoming events. The policy condition matches any events coming fromthe SiteScope Adapter alert forwarder application. Related Topics: HP Operations Manager (9.00) Page 1290 of 1297 Online Help Adapters and Integrations l Alert Forwarding Concepts l Implementing HP SiteScope Adapter Alerts l HPOMNode Configuration Example Reference Information for the HP SiteScope Adapter This section contains reference information about the HP SiteScope Adapter: l Message Attributes l Variables in HP SiteScope Adapter Monitor Alert Policy Conditions l HP SiteScope Alert Text Templates Message Attributes The default message attributes set by the HP SiteScope Adapter and the related HP SiteScope Monitor alert forwarding policies are as follows: Message Attribute Value Description Message Group SiS Monitoring The Message Group attribute is statically set to 'SiS Monitoring' Application SiteScope The Message Application attribute is statically set to 'SiteScope' Object SiS_<SiS_MonitorClass> The Message Object attribute is the SiteScope Monitor Class name prefixed with the string 'SiS_' Severity <normal|warning|critical> The Message Severity is set according to the SiteScope Monitor Status 'good', 'warning' and 'error'. Service ID SiteScopeMonitor:<SiS_ MonitorGroupName>:<SiS_ GroupMonitorID>\ @@<SiS_Server_OM_PNN> The Service ID is and colon-separated string consisting of: SiteScopeMonitor Static string prefix <SiS_ MonitorGroupName> the name of the group of the monitor HP Operations Manager (9.00) Page 1291 of 1297 Online Help Adapters and Integrations <SiS_ GroupMonitorID> the ID of the monitor in this group <SiS_ Server_ OM_ PNN> the HPOMprimary node name of the HP SiteScope server managed node Message Key <SiS_Server_ DNSName>:<SiS_ MoniTarget>:<SiS_ MoniGroupName>:\ <SiS_MonitorName>:<$MSG_ SEV> The Message Key is a colon-separated string assembled as follows: <SiS_Server_OM_ PNN> the HPOMprimary node name of the HP SiteScope server managed node <SiS_MoniTarget> the monitoring target of the HP SiteScope monitor <SiS_ MoniGroupName> the name of the HP SiteScope monitoring group the monitor belongs to <SiS_MonitorName> the name of the HPm SiteScope monitor that caused the alert action <$MSG_SEV> the incoming event severity according to the SiteScope monitor status Message Text Monitor <SiS_MonitorName> of type <SiS_ MonitorClass> for <SiS_MoniTarget> reported <SiS_MoniState> All Message Texts fromthe HP SiteScope Monitor Alert policies follow the same format as shown above. The parameters substituted by the policy processing are: <SiS_MonitorName> the name of the HP SiteScope monitor that caused the alert action <SiS_ MonitorClass> the HP SiteScope monitor class name <SiS_MoniTarget> the monitoring target of the HP SiteScope monitor <SiS_MoniState> the result string from the HP SiteScope monitor execution HP Operations Manager (9.00) Page 1292 of 1297 Online Help Adapters and Integrations Related Topics: l Variables in HP SiteScope Adapter Monitor Alert Policy Conditions l HP SiteScope Alert Text Templates l SiteScope Integration Policies Variables in HP SiteScope Adapter Monitor Alert Policy Conditions The policies of the groups per monitor class and advanced mapping for OMi utilize a uniformformat message text. A common set of policy condition variables is available and is listed in the following table in case you need to make customizations. The variables are listed in the following table. Policy Condtion Variable Description <sismoniname> name of the HP SiteScope monitor that triggered the alert action <sismonigroup> name of the HP SiteScope monitor that triggered the alert action <sismoniclass> HP SiteScope Monitor Class name of the monitor that triggered the alert action <sismonistatus> HP SiteScope monitor execution status <sismonitarget> target of the HP SiteScope monitor that triggered the alert action <sisserver> HPOMprimary pode pame of the managed node representing the HP SiteScope server <sismonstate> results string of the HP SiteScope monitor execution <remains> all information in the customizable area of the alert text template is put into this variable SiteScope Alert Text Templates HP SiteScope alerts are written to log files. The format of the HP SiteScope alert log files is defined by alert text templates. An alert text template is a text file containing static strings and HP SiteScope template variables. When an alert action is triggered, HP SiteScope substitutes the variables with runtime values and writes the log file. The HP SiteScope Adapter requires that the templates have a designated header containing certain specific information. When configuring the adapter, two alert text templates are copied to the file SiteScope_installdir/templates.script, where SiteScope_installdir is the name of the directory where HP SiteScope is installed. The template HPOM-SiSAlert creates short event texts. If more information is required, the template HPOM-SiSAlert_full can be used. The following table shows the short event alert text template and gives an explanation of the template variables used. Template Variable Explanation OMSiS Alert Template Template identification HP Operations Manager (9.00) Page 1293 of 1297 Online Help Adapters and Integrations Monitor=<name> SiteScope monitor name Group=<groupID> SiteScope monitor group Class=<_class> SiteScope monitor class InternalID=<_internalId> Internal monitor ID Time=<time> Alert time stamp Severity=<category> Alert severity Target=<_server>;<_host>;<_hostname>;<_url>; \ <_database>;<_targetMachineName>;<_machine>; \ <_pdhMachine>;<remoteMachineName> Used for target identification BACMoniID=<bacMonitorID> UCMDB ID of the monitor CI BACSessionID=<bacSessionID> UCMDB ID of the SiteScope profile ServerURL=<sitescopeurl> Server URL no more details selected Customizable area Special text or other variables can be put into the customizable area and can therefore be made visible in HPOM. The customizable area can span multiple lines. Related Topics: l Implementing HP SiteScope Adapter Alerts HP SiteScope Administrator Integration SiteScope Administrator integrates HP SystemAvailability Management Administration (SAM Admin) into HPOMfor Windows. SiteScope Administrator is a tool that lets you configure and manage multiple SiteScope instances using SAMAdmin fromwithin HPOM. HPOMfor Windows includes a SAMAdmin window that opens when you start SiteScope Administrator. The SAMAdmin window shows a summary of all SiteScope servers accessible to the HPOMsystem. In this window, you can manage SiteScope configurations for one or more SiteScope servers centrally fromthe HPOMconsole. SAMAdmin facilitates the transfer of configuration information fromone SiteScope instance to another. SiteScope Adminstrator Functionality Note: This section contains a brief summary of the SAMAdmin functionality that SiteScope Administrator provides you with. Details of the SAMAdmin functionality for configuring SiteScope instances, now integrated into HPOM, are described in the HP SiteScope Help. The SiteScope Help documents SiteScope and SAMAdmin and their integration with HPOM. SiteScope also integrates with HP Business Availability Center (BAC) software, and details of this integration, while not relevant to HPOMusers, are also provided in the SiteScope Help. To access the SiteScope Help: HP Operations Manager (9.00) Page 1294 of 1297 Online Help Adapters and Integrations 1. In the console tree, open the following tool group: Tools SiteScope Administration 2. In the details pane, double-click SAM Admin Online Help. This opens the SiteScope Help in a web browser. SiteScope Administrator provides the following functionality using SAMAdmin fromwithin HPOM: l Add New SiteScope Add a SiteScope instance to the list of SiteScopes that are accessible to the HPOMsystem. l Edit SiteScope Edit the properties which determine how a SiteScope server connects to the HPOMsystem. l Delete SiteScope Delete a SiteScope instance fromthe HPOMsystem. l Global Search and Replace Update properties across multiple SiteScope instances using the Global Search and Replace wizard. l Sync SiteScopes Synchronize settings between different SiteScope instances by copying the settings configured for a SiteScope instance to other SiteScope instances using the Sync SiteScopes wizard. l Copy and Paste between SiteScopes Copy configuration data fromone SiteScope instance to another by using the Copy to other SiteScope and Paste to other SiteScope options in the SiteScope objects context menu. To start SiteScope Administrator To start SiteScope Administrator, follow these steps: 1. In the console tree, open the following tool group: Tools SiteScope Administration 2. In the details pane, double-click SiteScope Administrator. This opens a SAMAdmin window in a web browser, showing a summary of all SiteScope servers accessible to the HPOM system. Note: You must be an authorized user to use the SiteScope Administration functionality. If you do not have authorization, a pop-up error message informs you of this. Ask your administrator to grant you authorization. Related Topics: l Install HP SiteScope Administrator integration Install HP SiteScope Administrator integration HP SiteScope Administrator integration is installed using an installation wizard that guides you through the procedure and prompts for information you must specify. Install HP SiteScope Administrator integration only after the HPOMinstallation is complete. HP Operations Manager (9.00) Page 1295 of 1297 Online Help Adapters and Integrations Read the instructions before you begin so that you are familiar with the information you must supply during installation. Note: If HPOMis installed in a cluster environment, you must install and uninstall the HP SiteScope Administrator integration on each cluster node separately. To install HP SiteScope Administrator integration 1. To start the installation process, select: Start All Programs HP HP Operations Manager Install SAM Admin Integration The Welcome page opens. 2. Click Next to go to the License Agreement page. 3. Read the license agreement statement and click I accept the terms in the license agreement. Then click Next to continue. 4. In the Destination Folder page, click Next. 5. In the Ready to Install the Program page, click Install to begin the installation. 6. When the Installer Completed page opens, click Finish to close the wizard. To uninstall HP SiteScope Administrator integration 1. On the HPOMmanagement server, open Windows Control Panel. 2. Double-click Add or Remove Programs or Programs and Features. 3. Remove the HP OM SiteScope Admin Adapter program. This removes all HP SiteScope Adapter installation components fromthe HPOMfor Windows management server. 4. Delete the HP SiteScope Adapter tools and policies. After the uninstallation, delete the HP SiteScope Administrator tools and policy groups manually in the HPOMconsole. Related Topics: l HP SiteScope Administrator integration HP Operations Manager (9.00) Page 1296 of 1297 Online Help Adapters and Integrations We appreciate your feedback If an email client is configured on this computer, open an email window by clicking on the Comments bookmark (at left). Otherwise, copy the information below to a web mail client, and send this email to ovdoc- asm@hp.com. Product name: HP Operations Manager for Windows Version: 9.00 Document title: PDF version of the Online Help Feedback: HP Operations Manager (9.00) Page 1297 of 1297 Online Help We appreciate your feedback