Veriato Server Manager Guide

r
Veriato Server Manager Guide
2/5/2016
www.veriato.com
Printed Documentation
Table of Contents
Getting Started ............................................................................................................... 7
Getting Started .............................................................................................................................. 7
About Veriato Server Manager ..................................................................................................... 8
Client Server Architecture ............................................................................................................. 9
System Requirements ................................................................................................................. 11
Screencasts.................................................................................................................................. 11
Upgrade from Disk Monitor ........................................................................................................ 12
Upgrade from Internet Server Monitor ...................................................................................... 12
Upgrade from Log Manager ........................................................................................................ 12
Licensing and Registration .......................................................................................................... 12
Application Program Interface .................................................................................................... 16
PCI DSS Compliance .................................................................................................................... 17
Terminology ................................................................................................................................ 19
Tutorials ....................................................................................................................... 20
Tutorials ...................................................................................................................................... 20
Configure Server Manager to use MySQL ................................................................................... 20
Configure Server Manager to use SQL Server ............................................................................. 25
Configure Server Manager to use the file system....................................................................... 28
Conserve Disk Space ................................................................................................................... 31
Migrate to a New Server ............................................................................................................. 32
Monitor a Rolling Text Log File (IIS) ............................................................................................ 33
Monitor CSV Files ........................................................................................................................ 40
Use Gmail as a Backup Email Server ........................................................................................... 44
Management Console .................................................................................................. 46
Management Console ................................................................................................................. 46
Object Explorer ........................................................................................................................... 46
Options ........................................................................................................................................ 48
Service Connections .................................................................................................................... 49
Enable and Disable Objects ......................................................................................................... 50
Monitor Hierarchy....................................................................................................................... 51
Registry Explorer ......................................................................................................................... 51
Import a Disk List......................................................................................................................... 53
Filename Masks........................................................................................................................... 53
Server Manager Properties........................................................................................... 55
Server Manager Properties ......................................................................................................... 55
Email Settings .............................................................................................................................. 55
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
ii
Printed Documentation
Database Settings........................................................................................................................ 56
Active Directory Settings ............................................................................................................. 59
Syslog Server Settings ................................................................................................................. 60
Web Server Publishing Settings .................................................................................................. 62
Management Server Settings ...................................................................................................... 64
HTML and Email Template Settings ............................................................................................ 65
WMI Settings ............................................................................................................................... 68
Web Proxy Server Settings .......................................................................................................... 69
SNMP Server Settings.................................................................................................................. 70
Computers, Devices and Hosts ..................................................................................... 71
Computers, Devices and Hosts ................................................................................................... 71
Add Computers, Devices and Hosts ............................................................................................ 71
Assign Computer, Device or Host................................................................................................ 72
Map Computers, Devices and Hosts ........................................................................................... 72
Computer, Device and Host Properties ...................................................................................... 73
Assign Logon As Credentials........................................................................................................ 75
Copy Assignments ....................................................................................................................... 76
Import a Host List ........................................................................................................................ 77
Search for Computers, Devices and Hosts .................................................................................. 77
Browse Active Directory Dialog................................................................................................... 78
Browse Network Dialog .............................................................................................................. 78
Templates ..................................................................................................................... 79
Templates.................................................................................................................................... 79
Add Template .............................................................................................................................. 83
Assign Template .......................................................................................................................... 84
Template Properties.................................................................................................................... 84
Reports ......................................................................................................................... 86
Reports ........................................................................................................................................ 86
Add Report .................................................................................................................................. 87
Assign Report .............................................................................................................................. 88
Report Properties ........................................................................................................................ 88
Views ........................................................................................................................................... 89
Summary Reports........................................................................................................................ 89
Account Lockout Reports ............................................................................................................ 90
Security Event Log Reports ......................................................................................................... 93
Event Log Reports ..................................................................................................................... 112
Syslog Reports ........................................................................................................................... 115
Text Log Reports ....................................................................................................................... 117
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
iii
Printed Documentation
Duplicate Files Reports.............................................................................................................. 119
File and Directory Access Permissions Reports......................................................................... 121
File Extension Reports ............................................................................................................... 123
Largest Files Reports ................................................................................................................. 123
Least Accessed Files Reports ..................................................................................................... 125
Recently Accessed Files Reports ............................................................................................... 127
Temporary Files Reports ........................................................................................................... 129
Schedules ................................................................................................................... 130
Schedules .................................................................................................................................. 130
Add Schedule ............................................................................................................................ 131
Assign Schedule ......................................................................................................................... 131
Schedule Properties .................................................................................................................. 132
Day and Time Exclusions ........................................................................................................... 133
Filters.......................................................................................................................... 136
Filters......................................................................................................................................... 136
Add Filter ................................................................................................................................... 137
Assign Filter ............................................................................................................................... 138
Filter Properties ........................................................................................................................ 139
Import and Export Filters .......................................................................................................... 139
Actions, Alerts and Notifications ................................................................................ 140
Actions, Alerts and Notifications............................................................................................... 140
Desktop Actions, Alerts and Notifications ................................................................................ 142
Add Action ................................................................................................................................. 143
Assign Action ............................................................................................................................. 143
Action Properties ...................................................................................................................... 144
Database Actions....................................................................................................................... 144
Action Variable Tags.................................................................................................................. 145
File Output Options ................................................................................................................... 157
Tray Icon .................................................................................................................................... 158
Auto Configurators ..................................................................................................... 161
Auto Configurators .................................................................................................................... 161
Add Auto Configurator .............................................................................................................. 161
Auto Configurator Properties.................................................................................................... 162
Assign Templates to Auto Configurator .................................................................................... 163
Select Active Directory Organizational Unit.............................................................................. 164
Groups ........................................................................................................................ 165
Groups ....................................................................................................................................... 165
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
iv
Printed Documentation
Add Group ................................................................................................................................. 167
Assign Group ............................................................................................................................. 167
Log Management ........................................................................................................ 169
Log Management ...................................................................................................................... 169
Email Logs.................................................................................................................................. 170
Encrypt and Sign Files ............................................................................................................... 171
Event Log to Syslog.................................................................................................................... 173
EVT and EVTX Files .................................................................................................................... 174
Export Logs ................................................................................................................................ 176
Log Repository Retention Policy ............................................................................................... 177
Search for Logs .......................................................................................................................... 178
Log Viewers ................................................................................................................ 179
Log Viewers ............................................................................................................................... 179
Event Log Viewer....................................................................................................................... 180
Syslog Log Viewer...................................................................................................................... 180
Text Log Log Viewer .................................................................................................................. 181
Windows Service ........................................................................................................ 181
Windows Service ....................................................................................................................... 181
Assign Service Logon As Credentials ......................................................................................... 181
Windows Service Log ................................................................................................................ 182
Run the Service in Verbose Mode ............................................................................................. 183
Syslog Server ............................................................................................................................. 183
SNMP .......................................................................................................................... 185
SNMP Server ............................................................................................................................. 185
SNMP Server ............................................................................................................................. 185
SNMP Trap Viewer .................................................................................................................... 185
Batch Functions .......................................................................................................... 186
Batch Functions ......................................................................................................................... 186
Batch Assign Computers, Devices and Hosts to a Group .......................................................... 186
Batch Assign Logon As Credentials ........................................................................................... 187
Batch Assign Templates to a Group .......................................................................................... 187
Batch Delete Computers, Devices and Hosts ............................................................................ 188
Batch Update Auto Configurators ............................................................................................. 189
Batch Update Computers, Devices and Hosts........................................................................... 189
Batch Update Reports ............................................................................................................... 190
Batch Update Templates ........................................................................................................... 190
Select Multiple Auto Configurators........................................................................................... 191
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
v
Printed Documentation
Select Multiple Computers, Devices and Hosts ........................................................................ 191
Select Multiple Logs .................................................................................................................. 192
Select Multiple Reports ............................................................................................................. 192
Select Multiple Templates ........................................................................................................ 193
Troubleshooting ......................................................................................................... 194
Troubleshooting ........................................................................................................................ 194
Access Denied Errors ................................................................................................................. 194
Quota Violation Errors .............................................................................................................. 196
The RPC server is unavailable Errors ......................................................................................... 197
Windows Firewall ...................................................................................................................... 199
About Veriato ............................................................................................................. 200
About Veriato ............................................................................................................................ 200
Contact Us ................................................................................................................................. 200
Third Party Software Notices and/or
Additional Terms and Conditions .............................................................................................. 201
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
vi
Getting Started
Getting Started
For new users, we recommend that you get acquainted with how Server Manager works. Here are some
introductory topics to get you started:
 Client Server Architecture
 Management Console
 Groups
 Terminology
After completing the Server Manager installation for the first time, there are some required
configuration tasks you need to complete prior to configuring Server Manager to monitor and report.
Required tasks:
1. If you have already purchased a license, register your license.
2. Follow the Server Manager Configuration Wizard. If the wizard does not automatically open,
select Tools > Server Manager Configuration Wizard. The wizard includes the following
pages:
o Service Credentials
o Email Settings
o Database Settings
Optional tasks:
•
•
•
•
•
•
•
Configure Active Directory Connections
Configure Syslog Server Settings
Configure Web Server Publishing Settings
Configure Management Server Settings
Configure HTML and Email Template Settings
Configure WMI Settings
Configure Web Proxy Server Settings
What's next?
•
•
•
•
Add Computers, Devices and Hosts
Create and assign Templates
Create and schedule Reports
Create and schedule Auto Configurators
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
7
Printed Documentation
Related Topics
Screencasts
Tutorials
Troubleshooting
About Veriato Server Manager
Veriato Server Manager is an enterprise-wide systems and application monitoring software package
enabling both small business and large enterprise System Administrators to proactively manage their
networks and fulfill compliance requirements.
•
Consolidates, archives and monitors logs such as:
o
o
o
•
Includes Security Event Log Reports such as:
o
o
o
o
o
•
Object Access Auditing
Failed Logons, Successful Logons and Logon Sessions
Account Management
Account Lockout
New Accounts
Monitors resources such as:
o
o
o
•
Windows Event Logs
Syslogs
Text Logs
Disk space
CPU load over time
Memory load over time
Monitors and controls applications and services such as:
o
o
o
o
Websites
Email servers
Databases
Windows services and processes
•
Monitors Internet connectivity and throughput.
•
Includes extensive disk and directory monitoring and analysis functions and Reports.
•
Monitors changes to the Windows Registry.
•
Monitors SSL and digital certificate expiration and validity.
•
And more...
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
8
Printed Documentation
How It Works
Server Manager...
•
Installs to a single server then remotely manages computers, devices and hosts.
•
Is configured though a client user interface which can be installed to any supported Windows
computer at any location.
•
Is an agentless system that utilizes Windows technologies such as WMI and Windows
Networking.
Fires alerts and notifications through email, SMS, remote desktop popups, SNMP traps and
more.
Automatically publishes systems and network status to your web server for remote access via
your iPhone or Android.
Generates Reports to HTML, PDF, text and CSV.
•
•
•
Related Topics
Getting Started
System Requirements
Client Server Architecture
Management Console
Client Server Architecture
Server Manager is implemented using client/server architecture. The server, referred to as the Server
Manager Service, runs as a Windows service and is responsible for all Monitor and Report execution.
The client application, referred to as the Management Console, runs on any supported Windows
platform and is responsible for all configuration and management. The tray icon, also a client
application, is responsible for desktop notifications (e.g. message box and sound alerts). You can install
the console and tray icon on as many computers as necessary.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
9
Printed Documentation
The client/server interface is implemented using TCP port 6766 by default. The TCP interface
authenticates all incoming connections using Windows authentication. Access will only be granted if the
user accessing the service belongs to the Administrator group. For secure environments, the TCP
interface can be configured to encrypt all packets using private keys. For more information see
Management Server Settings.
To configure the console or tray icon to connect to a remote service installation, see Service
Connections.
Server Manager is deployed through a single installer that always installs the
service, console and tray icon. If you only plan to use the console and/or tray icon,
you can disable the Veriato Server Manager service via the Windows Service
Control Manager.
Related Topics
Management Server Settings
Service Connections
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
10
Printed Documentation
System Requirements
Supported Operating Systems
•
•
Windows Server 2012, 2008 R2, 2008, or 2003
Windows 8, 7, Vista, or XP
Supported CPUs (64-Bit / 32-Bit)
Server Manager is offered in both 64-bit and 32-bit Windows installers. Be sure to install the 64-bit
installer when targeting 64-bit hardware as the 64-bit installer includes 64-bit binaries.
Memory
4 GBs of available memory, 8 GBs suggested for large networks.
Microsoft .NET Framework 3.5 Service Pack 1
The installation detects if the .Net Framework 3.5 Service Pack 1 is already installed. If not, the
framework is automatically downloaded from Microsoft and then installed. Please note the framework
may take a significant amount of time to install. Please be patient while the installation completes.
Domain Administrator Account
To access and manage remote resources Server Manager requires domain administrator credentials. If
off-domain, local administrator credentials. The first time the application is run, you will be prompted to
assign administrator credentials to the service.
Windows Management Instrumentation (client and server)
Many functions within Server Manager utilize Microsoft's Windows Management Instrumentation
(WMI) API (e.g. Event Log management, CPU, memory, services, processes, Access Permissions Reports).
Optional Components
Microsoft's SNMP Service - SNMP traps are exposed through Microsoft's SNMP Service.
Screencasts
Veriato offers video screencast tutorials to help you learn how to use Server Manager.
•
•
•
Introduction to Server Manager
Server Manager Actions
Server Manager Schedules
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
11
Printed Documentation
•
•
•
•
Event Log Consolidation and Monitoring using Templates
Object Access Reports
Ping Monitoring and Reporting
Complex Event Log Filtering
Related Topics
Troubleshooting
Tutorials
Upgrade from Disk Monitor
When installing Server Manager on a server that already has Disk Monitor installed, you will be
prompted to upgrade. Server Manager includes an upgrade wizard that automatically imports your
license and configurations, and optionally uninstalls Disk Monitor.
Upgrade from Internet Server Monitor
When installing Server Manager on a server that already has Internet Server Monitor installed, you will
be prompted to upgrade. Server Manager includes an upgrade wizard that automatically imports your
license and configurations, and optionally uninstalls Internet Server Monitor.
Upgrade from Log Manager
When installing Server Manager on a server that already has Log Manager installed, you will be
prompted to upgrade. Server Manager includes an upgrade wizard that automatically imports your
license and configurations, and optionally uninstalls Log Manager.
Licensing and Registration
Server Manager is licensed by the number of nodes being monitored. A node is defined as a unique IP
address and/or hostname that is monitored, scanned, or otherwise managed by the Software. You can
apply as many Templates (e.g. CPU, memory, disk space, web content, etc.) to each node as necessary.
A simple licensing sample:
If monitoring a single physical server called mycompany that hosts a web server
(www.mycompany.com) and mail server (mail.mycompany.com), 3 nodes within your license will be
required for each of the 3 addressable names:
 mycompany (e.g. Ping monitor)
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
12
Printed Documentation


www.mycompany.com (e.g. HTTP monitor)
mail.mycompany.com (e.g. SMTP monitor)
NOTE: If each of the 3 addressable names are on the same IP address, using the IP address
instead of the addressable names will reduce the required hosts from 3 to 1.
To register your license:
1. After purchasing a license from Veriato, you will receive a serial number via email.
2. If not already installed on the target server, install, then open the Management Console.
3. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
13
Printed Documentation
4. Select the Licensing tab then click Register License. The Register License dialog displays.
5. Specify the email address used when purchasing.
6. Paste the serial number you received in your order confirmation email.
7. Click Submit.
NOTES: If you are running on an isolated network, you can register your license
at:
www.Veriato.com/support/registernodessm.asp
Fill out the license registration form. Once complete a license key file will be automatically
emailed to you.
When moving this software from one server to another or when waiting for your purchasing
department to upgrade an existing license, Veriato offers users the option to register up to 10%
over the current number of nodes purchased.
Anytime your registered node count exceeds the number of nodes you purchased, you
will receive a nightly notification email reminding you to reduce the number of registered
nodes.
To set the maximum node count:
The Server Manager licensing enables you to install the Server Manager Service on multiple servers. For
example, if you purchased a 100 node license, you could install Server Manager on three different
servers potentially located at 3 different sites then configure each installation to monitor 33 nodes.
Finally, a forth instance of Server Manager could be installed in a DMZ to monitor a single server within
the DMZ for a total of 100 nodes. To set the number of nodes associated with a specific Server Manager
installation:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
14
Printed Documentation
1.
2.
3.
4.
5.
6.
Select Edit > Server Manager Properties. The Server Manager Properties view displays.
Select the Licensing tab.
From the Installed Licenses list, select the serial number to update.
From the Registration List, select the Host to update.
Click Set Maximum Node Count. The Set Maximum Nodes view displays.
Set the maximum number of nodes which you would like to manage.
If the target host is another remote installation, the target Server Manager Service
will automatically update at midnight or can be manually updated by restarting
the Veriato Server Manager Service on the effected server.
When moving this software from one server to another or when waiting for your
purchasing department to upgrade an existing license, Veriato offers users the
option to register up to 10% over the current number of nodes purchased.
Anytime your registered node count exceeds the number of nodes you purchased,
you will receive a nightly notification email reminding you to reduce the number
of registered nodes.
To reset your license:
If you need to move a license to another computer, you can reset your own license for registration on
the new server.
1.
2.
3.
4.
5.
Select Edit > Server Manager Properties. The Server Manager Properties view displays.
Select the Licensing tab.
From the Installed Licenses list, select the serial number to return.
From the Registration List, select the Host you are no longer using then click Return License.
When prompted to confirm to return the license and disable all associated monitors, click
Yes.
If the target host is another remote installation, the target Server Manager Service
will automatically update at midnight or can be manually updated by restarting
the Veriato Server Manager Service on the effected server.
To renew your maintenance:
When your maintenance is about to expire, you can upgrade through the Management Console.
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the Licensing tab.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
15
Printed Documentation
3. From the Installed Licenses list, select the serial number to renew then click Renew
Maintenance. You will be re-directed to your Internet browser where you can then renew
online.
If the server you are on does not have internet access you can renew at:
www.Veriato.com/purchase/renewal.asp
To upgrade or add more nodes to your license:
If your license only provides access to a sub-set of Templates and/or Reports or you would like to add
more hosts to your current installation, you can upgrade through the Management Console.
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the Licensing tab.
3. From the Installed Licenses list, select the serial number to upgrade then click Upgrade
License. You will be re-directed to your Internet browser where you can then upgrade online.
If the server you are on does not have internet access you can upgrade at:
www.Veriato.com/support/offers.asp?ItemID=41
Application Program Interface
Server Manager enables users to write custom applications to view monitor history data. For example, a
user could create an application that shows ping response times or disk utilization over a period of time.
Consumption of history data can obtained when saving history to SQL Server,
MySQL or Oracle. At this time there is no API to access file system based history.
Server Manager saves each monitor's history to a unique table. The table name for each monitor uses
the following format:
M[HOST_ID]_[TEMPLATE_ID]
Host ID
The internal object ID.
Template ID The internal object ID.
For example: H100_200
To view a Host ID:
1. From the Object Explorer, navigate to the target computer, device or host.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
16
Printed Documentation
2. Right-click and select Host Properties. The Host Properties dialog displays.
3. The Host ID is listed within the General tab.
To view a Template ID:
1. From the Object Explorer, navigate to the target Template or Monitor.
2. Right-click and select Template Properties. The Template Properties view displays.
3. The Template ID is listed within the General tab.
PCI DSS Compliance
Server Manager provides software solutions to meet PCI DSS compliance requirements as defined in
v2.0 section 10 of the PCI Data Security Standard.
Section Requirement
Solution
10.2
Out-of-the-box Security Event Log filters and
Reports such as:
Implement automated audit trails for all
system components to reconstruct the
following events.
•
•
•
•
•
•
Failed Logons
Success Logons
Account Management
Logon Sessions
New User Accounts
Account Lockout
Real-time and scheduled monitoring of all
Object Access Security Event Log entries.
10.4
Using time-synchronization technology,
Pre-installed Synchronize Clocks Template
synchronize all critical system clocks and
which uses NTP to synchronize clocks on all
times and ensure that the following is
discovered Windows servers.
implemented for acquiring, distributing, and
storing time.
Note: One example of time synchronization
technology is Network Time Protocol (NTP).
10.5
Secure audit trails so they cannot be altered. Pre-installed Event Log File Backup Template
which can be scheduled to consolidate to a
central log server then encrypt, password
protect and digitally sign output files ensuring
file integrity.
Includes a File Consolidation Template which
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
17
Printed Documentation
can be scheduled to consolidate to a central
log server any set of files then encrypt,
password protect and digitally sign output
files ensuring file integrity.
Pre-installed Syslog Backup Template which
can be scheduled to archive consolidated
Syslog messages to a central log server then
encrypt, password protect and digitally sign
output files ensuring file integrity.
10.5.3
Promptly back up audit trail files to a
centralized log server or media that is
difficult to alter.
Pre-installed Event Log Consolidation
Template which can be scheduled to
download Event Logs to a central log server
then save to SQL Server, MySQL, Oracle or our
own binary file format.
Includes a Syslog Server that is pre-configured
to save all received Syslog messages.
Optionally supports saving messages to SQL
Server, MySQL or Oracle.
Includes several Text Log Monitoring
Templates that can be configured to save all
entries to a central log server. Supported
output includes: SQL Server, MySQL, Oracle
and our own binary file format.
10.6
Review logs for all system components at
least daily. Log reviews must include those
servers that perform security functions like
intrusion-detection system (IDS) and
authentication, authorization, and
accounting protocol (AAA) servers (for
example, RADIUS).
Note: Log harvesting, parsing, and alerting
tools may be used to meet compliance with
Requirement 10.6.
Includes:
•
•
•
•
Numerous log viewers that enable
users to page through large
volumes of data, hide duplicate
entries, filter and merge multiple
logs into a single view.
Out-of-the-box filters.
Customizable filters with AND, OR,
NOT, criteria nesting and regular
expression support.
Automated and on-demand
Reporting.
Related Topics
Payment Card Industry (PCI) Data Security Standard
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
18
Printed Documentation
Terminology
Term
Definition
Action
A configurable object that executes a function when:
•
•
•
A monitor triggers, recovers, errors or completes.
A Report is complete or errors
An Auto Configurator is complete or errors
Auto
Configurator
A configurable object used to monitor new servers and workstations. When utilized
in large environments, Auto Configurators can be a very powerful tool enabling
Server Manager to automatically monitor new and renamed servers without any
interaction.
Desktop Action
Desktop Actions are defined as Actions that are executed within a user's Windows
desktop (e.g. message box alerts, sound alerts and optionally interactive file
execution)
Filter
A configurable object used to target or limit specific log entries or computers from
real-time and consolidated log views, Monitors and Reports. Filters can also be used
when manually searching computers in Active Directory or through an Auto
Configurator.
Host
Term used to refer to either a computer, a device (e.g. switch, router or firewall) or
a hostname (e.g. www.Veriato.com).
Log Repository
A database or file system location where log entries are saved.
•
•
•
Primary Log Repository - Contains the LATEST consolidated log entries.
Archive Log Repository - Contains ARCHIVED consolidated log entries
previously saved to the Primary Log Repository
Auxiliary Log Repository - Contains AUXILIARY or BACKUP consolidated
logs. Typically used to view old database backups for auditing purposes.
Monitor
The result of a host-Template assignment causing the function to execute on a
scheduled basis (e.g a ping monitor).
Report
A configurable object that enables users to receive summarized data on-demand or
on a scheduled frequency. Reports typically output to an HTML file or email.
Schedule
A configurable object that defines the frequency to execute a Monitor, Report or
Auto Configurator (e.g. daily at 6:00 AM or every 5 minutes).
Management
Console
The client application used to configure the service, view logs and manually execute
Monitors, Reports and Auto Configurators.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
19
Printed Documentation
Server Manager The server application responsible for executing Monitors, Reports and Auto
Service
Configurators. The service is implemented as a Windows Service.
Server Manager The client application that enables your Windows desktop to display system status,
Tray Icon
receive desktop notifications (e.g. message box alerts, sound alerts and optionally
interactive file execution) and launch the Console.
Template
A configurable object that defines properties for an executable function that is
assigned to one or more hosts, host groups, Template groups and Summary
Reports.
Tutorials
Tutorials
The following tutorials are available:
•
•
•
•
•
•
Configure Server Manager to use SQL Server
Configure Server Manager to use MySQL
Migrate to a New Server
Monitor a Rolling Text Log File
Monitor CSV Files
Use Gmail as a Backup Email Server
Forum
If none of these topics help, please see our online forum at:
http://spectorlive.com/phpbb3/
Screencasts
Veriato offers several video screencast tutorials to help you learn how to use Server Manager. The
screencasts can be found at:
http://www.Veriato.com/products/server-manager/tutorials.asp
Configure Server Manager to use MySQL
In this tutorial, we walk you through the process of downloading, installing and configuring MySQL.
Once completed, we will configure Server Manager to use MySQL when saving history and log entries.
Lastly, we will download logs to the MySQL database and verify entries were written to the database.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
20
Printed Documentation
Step 1: Download and install MySQL Community Server
Download and install MySQL Community Server from:
http://mysql.com/downloads/mysql/
Step 2: Download and install MySQL Workbench
The MySQL Workbench enables you to configure and manage MySQL. Download and install from:
http://mysql.com/downloads/workbench/
Step 3: Create new server instance
The first time you open the workbench you must add the connection to your database. From the Home
page select New Server Instance. Follow the wizard adding in your connection information.
Step 4: Create databases
1. From the Home page, under the SQL Developmentcolumn, double-click on the connection to
your database. The SQL Editor view is displayed.
2.
3.
4.
5.
6.
7.
From the toolbar click the
button. The new_schema - Schema tab displays.
From the Name text box type CBSM
From the Collation drop-down select utf8 - default collation.
Click OK. The Apply SQL Script to Database dialog displays.
Click Apply then Finish.
Create 2 more databases, one for the Archive Log Repository named CBSM_ARCHIVE and the
other for the History database named CBSM_HISTORY. Once all 3 databases have been
created the MySQL Workbench lists the 3 databases as seen below:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
21
Printed Documentation
Step 5: Create the database user and assign privileges
1. From the Home page, under the Server Administrationcolumn, double-click on the sever
instance. The Admin view is displayed.
2. From the Task and Object Browser view, select Users and Privileges. The Users and
Privileges view displays.
3. From the Server Access Management tab, click Add Account
4. Set the Login Name to cbsmuser.
5. Enter a Password then duplicate the password in the Confirm Password text box.
6. Select the Administrative Roles tab.
7. From the Role list check DBA.
8. Click Apply. The MySQL configuration process is now complete.
Step 6: Configure the Log Repositories and History
1. From Server Manager, select Edit > Server Manager Properties. The Server Manager
Properties view displays.
2. Select the Databases tab.
3. Create the Primary Log Repository.
1.
2.
3.
4.
5.
Click the
button.
From the Role drop-down select Log Repository.
Specify a Name (e.g. MySQL Primary Log Repository).
From the Provider drop-down select MySQL.
Specify the Server name.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
22
Printed Documentation
6. Set the User name to cbsmuser.
7. Specify the Password you set earlier.
8. Set the Database to CBSM.
9. Click the
button. The database is automatically initialized.
4. Create the Archive Log Repository. Follow the the instructions above, however;
1. Set the Name to MySQL Archive Log Repository.
2. Set the Role to ArchiveLogRepository.
3. Set the Database to CBSM_ARCHIVE.
5. Create the History database. Follow the the instructions above, however;
1. Set the Name to MySQL History.
2. Set the Role to History.
3. Set the Database to CBSM_HISTORY.
Step 7: Test and verify the configuration
1. From the Object Explorer, add a new computer.
2. Assign the sample Event Log Consolidation and Monitoring Template.
3. Right-click on the Monitor you just created under your new computer and select Execute
Now (Verbose).
4. The Application, System and Security Event Logs are downloaded and saved to the MySQL
Primary Log Repository you just created and configured.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
23
Printed Documentation
5. From the Object Explorer, expand Log Repositories > SQL Server Log Repository then
navigate to the computer you just downloaded the logs from.
6. Expand the computer to find the Event Logs node.
7. Expand the Event Logs to find the Application, System and Security nodes.
8. Right-click on the Application node and select View Top 10000 Consolidated Log Entries. The
Select Display Filters dialog displays.
9. Check the Information, Warning and Error options then, if a filter is selected, click the
button to clear the filter. Finally click OK. The Log Viewer displays.
10. Verify entries are displayed in the view.
11. From MySQL Workbench, within the SQL Editor, right-click then select Refresh All. The 3
databases you created are now listed.
12. Expand the CBSM > Tables node. Several table display including a table for each consolidated
log.
13. You should now see a new table called [servername]_evt_application where [servername] is
the name of the server you downloaded the logs from. If you see this table, you have
successfully downloaded the Event Log and saved it to your MySQL database, otherwise the
Primary Log Repository is not configured to use this database. Check the Server Manager
configurations and try again.
MySQL Log Repository Schema Defined
The Primary and Archive Log Repositories require the following tables:
Table
Description
level
Contains a list of the Event Log levels (Information, Warning, Error, Audit Success, and
Audit Failure).
facility
Contains a list of the Syslog facilities.
priority
Contains a list of the Syslog priorities.
event_logs Contains an index of consolidated Event Logs.
syslogs
Contains an index of consolidated Syslogs.
text_logs
Contains an index of consolidated Text Logs.
Each log file is consolidated to its own table using the following naming conventions:
Log Type Table
Event Log [host]_evt_[log]
Syslog
[host]_syslog
Text Log
[GUID] - Since the only thing that uniquely identifies a text log is the filename and a
filename can easily exceed the maximum length of a table name, a GUID is used in place of
the filename. The text_logs table maps the consolidated text log s filename to the GUID
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
24
Printed Documentation
enabling the software to identify which table to read and write entries from.
Related Topics
Conserve Disk Space
Database Settings
Log Repository Retention Policy
View Logs
Configure Server Manager to use SQL Server
In this tutorial, we walk you through the process of configuring SQL Server. Once completed, we will
configure Server Manager to use SQL Server when saving history and log entries. Lastly, we will
download logs to the SQL Server database and verify entries were written to the database.
Step 1: Create the databases
1.
2.
3.
4.
5.
6.
Open Microsoft SQL Server Management Studio.
From the Object Explorer, expand Databases.
Right-click then select New Database.
From the Database name text box type CBSM
Optionally, set the autogrowth to 100 MBs then click OK. The database is created.
Create 2 more databases, one for the Archive Log Repository named CBSM_ARCHIVE and the
other for the History database named CBSM_HISTORY.
Step 2: Create the database user
1.
2.
3.
4.
5.
6.
7.
From the Object Explorer, expand Security.
Right-click then select New Login. The New Login dialog displays.
From the Login name text box type cbsmuser.
Check SQL Server authentication.
Type a password.
Un-check Enforce password policy.
Click OK. The user is created.
Step 3: Assign the user to the databases
1.
2.
3.
4.
5.
From the Object Explorer, expand Databases > CBLM > Security.
Right-click then select New User.
From the User name text box type cbsmuser.
From the Login name text box type cbsmuser.
From the Select a page view, select Membership. The Database role membership view
displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
25
Printed Documentation
6. Check db_owner.
7. Click OK. The user is assigned.
8. Repeat these steps for the CBSM_ARCHIVE and CBSM_HISTORY databases.
Step 4: Configure the Log Repositories and History
1. From Server Manager, select Edit > Server Manager Properties. The Server Manager
Properties view displays.
2. Select the Databases tab.
3. Create the Primary Log Repository.
a.
b.
c.
d.
e.
f.
g.
h.
Click the
button.
From the Role drop-down select Log Repository.
Specify a Name (e.g. SQL Server Primary Log Repository).
From the Provider drop-down select SqlServer.
Specify the Server name.
Set the User name to cblmuser.
Specify the Password you set earlier.
Set the Database to CBSM.
i.
Click the
button. The database is automatically initialized.
4. Create the Archive Log Repository. Follow the the instructions above, however;
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
26
Printed Documentation
a. Set the Name to SQL Server Archive Log Repository.
b. Set the Role to ArchiveLogRepository.
c. Set the Database to CBSM_ARCHIVE.
5. Create the History database. Follow the the instructions above, however;
a. Set the Name to SQL Server History.
b. Set the Role to History.
c. Set the Database to CBSM_HISTORY.
Step 5: Test and verify the configuration
1. From the Object Explorer, add a new computer.
2. Assign the sample Event Log Consolidation and Monitoring Template.
3. Right-click on the Monitor you just created under your new computer and select Execute
Now (Verbose).
4. The Application, System and Security Event Logs are downloaded and saved to the SQL Server
Primary Log Repository you just created and configured.
5. From the Object Explorer, expand Log Repositories > SQL Server Log Repository then
navigate to the computer you just downloaded the logs from.
6. Expand the computer to find the Event Logs node.
7. Expand the Event Logs to find the Application, System and Security nodes.
8. Right-click on the Application node and select View Top 10000 Consolidated Log Entries. The
Select Display Filters dialog displays.
9. Check the Information, Warning and Error options then, if a filter is selected, click the
button to clear the filter. Finally click OK. The Log Viewer displays.
10. Verify entries are displayed in the view.
11. From SQL Server Management Studio, within the Object Explorer, right-click then select
Refresh.
12. Expand the Databases > CBSM > Tables node. Several table display including a table for each
consolidated log.
13. You should now see a new table called [servername]_evt_application where [servername] is
the name of the server you downloaded the logs from. If you see this table, you have
successfully downloaded the Event Log and saved it to your SQL Server database, otherwise
the Primary Log Repository is not configured to use this database. Check the Server Manager
configurations and try again.
SQL Server Log Repository Schema Defined
The Primary and Archive Log Repositories require the following tables:
Table
Description
level
Contains a list of the Event Log levels (Information, Warning, Error, Audit Success, and
Audit Failure).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
27
Printed Documentation
facility
Contains a list of the Syslog facilities.
priority
Contains a list of the Syslog priorities.
event_logs Contains an index of consolidated Event Logs.
syslogs
Contains an index of consolidated Syslogs.
text_logs
Contains an index of consolidated Text Logs.
Each log file is consolidated to its own table using the following naming conventions:
Log Type Table
Event Log [host]_evt_[log]
Syslog
[host]_syslog
Text Log
[GUID] - Since the only thing that uniquely identifies a text log is the filename and a
filename can easily exceed the maximum length of a table name, a GUID is used in place of
the filename. The text_logs table maps the consolidated text log s filename to the GUID
enabling the software to identify which table to read and write entries from.
Related Topics
Conserve Disk Space
Database Settings
Log Repository Retention Policy
View Logs
Configure Server Manager to use the file system
In this tutorial, we walk you through the process of configuring Server Manager to use the file system to
save history and log entries. Lastly, we will download logs to the file system and verify entries were
written to the directory.
Step 1: Create the directory
1. Open Windows Explorer.
2. Create 3 directories. One for the History, Primary Log Repository and the Archive Log
Repository.
Step 2: Configure the Log Repositories and History
1. From Server Manager, select Edit > Server Manager Properties. The Server Manager
Properties view displays.
2. Select the Databases tab.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
28
Printed Documentation
3. Create the Primary Log Repository.
a.
b.
c.
d.
e.
f.
Click the
button.
From the Role drop-down select Log Repository.
Specify a Name (e.g. Primary Log Repository).
From the Provider drop-down select FileSystem.
Specify the Path (e.g. c:\logs\Primary Log Repository).
Choose the Encoding. The default is UTF-8. Use UTF-16 when the primary language
requires Unicode (e.g. Japanese).
g. Click the
button. The database is automatically initialized.
4. Create the Archive Log Repository. Follow the the instructions above, however;
a. Set the Name to Archive Log Repository.
b. Set the Role to ArchiveLogRepository.
c. Set the Path (e.g. c:\logs\Archive Log Repository).
5. Create the History directory. Follow the the instructions above, however;
a. Set the Name to History.
b. Set the Role to History.
c. Set the Path (e.g. c:\logs\History).
Step 3: Test and verify the configuration
1. From the Object Explorer, add a new computer.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
29
Printed Documentation
2. Assign the sample Event Log Consolidation and Monitoring Template.
3. Right-click on the Monitor you just created under your new computer and select Execute
Now (Verbose).
4. The Application, System and Security Event Logs are downloaded and saved to the SQL Server
Primary Log Repository you just created and configured.
5. From the Object Explorer, expand Log Repositories > Primary Log Repository then navigate
to the computer you just downloaded the logs from.
6. Expand the computer to find the Event Logs node.
7. Expand the Event Logs to find the Application, System and Security nodes.
8. Right-click on the Application node and select View Top 10000 Consolidated Log Entries. The
Select Display Filters dialog displays.
9. Check the Information, Warning and Error options then, if a filter is selected, click the
button to clear the filter. Finally click OK. The Log Viewer displays.
10. Verify entries are displayed in the view.
11. From Windows Explorer, navigate to Primary Log Repository directory.
12. From the list view, you should see a file for each consolidated log.
13. You should now see a new table called [servername]_evt_application.elf where
[servername] is the name of the server you downloaded the logs from. If you see this table,
you have successfully downloaded the Event Log and saved it to your file system, otherwise
the Primary Log Repository is not configured to use this directory. Check the Server Manager
configurations and try again.
Each log file is consolidated to its own file using the following naming conventions:
Log Type Table
Event Log [host]_[log].elf
Syslog
[host].slf
Text Log
[GUID] - A GUID is used in place of the filename. The text_logs.dat file maps the
consolidated text log's filename to the GUID enabling the software to identify which table
to read and write entries from.
Related Topics
Conserve Disk Space
Database Settings
Log Repository Retention Policy
View Logs
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
30
Printed Documentation
Conserve Disk Space
When saving Event Logs to the Log Repository and using the File System format, new entries are
downloaded and saved to a temporary file. Once the download is complete, the previously downloaded
entries are appended to the temporary file. If saving data for a long period of time or if a server is
generating large Event Logs over a short period of time, such as the Security Event Logs for example,
these temporary files may get large (around 20 GB).
To optimize Server Manager to conserve disk space:
•
•
•
•
From the Database Settings properties page, configure Server Manager to use SQL Server.
Use Range Schedules to evenly distribute Event Log downloads over time. The end result is a
process that regularly downloads Event Logs rather than a process that fires off 90 downloads
all at once. The default Event Log Consolidation Template uses an Hourly Range Schedule
that automatically distributes Event Log downloads every hour.
Limit the log retention policy to a manageable period. For example, save entries for 15 days
in the Primary Log Repository and another 45 days in the Archive Log Repository for a total of
60 days. Every month at the end of the month make a database backup of the Archive Log
Repository and save it to your organization's archives.
When using an Event Log Consolidation and Monitoring Template, limit Post Consolidation
Filter use. Instead, use Reports to access data on a daily basis rather than using post
consolidation filters, which can result in frequent emails.
Related Topics
Database Settings
Filters
Log Repository Retention Policy
Schedules
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
31
Printed Documentation
Migrate to a New Server
When necessary, Server Manager can be moved to a another server.
To move your installation of Server Manager to another server:
1. Install the latest version of the software on the current server.
a. From the server the Server Manager Service is installed, ensure the latest version
of Server Manager is running. From the local Console, select Help > Check for
Update.
b. Once you have verified the latest version is running, backup the current
configuration. From the local Console, select Tools > Backup Configuration. The
Browse for Folder dialog displays.
c. Select the diretory to backup the current configuration files too.
3. Choose a directory you can access from your new server.
2.
a. Click OK.
4. Return the license.
a. After purchasing a license from Veriato, you will receive a license key or set of keys
via email.
b. Install and run Server Manager.
c. Select Edit > Server Manager Properties. The Server Manager Properties view
displays.
d. Select the Licensing tab then click Register License. The Register License Key
dialog displays.
e. Specify the email address used when purchasing and the license key you received
via email.
f. Click Submit.
5. Install, register and import the backed up configuration files on the new server.
a. From the new server, download and install the latest version from
http://www.Veriato.com/support/downloads.asp?ItemID=41.
b. Select Edit > Server Manager Properties. The Server Manager Properties view
displays.
c. Select the Licensing tab then click Register License. The Register License Key
dialog displays.
d. Specify the email address used when purchasing and the license key you received
via email.
e. Click Submit.
f. If you were previously using local databases to store history and/or log entries, use
your database tools to restore the databases to the new server.
g. Select Tools > Restore Configuration. When prompted to confirm to overwrite the
current configurations, click Yes. The Browse for Folder dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
32
Printed Documentation
h. Select the folder that contains the configuration files you previously backed up.
i. Click OK.
j. If you were previously using local databases to store history and/or log entries,
select Edit > Server Manager Properties. The Server Manager Properties view
displays. Select the Databases tab. From the Databases drop-down, select each
database then click Test Connection. If the test fails, verify the settings and try
again.
Monitor a Rolling Text Log File (IIS)
Many applications such as Internet Information Services (IIS) Manager, log to a daily log file. Each day
the application creates a new file that contains the date within the name, for example ex100625.log or
2010 June 25th. This format is simple to implement and enables system administrators to easily archive
log files.
This tutorial shows you how to monitor rolling text log files by configuring Server Manager to monitor IIS
logs. After verifying the requirements, check the location the log files reside on the IIS server, then
configure the Text Log Consolidation Template in Server Manager.
Requirements:
•
•
Server 2012
Internet Information Services (IIS) version 8.x
To check the log file location on the IIS server:
1. Logon to the target server.
2. From the Start menu select Administrative Tools > Internet Information Services (IIS)
Manager.
3. From the left pane, select the target web site.
4. From the right pane, double-click Logging.
5. The log file path is listed within the Directory text box. By default the path is:
%SystemDrive%\inetpub\logs\LogFiles,
which expands to:
c:\inetpub\logs\LogFiles.
IIS writes the log files to a sub-directory called:
W3SVC1
This is the directory you want to monitor. Now that you have the location, you need to
configure Server Manager to monitor the directory.
To configure the Text Log Consolidation Template:
1. Select File > New > Template. The Select Template Type dialog displays.
2. From the menu tree, expand Log Management > Text Log Management.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
33
Printed Documentation
Double-click Text Log Consolidation. The Template Properties dialog displays.
From the General tab, set the Name to IIS Log Monitor. Use the default settings.
Select the Logs tab.
From the Servers/Workstations drop-down, select the server where IIS is installed.
From the Available Files tree, select the directory where the log files are located. The path
displays in the text box below.
8. From the text box, append:
\u_ex>yyMMdd>.log
3.
4.
5.
6.
7.
9. Click
. The software checks the target directory for the existence of a file that matches the
current date. If a file is not found, verify IIS is running, a daily log file exists and the mask has
been entered correctly. If found, a prompt displays listing the discovered file:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
34
Printed Documentation
10. When prompted to add the mask, click Yes. The mask is added to the Assigned Files list.
11. Select the Function tab.
12. Use the Logical Name tab to specify a logical name which to consolidate all discovered log
files. If you do not specify a Logical Name, each discovered file is saved to a unique database
table.
Automated Text Log Reports and Log Repository Retention Policy Templates
require masked directory monitors to consolidate to a logical name.
13. Check Use logical filename then type: u_ex.log
14. Use the Entry Pattern tab to define how Server Manager decyphers unique log entries. Since
IIS log entries are limited to a single line, leave the Enable entry pattern recognition option
disabled.
15. Use the Read Method tab to define how each file is read the first time the file is discovered
or updated. Use the default option Beginning of file. This read method will read all current
entries in a newly discovered/monitored files, then consecutively read from the last known
position.
16. Use the Consolidation, Filters and Actions tab to apply a consolidation filter, Log Repository
Retention Policy Template and post consolidation Filters and Actions (e.g. to trigger an email
alert when a specific entry is read).
Create a filter that passes all "HTTP GET" requests and assign an action.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
35
Printed Documentation
a. Click Add. The Assign Filter and Action dialog displays.
b.
c.
d.
e.
f.
g.
Click
. The Create New Filter dialog displays.
Set the Name to HTTP Get Requests.
Click New Criteria.
From the Value text box, type GET.
Check Match case.
From the Criteria control group click Apply. The criteria is added to the Group and
Criteria Tree.
h. Click OK. The Filter is assigned.
i. From the Action drop-down, select Actions > Email > Send an Email.
j. Click the Edit action button
. The Action Properties dialog displays.
k. Verify an email address is assigned. If one is not, add a valid email address. Click
OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
36
Printed Documentation
l.
Click OK. The Filter and Action are added to the Post Consolidation Filter and
Actions list.
17. Click OK. The Template is created and assigned to the localhost.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
37
Printed Documentation
18. Verify the monitor is running.
a. From the Object Explorer, expand Computers, Devices and Hosts.
b. Locate and expand your localhost. The IIS Log Monitor node displays.
c. Right-click and select Explore. The Monitor Detail view displays.
d. This view should show the monitor is running and every minute a new history line
item should be added showing the monitor's results.
e. From the Object Explorer, expand Log Repositories.
f.
Locate and expand your localhost. The u_ex.log node should now display. If the node
is not visible press F5. If the node is still not visible, verify the IIS log contains data and
the Log Repositories have been configured correctly.
19. Test the Monitor, Filter, and Action.
a. Open your Internet browser then navigate to:
http://localhost.
b. At the top of the next minute, Server Manager should trigger an email alert that
contains the targeted log entries. If the Action fails to email, check your Email
Settings and try again.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
38
Printed Documentation
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
39
Printed Documentation
Monitor CSV Files
Server Manager enables you to monitor string as well as decimal values contained within CSV (comma
separated value) files. For example, one of our customers monitors water flow rates through dams. The
customer is able to receive notification when water flow rates fall outside expected values. Another
more typical example is the monitoring of stock trading files. When monitored, you can receive
notification when a stock exceeds or falls below a specific value.
To create a CSV file monitor:
1.
2.
3.
4.
5.
6.
Select File > New > Template. The Select Template Type dialog displays.
From the menu tree, expand Log Management > Text Log Management.
Double-click Text Log Monitor. The Template Properties dialog displays.
Use the General tab to configure the frequency to scan the file for new entries.
Select the Logs tab.
From the Servers/Workstations drop-down, select the server the file resides.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
40
Printed Documentation
7. From the Available Files tree, select the file then click Add. The file is added to the Assigned
Files list.
8. Select the Monitor tab then select the Filters and Actions tab.
9. Click Add. The Assign Filter and Action dialog displays.
Click
. The Create New Filter dialog displays.
From the Type drop-down, select CSV.
Type a unique Name.
Use the Comma delimiter drop-down to select the character the column delimiter. The
default is COMMA.
14. Click Load then select the target file. The Load CSV Column Headers dialog displays.
10.
11.
12.
13.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
41
Printed Documentation
15. If the file contains a column header, choose File contains a column header then from the list,
select the row that contains the column header.
16. Click OK. The file is read and an attempt is made to determine the data type of each column.
Each column is added to the Column definition.
17. Assign filter criteria.
a. Click New Criteria. The Criteria control group is enabled.
b. From the Attribute drop-down, select the column to monitor.
c. Use the Operation drop-down to select the comparison operand (e.g. =, !=, <, >, <=, >=,
Contains, Does Not Contain).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
42
Printed Documentation
d. From the Criteria control group click Apply. The criteria is added to the Group and
Criteria Tree.
a. When you have finished adding your Filter Criteria, click OK. The Filter is assigned.
b. From the Action drop-down, select the target action.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
43
Printed Documentation
c. Click OK. The Filter and Action are added to the Filters and Actions list.
18. Click OK. The Template is created and assigned to the localhost. The monitor will start at the
top of the next minute. If you chose the default Read Method (e.g. Beginning of File), the first
time the monitor runs the assigned actions are triggered once for all entries that pass the
Filter. Future scans will only trigger actions when new entries pass the Filter. Actions are only
triggered once per scan.
Use Gmail as a Backup Email Server
You can configure Server Manager to use your Gmail account to send email alerts when your primary
email server is unavailable or unable to send.
To configure Gmail as a backup email server:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the Email tab.
3. Check the Backup Email Server option then click Configure Backup. The Configure Backup
Email Server Connection dialog displays.
4. Use the following values:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
44
Printed Documentation
Servername smtp.gmail.com
TCP Port
Use port 465 for SSL/TLS
Use port 587 for STARTTLS
Username
Enter your Gmail email address (e.g. [email protected])
Password
Enter your Gmail password
5. From the Send test email to field, enter a non-gmail email address then click Test. A test
email is sent.
6. Click OK.
7. From the Server Manager Properties view, click Close.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
45
Printed Documentation
Management Console
Management Console
Server Manager is configured through the Management Console. The Console is a Windows client user
interface application that enables you to remotely configure Server Manager, view log entries, view
Monitor/Report detail and manually execute Monitors/Reports.
Navigation
The Console contains several views:
Pane
Description
Object Explorer The central navigation view that contains all of Server Manager's configurable
objects. Use the Object Explorer to create objects, assign objects, update objects,
view object detail and delete objects.
Service Output Tails the Server Manager log file containing errors, triggers, general activity, and
verbose output. Use the Service Output pane to watch activity and troubleshoot
monitors.
Document View Displays object properties, Reports and Monitor detail.
Remote Access
The Console enables you to remotely connect to multiple Server Manager Services running on various
networks. Once connected, both management and interrogation functions are proxied through the
Server Manager Service simplifying remote management. The client/server interface is implemented
using TCP port 6766. The TCP interface authenticates all incoming connections using Windows
authentication. Access will only be granted if the user accessing the service belongs to the
Administrators group. For secure environments, the TCP interface can be configured to encrypt all
packets using private keys.
Object Explorer
The Object Explorer is the central navigation view that contains all of Server Manager's configurable
objects. Use the Object Explorer to create objects, assign objects, update objects, view object detail and
delete objects.
These objects include:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
46
Printed Documentation
Nodes
Description
Root
Each configured Server Manager connection is added to the root.
Computers, Devices and Hosts Contains all of the managed hosts and their monitors. This includes
physical computers, hardware devices and network addressable
applications (e.g. web sites and SQL Server instances).
Monitors
From within the Computers, Devices and Hosts node when viewing a
host, assigned Templates appear under each host. Assigned Templates
are referred to as Monitors. Monitors are a representation of a hostTemplate assignment or the result of a host group or Template groupTemplate assignment.
Templates
Contains assignable monitor configurations (e.g. ping every 5 seconds
and upon 20% failure rate fire an email alert).
Monitor Hierarchy
Contains Monitor Hierarchy rules (e.g. when a ping monitor triggers,
drop all corresponding Monitor error Actions).
Reports
Contains reports (e.g. daily Summary, Object Access, and Largest Files
Reports).
Log Repositories
Contains consolidated log entries (e.g. domain controller Security
Event Logs).
Schedules
Contains the frequency to execute Monitors, Reports and Auto
Configurators (e.g. Daily, Hourly, Every Minute).
Filters
Contains Active Directory and log monitoring filters (e.g. only show
error events).
Actions
Contains the actions, alerts, and notifications (e.g. email the systems
administrators).
Auto Configurators
Contains the Auto Configurators (e.g. every week scan Active
Directory and add newly discovered servers to Server Manager).
To search the Object Explorer for a specific object:
1. From the Object Explorer, navigate to the location within the tree you would like to begin
your search.
2. Press Ctrl + F. The Find dialog displays.
3. Enter the text you would like to search for.
4. Optionally, select Match case.
5. Optionally, select Use regular expressions (e.g. to search for 2 computers use the following
regular expression syntax: (server01|server02).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
47
Printed Documentation
6. Optionally, select Search up.
7. Click Find Next. To continue searching press F3.
Or
Click Find All. The Find Results view displays. From this view, right-click on a result to view a
list of menu items.
Related Topics
Actions, Alerts and Notifications
Auto Configurators
Computers, Devices and Hosts
Filters
Groups
Monitor Hierarchy
Reports
Schedules
Templates
Options
The Options dialog enables you to set user preferences for the Management Console. For example,
automatically displaying the dashboard at startup.
To modify the Server Manager Options:
Select Tools > Options. The Options dialog displays.
The following options are available:
•
•
•
•
Startup Windows: select any of the following to be displayed when a new connection is
established:
o Dashboard
o Service Output
o Syslog Viewer
o SNMP Trap Viewer
o Error Report
WMI Proxying: proxy WMI calls through the Server Manager Service
Tray Icon: disable the tray icon
Log Viewer: configure the log viewer options and fonts
Related Topics
Log Viewers
Server Manager Properties
Tray Icon
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
48
Printed Documentation
Service Connections
Server Manager is implemented using client/server architecture. The Management Console enables
you to connect to remote installations of the service. The Connect to Service dialog provides the
controls to create these connections.
If you are only using the Console and/or Tray Icon, you can disable the Veriato
Server Manager service via the Windows Service Control Manager.
License key registration is only required on the server the service is running.
Neither the Console nor the Tray Icon require a license key registration.
To configure the Management Console and Tray Icon to connect to a remote service
installation:
1. Install Server Manager on the computer you want to connect from.
2. Once installed, from that computer, select File > New > Server Manager Connection. The
Connect to Service dialog displays.
3. Specify a unique Connection name.
4. Specify the Server name or IP address.
5. Specify the TCP port. The default is 6766. For more information see Management Server
Settings.
6. Specify a Windows domain administratorUsername, Password and Domain.
If the service is installed on another domain or within a workgroup, specify
administrator credentials that reside on the target domain or server.
If the service is installed on an off-domain computer or within a workgroup either
clear the Domain field or within the Domain field specify the computer name
where the service is installed.
If left blank, your current Windows login credentials are used.
9. Choose to Encrypt packets then specify the private Key.
Encryption must first be configured on the server where the service is running. For
more information see Management Server Settings.
10. Click Test. If the connection fails, check the settings on both the remote server and the local
computer and verify all firewalls are allowing traffic on the configured port.
11. To auto generate a connection name, click Generate Name.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
49
Printed Documentation
12. Click Connect.
Related Topics
Client Server Architecture
Console
Management Server Settings
Enable and Disable Objects
When using Server Manager you will likely find times you need to disable a Monitor, Report or Auto
Configurator. For example, if you would like to shutdown all monitoring on a particular server while you
apply operating system patches you can disable the host for a pre-determined period of time such as the
next 30 minutes. Server Manager enables you to temporarily or permanently disable hosts, Templates,
Reports and Auto Configurators.
To disable an object:
1. From the Object Explorer, navigate to the target object (e.g. host group, host, Template,
Report or Auto Configurator).
2. Right-click then select Disable. The Enable/Disable Properties dialog displays.
If the Disable menu item is not available, the object is already disabled.
By default objects are set to re-enable after 5 minutes.
When disabling multiple objects, use the Selected [Object Type] drop-down to
fine tune specific object settings.
5. To permanently disable the object, un-check Enabled.
6. To automatically re-enable the object, check Temporarily disable this object then check
Automatically re-enable after. Set the period and units (e.g. 5 minutes).
7. Click Apply.
To enable an object:
1. From the Object Explorer, navigate to the target object (e.g. host group, host, Template,
Report or Auto Configurator).
2. Right-click then select Enable.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
50
Printed Documentation
If the Enable menu item is not available, the object is already enabled.
Related Topics
Batch Functions
Day and Time Exclusions
Schedules
Monitor Hierarchy
Depending on the state of the directly assigned monitors, hierarchy rules enable you to suppress child
group trigger and/or recovery Actions.
To configure the monitor hierarchy:
1. From the Object Explorer, right-click on the Monitor Hierarchy node and select New Group.
The Create New Monitor Group dialog displays.
2. Enter a Name for the group.
3. Optionally, select Suppress child group monitor &trigger actions when all directly assigned
monitors have triggered. If any directly assigned monitors have not tiggered, child monitors
will continue to trigger.
4. Optionally, select Suppress child group monitor recovery Actions immediately preceding the
recovery of any directly assigned monitors.
5. Click OK.
6. From the Object Explorer, drag and drop each Monitor to the parent and child groups where
appropriate.
Registry Explorer
The Registry Explorer allows you to view, modify, create, delete, and search remote registry keys and
values.
To view the Registry Explorer:
1. From the Object Explorer, navigate to the target computer.
2. Right-click and select Registry Explorer. The Registry Explorer view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
51
Printed Documentation
To search for a registry key:
1. From the Registry Explorer, navigate to the location within the tree you would like to begin
your search.
2. Press Ctrl + F. The Find dialog displays.
3. Enter the text you would like to search for.
4. Choose to search Keys, Values and/or Data.
5. Optionally, select Match case.
6. Optionally, select Match whole string only.
7. Optionally, select Use regular expressions (e.g. to search for 2 strings use the following
regular expression syntax: (string01|string02).
8. Click Find Next. To continue searching press F3.
To modify a registry value:
1. From the Registry Explorer, navigate to the target registry key.
2. From the list view, right-click on the value and select Properties. The Set [Type] Value dialog
displays.
3. Update the value and click OK.
To create a new registry key:
1. From the Registry Explorer, navigate to the target parent registry key.
2. Right-click and select New > Key. The New Key dialog displays.
3. Enter the Name and click OK.
To create a new registry value:
1. From the Registry Explorer, navigate to the registry key.
2. Right-click and select New > [Type] Value where [Type] is one of the following:
o String Value
o Expandable String Value
o Multi-String-Value
o DWORD Value
o QWORD Value
o Binary Value
3. Enter the value and click OK.
To delete a registry key or value:
1. From the Registry Explorer, navigate to the target registry key or value.
2. Press Del.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
52
Printed Documentation
Import a Disk List
If you have a list of disks or shares in a spreadsheet, CSV (comma separated values), or text file, you can
import your list into Server Manager. When imported disk monitor Templates are created and assigned
to each computer, you have the option of creating a single Template per computer or a Template for
each disk or share listed in your file.
If you have a list of computers, devices and/or hosts you would like to import see
Import a Host List.
To import a disk list:
1. Select File > Import > Disk List.
2. Follow the instructions found within the wizard.
Related Topics
Add Computers, Devices and Hosts
Import a Host List
Filename Masks
When configuring some of the directory based Templates (e.g. Directory Cleaner, Directory Watcher or
File Consolidation), you have the option to target or exclude specific filenames. Server Manager
supports the standard Windows filter criteria (e.g. *.*) as well as our own date and time tag format
enabling you to target or exclude files which the names contain the current date and/or time. The
following tags are supported:
Variable Tag
Description
Year
yy or yyyy Use to replace the current year.
Month
M or MM Use to replace the current month.
Day
d or dd
Use to replace the current day.
Hour
h or hh
Use to replace the current hour.
When specifying date and time tags wrap the tags with <>.
For example:
*.log
<yyyyMMdd>.log
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
53
Printed Documentation
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
54
Printed Documentation
Server Manager Properties
Server Manager Properties
The Server Manager Properties view enables you to configure the Server Manager Service (e.g.
configure email server connection settings and backend databases).
To view the Server Manager Properties:
•
Select Edit > Server Manager Properties. The Server Manager Properties view displays.
The following tabs are available:
o Licensing
o Email
o Databases
o Active Directory
o Syslog Server
o Web Server Publishing
o Management Server
o HTML and Email Templates
o WMI
Email Settings
Server Manager supports sending alerts, notifications, and Reports through email. Use the Email
properties page to configure the outgoing email server connection settings.
To configure the email settings:
1.
2.
3.
4.
5.
6.
7.
8.
Select Edit > Server Manager Properties. The Server Manager Properties view displays.
Select the Email tab.
Enter the Server Information for the email server that will be sending messages.
Enter the Login Information to enable relay. If using Exchange Server and left blank, the login
information defaults to the account the service is running under.
Optionally, modify the From Information to specify the name and from address to appear in
outgoing mail.
Optionally, set and modify the Email Limiter to limit the number of emails sent over a period
of time (e.g. seconds, minutes or hours). Once the limit is reached, messages are dropped for
the remainder of the period. Dropped messages are logged to the service log file.
Enter an email address to receive a test message then click Test.
To use a backup email server when the configured email server is unavailable or unable to
send an email, check the Backup Email Server option then click Configure Backup. The
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
55
Printed Documentation
Configure Backup Email Server Connection dialog displays. Use the dialog to configure the
backup email server (repeat steps 3-7) then click OK.
9. Once you are able to successfully send a test message, click Close.
Related Topics
Actions, Alerts and Notifications
Use Gmail as a Backup Email Server
Windows Service Log File
Database Settings
Database Settings
Server Manager uses 5 database schemas to retain data:
Schema/Role
Description
History
Contains Monitor, Report and Auto Configurator
history (e.g. execution time, state, results such as
consumed disk space).
Primary Log Repository/LogRepository
Contains the LATEST consolidated log entries. (e.g.
log entries less than 15 days old).
Archive Log Repository/ArchiveLogRepository
Contains ARCHIVED consolidated log entries
previously saved to the Primary Log Repository (e.g.
log entries 15 days and older).
Auxiliary Log Repository/AuxiliaryLogRepository Contains AUXILIARY or BACKUP consolidated logs.
Typically used to view old database backups for
auditing purposes.
Undefined
This database is not used. The Undefined setting
allows you to disable a database while maintaining
the connection settings for later use.
Server Manager supports SQL Server, MySQL, Oracle as well as our own file system format (Local File
System) when a database is not an option. When consolidating log entries you will notice significantly
better performance using SQL Server over our file system format. Server Manager has been optimized
for SQL Server 2012/8/5.
To change the data provider type:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the Databases tab.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
56
Printed Documentation
3. From the Databases drop-down, select History or the equivalent entry whose Role is set to
History.
4. From the Provider drop-down, select SqlServer or other target data provider. A provider
specific view displays.
5. Configure the provider specific properties. For detailed instructions see the appropriate
tutorial:
o Configure Server Manager to use SQL Server.
o Configure Server Manager to use MySQL.
o Configure Server Manager to use the file system.
6. Click the
button. The database is automatically initialized.
7. Repeat these steps for the LogRepository and ArchiveLogRepository roles.
When configuring SQL Server or MySQL, Server Manager will automatically create
the database if it does not already exist; however, the default database options
are used. To create a database from within the database specific management
tools, see Configuring Server Manager to use SQL Server or Configuring Server
Manager to use MySQL.
When configuring Oracle, you must first create the Oracle databases and access
accounts using Oracle client tools.
Related Topics
Configure Server Manager to use SQL Server
Configure Server Manager to use MySQL
Configure Server Manager to use the file system.
Conserve Disk Space
Log Repository Retention Policy
Convert Data
Server Manager enables you to convert previously consolidated log entries and history from one data
type to another. For example, if you are currently consolidating log entries to our file system format and
would now like to use SQL Server, Server Manager can move the data from the file system to SQL Server
for you.
To load previously consolidated log entries to another database:
Disable all Templates, Reports and Auto Configurators prior to converting data.
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
57
Printed Documentation
2. Select the Databases tab.
3. Create 3 new databases: Primary Log Repository, Archive Log Repository and History. For
each database:
1. Click the
button.
2. Set the Role to Undefined.
If the Role is not set to Undefined currently running Monitors and Reports
will immediately read and write from this database.
3. Enter a Name.
4. Set the Provider to the SqlServer or other provider you would like to use. A
provider specific view displays.
5. Configure the provider specific properties. For detailed instructions see the
appropriate tutorial:
 Configure Server Manager to use SQL Server
 Configure Server Manager to use MySQL.
 Configure Server Manager to use the file system
4.
5.
6.
7.
8.
6. Click the
button.
Click the Convert Data button. The Convert Data dialog displays.
Under the Source data provider drop-down select the current database.
Under the Target data provider drop-down select the new database.
Click the Convert button.
Please be patient as this process can take several hours. Once completed the Roles will be
automatically swapped.
Once the process is complete, re-enable your Templates, Reports and Auto
Configurators.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
58
Printed Documentation
Related Topics
Configure Server Manager to use SQL Server
Configure Server Manager to use MySQL.
Configure Server Manager to use the file system.
Enable and Disable Objects
Active Directory Settings
Configure Active Directory connections for the Auto Configurators and more importantly adding
computers to the Object Explorer. The Auto Configurators automatically scan for computers connected
to Operational Units (OUs). Once discovered, computers are filtered, added, and then Templates and
Reports are assigned.
For multiple domains, create a connection for each domain's OU and specify the credentials. When the
Auto Configurator runs, the specified credentials are assigned to the newly added computers.
By default Server Manager discovers your Active Directory server; however, if the server the service is
running on is off-domain or you would like to connect to multiple Active Directory Servers you must
configure each connection.
When scanning multiple domains, create a connection for each domain's OU and
specify the appropriate domain administrator credentials. When the Auto
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
59
Printed Documentation
Configurator runs the specified credentials are assigned to all newly added
computers.
To configure the active directory settings:
1.
2.
3.
4.
5.
6.
7.
Select Edit > Server Manager Properties.
From the Server Manager Properties view, select the Active Directory tab.
Enter the Host (e.g. hostname or IP).
Enter the Path.
Optionally, check Authenticate then enter the authentication credentials.
Click Test Connection to verify you are able to connect.
Click Close.
Related Topics
Add Computers, Devices and Hosts
Auto Configurators
Syslog Server Settings
Server Manager contains both a UDP and TCP Syslog server. These syslog servers can be used to collect,
monitor, and consolidate syslog messages from both computers and devices such as network routers,
firewalls, and Unix, Linux and AS400 servers. By default, when a message is sent from a device, the
receiving Syslog server automatically adds the device's IP or hostname to the Object Explorer. Once
added, the message is saved to the Log Repository.
Use the Syslog Server Settings properties page to:
•
•
Configure syslog consolidation options
Configure the TCP and UDP servers
To configure the syslog server settings:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
60
Printed Documentation
2. Select the Syslog Server tab.
3. Select one of the following:
Save syslog messages from
all sources
Saves incoming Syslog messages from all devices to the Primary
Log Repository. Use the drop-down to assign a Syslog
Consolidation Template. To modify the existing Syslog
Consolidation Template, click
Require explicit Syslog
Consolidation Template
assignment to each device
prior to saving messages
.
Only saves incoming Syslog messages from devices with an
assigned Syslog Consolidation Template. To assign a Syslog
Consolidation Template, from the Object Explorer navigate to
Templates > Sample Templates > Syslog Consolidation. Rightclick and select Assign > Computer, Device or Host.
4. Optionally, select Display the syslog viewer at startup.
5. Optionally, select Listen for UDP Syslog Messages. Set the port and bind address.
6. Optionally, select Listen for TCP Syslog Messages. Set the port, bind address and idle timeout
and message delimiters. The following message delimiters are available:
CRLF (ASCII 13, ASCII 10) a line break type typically used for Windows OS. One line
terminator.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
61
Printed Documentation
CR (ASCII 13) a line break type typically used for Mac OS. "CR" is known as "return."
LF (ASCII 10) PIX Firewall: a line break type typically used for Unix. "LF" is known as
"newline."
Null (ASCII 00) Netscreen Firewall: a line break type typically used for Notepad.
7. Click Close.
Related Topics
Syslog Consolidation Template
Syslog Monitor Template
Web Server Publishing Settings
Server Manager can automatically publish a table of contents and group summaries to your web server.
By default, this is done once a minute at the top of the minute. Once configured, you can view the
current status of any group, host, or monitor through your Internet browser or handheld device such as
an iPhone or Android.
Server Manager does not include a Web Server. You must install a 3rd party web
server such as Internet Information Services (IIS) or Apache.
To configure the web server publishing settings:
1.
2.
3.
4.
5.
Select Edit > Server Manager Properties. The Server Manager Properties view displays.
Select the Web Server Publishing tab.
Check Enabled.
Enter or select the Path to write HTML documents. If using IIS, this is your virtual directory.
Select the Group by option (e.g. Host, Template, Template Type).
When grouped by Template or Template Type some Monitors produce Monitor
specific data columns and/or graphical images (e.g. disk space, directory size, file
count).
6. Click Close.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
62
Printed Documentation
An example table of contents:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
63
Printed Documentation
An example of a grouped summary, grouped by host:
Management Server Settings
The Server Manager Service is controlled by the Management Console through a TCP/IP interface. Use
the Management Server Settings properties page to configure the port, bind address, and encryption
options.
Once updated, the service must be restarted before the changes can take effect.
To configure the management server settings:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the Management Server tab.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
64
Printed Documentation
3. Enter the TCP Port. The default is 6766.
4. Enter the Bind address. The default is 0.0.0.0.
5. Optionally, select to Encrypt packets and enter a private encryption Key.
This is the same key used in Service Connections.
6.
7.
8.
9.
10.
Click Close. When prompted to restart the service click Yes. The service is restarted.
From the Object Explorer, navigate to the root node (e.g. Server Manager).
Right-click and select Connection Properties. The Connect to Service dialog displays.
Update any values you modified.
Click Connect.
Related Topics
Client Server Architecture
Management Console
HTML and Email Template Settings
When generating HTML files and HTML emails, Server Manager uses HTML templates to generate the
appropriate content. HTML templates are HTML files that define the styles and variable content by using
special tags. For example, when a low free disk space alert is fired, Server Manager loads the
appropriate disk space monitor HTML template, then parses the content and replaces tags such as
{FREE_SPACE} with actual values.
The primary purpose of HTML templates is to enable you to fully customize the styles and content. The
default HTML templates are located in the installation sub-directory, HtmlTemplates. The easiest way to
learn how the HTML templates work is to view them within a text editor. Custom HTML templates must
reside in the program data sub-directory, HtmlTemplates.
The default locations on Server 2012/2008 are:
C:\Program Files\Veriato\Server Manager\HtmlTemplates
C:\ProgramData\CornerBowl\Server Manager\HtmlTemplates
To configure the HTML and email templates:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the HTML and Email Templates tab.
3. Locate then click the HTML template to override, then click browse '...' button. The Select
HTML Template dialog displays.
4. Click Open With.
5. Choose an editing application to open the file.
6. Use the editor to make any changes, then save the file to another filename. This is important
as changes to the default file will be overwritten the next time you install a new build.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
65
Printed Documentation
7. Once you have created your new HTML template file, from the Select HTML Template dialog,
check Override default HTML template then click
8. Select the file you just created, click Open
9. Click OK.
.
To assign a custom HTML template to a specific HTML file or email action:
1. Create your own custom HTML template as described above; however, do not override the
default HTML template.
2. Once you have created your custom HTML template, select File > New > Action. The Create
New Action dialog displays.
3. From the Type drop-down select Email or File.
4. Fill out the appropriate fields, then check Override the default HTML template.
5. From the drop-down select the new HTML template you just created.
6. Click OK.
Variable Tags
For a detailed list of the available variable tags see Action Variable Tags.
Object Item Sections
Some functionality, such as Event Log Reports, include arrays of items. These HTML templates include
<ENTRY_ODD> and <ENTRY_EVEN> tags. See Action Variable Tags for a detailed list of available item
variable tags. For free disk space alerts you can define the item variables tags like so:
<ENTRY_ODD>\\{HOST}\{DISK} {FREE} {USED} {CAPACITY}</ENTRY_ODD>
<ENTRY_EVEN>\\{HOST}\{DISK} {FREE} {USED} {CAPACITY}</ENTRY_EVEN>
Image Variable Tags
The following HTML specific image tags are also available (not available for text based emails):
STATE_IMG
Draws the target object's state image.
HISTORY_IMG
Draws a server monitor history chart.
DISK_BAR_IMG
Draws a disk utilization horizontal bar image.
DISK_PIE_IMG
Draws a disk utilization pie chart.
DISK_HISTORY_IMG
Draws a disk utilization history chart.
DIRECTORY_BAR_IMG
Draws a directory size horizontal bar image.
DIRECTORY_PIE_IMG
Draws a directory size pie chart.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
66
Printed Documentation
DIRECTORY_HISTORY_IMG
Draws a directory size history chart.
FILE_COUNT_BAR_IMG
Draws a file count horizontal bar image.
FILE_COUNT_HISTORY_IMG Draws a file count history chart.
FILE_SIZE_BAR_IMG
Draws a file size horizontal bar image.
FILE_SIZE_HISTORY_IMG
Draws a file size history chart.
To display the object state image define the variable tag like so:
<img src="{STATE_IMG}" border="0" width="16px" height="16px"/>
Group By HTML Templates
Some Log HTML templates have the capability of grouping entries by host, host then log, log then host,
and log. To add grouping to your HTML template wrap the <ENTRY_ODD> and <ENTRY_ODD> tags
described above with one or both of the following tags:
The following variable tags are available:
{GROUP_BY_HOST} Displays the target hostname.
{GROUP_BY_LOG}
Displays the target log.
The type of grouping (host then log, log then host, host, or log) depends on the order you insert the
tags. For example, if you add the following section to an Event Log Report HTML Template, the software
will group by host then log:
<GROUP_BY_HOST><GROUP_BY_LOG>
<div class="hostLogTable" >{GROUP_BY_HOST}\{GROUP_BY_LOG}</div>
<table class="log">
<tr class="hdr"><td>Level</td><td>Computer</td><td>Log</td><td>Date and
Time</td><td>Source</td><td>Event</td></tr>
<ENTRY_ODD>
<tr class="light"><td>{LEVEL}</td><td>{HOST}</td><td>{LOG}</td><td>{DATE}
{TIME}</td><td>{SOURCE}</td><td>{EVENT}</td></tr>
<tr class="light"><td colspan="6" class="msg">{MESSAGE}</td></tr>
</ENTRY_ODD>
<ENTRY_EVEN>
<tr class="dark"><td>{LEVEL}</td><td>{HOST}</td><td>{LOG}</td><td>{DATE}
{TIME}</td><td>{SOURCE}</td><td>{EVENT}</td></tr>
<tr class="dark"><td colspan="6" class="msg">{MESSAGE}</td></tr>
</ENTRY_EVEN>
</table>
</GROUP_BY_LOG></GROUP_BY_HOST>
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
67
Printed Documentation
The styles used above are for illustrative purposes only.
Related Topics
Action Variable Tags
WMI Settings
Many functions within Server Manager utilize Microsoft's Windows Management Instrumentation
(WMI) API (e.g. Event Log management, CPU, memory, services, processes, Access Permissions Reports).
Use the WMI properties page to configure the local Authentication level and Block size.
To configure the WMI settings:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the WMI tab.
3. Select the Authentication level. The following options are available:
None
No authentication is performed during the communication between client
and server. All security settings are ignored.
Connect
The normal authentication handshake occurs between the client and server,
and a session key is established but that key is never used for
communication between the client and server. All communication after the
handshake is insecure.
Call
Only the headers of the beginning of each call are signed. The rest of the
data exchanged between the client and server is neither signed nor
encrypted.
Packet (Default) All data passed via WMI is unencrypted.
PacketIntegrity Each packet of data is signed in its entirety but is not encrypted. Because all
of the data is signed by the sender, the recipient can be certain that none of
the data has been tampered with during transit.
PacketPrivacy
All data passed via WMI is encrypted.
Unchanged
Authentication remains as it was before.
4. Set the block size of the grouped results that WMI will return. The default is 25.
5. Click Close.
6. Optionally, configure the WMI Quota to prevent Quota Violation Errors.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
68
Printed Documentation
Related Topics
Computer, Device and Host Properties
Quota Violation Errors
Windows Firewall
Web Proxy Server Settings
For security purposes, many organizations require all HTTP/S packets to pass through a web proxy
server. If your organization implements a web proxy server, you must configure Server Manager to
forward all HTTP requests through your proxy server.
You can configure Server Manager to use your proxy server when:
•
•
Registering your license.
Creating a new HTTP/S monitor.
To configure when registering your license:
1.
2.
3.
4.
Select Edit > Server Manager Properties > Licensing tab.
Click the Register License button. The Register License Key dialog displays.
Click the Configure Web Proxy button. The Web Proxy Server Properties dialog displays.
Continue with the "To enter web proxy server settings" procedure below.
To configure when creating a new HTTP/S Monitor:
1.
2.
3.
4.
5.
6.
7.
Select File > New > Template. The Select Template Type dialog displays.
From the menu tree, expand Internet Server Monitors > Web Monitors
Double-click HTTP/S Monitor. The Entry URL dialog displays.
Enter the URL then click OK. The Template Properties dialog displays.
Select the Monitor tab.
Click the Configure Web Proxy button. The Web Proxy Server Properties dialog displays.
Continue with the "To enter web proxy server settings" procedure below.
To enter the web proxy server settings:
1. Check the My network requires me to use a proxy server when sending HTTP/S packets
check box.
2. Specify the proxy server's hostname or IP address and port.
3. If the proxy server requires you to authenticate, check the Authenticate check box and enter
the credentials.
4. Click OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
69
Printed Documentation
SNMP Server Settings
Server Manager contains an internal SNMP server. The SNMP server can be used to receive and forward
traps from both computers and devices such as network routers, firewalls, and Unix, Linux and AS400
servers. By default, when a trap is sent from a device, the receiving SNMP server automatically adds the
device's IP or hostname to the Object Explorer. Once added, the trap is displayed via a message box
action.
Use the SNMP Server Settings properties page to:
•
•
Configure SNMP trap options
Configure the SNMP server
To configure the SNMP server settings:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the SNMP Server tab.
3. Select one of the following:
Trigger traps from all
sources
Triggers incoming SNMP traps from all devices. Use the dropdown to assign a SNMP Trap Template. To modify the existing
SNMP Trap Template, click
Require explicit SNMP Trap
Template assignment to
each device prior to
triggering traps.
.
Only triggers incoming SNMP traps from devices with an
assigned SNMP Trap Template. To assign a SNMP Trap Template,
from the Object Explorer navigate to Templates > Sample
Templates > SNMP Traps. Right-click and select Assign >
Computer, Device or Host.
4. Optionally, select Display the SNMP viewer at startup.
5. Optionally, select Listen for SNMP Traps. Set the port and bind address.
6. Optionally, select Enable DNS lookup. If disabled, devices sending SNMP traps are listed
within the Object Explorer using their IP address rather than their hostname. Click Flush
Cache when you want to clear the internal IP/Hostname cache. Clearing the cache will trigger
the SNMP server to check DNS the next time an SNMP trap is received.
7. Use the Object Identifier Alias view to assign aliases to specific Object Identifiers.
8. Click Close.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
70
Printed Documentation
Computers, Devices and Hosts
Computers, Devices and Hosts
A computer, device or host is defined as a unique IP or other addressable name. This is typically a
Windows Server/Workstation, a device (e.g. switch, router or firewall) or a host (e.g. www.Veriato.com).
How it works:
Once a computer, device or host has been created it must be assigned to a Template. Upon being
assigned to a Template, Server Manager immediately calculates and saves the next execution time. The
Object Explorer adds a monitor node under the assigned computer. Every minute at the top of the
minute Server Manager checks to see if a monitor should be executed. If a monitor is scheduled to
execute, Server Manager creates a new thread. The thread then executes the monitor, fires Actions,
saves the results to the history database and finally calculates and saves the next execution time.
Add Computers, Devices and Hosts
Computers, devices (e.g. switches and routers) and hosts (e.g. www.mycompany.com,
mail.mycompany.com) can be added to Server Manager the following ways:
•
•
•
•
•
•
Type the IP address or hostname
Browse your Windows network
Browse your Active Directory tree
Map a computer, device or host
Import a list of computers, devices and hosts from a text or CSV file
Import a list of disks from a text or CSV file
To add a computer, device or host:
1. From the Object Explorer, select the target host group.
If a target host group is not selected, new hosts will be added to the root.
2. Select File > New > Computer, Device or Host. The Add Computers, Devices and Hosts dialog
displays.
3. Enter the IP address or hostname (e.g. 10.1.0.100 or mail.mycompany.com).
Or
From the drop-down, choose a method to select multiple hosts:
o Browse Network - Search for computers on your Windows network. This method
is similar to viewing your network within Windows Explorer.
o Browse Active Directory - Search for computers within your Active Directory tree.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
71
Printed Documentation
Map a Computer, Device or Host - Add a computer that requires logon as
credentials or cannot be discovered within the Windows network.
o Select Localhost - Select the local computer.
4. Click the OK button to add the listed computers, devices or hosts.
o
To import a computer, device or host list:
1. Select File > Import > Host List.
2. Follow the instructions found within the wizard. For more information see Import a Host List.
To import a disk list:
1. Select File > Import > Disk List.
2. Follow the instructions found within the wizard. For more information see Import a Disk List.
Related Topics
Active Directory Settings
Groups
Import a Disk List
Assign Computer, Device or Host
To assign a computer, device or host to a Template:
1. From the Object Explorer, navigate to the computer, device or host you want to assign a
Template.
2. Right-click and select Assign > Template. The Select Multiple Templates dialog displays.
3. To filter the tree of Templates, choose the Template type from the drop-down.
4. Check the Templates to assign then click OK.
Map Computers, Devices and Hosts
When managing Windows servers or workstations in multi-domain or non-domain environments, DNS
may not be able to resolve some computer names. This scenario may result in either "The RPC server is
Unavailable" or "The network path was not found" errors.
Users are also often prompted with "Access Denied" errors. An Access Denied error occurs when the
account the service is running under or the account the user is logged in as does not have the required
access permissions to execute WMI functions (e.g. downloading Event Logs or monitoring CPU load) or
discover administrator disk shares (e.g. c$, d$ and e$).
Finally, some server names are complex or uninformative (e.g. SRV0001UT). Mapping hosts enables you
to create your own alias for either a hostname or IP address. With the example SRV0001UT, you could
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
72
Printed Documentation
assign an alias such as "UTAH Database Server." Once assigned, all displays of SRV0001UT within the
Management Console are replaced with the alias.
To map a computer, device or host:
1. From the Object Explorer, select the target host group.
If a target host group is not selected, new hosts will be added to the root.
2. Select File > New > Computer, Device or Host. The Add Computers, Devices and Hosts dialog
displays.
3. From the drop-down, select Map a Computer, Device or Host. The Map Computer, Device or
Host dialog displays.
4. Specify the addressable hostname or IP address, Windows username, password and domain
that enables you to access the remote computer. If accessing an off-domain server or
workstation either clear the domain drop-down or specify the remote computer name.
5. Optionally, use the Alias field to assign a user friendly name.
When specified, the Management Console will list the computer using the alias in
place of the hostname or IP address.
6. Click OK. The dialog closes.
7. From the Add Computers, Devices and Hosts dialog click OK.
Related Topics
Access Denied Errors
Batch Assign Logon As Credentials
The RPC server is unavailable Errors
Computer, Device and Host Properties
The Computer, Device and Host Properties view enables you to:
•
•
•
•
Assign logon as credentials
Enable and disable a host
Configure the WMI quota
Enable and configure SNMP
To view Computer, Device or Host Properties:
1. From the Object Explorer, navigate to the target computer, device or host.
2. Right-click and select Host Properties. The Host Properties dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
73
Printed Documentation
To assign logon as credentials:
1. Select the Logon As tab.
2. Specify the Windows username, password and domain that enables you to access the remote
computer. If accessing an off-domain server or workstation either clear the domain dropdown or specify the remote computer name.
3. Optionally, use the Alias field to assign a user friendly name.
When specified, the Management Console will list the computer using the alias in
place of the hostname or IP address.
4. Click OK.
For more information see Assign Logon as Credentials.
To enable or disable a host:
When disabled, all monitors are shutdown and the host is removed from all
Reports.
1. Select the Enable/Disable tab.
2. To disable un-check Enabled option.
3. To configure Server Manager to automatically re-enable the host after a period of time, check
Temporarily disable the object then check Automatically re-enable after. Finaly, select the
period to wait prior to re-enabling.
4. Click OK.
To configure the WMI quota:
1. Select the WMI tab.
2. If you are receiving a Quota Violation error when downloading large Event Logs such as
domain controller security logs, double the Memory per host value. If the Memory per host
is the same value as Memory all hosts value, double both the Memory per host and the
Memory all hosts values.
3. Click OK.
To enable and configure SNMP:
1.
2.
3.
4.
Select the SNMP tab.
Check Enable.
Configure the SNMP connection settings.
Click OK.
To assgin an email address to send notifications when monitors trigger:
1. Select the Contact tab.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
74
Printed Documentation
2. From the Addresses drop-down to select the email address. If the address does not exist,
click Add.
3. Click OK.
To exclude specific Templates:
1. Select the Template Exclusions tab.
2. From the Temlates drop-down select the Templates to exclude.
3. Click OK.
Related Topics
Batch Assign Logon As Credentials
Quota Violation Errors
Assign Logon As Credentials
When managing Windows servers or workstations in multi-domain or non-domain environments users
are often prompted with Access Denied errors. An Access Denied error occurs when the account the
service is running under or the account the user is logged in as does not have the required access
permissions to execute WMI functions (e.g. downloading Event Logs or monitoring CPU load) or discover
administrator disk shares (e.g. c$, d$ and e$).
To assign or update logon as credentials to multiple computers simultaneously,
see Batch Assign Logon As Credentials.
To add a new computer and assign logon as credentials:
1. Select File > New > Computer, Device or Host. The Add Computers, Devices and Hosts dialog
displays.
2. From the drop-down, select Map a Computer, Device or Host. The Map Computer, Device or
Host dialog displays.
3. Specify the addressable hostname or IP address, Windows username, password and domain
that enables you to access the remote computer. If accessing an off-domain server or
workstation either clear the domain drop-down or specify the remote computer name.
4. Optionally, use the Alias field to assign a user friendly name.
When specified, the Management Console will list the computer using the alias in
place of the hostname or IP address.
5. Click OK. The dialog closes.
6. From the Add Computers, Devices and Hosts dialog click OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
75
Printed Documentation
To update or add logon as credentials to an already existing computer:
1. From the Object Explorer, navigate to the target computer.
2. Right-click and select Host Properties. The Host Properties dialog displays.
3. Specify the addressable hostname or IP address, Windows username, password and domain
that enables you to access the remote computer. If accessing an off-domain server or
workstation either clear the domain drop-down or specify the remote computer name.
4. Optionally, use the Alias field to assign a user friendly name.
When specified, the Management Console will list the computer using the alias in
place of the hostname or IP address.
5. Click OK.
Related Topics
Access Denied Errors
Batch Assign Logon As Credentials
Assign Service Logon As Credentials
Copy Assignments
Server Manager enables you to copy all assigned Templates from one host to another.
To copy assigned Templates:
1. From the Object Explorer, navigate to the source host.
2. Right-click and select Copy Assignments to. The Select the Target Computer, Device or Host
dialog box displays.
3. From the drop-down select the target host.
Or
Enter the name of the host.
Or
Click the
button. The Enter Hostname or IP Address dialog displays. Enter the computer
name, device IP or hostname. Click OK.
If the computer, device or host does not exist, it is created and added to the root.
4. Click the
button to view or edit the host properties.
5. Click the
button to clear the drop-down selection.
6. Click the
7. Click OK.
button to delete the host from the system.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
76
Printed Documentation
Import a Host List
If you have a list of computers, devices and/or hosts in a spreadsheet, CSV (comma separated values) or
text file you can import your list into Server Manager. When imported, you have the option of assigning
logon as credentials, host groups, Template groups, Templates, Report groups, and Reports.
If you have a list of disks or shares you would like to import see Import a Disk List.
To import a host list:
1. Select File > Import > Host List.
2. Follow the instructions found within the wizard.
Related Topics
Add Computers, Devices and Hosts
Import a Disk List
Search for Computers, Devices and Hosts
Many functions throughout Server Manager require you to find or select multiple computers. The
Search dialog provides a means to search the network, Active Directory or configured hosts depending
on the how the dialog was displayed.
To display the search dialog:
1. Select File > New > Computer, Device or Host. The Add Computer, Devices and Hosts dialog
displays. From the drop-down select Browse Network or Browse Active Directory. The
Browse dialog displays.
Or
Select Edit > Batch > Update/Delete Computers, Devices or Hosts. The Select Multiple
Computers, Devices and Hosts dialog displays.
2. Select the node to search. If no node is selected, the entire tree is searched.
3. Click Search. The Search for Computers dialog displays.
To search for computers, devices and hosts:
1. From the Search for Computers dialog, specify your search criteria.
2. Use the Select computers that contain the following text text box to search for computers
that contain a portion of the specified text.
3. To search for multiple computers by name check Use regular expressions (e.g.
(server01|server02)).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
77
Printed Documentation
4. Optionally, create and/or assign an Active Directory computer property filter, which enables
you to search your AD tree and filter each discovered computer for specific criteria (e.g. only
pass computers that have the word "Server" embedded in the "operatingSystem" property).
5. Choose to search for a specific Computer type (e.g. Servers, Domain Controllers, SQL Servers,
or Workstations).
6. Choose to Search in sub-folders.
7. Click Search. The search is preformed. When complete the results are listed.
8. To select all results click Select Computers otherwise multi-select the computers of interest
then click Select Computers.
Browse Active Directory Dialog
The Active Directory dialog enables you to you to navigate and search through your Active Directory tree
to select computers.
To display the dialog:
1. Select File > New > Computer, Device or Host. The Add Computers, Devices and Hosts dialog
displays.
2. From the drop-down, choose Browse Active Directory. The Browse Active Directory dialog
displays.
To select multiple computers:
Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
Related Topics
Active Directory Settings
Browse Network Dialog
The Browse Network dialog enables you to you to navigate and search through your network to select
computers.
To display the dialog:
1. Select File > New > Computer, Device or Host. The Add Computers, Devices and Hosts dialog
displays.
2. From the drop-down, choose Browse Network. The Browse Network dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
78
Printed Documentation
To select multiple computers:
Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
Templates
Templates
When designing Server Manager one of our primary goals was to produce a highly scalable and easily
configurable software package. The result was a system that uses what we call Templates. A Template is
defined as a configurable object that defines properties for an executable function that is assigned to
one or more hosts, host groups, Template groups and Summary Reports. For example:
•
•
A Ping Template that defines the failure rate prior to triggering.
An HTTP Template that sends an email alert when any assigned website is down.
How it works:
Once a Template has been created it must be assigned to a computer, device or host. Upon being
assigned to a computer, Server Manager immediately calculates and saves the next execution time. The
Object Explorer adds a Monitor node under the assigned computer. Every minute at the top of the
minute Server Manager checks to see if a Monitor should be executed. If a Monitor is scheduled to
execute, Server Manager creates a new thread. The thread then executes the Monitor, fires Actions,
saves the results to the history database and finally calculates and saves the next execution time.
To create a Template:
1. Select File > New > Template. The Select Template Type dialog displays.
2. Double-click the Template type to create. The Template Properties dialog displays.
Unlicensed Template types appear in gray text. If you would like to create a
Template that is not currently licensed, please contact Veriato to upgrade your
license.
3. Configure the Template Properties.
4. When applicable, assign target hosts, host groups, and Template groups.
5. When you have finished configuring the Template, click the OK to save the Template.
To assign a Template to computers, devices and hosts:
1. From the Object Explorer, navigate to the Template you want to assign a host.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
79
Printed Documentation
2. Right-click and select Assign > Computer, Device or Host. The Select Multiple Computers,
Devices and Hosts dialog displays.
3. Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
Sample Templates
Server Manager includes sample Templates of which several are initially assigned to the localhost. The
sample Templates can be modified and assigned to other computers as necessary. To view the sample
Templates, from the Object Explorer, expand the Templates node then select Sample Templates.
Available Templates
Type
Description
Event Log Consolidation and Monitoring Download, consolidate, filter and
alert on Windows Event Log
entries.
Licensing
Log Manager
Event Log File Backup
Backup, archive, compress, encrypt Log Manager
and sign Event Log files (.evt and
.evtx files).
Event Log Monitor
Real-time and poll monitor mission Log Manager
critical Event Logs for specific
entries.
File Consolidation
Copies or moves files from one
Log Manager
directory to another. Includes
options to stop and restart services
and processes, compress, encrypt
and sign.
File Size Monitor
Monitor a file for maximum size.
Log Manager
Idle File Monitor
Monitor application text log files
for inactivity.
Log Manager
Syslog Backup
Backup, archive, compress, encrypt Log Manager
and sign consolidated syslog
entries.
Syslog Consolidation
Consolidate syslog messages.
Log Manager
Syslog Monitor
Monitor syslog messages for
Log Manager
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
80
Printed Documentation
specific entries.
Text Log Consolidation
Consolidate application text log
files.
Log Manager
Text Log Monitor
Monitor application text log files
for specific entries.
Log Manager
Log Repositry Retention Policy
Truncates and/or archives
Log Manager
previously consolidated log entries
from the Log Repository.
Defragment Disks
Schedule the service to remote
execute disk defragmentation.
Disk Monitor
Delete Temporary Files
Delete temporary files.
Disk Monitor
Directory Cleaner
Delete files.
Disk Monitor
Directory Size Monitor
Monitor a directory's size.
Disk Monitor
Directory Watcher
Monitor, log and trigger alerts
when a directory or file is created,
modified, renamed or deleted.
Disk Monitor
Disk Space Monitor
Monitor free disk space.
Disk Monitor
File Count Monitor
Monitor the number of files a
directory contains.
Disk Monitor
SMART Status Monitor
Monitor SMART Predictive Failure
status.
Disk Monitor
Active Directory Monitor
Verify your Active Directory is up
and running.
Internet Server Monitor
CPU Monitor
Monitor CPU load over time.
Internet Server Monitor
Create Process
Schedule a process or batch file to
run.
Internet Server Monitor
Digital Signature Expiration
Monitor the expiration date found Internet Server Monitor
within digitally signed executables.
DNS Monitor
Check the availability of a DNS
server and the accuracy of a
record.
DNSBL (DNS Blacklist)
Check for the existence of a
Internet Server Monitor
hostname or IP address in an array
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
Internet Server Monitor
81
Printed Documentation
of blacklists.
Domain Expiration
Check a domain's expiration date.
Internet Server Monitor
FTP Monitor
Verify the availability of an FTP
server.
Internet Server Monitor
HTTP/S Monitor
Verify a website is available and
optionally returning the expected
content.
Internet Server Monitor
IMAP Monitor
Verify the availability of an IMAP
email server.
Internet Server Monitor
Memory Monitor
Monitor memory load over time.
Internet Server Monitor
MySQL Monitor
Verify a MySQL database is
available and able to execute a
select statement.
Internet Server Monitor
ODBC Monitor
Verify an ODBC database is
available and able to execute a
select statement.
Internet Server Monitor
Oracle Monitor
Verify an Oracle database is
available and able to execute a
select statement.
Internet Server Monitor
Ping Monitor
Use ICMP to ping a remote host.
Internet Server Monitor
POP3 Monitor
Verify the availability of a POP3
email server.
Internet Server Monitor
Process Monitor
Monitor a process.
Internet Server Monitor
Process Resources Monitor
Monitor a process's resources over Internet Server Monitor
time.
Registry Value Monitor
Monitor Windows Registry key
values.
Internet Server Monitor
SMTP Monitor
Verify an SMTP email server is
available and able to send email.
Internet Server Monitor
SNMP GET Monitor
Monitor SNMP variables.
Internet Server Monitor
SQL Server Monitor
Verify a SQL Server database is
available and able to execute a
select statement.
Internet Server Monitor
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
82
Printed Documentation
SSL Certificate Expiration
Check an SSL certificate's
expiration date.
Internet Server Monitor
Synchronize Clock
Synchronize system clocks with a
Network Time Protocol server.
Internet Server Monitor
TCP Port Monitor
Verify a TCP port is accepting
connections and optionally
returning a packet.
Internet Server Monitor
Throughput Monitor
Uploads and downloads a file to an Internet Server Monitor
FTP server then calculates and
saves the throughput information.
Windows Service Monitor
Verify a Windows Service is either
running or stopped.
Internet Server Monitor
Windows SSL Certificate Expiration
Monitor SSL certificates installed
on Windows servers.
Internet Server Monitor
Related Topics
Batch Update Templates
Groups
Add Template
When designing Server Manager one of our primary goals was to produce a highly scalable and easily
configurable software package. The result was a system that uses what we call Templates. A Template is
defined as a configurable object that defines properties for an executable function that is assigned to
one or more hosts, host groups, Template groups and Summary Reports.
To create a Template:
1. Select File > New > Template. The Select Template Type dialog displays.
2. Double-click the Template type to create. The Template Properties dialog displays.
Unlicensed Template types appear in gray text.
3. Configure the Template Properties.
4. When applicable, assign target hosts, host groups, and/or Template groups.
5. When you have finished configuring the Template, click OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
83
Printed Documentation
Assign Template
To assign a Template to computers, devices and hosts:
1. From the Object Explorer, navigate to the Template you want to assign a host.
2. Right-click and select Assign > Computer, Device or Host. The Select Multiple Computers,
Devices and Hosts dialog displays.
3. Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
Template Properties
The Template Properties view enables you to view and modify a Template's settings.
To view or modify a Template:
1.
2.
3.
4.
From the Object Explorer, navigate to the Template or Monitor you want to view or modify.
Right-click and select Template Properties. The Template Properties view displays.
Use the controls to make any necessary changes.
Click Close.
Available Properties
Property
Description
Name
A unique name that identifies the object.
Description
A user defined description of the object.
Template ID
The internal object ID. Use this value when writing custom
applications to consume database history.
Enabled
Enables scheduled execution.
Temporarily disable this object Temporarily disables the scheduled Monitors. Optionally, you can set
the Template to automatically re-enable after a period of time.
Execution frequency
The scheduled frequency to execute the Monitors.
Retain history for X days
The number of days to retain the Monitor execution history.
Automatically open at startup The Console automatically opens all Monitors when you connect to
the service.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
84
Printed Documentation
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
85
Printed Documentation
Reports
Reports
A Report is a configurable object that enables users to receive summarized data on-demand or on a
scheduled frequency. Reports typically output to an HTML file or email. For example:
•
•
A weekly Event Log Error Report that returns all error events from all production servers.
A Duplicate Files Report that scans directories on 3 different servers.
How it works:
Once a Report has been created it must be assigned to a computer, device or host. The Object Explorer
adds a Report node under the assigned computer. Every minute at the top of the minute Server
Manager checks to see if a Report should be executed. If a Report is scheduled to execute, Server
Manager creates a new thread. The thread then executes the Report, fires Actions, saves the results to
the history database and finally calculates and saves the next execution time.
Available Reports
Type
Description
Licensing
Summary
Displays details for a list of monitors.
None Required
Event Log
Scans consolidated Event Logs for entries of
interest.
Log Manager
Failed Logons
Scans consolidated Security Event Logs for
failed logon attempts.
Log Manager
Success Logons
Scans consolidated Security Event Logs for
successful Logons.
Log Manager
Logon Sessions
Scans consolidated Security Event Logs for
logon sessions.
Log Manager
Account Lockout
Scans consolidated Security Event Logs for
locked out user accounts.
Log Manager
Account Management
Scans consolidated Security Event Logs for
Account Management audit events.
Log Manager
New Accounts
Scans consolidated Security Event Logs for new Log Manager
user accounts.
Object Access
Scans consolidated Security Event Log entries
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
Log Manager
86
Printed Documentation
for object access events.
Syslog
Scans consolidated Syslogs for entries of
interest.
Log Manager
Text Log
Scans consolidated text logs for entries of
interest.
Log Manager
File and Directory Access Permission Scans one or more directories and/or files for Disk Monitor
user/account and group access permissions
(e.g. read, write) and returns summary or item
detail.
Duplicate Files
Scans one or more directories and returns a list Disk Monitor
of duplicates files.
Largest Files
Scans one or more directories and returns a list Disk Monitor
of the largest files.
Recently Accessed Files
Scans one or more directories and returns a list Disk Monitor
of the most active or recently accessed files.
Least Accessed Files
Scans one or more directories and returns a list Disk Monitor
of in-active, idle or the least accessed files.
Related Topics
Batch Update Reports
Groups
Add Report
A Report is a configurable object that enables users to receive summarized data on-demand or on a
scheduled frequency. Reports typically output to an HTML file or email.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click the Report type to create. The Report Properties dialog displays.
Unlicensed Report types appear in gray text.
3. Configure the Report Properties.
4. When applicable, assign target hosts, host groups, and/or Report groups.
5. When you have finished configuring the Report, click OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
87
Printed Documentation
Assign Report
To assign a Report to computers, devices and hosts:
1. From the Object Explorer, navigate to the Report you want to assign a host.
2. Right-click and select Assign > Computer, Device or Host. The Select Multiple Computers,
Devices and Hosts dialog displays.
3. Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
Report Properties
The Report Properties view enables you to view and modify a Report's settings.
To edit a Report:
1.
2.
3.
4.
From the Object Explorer, navigate to the Report you want to modify.
Right-click and select Properties. The Report Properties view displays.
Use the controls to make any necessary changes.
Click Close.
Available Properties
Property
Description
Name
A unique name that identifies the object.
Description
A user defined description of the object.
Enabled
Enables scheduled execution.
Temporarily disable this object Temporarily disables the scheduled Report. Optionally, you can set
the Report to automatically re-enable after a period of time.
Execution frequency
The scheduled frequency to execute the Report.
Retain history for X days
The number of days to retain the Report execution history.
Automatically open at startup The Console automatically opens the Report when you connect to the
service.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
88
Printed Documentation
Views
Views are synonymous with Reports (e.g. Summary Reports, Security Event Log Reports, a merge of
several Event Logs, etc.).
To create a view from a log viewer:
The level/priority settings (e.g. Information, Warning, Error) are not saved to the
view. To filter on level/priority, assign a Filter that includes level/priority criteria.
1.
2.
3.
4.
From the log viewer, click the
toolbar button. The New Report Name dialog displays.
Enter a name then click OK.
From the Object Explorer, expand Reports.
The new Report is placed directly under the Reports node.
To display a view:
1. From the Object Explorer, navigate to the Report you want to view.
2. Double-click the Report to display.
To modify a view:
1.
2.
3.
4.
From the Object Explorer, navigate to the Report you want to modify.
Right-click on the Report and select Properties. The Report Properties view displays.
Use the controls to make any necessary changes.
Click Close.
Related Topics
Log Viewers
Summary Reports
Summary Reports enable you to view the current status of a set of Monitors (e.g. receive a daily CPU
load, memory consumption and disk space Summary Report via email).
To create a Report:
1.
2.
3.
4.
Select File > New > Report. The Select Report Type dialog displays.
Double-click Summary. The Report Properties dialog displays.
Use the General tab to enter a unique Name and configure the frequency to run.
Use the Templates tab to assign Templates.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
89
Printed Documentation
If you assign a Template but do not assign any hosts, all hosts assigned to the
Template are included.
5. Use the Template Options tab to configure Template specific options (e.g. sort disk space
summary results by Percent Used in Decending order).
Template options are only applied when the Report is grouped by Template or
Template Type.
6. Use the Actions tab to:
o Assign the Actions to trigger when complete.
o Check Only show triggered, failed and errored monitors to create an Error Report.
o Check Hide off-line or inaccessible computers and shares to exclude errored
Monitors.
o Assign the Actions to trigger when the Report errors (e.g. the service fails to save
the execution results to the History database).
o Select the Group by option (e.g. Host, Template, Template Type).
When grouped by Template or Template Type some Monitors produce
Monitor specific data columns and/or graphical images (e.g. disk space,
directory size, file count).
7. Use the Report Assignments view to assign Hosts, Host Groups and Report Groups.
If you assign a host but do not assign any Templates, all Templates assigned to the
host are included.
8. Click OK.
Account Lockout Reports
Account Lockout Reports
Server Manager provides 2 different methods to retrieve account lockout status.
Method 1: Active Directory and Windows Management Instrumentation (AD/WMI)
Scans Active Directory for all locked-out domain user accounts then optionally, using WMI, scans
individual servers and/or workstations for local locked-out user accounts.
For more information see Account Lockout (AD/WMI) Reports.
Method 2: Event Log
Scans consolidated Windows Security Event Log entries for locked-out entries.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
90
Printed Documentation
Requires Account Management auditing to be enabled on each target server.
Use only when the lockout policy requires the system administrator to manually
unlock locked accounts.
For more information see Account Lockout (Event Log) Reports.
Account Lockout (AD/WMI) Reports
Use Account Lockout (AD/WMI) Reports to view a list of locked-out domain and local user accounts. This
report scans Active Directory for all locked out domain user accounts then optionally, using WMI, scans
individual servers and/or workstations for local locked-out user accounts.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click Account Management > Account Lockout (AD/WMI). The Report Properties
dialog displays.
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Account Lockout (Event Log) Reports
Use Account Lockout (Event Log) Reports to view account lockout history. This report scans consolidated
Security Event Log entries for Account Management events. Use only when the lockout policy requires
the system administrator to manually unlock locked accounts.
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
This Report enables you to limit results to a subset of users you define or are
listed in Active Directory.
Requires Account Management auditing to be enabled on each target server.
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
91
Printed Documentation
Windows does not log an event when an account is automatically unlocked
resulting in the Report listing accounts automatically unlocked as locked out. Use
only when the lockout policy requires the system administrator to manually
unlock locked accounts.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click Log Monitors > Event Logs > Account Lockout. The Report Properties dialog
displays.
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry tags are available:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
92
Printed Documentation
DATE
The date the entry was generated.
TIME
The time the entry was generated.
HOST
The computer the entry was generated on.
LOCKED
X or Null where X means locked and Null means unlocked.
USER
The account name.
CALLER_HOST
The computer the account was locked out from.
UNLOCKED_BY
The system admiminstrator that unlocked the locked account.
UNLOCK_DATE_TIME The date and time the account was unlocked.
LOCK_COUNT
The number of times the account has been locked out.
UNLOCK_COUNT
The number of times the account has been manually unlocked.
For example:
{NAME}
{DATE_RANGE}
Date, Time, Host, User, Locked
<ITEM>{DATE}, {TIME}, {HOST}, {USER}, {LOCKED}</ITEM>
Security Event Log Reports
Security Event Log Reports
Server Manager includes several Windows Event Log Security Reports that enable you to quickly
monitor and audit user and account activity. These Reports are used for auditing requirements, such as
PCI DSS and HIPAA.
•
•
•
•
•
•
•
Failed Logons
Success Logons
Logon Sessions
Account Lockout
Account Management
New Accounts
Object Access Reports
Related Topics
PCI DSS Compliance
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
93
Printed Documentation
Logon Sessions Reports
Windows writes many different Event Log entries related to logons. Some of these events are specific to
OS versions while others span multiple versions. Logon events embed important information within the
message portion of the entry that enable system administrators to track down activity. Server Manager
parses these messages and places the results into data tables. The result enables Server Manager to:
•
•
•
Create summary Reports that list the number of times a user logs into a domain or computer.
Summarize different event ID messages into a single view.
Detail all similar events into a single table.
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
This Report enables you to limit results to a subset of users you define or are
listed in Active Directory.
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
Windows does not log always log a logout event resulting in the Report listing
open sessions.
Select up to 11 different Report sub-types within a single Report:
Type
Description
Domain Logon
Summary
Parses and summarizes Domain Logon events 672 and Server
4768.
2012/2008/2003
Domain Logon 672
Parses domain logon event 672.
Server 2003
Domain Logon 4768
Parses domain logon event 4768.
Server 2012/2008
Logon Summary
Parses and summarizes logon events 528, 540 and
4624.
Server
2012/2008/2003
Logon 528
Parses successful logon event 528.
Server 2003
Logoff 538
Parses logoff event 538.
Server 2003
Logon 540
Parses successful network logon event 540.
Server 2003
Logoff 551
Parses user initiated logoff event 551.
Server 2003
Logon 4624
Parses successful logon event 4624.
Server 2012/2008
Logoff 4634
Parses logoff event 4634.
Server 2012/2008
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
Supported OS
94
Printed Documentation
Logoff 4647
Parses user initiated logoff event 4647.
Server 2012/2008
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click Log Monitors > Event Logs > Logon Sessions. The Report Properties dialog
displays.
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry tags are available:
DATE
The date the entry was generated.
TIME
The time the entry was generated.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
95
Printed Documentation
HOST
The computer the entry was generated on.
LOCKED
X or Null where X means locked and Null means unlocked.
USER
The user that logged in.
DOMAIN
The domain the user logged into.
LOGON_TYPE
The type of logon (e.g. Interactive or Network).
CALLER_HOST
The hostname of the computer the user logged in from.
CALLER_IP
The IP address of the computer the user logged in from.
PROCESS_NAME
The process that logged in.
LOGON_DATE_TIME The date and time the user logged in.
LOGOFF_DATE_TIME The date and time the user logged off.
DURATION
The duration of the session.
For example:
{NAME}
{DATE_RANGE}
Date, Host, User, Duration
<ITEM>{LOGON_DATE_TIME}, {HOST}, {DOMAIN}\{USER}, {DURATION}</ITEM>
Failed Logons Reports
Windows writes many different Event Log entries related to logon failures. Some of these events are
specific to OS versions while others span multiple versions. Logon events embed important information
within the message portion of the entry that enable system administrators to track down malicious
activity. Server Manager parses these messages and places the results into data tables. The result
enables Server Manager to:
Create summary Reports that list the number of times users attempt to logon to a domain or
computer.
• Summarize different event ID messages into a single view.
• Detail all similar events into a single table.
Select up to 7 different Report sub-types within a single Report:
•
Type
Description
Supported OS
Account logon
failure summary
Parses and summarizes account logon events 672, 675 and
680.
Server 2003
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
96
Printed Documentation
Account logon
failure (672)
Parses and displays all 672 event message parameters. The
'Result Code' is replaced with the Kerberos description per
RFC 1510.
Server 2003
Account logon
failure (675)
Parses and displays all 675 event message parameters. The
'Result Code' is replaced with the Kerberos description per
RFC 1510.
Server 2003
Account logon
failure (680)
Parses and displays all 680 event message parameters. The
NTLM 'Error Code' is replaced with a short description.
Server 2003
Logon failure
summary
Parses and summarizes logon events 529, 530, 531, 532,
533, 534, 535, 539 and 4625.
Server
2012/2008/2003
Logon failure
(2000/XP/2003)
Parses and displays all 529, 530, 531, 532, 533, 534, 535
and 539 event message parameters. The 'Logon Type' is
replaced with a short description.
Server 2003
Logon failure
(Vista/2008)
Parses and displays all 4625 event message parameters.
The 'Logon Type' is replaced with a short description. The
NTLM 'Sub Status' is replaced with a short description.
Server 2012/2008
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
This Report enables you to limit results to a subset of users you define or are
listed in Active Directory.
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click Log Monitors > Event Logs > Failed Logons. The Report Properties dialog
displays.
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
97
Printed Documentation
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
Failed Logon Reports do not support item/entry tags.
For example:
{NAME}
{DATE_RANGE}
<ITEM></ITEM>
Success Logons Reports
Windows writes many different Event Log entries related to logons. Some of these events are specific to
OS versions while others span multiple versions. Logon events embed important information within the
message portion of the entry that enable system administrators to track down activity. Server Manager
parses these messages and places the results into data tables. The result enables Server Manager to:
•
•
•
Create summary Reports that list the number of times a user logs into a domain or computer.
Summarize different event ID messages into a single view.
Detail all similar events into a single table.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
98
Printed Documentation
Select up to 11 different Report sub-types within a single Report:
Type
Description
Supported OS
Domain Logon
Summary
Parses and summarizes Domain Logon events 672 and Server
4768.
2012/2008/2003
Domain Logon 672
Parses domain logon event 672.
Server 2003
Domain Logon 4768
Parses domain logon event 4768.
Server 2012/2008
Logon Summary
Parses and summarizes logon events 528, 540 and
4624.
Server
2012/2008/2003
Logon 528
Parses successful logon event 528.
Server 2003
Logoff 538
Parses logoff event 538.
Server 2003
Logon 540
Parses successful network logon event 540.
Server 2003
Logoff 551
Parses user initiated logoff event 551.
Server 2003
Logon 4624
Parses successful logon event 4624.
Server 2012/2008
Logoff 4634
Parses logoff event 4634.
Server 2012/2008
Logoff 4647
Parses user initiated logoff event 4647.
Server 2012/2008
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
This Report enables you to limit results to a subset of users you define or are
listed in Active Directory.
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click Log Monitors > Event Logs > Success Logons. The Report Properties dialog
displays.
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
99
Printed Documentation
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
Success Logon Reports do not support item/entry tags.
For example:
{NAME}
{DATE_RANGE}
<ITEM></ITEM>
Account Management Reports
Many regulatory agencies require Account Management Reports for compliance purposes. As you are
probably already aware, Windows writes many different Event Log entries related to account
management. Some of these events are specific to OS versions while others span multiple versions.
Account management events embed important information within the message portion of the entry
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
100
Printed Documentation
that enables systems administrators to track down activity. Server Manager parses these messages then
places the results into a list.
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
This Report enables you to limit results to a subset of users you define or are
listed in Active Directory.
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog box displays.
2. Double-click Log Monitors > Event Logs > Account Management Report. The Report property
pages display.
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
101
Printed Documentation
LOG
The target log name.
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry tags are available:
DATE
The date the entry was generated.
TIME
The time the entry was generated.
HOST
The computer the entry was generated on.
USER
The user or group that was updated.
DOMAIN
The updated user's domain.
CALLER_USER
The administrator's username that updated the user or group.
CALLER_DOMAIN The administrator's domain that updated the user or group.
CALLER_HOST
The computer the user or group was updated from.
EVENT
The entry's ID.
DESCRIPTION
The entry's parsed description.
For example:
{NAME}
{DATE_RANGE}
Date, Time, Host, User, Description
<ITEM>{DATE}, {TIME}, {HOST}, {DOMAIN}\{USER}, {DESCRIPTION}</ITEM>
New Accounts Reports
Use New Accounts Reports to view a summerized list of new accounts.
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
This Report enables you to limit results to a subset of users you define or are
listed in Active Directory.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
102
Printed Documentation
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click Log Monitors > Event Logs > New Accounts. The Report Properties dialog
displays.
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry tags are available:
DATE
The date the entry was generated.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
103
Printed Documentation
TIME
The time the entry was generated.
HOST
The computer the entry was generated on.
USER
The user or group that was updated.
DOMAIN
The new user or group's domain.
CALLER_USER
The administrator's username that created the user account or group.
CALLER_DOMAIN The administrator's domain that created the user account or group.
For example:
{NAME}
{DATE_RANGE}
Date, Time, Host, User, Locked
<ITEM>{DATE}, {TIME}, {HOST}, {USER}, {DOMAIN}</ITEM>
Object Access Reports
Use Object Access Reports to view user access to files, directories and registry data. For example,
receive a daily email Report of users that accessed a specific directory.
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
This Report enables you to limit results to a subset of users you define or are
listed in Active Directory.
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
Supports Windows Server 2012, 2008 R2 and 2008. Does not support Server 2003.
There are 3 steps to create an Object Access Report:
1. Configure the server for Object Access Auditing.
2. Assign the Event Log Consolidation and Monitoring Template to the server.
3. Create an Object Access Report.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
104
Printed Documentation
To configure the server for Object Access Auditing:
1. Select Start > Administrative Tools > Local Security Policy. The Local Security Policy view
displays.
2. Select Security Settings > Advanced Audit Policy Configuration > Object Access.
3. From the Subcategory list, double-click Audit File System. The Audit File System Propeties
view dislpays.
4. Check Configure the following audit events, Success and Failure.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
105
Printed Documentation
5. Click OK.
6. Open Windows Explorer (Windows Key + E).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
106
Printed Documentation
7. Navigate to the folder you want to enable auditing, right-click and select Properties.
The Audit File System Propeties view dislpays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
107
Printed Documentation
8. Select the Security tab then click Advanced.
The Advanced Security Settings view displays.
9. Select the Auditing tab then click Add.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
108
Printed Documentation
The Auditing Entry view displays.
10. Click Select a principal. The Select User or Group dialog displays. Enter Everyone.
Click OK. The principal is set.
11. Set the Type to All.
12. From Basic permissions check Full control.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
109
Printed Documentation
Click OK. The auditing entry is added.
13. Click OK. The Properties dialog displays.
14. Click OK.
For more information see the following Microsoft articles:
•
•
Server 2012: Scenario: File Access Auditing
Server 2008 R2: Managing Security Auditing
To assign the Event Log Consolidation and Monitoring Template:
Each computer you would like to Report on must be configured to download and consolidate the
Security Event Log entries. Server Manager includes a sample Template called Event Log Consolidation
and Monitoring that has been pre-configured to download Security Event Log entries once an hour.
Once assigned to each target computer, Server Manager will automatically download and consolidate
the Security Event Log entries every hour.
1. From the Object Explorer, navigate to Templates > Sample Templates.
2. Right-click Event Log Consolidation and Monitoring and click Assign > Computer, Device or
Host. The Select Multiple Computers, Devices and Hosts dialog displays.
3. Check the target computers then click OK. The Template is assigned to the checked
computers.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
110
Printed Documentation
2. Double-click Log Monitors > Event Logs > Object Access. The Report Properties dialog
displays.
3. Use the General tab to specify a unique Name and schedule the frequency to run.
4. Use the Logs tab to optionally add Explicitly Assigned Consolidated Logs. For example, if you
have restored an archived database which you would like to run this report against, use this
page to add the security logs contained within the target Auxiliary Database.
5. Use the Options tab to:
1. Select Summarize to group similar events. When summarized, an extra column is
added that displays the count of entries.
2. Use the Group by drop-down to select the column to group by.
3. Assign a Filter to limit the entries in the Report.
6. Use the Date and Time Range tab to select the date range to include within the Report.
7. Use the Filter Users/Accounts tab configure to include or exclude specific users.
8. Use the Actions tab assign to assign email and/or file output Actions as well as error Actions.
9. Use the Report Assignments view to assign hosts, host groups and Report groups.
10. Click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
DATE_RANGE The time span to check (e.g. daily).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
111
Printed Documentation
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry tags are available:
DATE
The date the entry was generated.
TIME
The time the entry was generated.
HOST
The computer the entry was generated on.
USER
The username of the account that triggered the event.
DOMAIN
The user's domain.
OBJECT_NAME
The directory, file or registry data.
PROCESS_NAME The full path to executable.
ACCESS_FLAGS
The access type (e.g. Read, Write, Delete).
For example:
{NAME}
{DATE_RANGE}
Date, Time, Object, Process, User, Domain, Access
<ITEM>{DATE}, {TIME}, {OBJECT_NAME}, {PROCESS_NAME}, {USER}, {DOMAIN},
{ACCESS_FLAGS}</ITEM>
Event Log Reports
Use Event Log Reports to view entries of interest (e.g. receive a daily email Report that lists all warning
and critical events that occurred yesterday).
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
An Event Log Consolidation and Monitoring Template must be assigned to each
targeted computer.
To create a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
2. Double-click Log Monitors > Event Logs > Event Log. The Report Properties dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
112
Printed Documentation
3. Follow the instructions found within the property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
TEXT: comma delimited
HTML: line feed delimited (<br/>)
FILTER
The filter name.
TEXT: comma delimited
HTML: line feed delimited (<br/>)
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
AD_USER
When firing an email Report, the tag is replaced with the Active Directory assigned
email address for the user listed within the USER column of the entry. If multiple
entries pass the post consolidation filter the first entry that contains a non-null value
within the USER column is used for the lookup.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
113
Printed Documentation
USER
When firing an email Report, the email address can be changed to the contents of the
USER column within the entry. If multiple entries pass the filter the first entry that
contains a non-null value within the USER column is used for the replacement. If the
USER column contains a domain name, the domain name is removed.
For example:
If the Event Log entry USER column contains:
LITTLEWATER\jdoe
and the email address within the email Action is defined as:
{USER}@Veriato.com
the actual email address used is:
[email protected]
The following entry tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the actual
hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
TIME
The time the entry was generated.
LOG
The log name (e.g. System).
LEVEL
The Event Log entry level (e.g. Warning or Critical).
NOTE: When forwarding entries the to a Syslog server/device the entry level is
mapped to an appropriate Syslog priority.
SOURCE
The entry source.
EVENT
The entry event ID.
CATEGORY
The entry category.
USER
The entry user.
MESSAGE
The entry message.
DATA
The entry data in hexadecimal format.
DATA_ASCII
The entry data in ASCII format.
DATA_UNICODE The entry data in Unicode format.
FLAG
The user set flag (e.g. Flagged, Complete)
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
114
Printed Documentation
NOTES
Any notes that were set through the log viewers.
COUNT
When a Report is configured to hide duplicates or display a count of similar entries,
the count of entries.
For example:
{NAME}
{HOST}
{LOG}
Date, Time, Host, Log, Level, Message
<ITEM>{DATE}, {TIME}, {HOST}, {LOG}, {LEVEL}, {MESSAGE}</ITEM>
Syslog Reports
Use Syslog Reports to view entries of interest (e.g. receive a daily email Report that lists all warning and
critical events that occurred yesterday).
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
A Syslog Consolidation Template must be assigned to each targeted computer.
To create a Report:
1.
2.
3.
4.
Select File > New > Report. The Select Report Type dialog displays.
Double-click Log Monitors > Syslogs > Syslog. The Report Properties dialog displays.
Follow the instructions found within the property pages.
When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
115
Printed Documentation
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
TEXT: comma delimited
HTML: line feed delimited (<br/>)
FILTER
The filter name.
TEXT: comma delimited
HTML: line feed delimited (<br/>)
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the actual
hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
TIME
The time the entry was generated.
LOG
The log name (e.g. System).
PRIORITY The Syslog priority (e.g. Warning or Critical).
NOTE: When forwarding entries the to an Event Log the priority is mapped to an
appropriate Event Log level.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
116
Printed Documentation
FACILITY
The Syslog facility (e.g. Local1, Kernal, etc.)
MESSAGE The entry message.
FLAG
The user set flag (e.g. Flagged, Complete)
NOTES
Any notes that were set through the log viewers.
COUNT
When a Report is configured to hide duplicates or display a count of similar entries, the
count of entries.
For example:
{NAME}
{HOST}
{LOG}
Date, Time, Host, Log, Priority, Facility, Message
<ITEM>{DATE}, {TIME}, {HOST}, {LOG}, {PRIORITY}, {FACILITY}, {MESSAGE}</ITEM>
Text Log Reports
Use Text Log Reports to view entries of interest (e.g. receive a daily email Report that lists all warning
and critical messages that occurred yesterday).
This Report uses data previously downloaded to the Primary Log Repository or
other explicitly assigned Log Repository.
A Text Log Consolidation Template must be assigned to each targeted computer.
To create a Report:
1.
2.
3.
4.
Select File > New > Report. The Select Report Type dialog displays.
Double-click Log Monitors > Text Logs > Text Log. The Report Properties dialog displays.
Follow the instructions found within the property pages.
When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
117
Printed Documentation
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
TEXT: comma delimited
HTML: line feed delimited (<br/>)
FILTER
The filter name.
TEXT: comma delimited
HTML: line feed delimited (<br/>)
DATE_RANGE The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the actual
hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
TIME
The time the entry was generated.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
118
Printed Documentation
FILENAME The log name (e.g. u_ex.log).
LOG
FULLNAME The full path and filename (e.g. c:\logs\u_ex.log).
MESSAGE
The entry message.
FLAG
The user set flag (e.g. Flagged, Complete)
NOTES
Any notes that were set through the log viewers.
COUNT
When a Report is configured to hide duplicates or display a count of similar entries, the
count of entries.
For example:
{NAME}
{HOST}
{LOG}
Date, Time, Host, Log, Message
<ITEM>{DATE}, {TIME}, {HOST}, {LOG}, {MESSAGE}</ITEM>
Duplicate Files Reports
Duplicate Files Reports list all files that have the same name, and/or are the same size, and/or have the
same modified date. You have the option to scan a one or more directories contained on one or more
computers. All scans are recursive.
To generate an on-demand Report:
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Expand the target computer.
3. Select any disk or directory monitor. If one does not exist, create and assign a new Disk Space
Monitor Template.
4. Right-click and select Explore. The Monitor Detail view displays.
5. Select the Explorer tab.
6. Select the target disk, share or directory then right-click and select Duplicate Files Report.
The Duplicate Files Report Options dialog displays.
7. Choose from the available options then click OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
119
Printed Documentation
To schedule a Report:
1.
2.
3.
4.
Select File > New > Report. The Select Report Type dialog displays.
Double-click Disk Monitor > Duplicate Files. The Report Properties dialog displays.
Follow the instructions found within property pages.
When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
PATH
The full path to the target directory.
The following item tags are available:
NAME
FILENAME
The target filename.
PATH
The path to the target file.
FULLNAME
The path and filename of the target file.
FILE_COUNT The number of duplicate files.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
120
Printed Documentation
SIZE
The size of the duplicate files.
DATE
The target file's last modified date.
TIME
The target file's last modified time.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {FILENAME}, {FILE_COUNT}, {SIZE}, {DATE}, {TIME}</ITEM>
File and Directory Access Permissions Reports
File and Directory Access Permissions Reports are comprised of a list of directories, files, users, and
assigned permissions (e.g. read, write, delete). You have the option to scan one or more directories
contained on one or more computers. Scans can recursively scan all sub-directories. When recursively
scanned the Report can show detail for each file or summarize by concatenating permissions.
This Report enables you to limit results to users listed in Active Directory.
When run on-demand within the Management Console you can:
•
•
•
•
Filter by directory and user.
Print the Report.
Export the Report to a file.
Re-run with different options.
To generate an on-demand Report:
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Expand the target computer.
3. Select any disk or directory monitor. If one does not exist, create and assign a new Disk Space
Monitor Template.
4. Right-click and select Explore. The Monitor Detail view displays.
5. Select the Explorer tab.
6. Select the target disk, share or directory then right-click and select Access Permissions
Report. The Access Permissions Report Options dialog displays.
7. Choose from the available options then click OK.
To schedule a Report:
1. Select File > New > Report. The Select Report Type dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
121
Printed Documentation
2. Double-click Disk Monitor > File and Directory Access Permissions. The Report Properties
dialog displays.
3. Follow the instructions found within property pages.
4. When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
PATH
The full path to the target directory.
PATH_FILTER When saved to HTML from an on-demand Report, the path filter.
USER_FILTER When saved to HTML from an on-demand Report, the user filter.
The following item tags are available:
NAME
FILENAME
The target filename.
PATH
The full path to the target sub-directory.
ACCESS_FLAGS The access flags (e.g. ObjectInherit, ContainerInherit, Inherited).
ACCESS_TYPES The access types (e.g. Allowed or Denied)
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
122
Printed Documentation
PERMISSIONS
The permissions (e.g. Read, Write, Delete)
USER
The user name.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {ACCESS_FLAGS}, {ACCESS_TYPES}, {PERMISSIONS}, {USER}</ITEM>
File Extension Reports
File Extension Reports list the present extensions, total size and file count.
When run on-demand within the Management Console you can:
•
•
•
•
View extension detail.
Drill down into a directory structure.
Print the Report.
Export the Report to a file.
Scheduled execution is not currently supported.
To generate an on-demand Report:
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Expand the target computer.
3. Select any disk or directory monitor. If one does not exist, create and assign a new Disk Space
Monitor Template.
4. Right-click and select Explore. The Monitor Detail view displays.
5. Select the Explorer tab.
6. Select the target disk, share or directory then right-click and select File Extension Report. The
report executes.
7. Once complete, you are prompted with summary of results. To view the report detail click
Yes. The File Extention Report dialog displays.
Largest Files Reports
Largest Files Reports list the largest files on a disk within a directory structure. You have the option to
scan one or more directories contained on one or more computers. All scans are recursive.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
123
Printed Documentation
To generate an on-demand Report:
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Expand the target computer.
3. Select any disk or directory monitor. If one does not exist, create and assign a new Disk Space
Monitor Template.
4. Right-click and select Explore. The Monitor Detail view displays.
5. Select the Explorer tab.
6. Select the target disk, share or directory then right-click and select Largest Files Report. The
Largest Files Report Options dialog displays.
7. Choose from the available options then click OK.
To schedule a Report:
1.
2.
3.
4.
Select File > New > Report. The Select Report Type dialog displays.
Double-click Disk Monitor > Duplicate Files. The Report Properties dialog displays.
Follow the instructions found within property pages.
When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
124
Printed Documentation
Applies to HTML output only.
PATH
The full path to the target directory.
The following item tags are available:
NAME
The target filename.
FILENAME
PATH
The path to the target file.
FULLNAME The path and filename of the target file.
LOG
SIZE
The size of the file.
DATE
The target file's last modified date.
TIME
The target file's last modified time.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {FILENAME}, {SIZE}, {DATE}, {TIME}</ITEM>
Least Accessed Files Reports
Least Accessed Files Reports list files that have not been recently accessed. Although not required by
Windows applications, some applications update a file's last accessed time value whenever the
application opens a file. This Report scans a directory and sorts all files ascending by last accessed time.
The top results are displayed. You have the option to scan a one or more directories contained on one or
more computers. All scans are recursive.
When run on-demand within the Management Console you can:
•
•
•
Print the Report.
Export the Report to a file.
Re-run with different options.
To generate an on-demand Report:
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Expand the target computer.
3. Select any disk or directory monitor. If one does not exist, create and assign a new Disk Space
Monitor Template.
4. Right-click and select Explore. The Monitor Detail view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
125
Printed Documentation
5. Select the Explorer tab.
6. Select the target disk, share or directory then right-click and select Least Accessed Files
Report. The Least Accessed Files Report Options dialog displays.
7. Choose from the available options then click OK.
To schedule a Report:
1.
2.
3.
4.
Select File > New > Report. The Select Report Type dialog displays.
Double-click Disk Monitor > Least Accessed Files. The Report Properties dialog displays.
Follow the instructions found within property pages.
When you have finished configuring the Report, click OK.
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
PATH
The full path to the target directory.
The following item tags are available:
NAME
The target filename.
FILENAME
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
126
Printed Documentation
PATH
The path to the target file.
FULLNAME The path and filename of the target file.
LOG
SIZE
The size of the file.
DATE
The target file's last accessed date.
TIME
The target file's last accessed time.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {FILENAME}, {SIZE}, {DATE}, {TIME}</ITEM>
Recently Accessed Files Reports
Recently Accessed Files Reports list recently accessed files. Although not required by Windows
applications, some applications update a file's last accessed time value whenever the application opens
a file. This Report scans a directory and sorts all files ascending by last accessed time. The top results are
displayed. You have the option to scan a one or more directories contained on one or more computers.
All scans are recursive.
To generate an on-demand Report:
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Expand the target computer.
3. Select any disk or directory monitor. If one does not exist, create and assign a new Disk Space
Monitor Template.
4. Right-click and select Explore. The Monitor Detail view displays.
5. Select the Explorer tab.
6. Select the target disk, share or directory then right-click and select Recently Accessed Files
Report. The Recently Accessed Files Report Options dialog displays.
7. Choose from the available options then click OK.
To schedule a Report:
1.
2.
3.
4.
Select File > New > Report. The Select Report Type dialog displays.
Double-click Disk Monitor > Recently Accessed Files. The Report Properties dialog displays.
Follow the instructions found within property pages.
When you have finished configuring the Report, click OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
127
Printed Documentation
Action Variable Tags
The following header tags are available:
DATE
The date the Report was generated.
TIME
The time the Report was generated.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The Report name.
OBJECT_TYPE The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
PATH
The full path to the target directory.
The following item tags are available:
NAME
The target filename.
FILENAME
PATH
The path to the target file.
FULLNAME The path and filename of the target file.
LOG
SIZE
The size of the file.
DATE
The target file's last accessed date.
TIME
The target file's last accessed time.
For example:
{NAME}
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
128
Printed Documentation
{PATH}
<ITEM>{PATH}, {FILENAME}, {SIZE}, {DATE}, {TIME}</ITEM>
Temporary Files Reports
Temporary Files Reports list all System and User temporary directories on any target Windows
computer. The total size, file count, and sub-directory count is totaled and listed.
When run on-demand within the Management Console you can:
Drill down into sub-directories to view the details within each temporary directory.
• Delete temporary directory contents including files and sub-directories.
• Print the Report.
• Export the Report to a file.
You can also configure the service to automatically delete temporary files not locked and older than a
number of days.
•
To generate an on-demand Report:
1. From the Object Explorer, navigate to the target computer.
2. Right-click and select Temporary Files Report. The report executes.
3. Once complete, you are prompted with a summary message. Click Yes to view the Report
detail. The Temporary Files Report dialog displays.
To schedule the temporary files to be deleted:
Select File > New > Template. The Select Template Type dialog displays.
From the menu tree, expand Disk Monitors.
Double-click Delete Temporary Files. The Template Properties dialog displays.
Use the General tab to enter a unique Name and configure the frequency to run.
Use the Options tab to:
o Choose to Delete temporary system files
o Choose to Delete temporary user files
o Choose to Only delete temporary files that are older than X days.
6. Use the Actions tab to assign completion and error actions.
7. Use the Advanced tab to configure the number of days to retain the Monitor history (e.g.
number of entries download, filtered, saved and duration) in the History database.
8. Click OK.
1.
2.
3.
4.
5.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
129
Printed Documentation
Schedules
Schedules
A schedule is a configurable object that defines the frequency to execute a Monitor, Report or Auto
configurator (e.g. daily at 6:00 AM or every 5 minutes).
Server Manager comes pre-installed with sample Schedules. You have the option
of using these Schedules, modifying them or if prefer removing all of them and
defining your own.
How it works:
Every time a change is made to the system that could potentially change the execution schedule (e.g. an
assignment is made between a computer and a Template), Server Manager re-calculates the next
execution time for each dependent object.
Load Balancing (Range Scheduling)
Imagine a mid-size environment with 100 servers. Your task is to consolidate Event Log entries to a SQL
Server database while also monitoring uptime. If you configure Server Manager to download daily at
2:00 AM and each server contains 3 logs of interest, at 2:00 AM Server Manager will create 300 threads
and commence downloading of the Event Log entries. Understandably the consolidation database will
more than likely bottleneck and timeout while attempting to commit the Security Event Log entries.
To alleviate the pressure on the consolidation database as well as the server hosting Server Manager,
Server Manager includes range scheduling, a very powerful function to evenly distribute download,
monitor and Report execution over time. You can enable range scheduling by setting a Schedule's type
to Range.
Available Schedules
Type
Description
Fixed Defines a specific time to execute (e.g. every hour at 30 minutes past the hour). Supports
seconds, minutes, hourly, daily, weekly and monthly.
Range Defines a range of available times which to execute (e.g. at any time but at minimum once an
hour).
Example: 3 HTTP monitors www.mycompany.com, www.diskmonitor.com and
www.networkeventviewer.com with a schedule of once every 15 minutes would result in the
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
130
Printed Documentation
following monitor executions:
www.mycompany.com:
Executing at 0:00, 0:15, 0:30 and 0:45
www.diskmonitor.com:
Executing at 0:05, 0:20, 0:35 and 0:50
www.networkeventviewer.com: Executing at 0:10, 0:25, 0:40 and 0:55
Supports minutes, hourly, daily and weekly. Seconds and monthly frequencies are not
supported.
Add Schedule
A Schedule is a configurable object that defines the frequency to execute a Monitor, Report or Auto
configurator (e.g. daily at 6:00 AM or every 5 minutes).
To create a Schedule:
1. Select File > New > Schedule. The Create New Schedule dialog displays.
2. Type a unique Name or when you have finished configuring the schedule, click Generate to
auto-generate a name.
3. From the Type drop-down, choose Fixed Schedule or Range Schedule. Fixed schedules
execute at the specific time you configure. Range schedules execute within a time range to
facilitate Monitor and Report load balancing.
4. Choose from the Frequency drop-down. Frequency specific controls displays.
5. Configure the properties.
6. When applicable to the Schedule type and frequency use the Day of Week and Time of Day
Exclusions controls to add maintenance windows as well as any other days or time ranges
you want to exclude from the schedule. For more information see Day and Time Exclusions.
7. Optionally, click Generate to auto-generate a name based on the schedule you have just
configured (e.g. every 4 hours).
8. Click OK.
Assign Schedule
To assign a Schedule to a Template:
1. From the Object Explorer, navigate to the Template or Monitor you want to apply the
schedule.
2. Right-click and select Template Properties. The Template Properties view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
131
Printed Documentation
3. From the General tab, where applicable, select the schedule from the Execution frequency
drop-down.
4. Click Close.
To assign a Schedule to a Report:
1.
2.
3.
4.
From the Object Explorer, navigate to the Report you want to apply the schedule.
Right-click and select Properties. The Report Properties view displays.
From the General tab, select the schedule from the Execution frequency drop-down.
Click Close.
To assign a Schedule to an Auto Configurator:
1.
2.
3.
4.
From the Object Explorer, navigate to the Auto Configurator you want to apply the schedule.
Right-click and select Properties. The Auto Configurator Properties view displays.
From the General tab, select the schedule from the Execution frequency drop-down.
Click Close.
Related Topics
Auto Configurators
Reports
Templates
Schedule Properties
The Schedule Properties view enables you to view and modify a Schedule.
To view or modify a Schedule:
1. From the Object Explorer, navigate to the schedule you want to view or modify.
2. Right-click and select Properties. The Schedule Properties view displays.
3. Type a unique Name or when you have finished configuring the schedule, click Generate to
auto-generate a name.
4. From the Type drop-down, choose Fixed Schedule or Range Schedule. Fixed schedules
execute at the specific time you configure. Range schedules execute within a time range to
facilitate Monitor and Report load balancing.
5. Choose from the Frequency drop-down. Frequency specific controls displays.
6. Configure the properties.
7. When applicable to the Schedule type and frequency use the Day of Week and Time of Day
Exclusions controls to add maintenance windows as well as any other days or time ranges
you want to exclude from the schedule. For more information see Day and Time Exclusions.
8. Optionally, click Generate to auto-generate a name based on the schedule you have just
configured (e.g. every 4 hours).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
132
Printed Documentation
9. Click OK.
Day and Time Exclusions
Day and Time Exclusions
When configuring execution schedules some frequency types support day and time exclusions (e.g.
execute every hour excluding Sunday between 2 AM and 4 AM). Day and time exclusions enable you to
configure maintenance windows.
Using day and time exclusions you can also create multiple Monitors for each shift operator (e.g. create
a ping Monitor for 12 AM - 12 PM which emails system administrator A then create a ping Monitor for
12 PM - 12 AM which emails system administrator B).
How it works:
Every time an assignment is made between a host and a Template, Server Manager calculates the next
time each dependent Monitor should run. When the next execution time falls within an exclusion
period, Server Manager continues to calculate the next time until finally the next time falls outside the
exclusion period.
Since range Schedules depend on the total count of dependent Monitors and exclusion periods can fall
on specific days, every night at midnight (00:00 or 12:00 AM) Server Manager re-calculates the next
execution time for each Monitor, Report and Auto Configurator. When re-calculating, Server Manager
takes into account exclusion periods enabling the software to properly load balance throughout the day.
For example, when an exclusion period is configured to exclude 6:00 PM Saturday through 6:00 AM
Sunday and 24 computers are assigned to the Template which this exclusion period is defined, at
midnight on Thursday evening Server Manager evenly distributes the next execution time for each
Monitor one hour apart. At midnight on Friday evening Server Manager evenly distributes the next
execution time for each Monitor 45 minutes apart (18 available execution hours / 24 Monitors = 45
minute intervals) starting at midnight. At midnight on Saturday evening Server Manager evenly
distributes the next execution time for each Monitor 45 minutes apart (18 available execution hours / 24
Monitors = 45 minute intervals) starting at 6:00 AM.
Add Day and Time Exclusion
To add a day or time exclusion:
1. From the Object Explorer, navigate to the target Schedule.
2. Right-click and select Properties. The Schedule Properties dialog displays.
3. If the frequency type (e.g. Hourly) supports exclusion periods the Day of Week and Time of
Day Exclusions control is displayed in the view.
4. Click the
Server Manager Guide
button. The Exclusion Period dialog displays.
© 2016 Veriato, Inc., all rights reserved.
133
Printed Documentation
5. Check the days of week, time of day or day and time range to exclude.
6. Click Close.
When adding a time of day exclusion, an exclusion is added for each day of the
week.
For more information see Day and Time Exclusion Properties.
Delete Day and Time Exclusion
To delete an exclusion from a schedule:
1. From the Object Explorer, navigate to the target schedule.
2. Right-click then select Properties. The Schedule Properties dialog displays.
3. If the frequency type (e.g. Hourly) supports exclusion periods the Day of Week and Time of
Day Exclusions control is displayed in the view.
4. Select the exclusion period to edit then click the
5. Click Close.
button.
To remove all exclusions from a schedule:
1. From the Object Explorer, navigate to the target schedule.
2. Right-click then select Properties. The Schedule Properties dialog displays.
3. If the frequency type (e.g. Hourly) supports exclusion periods the Day of Week and Time of
Day Exclusions control is displayed in the view.
4. Click the
5. Click Close.
button.
Day and Time Exclusion Properties
To edit an exclusion:
1. From the Object Explorer, navigate to the target schedule.
2. Right-click then select Properties. The Schedule Properties dialog displays.
3. If the frequency type (e.g. Hourly) supports exclusion periods the Day of Week and Time of
Day Exclusions control is displayed in the view.
4. Double-click the exclusion period to edit or select the exclusion period to edit then click the
button. The Exclusion Period dialog displays.
5. When you have finished making changes, click the OK button.
Available Properties
Property
Description
Exclude days of week
Excludes each checked day of the week.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
134
Printed Documentation
Exculde time of day
Excludes the specified time of day.
Exclude day and time range Excludes a specific day of week and time of day.
Examples
Day Exclusions
To exclude specific days such as Saturday and Sunday choose the following option:
Time Exclusions
To exclude specific time ranges such as every day between the hours of 5 PM and 8 AM choose the
following option:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
135
Printed Documentation
Day and Time Exclusions
To exclude specific days and time ranges such as 5 PM Friday through 8:00 AM Monday choose the
following option:
Filters
Filters
A Filter is a configurable object used to target or limit specific log entries or computers from real-time
and consolidated log views, Monitors and Reports. Filters can also be used when manually searching
computers in Active Directory or through an Auto Configurator.
How it works:
When viewing log entries you can apply a Filter to the view. Server Manager includes several default log
entry Filters; however, you can also create your own Filters by simply right clicking on a log entry and
selecting Filter Selected Entries. When a Filter is applied to the log viewer, the viewer re-queries the Log
Repository or file being viewed then re-displays the filtered content.
When an Auto Configurator runs against your Active Directory tree, Server Manager uses Active
Directory Filter criteria to pass specific computers. Server Manager includes several default Active
Directory Filters however you can also create your own Filters as well.
Most Filters include regular expression support.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
136
Printed Documentation
Available Filters
Type
Description
Active Directory
A complex computer property Filter that can be applied to recursive
Active Directory scans to target or exclude computers. For example,
the Filter 'operatingSystem contains server' would return all servers.
Event Log Simple
A simple Event Log entry Filter. For example, the Filter 'Event ID =
100-200' would return all entries with an Event ID value between
100 and 200.
Event Log Complex
A complex Event Log entry Filter that provides criteria grouping,
nesting and AND, OR and NOT rules.
Event Log Account Management A Security Event Log Filter that targets account management
entries. Designed for PCI compliance.
Event Log Failed Logon
A Security Event Log Filter that targets failed logon entries on 2012,
2008 and 2003 servers. Designed for PCI compliance.
Event Log Success Logon
A Security Event Log Filter that targets success logon entries on
2012, 2008 and 2003 servers. Designed for PCI compliance.
Syslog
A complex syslog Filter that provides criteria grouping, nesting and
AND, OR and NOT rules.
Text Log
A complex application or text log Filter that provides criteria
grouping, nesting and AND, OR and NOT rules.
CSV
A complex Filter for comma separated value files (CSV) that provides
decimal value monitoring, criteria grouping, nesting and AND, OR
and NOT rules. For example 'cfs > 3000' would return all entries
whose cubic feet per second column value is greater than 3000.
Add Filter
A Filter is a configurable object used to target or limit specific log entries or computers from real-time
and consolidated log views, Monitors and Reports. Filters can also be used when manually searching
computers in Active Directory or through an Auto Configurator.
To create a Filter:
1. From any log viewer right-click on an entry and select Filter Selected Entries. The Filter
Selected Entries dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
137
Printed Documentation
Or
2. Choose from the Visibility drop-down. Choose Exclude to filter out these entries or Include to
pass these entries.
3. Choose to Create a new filter or Append to an existing filter.
4. Click Create and Review Criteria to create the Filter and review the criteria. The Filter
Properties dialog displays.
5. Review the Filter criteria then when finished click OK. The new Filter is applied to the current
log viewer.
1. Select File > New > Filter. The Create New Filter dialog displays.
2. Choose from the Type drop-down. A filter specific view displays. For more information see
Filters
3. Configure the filter specific criteria.
4. Click OK.
Related Topics
Log Viewers
Assign Filter
Filters can be assigned to log viewers, log management Templates and Reports, and Auto Configurators.
To assign a Filter to a log viewer:
•
From the embedded log viewer toolbar, use the drop-down to select the Filter.
To assign a Filter to a Report:
1.
2.
3.
4.
From the Object Explorer, navigate to the Report you want to assign the Filter.
Right-click and select Properties. The Report Properties view displays.
Use the Report specific view to assign the filter.
Click Close to save your changes.
To assign a Filter to a Template:
1.
2.
3.
4.
From the Object Explorer, navigate to the Template or Monitor you want to assign the Filter.
Right-click and select Template Properties. The Template Properties view displays.
Use the Template specific view to assign the filter.
Click Close to save your changes.
To assign a Filter to an Auto Configurator:
1. From the Object Explorer, navigate to the Auto Configurator you want to assign the Filter.
2. Right-click and select Properties. The Auto Configurator Properties view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
138
Printed Documentation
3. Select the Filters and Exclusions tab.
4. From the drop-down, select the Active Directory Filter to assign.
5. Click Close to save your changes.
Related Topics
Auto Configurators
Log Viewers
Reports
Templates
Filter Properties
The Filter Properties view enables you to view and modify a Filter.
To view or modify an Filter:
1.
2.
3.
4.
From the Object Explorer, navigate to the Filter you want to view or modify.
Right-click and select Properties. The Filter Properties view displays.
Use the controls to make any necessary changes.
Click Close.
Available Properties
Property
Description
Name
A unique name that identifies the object.
Description A user defined description of the object.
Import and Export Filters
In mulit-service installation environments you may find it quite useful to copy a set of Filters from one
installation to another. Although the Management Console enables you to copy and paste individual
Filters between connected services you can also export a set of Filters that can be later imported to
another inaccessible installation of Server Manager or posted online for support or optimization.
To export Filters:
1. From the Object Explorer, expand the Filters tree.
2. Select the Filter group tree or Filter to export, right-click and select Export. The Save As dialog
displays.
3. Choose the location and filename to save the Filters.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
139
Printed Documentation
The name of the output file is independent of the group or Filter names.
4. Click Save.
Filters are saved with a DAT extension. This is a binary format which can only be
read by the Console.
To import Filters:
1. From the Object Explorer, expand the Filters tree.
2. Select the group which you would like to import the Filters under. If no group is selected the
Filters are imported under the Filters node.
3. Select File > Import > Filters. The Select Filter Dat File dialog displays.
4. Locate and select the DAT file that contains the Filter or group of Filters to import then click
Open.
5. If the Filter(s) already exist, you will be prompted to either overwrite or rename conflicting
new Filters. If you choose to overwrite, the imported groups or Filters will simply be
overwritten wherever they occur within the Filters tree. If you choose to rename, the
imported groups or Filters will appear within the active area (whatever sub-folder you have
selected) under the Filters tree with a number in parentheses. Click OK.
Actions, Alerts and Notifications
Actions, Alerts and Notifications
An Action is a configurable object that executes a function when:
A monitor triggers, recovers, errors or completes.
• A Report is complete or errors
• An Auto Configurator is complete or errors
Actions define properties such as the email address to send an alert or the Windows Service to restart.
Actions can be created once then applied to many objects (e.g. Templates and Reports) allowing you to
quickly implement a configuration change (e.g. an email address update) across all dependent objects.
•
How it works:
When a monitor triggers (e.g. a ping times-out, an Event Log download fails or free disk spaces falls
below a critical threshold) or a Report completes, Server Manager checks the configured failure rate if
applicable. If the monitor should trigger (e.g. a ping fails 3 times within one minute), Server Manager
looks up the assigned Actions. If the monitor was previously working as expected or the Action is
configured to re-fire every time the monitor triggers, the Action is executed. Prior to executing, all
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
140
Printed Documentation
applied Action Variable Tags are replaced with the appropriate values. Finally, Server Manager executes
the Action.
Available Actions
Type
Description
Database
When monitoring log entries, writes each filtered log entry to a user defined
database table.
*Error and recovery alerts are not supported.
Email
Sends a simple text message or a detailed HTML message. Both text messages and
HTML messages can be customized using Action Variable Tags or by creating your
own HTML Templates.
Event Log
Writes a custom entry to the Event Log of your choice. When monitoring log
entries, writes each filtered log entry. The Event Log Source field supports the
following Action Variable Tags: {HOST}, {IPv4}, {IPv6}
File
Saves results to a file. When monitoring log entries, writes each filtered log entry.
Supports: CSV, EVT, HTML and TXT.
Manage a Process Restarts, stops or starts a Windows process. The arguments field supports the
following Action Variable Tags: {HOST}, {IPv4}, {IPv6}, {MESSAGE} When
monitoring log entries, to start a process for each log entry, include one of the
following tags within the arguments field: {HOST}, {IPv4}, {IPv6}, {MESSAGE}. These
fields are replaced with the appropriate values within each entry prior to the
process being started.
Manage a Service Restarts, stops or starts a Windows Service.
Message Box
Displays a message box on any computer that has the Tray Icon installed and
running.
*Requires TCP port 6766.
For more information see Desktop Actions, Alerts and Notifications
SMS (Pager)
Sends a text message using one of several web SMS online gateway services.
SNMP Trap
Sends a SNMP trap via Microsoft's SNMP Service.
Sound
Plays a sound on any computer that has the Tray Icon installed and running.
*Requires TCP port 6766.
For more information see Desktop Actions, Alerts and Notifications
Syslog
Writes a message to any syslog server. When monitoring log entries, writes each
filtered log entry.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
141
Printed Documentation
Related Topics
HTML and Email Template Settings
Desktop Actions, Alerts and Notifications
Desktop Actions are defined as Actions that are executed within a user's Windows desktop (e.g.
message box alerts, sound alerts and interactive file execution). Server Manager enables you to receive
desktop notifications on any Windows computer that has network access to the Server Manager Service.
To configure desktop notifications:
1. From the computer you would like to receive desktop notifications, install Server Manager.
2. Open the Management Console.
3. Select Tools > Server Manager Configuration Wizard. The Server Manager Configuration
Wizard dialog displays.
4. Click Next. The Service Credentials page displays.
5. Check Disable the 'Veriato Server Manager Service' then click Next. The service is disabled
and the wizard closes.
6. From the Object Explorer, select the root (e.g. Server Manager) then right-click and select
Delete.
7. Select File > New Server Manager Connection. The Connect to Service dialog displays.
8. Type a unique Connection name.
9. From the Server name text box, enter the addressable hostname or IP address where the
service is installed.
10. Specify credentials that provide administrator access to the server where the service is
installed. For more information see Service Connections.
11. Click Connect. The Console connects to the service and adds a new root node (e.g. Server
Manager) to the Object Explorer.
If the connection fails due to a network error, make sure the hostname is
addressable and TCP port 6766 has been opened through your server's Windows
Firewall or any other firewall that may be present.
12. From the Object Explorer, expand Actions > Desktop.
13. Right-click on Display Message Box and select Properties. The Action Properties view
displays.
14. From the Target control group click
. The Add Computer, Devices and Hosts dialog
displays.
15. From the drop-down, choose Select Localhost then click OK. The localhost is added to the
Target Hosts list.
16. Finally, click the Test button. You should now see the test message box alert on the localhost.
Close the test message box alert.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
142
Printed Documentation
17. An informational message box prompts you stating at least one subscriber has been notified.
Click OK to close the message box.
18. Click OK.
Related Topics
Client/Server Architecture
Management Server Settings
Service Connections
Add Action
An Action is a configurable object that executes a function when:
•
•
•
A monitor triggers, recovers, errors or completes.
A Report is complete or errors
An Auto Configurator is complete or errors
To create an Action:
1. Select File > New > Action. The Create New Action dialog displays.
2. Choose from the Type drop-down. An Action specific view displays. For more information see
Actions Alerts and Notifications.
3. Type a unique Name.
4. Configure the Action specific properties.
5. Click OK.
Related Topics
HTML and Email Template Settings
Assign Action
Assigning an Action enables Monitors and Reports to respond to completed, triggered, recovered and
errored events.
To assign an Action to a Template:
1. From the Object Explorer, navigate to the Template or Monitor you want to assign the
Action.
2. Right-click and select Template Properties. The Template Properties view displays.
3. Select the Actions tab.
4. Use the Actions drop-down button to assign the Action or group of Actions.
5. Click Close to save your changes.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
143
Printed Documentation
Related Topics
HTML and Email Template Settings
Action Properties
The Action Properties view enables you to view and modify an Action.
To view or edit an Action:
1.
2.
3.
4.
From the Object Explorer, navigate to the Action you want to view or modify.
Right-click and select Properties. The Action Properties view displays.
Use the controls to make any necessary changes.
Click Close.
Available Properties
Property
Description
Name
A unique name that identifies the object.
Description A user defined description of the object.
Related Topics
HTML and Email Template Settings
Database Actions
When monitoring log entries, writes each filtered log entry to a user defined database table.
Error and recovery alerts are not supported.
The configuration process requires 3 steps.
1. Configure the database connection which to write entries.
2. Create a Database Action that uses the database.
3. Assign the Database Action to the log monitor.
To configure a database connection:
1. Select Edit > Server Manager Properties. The Server Manager Properties view displays.
2. Select the Databases tab.
3. Click the
button.
4. Set the Role to Undefined.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
144
Printed Documentation
5. From the Provider drop-down, select either SqlServer, MySQL or Oracle. The database
specific view displays.
6. Configure the database specific properties.
7. Click Test Connection and verify Server Manager is able to connect to the database.
8. Click Close. When prompted to save your changes, click Yes.
To create a Database Action:
1.
2.
3.
4.
5.
Select File > New > Action. The Create New Action dialog displays.
From Type drop-down, select Database. The Database Action specific view displays.
Type a unique Name.
From the Database drop-down, select the target database.
From the Table drop-down, specify the table name or use the available tags.
When saving text log entries do not use the {LOG} tag as the entire path and file
name are used in place of the tag potentially causing the table name to exceed
the maximum table name length supported by the database.
6. Click OK.
To assign a Database Action:
For more information, see Assign Action.
Related Topics
Actions, Alerts and Notifications
Action Variable Tags
Action variable tags are used to insert variable values when firing Actions, generating Reports, and
exporting logs. When necessary, each tag is parsed out and replaced with the appropriate value. The
available variable tags depend on the current functionality that is running.
General Variable Tags
DATE
The current date.
TIME
The current time.
LOCALHOST
The host name of the computer where the software is installed.
MESSAGE
A detailed message.
NAME
The object's name.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
145
Printed Documentation
OBJECT_TYPE
The type of Report.
HOST
The target host name(s).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv4
The target IPv4 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
IPv6
The target IPv6 address(es).
TEXT: comma delimited
HTML: line feed delimited (<br/>)
LOG
The target log name.
DATE_RANGE
The time span to check (e.g. daily).
STATE
The object state (e.g. OK, Warning, Critical, Error).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
TEMPLATE
The name of the Template (only applies to Monitors).
OBJECT_TYPE
The type of object (e.g. the type of Monitor or Report).
SHORT_MESSAGE A short descriptive message.
MESSAGE
A detailed message.
General Monitor Item Tags
Some functionality, such as disk space alerts, include arrays of items. When firing Actions for these
Monitors item content may be customizable.
When firing text based Actions, such as text email (versus HTML email) or Message Box alerts, customize
item content by wrapping the target Action variable tags within <ITEM> </ITEM> tags. For example,
when firing a free disk space alert you can define the item variables to display like so:
<ITEM>\\{HOST}\{DISK} {FREE} {USED} {CAPACITY}</ITEM>
When firing HTML based Actions, such as HTML email (verses text email) or exporting to an HTML file,
customize item content by wrapping the target Action variable tags within <ENTRY_ODD>
</ENTRY_ODD> and <ENTRY_EVEN> </ENTRY_EVEN> tags. For more information see, HTML and Email
Templates
HOST
Server Manager Guide
The target host name.
© 2016 Veriato, Inc., all rights reserved.
146
Printed Documentation
IPv4
The target IPv4 address.
IPv6
The target IPv6 address.
NAME
The name of the Monitor, Report or Auto Configurator (e.g. [HOSTNAME]
([TEMPLATE NAME]))
STATE
The item state (e.g. OK, Warning, Critical, Error).
MESSAGE
SHORT_MESSAGE
A short descriptive message including the item name or key (e.g. C$).
ITEM_MESSAGE
A short descriptive message excluding the item name or key (e.g. C$).
TRIGGER_MESSAGE When the object state is Warning, Critical or Error a short descriptive message,
otherwise an empty string.
START_TIME
The time the Monitor item started.
END_TIME
The time the Monitor item completed.
DURATION
The total time required to complete.
CPU Monitors
Summary Report item variable tags
CPU_NAME
The CPU name.
* HTML only.
CPU_ARCHITECTURE The CPU architecture.
* HTML only.
CPU_AVERAGE
The average CPU load across all CPUs/cores.
* HTML only.
CPU_CLOCK_SPEED
The maximum CPU clock speed.
* HTML only.
CPU_CORES
The number of CPU cores.
* HTML only.
CPU_FREE
The average free CPU across all CPUs/cores.
* HTML only.
CPU_MAXIMUM
The maximum CPU load of any CPU/core.
* HTML only.
CPU_USED
The average CPU load across all CPUs/cores.
* HTML only.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
147
Printed Documentation
DATE_RANGE
The CPU history's date range.
* HTML only.
CPU_BAR_IMG
Displays the last known CPU load in a horizontal bar gauge.
* HTML only.
HISTORY_IMG
Displays the CPU load history chart.
* HTML only.
Defrag Monitors
Item variable tags
DISK The disk key (e.g. C$)
Directory Cleaner Monitors
Item variable tags
PATH
The full path of the target directory.
FILE_COUNT
The number of files deleted.
DIRECTORY_CLEANER_NUMBER_OF_FILES_DELETED
SIZE
DIRECTORY_CLEANER_SIZE_OF_FILES_DELETED
The total size of files deleted.
DIRECTORY_CLEANER_SIZE_OF_FILES_BEFORE
The size of directory prior to cleaning the
directory.
DIRECTORY_CLEANER_SIZE_OF_FILES_AFTER
The size of the directory after cleaning the
directory.
DIRECTORY_CLEANER_NUMBER_OF_FILES_BEFORE The number of files prior to cleaning the
directory.
DIRECTORY_CLEANER_NUMBER_OF_FILES_AFTER
The number of files after cleaning the directory.
Directory Size Monitors
Item variable tags
SIZE
The size of the disk.
USED_SPACE
The used disk space.
USED_SPACE_PERCENT
The percent of used disk space.
FREE_SPACE
The free disk space.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
148
Printed Documentation
FREE_SPACE_PERCENT
The percent of free disk space.
PATH
The full path of the target directory.
DIRECTORY_SIZE
The size of the directory.
DIRECTORY_SIZE_PERCENT
The percent of disk space the directory is consuming.
FILE_COUNT
The number of files.
SUB_DIRECTORY_COUNT
The number of sub-directories.
LAST_KNOWN_USED_SPACE The size of the directory when the Monitor was previously executed.
DELTA_SIZE
The change in directory size between Monitor executions.
DELTA_PERCENT
The percent change in directory size between Monitor executions.
THRESHOLD
The triggered threshold (e.g. 10 GBs).
Summary Report item variable tags
SIZE
The size of the disk.
USED_SPACE
The used disk space.
USED_SPACE_PERCENT
The percent of used disk space.
FREE_SPACE
The free disk space.
FREE_SPACE_PERCENT
The percent of free disk space.
NET_NAME
The network name of the disk (e.g. C$).
PATH
The full path of the target directory.
DIRECTORY_SIZE
The size of the directory.
DIRECTORY_SIZE_PERCENT
The percent of disk space the directory is consuming.
FILE_COUNT
The number of files.
SUB_DIRECTORY_COUNT
The number of sub-directories.
DATE_RANGE
The target date range.
* HTML only.
CONSUMPTION_RATE_HOURLY
Given the target date range, the calculated hourly consumption
rate.
* HTML only.
CONSUMPTION_RATE_DAILY
Given the target date range, the calculated daily consumption rate.
* HTML only.
CONSUMPTION_RATE_WEEKLY
Given the target date range, the calculated weekly consumption
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
149
Printed Documentation
rate.
* HTML only.
CONSUMPTION_RATE_MONTHLY
Given the target date range, the calculated monthly consumption
rate.
* HTML only.
CONSUMPTION_RATE_QUARTERLY Given the target date range, the calculated quarterly consumption
rate.
* HTML only.
CONSUMPTION_RATE_YEARLY
Given the target date range, the calculated yearly consumption
rate.
* HTML only.
Directory Watcher
PATH
The full path of the target directory.
FILENAME
The full path and filename of the target file.
CHANGE_TYPE The change type (e.g. Created, Deleted, Changed, or Renamed)
NEW_NAME
When a file is renamed, the new name of the file otherwise an empty string.
Disk Space Monitors
Item variable tags
DISK
The caption or if unavailable the network name of the disk (e.g. OS (C:)).
NET_NAME
PATH (deprecated)
The network name of the disk (e.g. C$).
SIZE
The size of the disk.
USED_SPACE
The used disk space.
USED_SPACE_PERCENT
The percent of used disk space.
FREE_SPACE
The free disk space.
FREE_SPACE_PERCENT
The percent of free disk space.
LAST_KNOWN_USED_SPACE The used disk space when the Monitor was previously executed.
DELTA_SIZE
The change in used disk space between Monitor executions.
DELTA_PERCENT
The percent change in used disk size between Monitor executions.
THRESHOLD
The triggered threshold (e.g. 10 GBs)
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
150
Printed Documentation
Summary Report item variable tags
SIZE
The size of the disk.
USED_SPACE
The used disk space.
USED_SPACE_PERCENT
The percent of used disk space.
FREE_SPACE
The free disk space.
FREE_SPACE_PERCENT
The percent of free disk space.
DATE_RANGE
The target date range.
* HTML only.
CONSUMPTION_RATE_DAYS_REMAINING
Given the target date range, the calculated number
of days until the disk is out of space.
* HTML only.
CONSUMPTION_RATE_ESTIMATED_FULL_DATE Given the target date range, the calculated date the
disk will run out of space.
* HTML only.
CONSUMPTION_RATE_HOURLY
Given the target date range, the calculated hourly
consumption rate.
* HTML only.
CONSUMPTION_RATE_DAILY
Given the target date range, the calculated daily
consumption rate.
* HTML only.
CONSUMPTION_RATE_WEEKLY
Given the target date range, the calculated weekly
consumption rate.
* HTML only.
CONSUMPTION_RATE_MONTHLY
Given the target date range, the calculated monthly
consumption rate.
* HTML only.
CONSUMPTION_RATE_QUARTERLY
Given the target date range, the calculated quarterly
consumption rate.
* HTML only.
CONSUMPTION_RATE_YEARLY
Given the target date range, the calculated yearly
consumption rate.
* HTML only.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
151
Printed Documentation
File Count Monitors
Item variable tags
PATH
The full path of the target directory.
DIRECTORY_SIZE
The size of the directory.
FILE_COUNT
The number of files.
SUB_DIRECTORY_COUNT
The number of sub-directories.
LAST_KNOWN_FILE_COUNT The number of files when the Monitor was previously executed.
THRESHOLD
The triggered threshold (e.g. 5000 files).
File Size Monitors
Item variable tags
MASK
The Template mask used to search for the file (e.g.
\\SERVERNAME\c$\logs\*.txt).
LOG
FULLNAME
The full path and filename.
NAME
FILENAME
The filename.
PATH
The full path of the target directory.
FILE_SIZE
The size of the file.
DELTA_SIZE
The change in size between Moniitor executions.
DELTA_PERCENT
The percent change in size between Moniitor executions.
LAST_KNOWN_FILE_SIZE The size of the file when the Monitor was previously executed.
THRESHOLD
The triggered threshold (e.g. > 10 GBs).
Idle File Monitors
Item variable tags
MASK
The Template mask used to search for the file (e.g. \\SERVERNAME\c$\logs\*.txt).
LOG
The full path and filename.
FULLNAME
NAME
FILENAME
The filename.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
152
Printed Documentation
PATH
The full path of the target directory.
TIME_SPAN The time span since the last file modification.
Memory Monitors
Summary Report item variable tags
MEMORY_USED The average CPU load across all CPUs/cores.
* HTML only.
MEMORY_FREE The average CPU load across all CPUs/cores.
* HTML only.
DATE_RANGE
The CPU history's date range.
* HTML only.
BAR_IMG
Displays the last known memory load in a horizontal bar gauge.
* HTML only.
HISTORY_IMG
Displays the memory load history chart.
* HTML only.
Performance Counter Monitors
Summary Report item variable tags
VALUE
The performance counter value.
* HTML only.
DATE_RANGE The performance counter history's date range.
* HTML only.
HISTORY_IMG Displays the performance counter history chart.
* HTML only.
Ping Monitors
Summary Report item variable tags
ROUND_TRIP_TIME The ping response time.
* HTML only.
DATE_RANGE
The ping history's date range.
* HTML only.
HISTORY_IMG
Displays the ping history chart.
* HTML only.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
153
Printed Documentation
SMART Monitors
Item variable tags
DISK
The network name of the disk (e.g. C$).
NET_NAME
SMART
The SMART status (e.g. OK, Degraded).
Event Log Alerts
Header variable tags
LOG
The name of the log (e.g. Application, System, Security).
FILTER
The applied filter name.
AD_USER When firing an email alert for an Event Log entry that passes a Monitor's filter, the tag is
replaced with the Active Directory assigned email address for the user listed within the
USER column of the entry. If multiple entries pass the post consolidation filter the first
entry that contains a non-null value within the USER column is used for the lookup.
USER
When firing an email alert for an Event Log entry that passes a Monitor's filter, the email
address can be changed to the contents of the USER column within the entry. If multiple
entries pass the filter the first entry that contains a non-null value within the USER column
is used for the replacement. If the USER column contains a domain name, the domain
name is removed.
For example:
If the Event Log entry USER column contains:
LITTLEWATER\jdoe
and the email address within the email Action is defined as:
{USER}@Veriato.com
the actual email address used is:
[email protected]
Item variable tags
HOST
The host that generated the entry.
* If an alias has been assigned to the host the alias is used in-place of the actual
hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
TIME
The time the entry was generated.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
154
Printed Documentation
LOG
The name of the log (e.g. Application, System, Security).
LEVEL
The Event Log entry level (e.g. Warning or Critical).
* When forwarding entries the Syslog message priority is automatically set to each
Event Log entry's level.
SOURCE
The entry source.
EVENT
The entry event ID.
CATEGORY
The entry category.
USER
The entry user.
MESSAGE
The entry message.
DATA
The entry data in hexadecimal format.
DATA_ASCII
The entry data in ASCII format.
DATA_UNICODE The entry data in Unicode format.
Entry Not Found Alert
Item variable tags
MASK
The Template mask used to search for the file (e.g. \\SERVERNAME\c$\logs\*.txt).
* Text Log Monitors only.
LOG
The name of the log (e.g. System, Syslog, myapp.log).
FILENAME
The full path and filename.
FILTER
The name of the filter that was applied.
DATE_RANGE
The threshold's time span (e.g. 2 Hours).
EXPECTED_COUNT The expected number of entries per time span.
COUNT
The actual number of entries found during the time span.
Event Log Consolidation
Item variable tags
LOG
The name of the log (e.g. Application, System, Security).
DOWNLOADED_COUNT The number of entries downloaded.
DUPLICATE_COUNT
Server Manager Guide
The number of entries previously downloaded. This value is typically 1;
however, if an application writes several entries to the Event Log at the same
millisecond this value may be greater than 1.
© 2016 Veriato, Inc., all rights reserved.
155
Printed Documentation
FILTERED_COUNT
When a consolidation filter is assigned, the number of entries that passed
the consolidation filter.
SAVED_COUNT
The number of entries saved to the Log Repository.
FROM
The oldest date to download.
File Consolidation
Item variable tags
PATH
The full path of the target directory.
FILE_COUNT_COPIED
The number of files copied.
FILE_SIZE_COPIED
The size of the files copied.
FILE_COUNT_DELETED The number of files deleted.
FILE_SIZE_DELETED
The size of the files deleted.
DIRECTORY_SIZE
The size of the directory.
Output directory tags
DATE The current date.
TIME The current time.
PATH The source path.
* All special characters are replaced with an underscore.
Output filename tags
DATE
The current date.
TIME
The current time.
LOG
The full path to the source file.
FULLNAME * All special characters are replaced with an underscore.
NAME
The source filename.
FILENAME * All special characters are replaced with an underscore.
PATH
The source path.
* All special characters are replaced with an underscore.
Text Log Consolidation
FILENAME
The target log's filename.
LOG
The target log's full path and filename.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
156
Printed Documentation
MASK
The full path and filename or mask.
DOWNLOADED_COUNT The number of entries downloaded.
FILTERED_COUNT
When a consolidation filter is assigned, the number of entries that passed
the consolidation filter.
SAVED_COUNT
The number of entries saved to the Log Repository.
FROM
The position within the file data was read from. This value is typically the last
known length.
SIZE
The size or length of the data read.
SNMP Traps
Item variable tags
OID
The object identifier.
NAME
The name or alias associated with the object identifier.
VALUE
The variable's value.
DATA_TYPE The variable's data type.
Related Topics
HTML and Email Template Settings
Auto Configurator Properties
Reports
File Output Options
When running on-demand Reports (e.g. Failed Logons, Largest Files, etc.), you have the option to save
the Report results to file. HTML, TXT, CSV and PDF file formats are supported.
By default, HTML, TXT and PDF files are saved using UTF-8 encoding allowing any
language to display as expected, however, if your primary language requires
Unicode (e.g. Japanese), Reports may be reduced in size by saving to Unicode
format. To save files using Unicode format, check Unicode.
If generating CSV files and your data includes non-ASCII and/or Unicode
characters (e.g. Japanese), check UTF-8.
When saved, previously generated Reports can be:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
157
Printed Documentation
Overwritten Deletes the old file and replaces with the new file.
Backed up
Moves the previously generated file to a backup sub-directory and renames the file
using a combination of the current filename and current date.
Appended to Text and CSV only. Appends the Report to the previous file.
Tray Icon
The Tray Icon is client application that enables your Windows desktop to display system status, receive
desktop notifications (e.g. message box alerts, sound alerts and interactive file execution) and launch
the Management Console.
The Tray Icon can be installed on any Windows computer then configured to connect to the Server
Manager Service (multiple if necessary). Once connected, your desktop is ready to display the system
status, message box alerts and play sound alerts.
The Tray Icon displays the following system status icons:
Icon Description
The Tray Icon has connected to the service and there are no triggers.
The Tray Icon has connected to the service and there is at least one warning trigger.
The Tray Icon has connected to the service and there is at least one critical trigger.
The Tray Icon has connected to the service and there is at least one error trigger.
The service is not running.
To configure your workstation, laptop or home computer to receive desktop notifications:
See Desktop Actions, Alerts and Notifications
To open Server Manager from the tray:
Double-click the Tray Icon or right-click and select Open Veriato Management Console.
If the Tray Icon is displaying a warning, critical or error icon, the Console
automatically opens the last triggered Monitor.
To clear the Tray Icon alert icon:
From the Tray Icon, right-click and select Clear Tray Alert.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
158
Printed Documentation
To view the message box alert history:
From the Tray Icon, right-click and select View Message Box Alert History.
To temporarily close the Tray Icon:
From the Tray Icon, right-click and select Exit.
Desktop Actions will no longer fire.
To restart the Tray Icon:
From them Console, select Tools > Start Tray Icon.
To disable the Tray Icon:
1. From them Console, select Tools > Options. The Options dialog displays.
2. From the User Preferences tab, check Disable the tray icon.
Desktop Actions will no longer fire.
To enable the Tray Icon:
1. From them Console, select Tools > Options. The Options dialog displays.
2. From the User Preferences tab, un-check Disable the tray icon.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
159
Auto Configurators
Auto Configurators
An Auto Configurator is a configurable object used to monitor new servers and workstations. When
utilized in large environments, Auto Configurators can be a very powerful tool enabling Server Manager
to automatically monitor new and renamed servers without any interaction.
How it works:
When executed, an Auto Configurator scans your Active Directory tree or targeted organizational unit
(OU) for computers. Once found, each computer is filtered through an optional property Filter (e.g.
operatingSystem contains Server) and an exclusion list. Once filtered, each computer is then added to
the system. Finally, targeted Templates and Reports are assigned to each computer.
When executed, any computer that has already been added to Server Manager will be updated with the
latest assignments. Previous assignments are left unmodified. For example, if you have previously
configured a server and have modified the Auto Configurator to include a new Template such as a Disk
Space Monitor Template, the Template will be assigned to all computers that reside in both the Active
Directory tree and Server Manager. If an assignement is removed from the Auto Configurator,
computers previously added by the Auto Configurator are uneffected.
Related Topics
Active Directory Settings
Batch Update Auto Configurators
Add Auto Configurator
An Auto Configurator is a configurable object used to monitor new servers and workstations. When
utilized in large environments, Auto Configurators can be a very powerful tool enabling Server Manager
to automatically monitor new and renamed servers without any interaction.
To create an Auto Configurator:
1. Select File > New > Auto Configurator. The Select Active Directory Entry dialog displays.
2. Select the target organizational unit (OU). The Auto Configurator Properties view displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
161
Printed Documentation
3. Type a unique Name.
4. Configure the properties.
5. Click OK.
Auto Configurator Properties
The Auto Configurator Properties view enables you view and modify configuration settings.
To view or edit an Auto Configurator:
1. From the Object Explorer, expand the Auto Configurators node.
2. Navigate to the target Auto Configurator.
3. Right-click then select Properties. The Auto Configurator Properties view displays.
Available Properties
Property
Description
Name
The friendly name of the object.
Description
A user description of the object.
Active Directory path
The full path to the target organizational unit.
Recurse OU
Option to recursively scan the organizational unit.
Append domain name
Option to append a domain name so computers can be accessed using their
FQDN.
Enabled
Enables the scheduled execution.
Temporarily disabled
Temporarily disables scheduled execution.
Execution frequency
The frequency to execute.
Object assignment
The groups and objects to assign discovered computers (e.g. Templates).
Exclusion filters
Complex Active Directory computer property filters (e.g. operatingSystem
contains 'Server') and computer name exclusion list with import function.
History retention policy The number of days to retain execution results in the history database.
Complete Actions
Actions and notifications to execute when complete (e.g. receive a daily
Report that shows a detailed list of updates).
Error Actions
Actions, alerts and notifications to fire when there is an execution error (e.g.
the Active Directory path cannot be found).
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
162
Printed Documentation
Action Variable Tags
The following tags are available:
Tag
Description
Supports Single Line
Display
(e.g. email subject)
DATE
The current date.
X
TIME
The current time.
X
LOCALHOST
The host name of the computer where the software is
installed.
X
NAME
The object's name.
X
OBJECT_TYPE
The type of object (e.g. Auto Configurator).
X
STATE
The object state (e.g. OK, Warning, Critical, Error).
X
STATE_IMG
The object state image (e.g. OK, Warning, Critical,
Error).
Applies to HTML output only.
SHORT_MESSAGE A short descriptive message.
X
MESSAGE
A detailed message.
PATH
The Active Directory path.
X
DURATION
The total time it takes the function to execute.
X
STS
A list of all informational messages.
ERR
A list of all error messages.
Auto Configuator results do not support item tags.
Related Topics
Action Variable Tags
HTML and Email Template Settings
Assign Templates to Auto Configurator
Assigning a Template to an Auto Configurator enables Server Manager to automatically assign
Templates to newly discovered computers.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
163
Printed Documentation
To assign Templates to an Auto Configurator:
1.
2.
3.
4.
5.
6.
7.
8.
From the Object Explorer, expand Auto Configurators.
Navigate to the Auto Configurator you want to assign the Template.
Right-click and select Properties. The Auto Configurator Properties view displays.
Select the Templates tab.
Optionally, use the Host Groups drop-down button to assign a host group.
Use the Template Groups drop-down button to assign a Template group.
Use the Templates drop-down button to assign the Template or group of Templates.
Click Close to save your changes.
Select Active Directory Organizational Unit
When adding a new Auto Configurator you are prompted to select an organizational unit (OU) within
your Active Directory tree.
To display the select dialog:
1. Select File > New > Auto Configurator. The Auto Configurator Properties dialog displays.
2. The Select Active Directory Entry dialog immediately displays.
To select an organizational unit:
1. Select the target organization unit.
2. Click Select.
Related Topics
Active Directory Settings
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
164
Printed Documentation
Groups
Groups
Systems management is made easier through grouping. Grouping provides you with the ability to group
similar or related objects into smaller more manageable collections while also offering inheritance (e.g.
when assigning a host to a host group, all templates assigned to the host group are applied to the host).
Server Manager supports hierarchical grouping as well as multi-assignment.
A simple example
Let's say we have 3 servers (coalville, kamas, and marion) of which all provide internal HTTP interfaces
on port 8080. A SQL Server database is hosted on coalville, kamas provides public HTTP interfaces for
www.mycompany.com and www.diskmonitor.com and marion provides SMTP, IMAP and POP3
interfaces for mail.mycompany.com.
In this example the goal is to ping all physical machines and monitor all HTTP, database, and email
interfaces. To implement these monitoring requirements:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Create 4 groups: Database Servers, Mail Servers, Physical Servers and Web Servers.
From the Web Servers group, create 2 sub-groups named External and Internal.
Add coalville to the Database Servers group.
Add mail.mycompany.com to the Mail Servers group.
Add coaville, kamas and marion to the Physical Servers group.
Add www.mycompany.com and www.diskmonitor.com to the Web Servers > External group.
Add coaville, kamas and marion to the Web Servers > Internal group.
Create the database, email, ping, external HTTP and internal HTTP Templates.
Assign the database Template to coalville.
Assign the email Templates to mail.mycompany.com.
Assign the ping Template to the Physical Servers group.
Assign the public HTTP Templates to the External group.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
165
Printed Documentation
13. Assign the internal HTTP Templates to the Internal group. Here is an example of how it should
look:
Assign generic Templates (e.g. ping) to groups and host specific Templates (e.g.
Templates that contain logon as information) directly to the appropriate host.
Related Topics
Batch Assign Computers Devices and Hosts to a Group
Batch Assign Templates to a Group
Monitor Hierarchy
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
166
Printed Documentation
Add Group
To create a group:
1. From the Object Explorer, navigate to the object collection node (e.g. Computers, Devices
and Hosts, Templates or any user defined groups).
2. Right-click then select New Group. The New Group dialog displays.
3. Enter the group name, then click OK.
Related Topics
Batch Assign Computers Devices and Hosts to a Group
Batch Assign Templates to a Group
Assign Group
Server Manager enables you to move or link objects (e.g. hosts, host groups, Templates, Template
groups) to groups of hosts, Templates and Reports.
To assign an object to a group:
From the Object Explorer, use drag and drop. Upon dropping, if prompted, select from one of the
following popup menu item options:
Move Unassigns the object from the current object and moves it to the target object.
Link
Links the object to the target object creating an assignment to multiple objects.
Cancel Cancels the drag and drop operation.
To assign a Template to hosts, host groups and Template groups:
1. From the Object Explorer, navigate to the target Template.
2. Right-click and select Template Properties. The Template Properties view displays.
3. Use the Template Assignments view to assign the Template to hosts, host groups and
Template groups.
To assign a Summary Report to hosts, host groups and Report groups:
1. From the Object Explorer, navigate to a Summary Report.
2. Right-click and select Properties. The Report Properties view displays.
3. Use the Report Assignments view to assign the Report to hosts, host groups and Report
groups.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
167
Printed Documentation
To move a host group:
Host groups cannot be assigned or linked to multiple parent host groups.
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Use drag and drop to move a host group to another host group.
Or
3. Right-click on the host group that you want to assign to.
4. Select Assign > Group. The Assign Group to (x) Group dialog displays.
5. Under Group Type, select Host.
6. Under the Select Host Group drop-down, select the host group you want to move.
7. Click Assign. The group from step 6 is moved to the group from step 3.
To assign a host group to a Template group:
Host groups can be assigned or linked to multiple Template groups.
1. From the Object Explorer, expand Computers, Devices and Hosts.
2. Use drag and drop to assign a host group to a Template group.
Or
3. Right-click on the host group that you want to assign to.
4. Select Assign > Group. The Assign Group to (x) Group dialog displays.
5. Under Group Type, select Template.
6. Under Assignment Options, select Link or Move.
If you choose Move, the host group is unassigned from all other Template groups.
7. Under the Select Template Group drop-down, select the Template group you want to assign.
8. Click Assign. The group from step 7 is assigned to the group from step 3.
To move a Template group:
Template groups cannot be assigned or linked to multiple parent Template
groups.
1. From the Object Explorer, expand Templates.
2. Use drag and drop to move a Template group to another Template group.
Or
3. Right-click on the Template group that you want to assign to.
4. Select Assign > Group. The Assign Group to (x) Group dialog displays.
5. Under Group Type, select Template.
6. Under the Select Template Group drop-down, select the Template group you want to move.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
168
Printed Documentation
7. Click Assign. The group from step 6 is moved to the group from step 3.
To assign a Template group to a host group:
Template groups can be assigned or linked to multiple host groups.
1. From the Object Explorer, expand Templates.
2. Use drag and drop to assign a Template group to a host group.
Or
3. Right-click on the Template group that you want to assign to.
4. Select Assign > Group. The Assign Group to (x) Group dialog displays.
5. Under Group Type, select Host.
6. Under Assignment Options, select Link or Move.
If you choose Move, the Template group is unassigned from all other host groups.
7. Under the Select Host Group drop-down, select the host group you want to assign.
8. Click Assign. The group from step 7 is assigned to the group from step 3.
Related Topics
Batch Assign Computers Devices and Hosts to a Group
Batch Assign Templates to a Group
Log Management
Log Management
Email Logs
Encrypt and Sign Files
Event Log to Syslog
EVT and EVTX Files
Export Logs
Log Repository Retention Policy
Search for Logs
Syslog Consolidation Template
Syslog Monitor Template
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
169
Printed Documentation
Email Logs
Server Manager includes the capability to email consolidated logs as well as filtered log entries to other
co-workers. You can email multiple consolidated logs as well as an entire page or selected entries from
any of log viewers.
To email multiple consolidated logs:
Select Logs > Email Logs. The Select Log Type dialog displays.
Select the log type then click OK. The Select Multiple Logs dialog displays.
Check the logs to email then click OK. The Email Consolidated Logs dialog displays.
Use the To drop-down to select the target email address or type the email address. Use a
comma to separate multiple email addresses.
5. Use the Subject and Message to text boxes to customize the subject and message.
6. Select the File type (e.g. CSV, HTML, PDF, TXT, ELF, SLF). ELF and SLF files are Veriato
Software's binary file format (ELF: Event Log File, SLF: Syslog File). Email recipients must use
their own installation of the Management Console to view ELF and SLF files.
1.
2.
3.
4.
If generating CSV files and your data includes Unicode characters (e.g. Japanese),
check UTF-8
7. To compress the output files to a single ZIP file, check Compress to ZIP format.
8. If emailing HTML files and you would like to apply your own HTML Template, check Override
the default HTML Template, click the Browse button then select your custom HTML
Template.
9. Click Send.
To email an entire page of log entries:
1. From any of the log viewers, right-click then select Email. The Email Current Page dialog
displays.
2. Use the To drop-down to select the target email address or type the email address. Use a
comma to separate multiple email addresses.
3. Use the Subject text box to customize the subject.
4. To send the current page as an attachment, check Send as attachment.
5. If sending as an attachment, select the File type (e.g. CSV, HTML, TXT, ELF, SLF). ELF and SLF
files are Veriato Software's binary file format (ELF: Event Log File, SLF: Syslog File). Email
recipients must use their own installation of the Management Console to view ELF and SLF
files.
If generating CSV files and your data includes Unicode characters (e.g. Japanese),
check UTF-8
6. To compress the output files to a single ZIP file, check Compress to ZIP format.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
170
Printed Documentation
7. If emailing HTML and you would like to apply your own HTML Template, check Override the
default HTML Template, click the Browse button then select your custom HTML Template.
8. Click Send.
To email selected log entries:
1. From any of the log viewers use the Shift and/or Ctrl key along with the mouse to select
multiple entries.
2. Once you have selected the entries to email, right-click then select Email Selected Entries.
The Email Selected Entries dialog displays.
3. Use the To drop-down to select the target email address or type the email address. Use a
comma to separate multiple email addresses.
4. Use the Subject text box to customize the subject.
5. To send the selected entries as an attachment, check Send as attachment.
6. If sending as an attachment, select the File type (e.g. CSV, HTML, TXT, ELF, SLF). ELF and SLF
files are Veriato Software's binary file format (ELF: Event Log File, SLF: Syslog File). Email
recipients must use their own installation of the Management Console to view ELF and SLF
files.
If generating CSV files and your data includes Unicode characters (e.g. Japanese),
check UTF-8
7. To compress the output files to a single ZIP file, check Compress to ZIP format.
8. If emailing HTML and you would like to apply your own HTML Template, check Override the
default HTML Template, click the Browse button then select your custom HTML Template.
9. Click Send.
Related Topics
Email Settings
HTML and Email Template Settings
Log Viewers
Encrypt and Sign Files
Many compliance regulations, such as PCI DSS Requirement 10.5.3 state IT must "Verify that current
audit trail files are promptly backed up to a centralized log server or media that is difficult to alter". To
fulfill this requirement Server Manager includes functions to encrypt, password protect digitally sign and
centrally backup log files.
When Server Manager encrypts a file the filename extension is replaced with .cbx.
CBX files can only be decrypted using a valid password through the Management
Console.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
171
Printed Documentation
To backup, encrypt and sign Event Log files:
Select File > New Template. The Select Template Type dialog displays.
From the menu tree, expand Log Management > Event Log Management.
Double-click Event Log File Backup. The Template Properties dialog displays.
Use the General tab to enter a unique Name and configure the frequency to run.
Use the Logs tab to target Event Log files.
Use the Event Log File Backup tab to configure the backup options:
o To compress backed up logs, check Compress to ZIP format.
o To encrypt backed up logs, check Encrypt and password protect then type a
password.
o To digitally sign backed up logs, check Digitally sign, click the Browse button to
select the digital certificate you would like to sign the files with, then the
certificate password or private key.
o To clear the remote Event Log file contents, check Clear the remote .evtx or .evt
file contents.
o To delete old backed up files, check Delete files in the target directory older than
x days then type the maximum number of days to retain.
7. Use the Template Assignments view to assign hosts, host groups and Template groups.
8. Click OK.
1.
2.
3.
4.
5.
6.
To backup, encrypt and sign application log files:
1.
2.
3.
4.
5.
6.
7.
Select File > New Template. The Select Template Type dialog displays.
From the menu tree, expand Log Management.
Double-click File Consolidation. The Template Properties dialog displays.
Use the General tab to configure the frequency to download and backup the remote files.
Use the Directories tab to select the directories to backup.
Use the Exclusions tab to configure sub-directories to exclude.
Use the Control tab to configure Server Manager to stop services and processes prior to
backing up files.
Services and processes are stopped in the order listed and restarted in the reverse
order.
8. Use the Function tab to configure the backup options:
o Use the Filename Masks controls to select the files or file types to backup as well
as the files or file types to exclude.
o Choose to copy or move files.
o To delete files in the source directory, check Once copied, delete files in the
source directory older than x days then type the maximum number of days to
retain.
o Specify the Target output directory.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
172
Printed Documentation
To prepend backed up files with a tag, from the Tag output filenames with text
box type the tag.
o To compress backed up files, check Compress to ZIP format.
o To encrypt backed up files, check Encrypt and password protect then type a
password.
o To digitally sign backed up files, check Digitally sign, click the Browse button to
select the digital certificate you would like to sign the files with, then the
certificate password or private key.
o To delete old backed up files, check Once consolidated, delete files in the target
directory older than x days then type the maximum number of days to retain.
9. Use the Template Assignments view to assign hosts, host groups and Template groups.
10. Click OK.
o
Related Topics
Batch Functions
Day and Time Exclusions
Schedules
Event Log to Syslog
Server Manager comes pre-installed with 2 sample Actions that forward Event Log entries to another
Syslog server or device. The Actions are called:
Event Log to Syslog
• Event Log to Customizable Syslog
The Actions are located in the Object Explorer under Actions > Logs.
•
To prepend each Syslog entry with a constant string:
1. From the Object Explorer, navigate to one of the Event Log to Syslog Actions.
2. Right-click then select Properties. The Action Properties view displays.
3. From the Message text box, type the constant value preceding the current value. For
example:
WINEVT: {ENTRY}
To customize the Syslog message:
1. From the Object Explorer, navigate to Actions > Logs > Event Log to Customizable Syslog.
2. Right-click then select Properties. The Action Properties view displays.
3. From the Message text box, type the constant value or variable tags within the <ITEM>
</ITEM> tags. For example:
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
173
Printed Documentation
<ITEM>'{HOST}' '{LOG}' '{LEVEL}' '{DATE}' '{TIME}' '{SOURCE}' '{EVENT}' '{CATEGORY}'
'{USER}' '{MESSAGE}' '{DATA}'</ITEM>
Action Variable Tags
The following entry tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the actual
hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
TIME
The time the entry was generated.
LOG
The log name (e.g. System).
LEVEL
The Event Log entry level (e.g. Warning or Critical).
NOTE: When forwarding entries the to a Syslog server/device the entry level is
mapped to an appropriate Syslog priority.
SOURCE
The entry source.
EVENT
The entry event ID.
CATEGORY
The entry category.
USER
The entry user.
MESSAGE
The entry message.
DATA
The entry data in hexadecimal format.
DATA_ASCII
The entry data in ASCII format.
DATA_UNICODE The entry data in Unicode format.
EVT and EVTX Files
The Windows operating system stores Event Log entries to binary EVT and EVTX files. EVT files contain
each entry's information, however; these files may not contain each entry's actual message but rather
replacement tags (e.g. %1). Prior to displaying an entry, the Windows Event Viewer loads an associated
message DLL then, using the event ID, loads the appropriate replacement values. This format limits the
size of Event Logs; however, if you are using Server 2008 when viewed on another computer, the entry
message may not load because the EVTX files optionally contain each entry's full message.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
174
Printed Documentation
How do EVT and EVTX Files relate to Event Log Consolidation, Archiving and Compliance?
Many compliance regulations require Event Logs be maintained for several years so disk space may be a
concern. Heavily loaded domain controllers can easily require several terabytes to store one or more
years of data.
Server Manager provides 2 methods for backing up and archiving Event Logs. These methods are
referred to as Event Log Consolidation and Event Log File Backup.
When Server Manager consolidates (downloads and saves to a database) entries, each entry's entire
message is saved to the Log Repository database. This method is preferred but requires the most disk
space, CPU and memory. Consolidation is required to automate Event Log Reports such as Failed Logon
Attempts and Account Management. This method provides the fastest data retrieval method ideal for
Event Log analysis.
When Server Manager backs-up Server 2008 Event Log files we have opted to always save the full
message. When Server 2003 EVT files are backed-up, only the replacement tags are included in the EVT
files, however, like the Windows Event Viewer, the Management Console includes functions to attempt
to load the actual messages from the local system. Server Manager not only provides an easy method to
backup EVT/X files to a central location but also includes compression, encryption and file signing
functions enabling you to minimize disk footprint while guaranteeing file integrity a common compliance
requirement. Backing up EVT/X files is the most efficient method to fulfill log retention compliance
requirements.
It is a best practice to have redundant systems in place by implementing both Event Log Consolidation
and Event Log File Backup functions. The end result provides a method to quickly select database
records for on-demand and scheduled weekly auditing while also saving log files in their native format
ensuring your organization is not permanently tied to a software vendor.
To consolidate Event Logs to the primary Log Repository database:
1. Select File > New > Template. The Select Template Type dialog displays.
2. From the menu tree, expand Log Management > Event Log Management.
3. Double-click Event Log Consolidation and Monitoring. The Template Properties dialog
displays.
4. Use the General tab to enter a unique Name and configure the frequency to run.
5. Use the Logs tab to target Event Log files.
6. Use the Consolidation and Monitoring tab to configure the template specific options.
7. Use the Template Assignments view to assign hosts, host groups and Template groups.
8. Click OK.
To backup and archive EVT and EVTX files:
1. Select File > New Template. The Select Template Type dialog displays.
2. From the menu tree, expand Log Management > Event Log Management.
3. Double-click Event Log File Backup. The Template Properties dialog displays.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
175
Printed Documentation
4. Use the General tab to enter a unique Name and configure the frequency to run.
5. Use the Logs tab to target Event Log files.
6. Use the Event Log File Backup tab to configure the backup options:
o To compress backed up logs, check Compress to ZIP format.
o To encrypt backed up logs, check Encrypt and password protect then type a
password.
o To digitally sign backed up logs, check Digitally sign, click the Browse button to
select the digital certificate you would like to sign the files with, then the
certificate password or private key.
o To clear the remote Event Log file contents, check Clear the remote .evtx or .evt
file contents.
o To delete old backed up files, check Delete files in the target directory older than
x days then type the maximum number of days to retain.
7. Use the Template Assignments view to assign hosts, host groups and Template groups.
8. Click OK.
Related Topics
Database Settings
Configure Server Manager to use SQL Server
Configure Server Manager to use MySQL
Conserve Disk Space
Log Repository Retention Policy
Export Logs
Server Manager enables you to export consolidated logs to the following formats:
File
Type
Description
CSV
Comma separated values document for Microsoft Excel or other spreadsheet program.
HTML
HTML document for Intranet viewing.
PDF
PDF document.
TXT
Plain text document.
ELF
Veriato Event Log File. A binary file format that must be viewed within the Management
Console. Supports notes and flags.
SLF
Veriato Syslog File. A binary file format that must be viewed within the Management
Console. Supports notes and flags.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
176
Printed Documentation
To export previously consolidated logs:
1. From the Object Explorer, navigate to the target computer, log group or log, right-click then
select Save Logs As.
Or
Select Logs > Save Logs As. The Select Log Type dialog displays. Select the log type then click
OK. The Select Multiple Logs dialog displays. Check the logs to export then click OK.
2. The Save Logs As dialog displays.
3. Select the target path.
4. Select the File type.
If generating CSV files and your data includes Unicode characters (e.g. Japanese),
check UTF-8
5. If generating HTML files and you would like to apply your own HTML Template, check
Override the default HTML Template, click the Browse button then select your custom HTML
Template.
6. To compress output files to a single ZIP file, check Compress to ZIP format.
7. To encrypt output files, check Encrypt and password protect then type a password.
8. To digitally sign output files, check Digitally sign, click the Browse button to select the digital
certificate you would like to sign the files with, then the certificate password or private key.
9. Click Save.
Related Topics
HTML and Email Template Settings
Log Repository Retention Policy
The Log Repository Retention Policy Template allows you to automatically manage how long data is
stored in the Log Repositories. This Template defines the length of time to retain entries in the Primary
Log Repository prior to either removing them from the system or moving them to the Archive Log
Repository. Finally, this template defines how long to retain entries in the Archive Log Repository.
To create and assign a Log Repository Retention Policy Template:
1.
2.
3.
4.
5.
Select File > New > Template. The Select Template Type dialog displays.
From the menu tree, expand Log Management.
Double-click Log Repository Retention Policy. The Template Properties dialog displays.
Use the General tab to enter a unique Name and configure the frequency to run.
Use the Retention Policy tab to configure the policy.
For large environments we suggest archiving entries older than 15 days and
removing archived entries older than 45 days resulting in 60 days of retained
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
177
Printed Documentation
entries. To retain entries indefinitely, use your database tools to backup your
archive database once a month.
6. Use the Actions tab to assign completion and error actions.
7. Use the Advanced tab to configure the number of days to retain the Monitor history (e.g.
number of entries download, filtered, saved and duration) in the History database.
8. Click OK.
Related Topics
Conserve Disk Space
Configure Server Manager to use MySQL
Configure Server Manager to use SQL Server
Database Settings
Log Viewers
Search for Logs
Many functions throughout Server Manager require you to find or select multiple logs. The Search
dialog provides a means to search the Log Repositories.
To display the search dialog:
1. Select Logs > Merge. The Select Log Type dialog displays.
2. Select the log type then click OK. The Select Multiple Logs dialog displays.
3. Click Search. The Search for Consolidated Logs dialog displays.
To search for logs:
1. From the Search for Computers dialog box, specify your search criteria.
2. Use the Select computers that contain the following text text box to search for computers
that contain a portion of the specified text.
3. To search for multiple computers by name check Use regular expressions (e.g.
(server01|server02)).
4. Optionally, create and/or assign an Active Directory computer property filter, which enables
you to search your AD tree and filter each discovered computer for specific criteria (e.g. only
pass computers that have the word "Server" embedded in the "operatingSystem" property).
5. Choose to search for a specific Computer type (e.g. Servers, Domain Controllers, SQL Servers,
or Workstations).
6. If searching for Event Logs, use the Select the following logs drop-down to select from the
known list of available Event Logs.
7. Click Search. The search is performed. When complete the results are listed.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
178
Printed Documentation
8. To select all results click Select Logs otherwise multi-select the logs of interest then click
Select Logs.
Log Viewers
Log Viewers
Server Manager enables you to view consolidated log files (Primary and Archive Log Repositories),
backed up log files, and text log files. The log viewers page content enabling you to view large log files
without consuming large amounts of memory or time to load.
To view consolidated logs:
1. From the Object Explorer, expand the Log Repositories. The Primary and Archive Log
Repository nodes display.
2. Navigate to the host, computer, or device of interest then expand until you find the target
log.
3. Right-click on the log and select one of the following options:
View Top 10000 Consolidated Entries Displays the latest 10,000 entries from the Log
Repository. The log viewer displays log entries in pages
of 10,000 entries.
View Consolidated Log Entries
Displays today's entries. The log viewer displays log
entries in pages of one day.
Merge
Merges today's entries from multiple logs. The log
viewer displays log entries in pages of one day.
To view logs in real-time:
1. From the Object Explorer, expand the Computers, Devices and Hosts node.
2. Navigate to the host, computer or device of interest then expand and locate the target
monitor or, in the case of Event Logs or Text Logs, the target log.
3. Right-click and select Watch.
To view text log files:
1. Select File > Open. Choose the type of file to open. The following options are available:
Event Log files
*.evtx, *.evt
Text log files
*.log, *.txt
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
179
Printed Documentation
Log Repository files *.elf, *.slf
Encrypted files
*.cbx
Signed files
*.signed
Zipped files
*.zip
2. Click Open.
Event Log Viewer
Server Manager provides the following Event Log viewers.
Viewer
Description
.ELF
Displays ELF files. ELF files are consolidated Event Logs that have been saved using
Server Manager's binary file format. Supports flags and notes. Does not support
merging.
Page by Day
Displays consolidated log entries paged by day(s). Supports merging, flags and notes.
Page by Rows Displays the top 10,000 consolidated log entries. Supports flags and notes. Does not
support merging.
Real-Time
Displays in real-time received Event Log entries. Does not support merging, flags or
notes.
Report
Displays consolidated log entries paged by day(s). Supports merging, flags and notes.
Syslog Log Viewer
Server Manager provides the following Syslog Log viewers.
Viewer
Description
.SLF
Displays SLF files. SLF files are consolidated syslogs that have been saved using Server
Manager's binary file format. Supports flags and notes. Does not support merging.
Page by Day
Displays consolidated log entries paged by day(s). Supports merging, flags and notes.
Page by Rows Displays the top 10,000 consolidated log entries. Supports flags and notes. Does not
support merging.
Real-Time
Displays in real-time received syslog messages. Does not support merging, flags or
notes.
Report
Displays consolidated log entries paged by day(s). Supports merging, flags and notes.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
180
Printed Documentation
Text Log Log Viewer
Text Log Log Viewer
Server Manager provides the following Text Log viewers.
Viewer
Description
Page by Day
Displays consolidated log entries paged by day(s). Supports merging, flags and notes.
Page by Rows Displays the top 10,000 consolidated log entries. Supports flags and notes. Does not
support merging.
Real-Time
Displays and optionally tails the actual log file. Does not support merging, flags or
notes.
Report
Displays consolidated log entries paged by day(s). Supports merging, flags and notes.
Goto Line
When watching or tailing a text log file the Real-Time Text Log Viewer enables you to quickly jump to a
specific line number.
To goto a specific line number
1. From the Real-Time Text Log Viewer press Ctrl + G. The GoTo Line dialog displays
2. Enter the line number to jump to, then click OK. The viewer navigates to the line number.
Windows Service
Windows Service
Syslog Server
Assign Service Logon As Credentials
Windows Service Log
Run the Service in Verbose Mode
Assign Service Logon As Credentials
The Server Manager Service executes all configured functionality using the account the service is logged
on as. In order for the service to access network resources (e.g. downloading Event Logs, scanning disk
space, sending email through Exchange Server or connecting to SQL Server databases that require
Windows Authentication), the service must run with either domain or local administrator credentials.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
181
Printed Documentation
If you are monitoring servers on another domain or off-domain computers you
may need to also assign target computer logon as credentials.
To change the service logon as credentials:
1. From the computer the service is installed, open the Management Console.
2. Select Service > Change Service Logon.
3. Specify a domain administrator username, password and domain. If the service fails to start
because of a logon failure, check the credentials and try again.
Related Topics
Access Denied Errors
Assign Logon As Credentials
Windows Service Log
The Server Manager Service logs errors, triggers, general activity, and verbose output to a text log file
called smsrv.log. You can view the log file from the Management Console or from any text editor to
verify activity or troubleshoot the system.
To tail the service log from the Console:
Select View > Service Output. The Service Output view displays.
To view the entire service log from the Console:
Select Service > View Service Log. The Service Log History dialog displays.
To open the service log file from Notepad:
1. From the computer the service is installed, open Notepad.
2. Select File > Open.
3. Open the service log file from the following directory:
Server 2012 and
c:\programdata\cornerbowl\server manager\cbsmsrv.log
2008
Windows 8, 7 and
Vista
Server 2003
Windows XP
Server Manager Guide
C:\documents and settings\all users\application data\cornerbowl\server
manager\smsrv.log
© 2016 Veriato, Inc., all rights reserved.
182
Printed Documentation
To email the service log from the Console to Veriato Support:
Select Service > Email Service Log File. The Email Service Log File view displays.
Run the Service in Verbose Mode
The Server Manager Service logs errors, triggers, and general activity to a text log file called smsrv.log. If
you are not receiving the results you expect and have already reviewed the service log file you may be
able to gain insight by temporarily running the service in verbose mode. When run in verbose mode, the
service logs additional debug messages enabling you to identify executing functions (e.g. executing
Monitors and schedule updates).
To run the service in verbose mode:
1.
2.
3.
4.
From the computer the service is installed, open the Management Console.
Select Service > Stop.
Once you are prompted the service has stopped, click OK.
Select Service > Start Verbose.
To return the service to normal mode:
1.
2.
3.
4.
From the computer the service is installed, open the Management Console.
Select Service > Stop.
Once you are prompted the service has stopped, click OK.
Select Service > Start.
Syslog Server
Server Manager contains both a UDP and TCP Syslog server. These syslog servers can be used to collect,
monitor, and consolidate syslog messages from both computers and devices such as network routers,
firewalls, and Unix, Linux and AS400 servers. By default, when a message is sent from a device, the
receiving Syslog server automatically adds the device's IP or hostname to the Object Explorer. Once
added, the message is saved to the Log Repository.
Syslog Monitoring Template Consolidation Filter topic (if available)
Related Topics
Syslog Server Settings
Log Repository Retention Policy
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
183
SNMP
SNMP Server
Server Manager contains an internal SNMP server. The SNMP server can be used to receive and forward
traps from both computers and devices such as network routers, firewalls, and Unix, Linux and AS400
servers. By default, when a trap is sent from a device, the receiving SNMP server automatically adds the
device's IP or hostname to the Object Explorer. Once added, the trap is displayed via a message box
action.
SNMP Server
Server Manager contains an internal SNMP server. The SNMP server can be used to receive and forward
traps from both computers and devices such as network routers, firewalls, and Unix, Linux and AS400
servers. By default, when a trap is sent from a device, the receiving SNMP server automatically adds the
device's IP or hostname to the Object Explorer. Once added, the trap is displayed via a message box
action.
SNMP Trap Viewer
Server Manager includes a SNMP trap viewer enabling users to watch all incoming traps.
To display the viewer:
1. From the View menu select SNMP Traps.
Related Topics
SNMP Server Settings
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
185
Printed Documentation
Batch Functions
Batch Functions
Server Manager provides you with several batch update functions enabling you to update multiple
objects at once.
•
•
•
•
•
•
•
•
Batch Assign Logon As Credentials
Batch Update Computers, Devices and Hosts
Batch Assign Computers Devices and Hosts to a Group
Batch Delete Computers, Devices and Hosts
Batch Update Templates
Batch Assign Templates to a Group
Batch Update Reports
Batch Update Auto Configurators
Batch Assign Computers, Devices and Hosts to a Group
Server Manager enables you to easily move or link a set of hosts to a host or Template group. For more
information on grouping see Groups.
To assign multiple Computers, Devices and Hosts to a group:
1. Select Edit > Batch > Assign Computers, Devices and Hosts to Group. The Select Multiple
Computers, Devices and Hosts dialog displays.
2. Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
3. The Assign Multiple Computers, Devices and Hosts to Group dialog displays.
4. Under Assignment Options choose to Move or Link the hosts to the target group.
Move Unassigns the object from the current object and moves it to the target object.
Link
Links the object to the target object creating an assignment to multiple objects.
5. Under Group Type choose to assign to a host group or Template group.
6. Select the target group from the Select Target Group drop-down then click Assign
Or
To create a new group directly under the target root collection node (e.g. Computers,
Devices and Hosts or Templates), type a unique name then press Enter.
Related Topics
Computers, Devices and Hosts
Groups
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
186
Printed Documentation
Batch Assign Logon As Credentials
When managing Windows servers or workstations in multi-domain or non-domain environments users
are often prompted with Access Denied errors. An Access Denied error occurs when the account the
service is running under or the account the user is logged in as does not have the required access
permissions to execute WMI functions (e.g. downloading Event Logs or monitoring CPU load) or discover
administrator disk shares (e.g. c$, d$ and e$).
To batch assign logon as credentials:
1. Select Edit > Batch > Assign Logon As Credentials. The Select Multiple Computers, Devices
and Hosts dialog displays.
2. Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
3. The Host Properties dialog displays.
By default any changes are applied to all selected computers, devices and hosts,
however; you can use the use the Host drop-down to select a single computer,
device or host.
4. Specify the Windows username, password and domain that enables you to access the remote
computer. If accessing an off-domain server or workstation either clear the domain dropdown or specify the remote computer name.
5. Use the Alias field to assign a user friendly name to a hostname or IP address.
When specified, the Object Explorer will list the computer using the alias in place
of the hostname or IP address.
Related Topics
Access Denied Errors
Assign Logon as Credentials
Assign Service Logon As Credentials
Batch Assign Templates to a Group
Server Manager enables you to easily move or link a set of Templates to a Template or host group. For
more information on grouping see Groups.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
187
Printed Documentation
To assign Templates to a group:
1. Select Edit > Batch > Assign Templates to Group. The Select Multiple Templates dialog
displays.
2. To filter the tree of Templates, choose the Template type from the drop-down.
3. Check the Templates to update.
4. Click OK. The Assign Multiple Templates to Group dialog displays.
5. Under Assignment Options choose to Move or Link the hosts to the target group.
Move Unassigns the object from the current object and moves it to the target object.
Link
Links the object to the target object creating an assignment to multiple objects.
6. Under Group Type choose to assign to a host group or Template group.
7. Select the target group from the Select Target Group drop-down then click Assign
Or
To create a new group directly under the target root collection node (e.g. Templates or
Computers, Devices and Hosts), type a unique name then press Enter.
Related Topics
Templates
Groups
Batch Delete Computers, Devices and Hosts
Server Manager provides you with a batch delete function enabling you to search and delete multiple
hosts at once.
To delete multiple computers, devices and hosts:
1. Select Edit > Batch > Delete Computers, Devices and Hosts. The Select Multiple Computers,
Devices and Hosts dialog displays.
2. Check the computers to delete then click OK.
Or
Click the Search button to search for specific computers.
3. When you are prompted to confirm the delete, click Yes.
Related Topics
Computers, Devices and Hosts
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
188
Printed Documentation
Batch Update Auto Configurators
Server Manager provides you with a batch update auto configurator function enabling you to update
several auto configurators at the same time.
To update multiple auto configurators:
1. Select Edit > Batch > Update Auto Configurators. The Select Multiple Auto Configurators
dialog displays.
2. Check the auto configurators to update.
3. Click OK. The Auto Configurators Properties dialog displays.
4. Use the controls to update any settings.
By default any changes are applied to all selected auto configurators, however;
you can use the use the Auto Configurators drop-down to select a single auto
configurator.
5. Click OK.
Related Topics
Auto Configurators
Batch Update Computers, Devices and Hosts
Server Manager provides you with a batch update host function enabling you to update several hosts at
the same time.
To update multiple computers, devices and hosts:
1. Select Edit > Batch > Update Computers, Devices and Hosts. The Select Multiple Computers,
Devices and Hosts dialog displays.
2. Check the computers to assign then click OK.
Or
Click the Search button to search for specific computers.
3. The Host Properties dialog displays.
4. Use the controls to update any settings.
By default any changes are applied to all selected computers, however; you can
use the use the Host drop-down to select a single computer.
5. Click OK.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
189
Printed Documentation
Related Topics
Computers, Devices and Hosts
Batch Update Reports
Server Manager provides you with a batch update Report function enabling you to update several
Reports at the same time.
To update multiple Reports:
1. Select Edit > Batch > Update Reports. The Select Multiple Reports dialog displays.
2. To filter the tree of Reports, choose the Report type from the drop-down.
3. Check the Reports to update.
You can only batch update Reports that are the same type.
4. Click OK. The Report Properties dialog displays.
5. Use the controls to update any settings.
By default any changes are applied to all selected Reports, however; you can use
the use the Report drop-down to select a single Report.
6. Click OK.
Related Topics
Reports
Batch Update Templates
Server Manager provides you with a batch update Template function enabling you to update several
Templates at the same time.
To update multiple Templates:
1. Select Edit > Batch > Update Templates. The Select Multiple Templates dialog displays.
2. To filter the tree of Templates, choose the Template type from the drop-down.
3. Check the Templates to update.
You can only batch update Templates that are the same type.
4. Click OK. The Template Properties dialog displays.
5. Use the controls to update any settings.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
190
Printed Documentation
By default any changes are applied to all selected Templates, however; you can
use the use the Template drop-down to select a single Template.
6. Click OK.
Related Topics
Templates
Select Multiple Auto Configurators
Server Manager provides you with the ability to quickly re-configure multiple Auto Configurators at the
same time (e.g. assign a different Schedule or complete Action). The Select Multiple Auto Configurators
dialog displays when batch updating Auto Configurators.
To display the select dialog:
1. Select Edit > Batch > Update Auto Configurators. The Select Multiple Auto Configurators
dialog displays.
To select multiple Auto Configurators:
1. Check the Auto Configurators.
2. Click OK.
Select Multiple Computers, Devices and Hosts
Many functions throughout Server Manager require you to select multiple configured computers,
devices and hosts. The Select Multiple Computers, Devices and Hosts dialog provides the controls to
batch select previously configured computers, devices and hosts.
To display the select dialog:
1. Select Edit > Batch > Update Computers, Devices and Hosts.
Or
Select Edit > Batch > Delete Computers, Devices and Hosts.
2. The Select Multiple Computers, Devices and Hosts dialog displays.
To select multiple computers:
1. Check the computers, devices and hosts to select then click OK.
Or
Click the Search button to search for specific computers.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
191
Printed Documentation
Select Multiple Logs
When merging consolidated logs to a single log viewer the Select Multiple Logs dialog provides the
controls to batch select logs contained within the Log Repositories.
To display the select dialog:
1. Select Logs > Merge. The Select Log Type dialog displays.
2. Select the log type then click OK. The Select Multiple Logs dialog displays.
To select multiple logs:
•
Check the logs to select then click OK.
Or
Click the Search button to search for specific logs.
Select Multiple Reports
Many functions throughout Server Manager require you to select multiple Reports. The Select Multiple
Reports dialog provides the controls to batch select Reports.
To display the select dialog:
1. Select Edit > Batch > Update Reports.
2. The Select Multiple Reports dialog displays.
To select multiple Reports:
You can only select Reports that are the same type.
1. Optionally, use the Filter by configured report types drop-down to only list Reports of a
specific type (e.g. Object Access).
2. Check the Reports to select then click OK.
To delete multiple Reports:
1. Select Edit > Batch > Update Reports. The Select Multiple Reports dialog displays.
2. Optionally, use the Filter by configured report types drop-down to only list Reports of a
specific type (e.g. Object Access).
3. Check the Reports to delete then click Delete. The Reports are deleted.
4. Click Cancel to close the dialog.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
192
Printed Documentation
Select Multiple Templates
Many functions throughout Server Manager require you to select multiple Templates. The Select
Multiple Templates dialog provides the controls to batch select Templates.
To display the select dialog:
1. Select Edit > Batch > Update Templates.
2. The Select Multiple Templates dialog displays.
To select multiple Templates:
You can only select Templates that are the same type.
1. Optionally, use the Filter by configured template types drop-down to only list Templates of a
specific type (e.g. Ping Monitor).
2. Check the Templates to select then click OK.
To delete multiple Templates:
1. Select Edit > Batch > Update Templates. The Select Multiple Templates dialog displays.
2. Optionally, use the Filter by configured template types drop-down to only list Templates of a
specific type (e.g. Ping Monitor).
3. Check the Templates to delete then click Delete. The Templates are deleted.
4. Click Cancel to close the dialog.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
193
Printed Documentation
Troubleshooting
Troubleshooting
The following troubleshooting topics are available:
•
•
•
•
•
Access Denied Errors
Quota Violation Errors
The RPC server is unavailable Errors
Windows Service Log File
Run the Service in Verbose Mode
Forum
If none of these topics help, please see our online forum at:
http://spectorlive.com/phpbb3/
Screencasts
Veriato offers several video screencast tutorials to help you learn how to use Server Manager. The
screencasts can be found at:
http://www.Veriato.com/products/server-manager/tutorials.asp
Access Denied Errors
An Access Denied error is typically thrown by the local WMI Service when an attempt is made to access
WMI functions from a computer that is either not logged into the domain or when the Server Manager
Service is not running with domain administrator credentials.
Verify the error:
1. Open a command-prompt and type:
Wbemtest
the Wbemtest application opens.
2. Once loaded, click Connect.
3. From the Namespace text box, type \\SERVERNAME\root\cimv2 where SERVERNAME is
the name of the remote server throwing the error. If either computer resides on a different
domain or within a workgroup, specify administrator credentials that reside on the remote
computer or domain.
4. Click Connect. You should receive the Access Denied error. If you do not receive the error,
verify the service is running under the same credentials as the account you are logged into
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
194
Printed Documentation
the server with or Server Manager is configured to logon to the remote computer as the
account you are logged into the server with.
Verify service credentials:
1. From the Management Console, select View > Dashboard.
2. From the Summary tab locate the Service Status. Verify the Logon as value is set to either a
domain or local administrator account. If the value is SYSTEM or an non-administrator
account, click the account. The Change Service Logon dialog displays. Enter administrator
credentials then click OK.
Verify target computer credentials:
1.
2.
3.
4.
From the Object Explorer, expand the Computers, Devices and Hosts node.
Right-click on the target computer or a group of computers then select Host Properties.
Verify the credentials are correct then click Test.
Once you have been able to successfully test the credentials, click OK.
Resolution Checklist:
•
Ensure WMI permissions have been set correctly. From the remote computer throwing the
error, open a command-prompt and type: wmimgmt.msc. Right-click on the WMI Control (local)
node and select Properties. Select the Security tab and navigate to root/CIMV2. Click the
Security button. Grant the account you and the service are using to access logs Remote Enable
and Read Security rights.
•
If access is denied to a Windows Server 2003 log, grant the account you are logged in as and the
account the service is running under access to each event log. For more information read the
following MSDN article: How to set event log security locally or by using Group Policy in
Windows Server 2003
•
When accessing a Windows 7 or Vista computer that has joined a workgroup rather than a
domain, the remote computer must disable User Access Control (UAC). To disable UAC on a
Windows 7 or Vista computer, search for Turn UAC off within the Windows help system.
•
If the remote computer is running Windows XP Pro, make sure remote logons are not being
coerced to the GUEST account. From the computer you are unable to download logs from, open
a command-prompt and type: secpol.msc. Expand the Local Policies node and select Security
Options. Scroll down to the setting titled Network access: Sharing and security model for local
accounts. If this is set to Guest only, change it to Classic and restart your computer.
•
From the computer you are unable to download logs from, open a command-prompt and type
dcomcnfg. Expand the Component Services/Computers/My Computer node. Right-click My
Computer and then select Properties. Select the COM Security tab. From the Launch and
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
195
Printed Documentation
Activation Permissions, select Edit Limits. Add the appropriate account and assign all
permissions.
•
Check that DCOM is enabled on both the local and the remote computer. Check the following
registry value on both computers: Key: HKLM\Software\Microsoft\OLE, value: EnableDCOM,
should be set to 'Y'.
•
Check that WMI is installed on both the local and remote computer. WMI is present by default
in all flavors of Windows 2000 and later operating systems, but must be installed manually on
NT4 systems. To check for the presence of WMI, open a command-prompt and type: wbemtest.
If the WMI Tester application starts up, WMI is present, if not, it must be installed. Consult
Microsoft for more information.
•
Verify the Windows Management Instrumentation is running on both the local and target
computers.
Related Topics
Assign Service Logon As Credentials
Assign Logon as Credentials
Batch Assign Logon As Credentials
Quota Violation Errors
A Quota Violation is thrown by the WMI Service running on the target machine when Server Manager
requests the contents of a large Event Log (e.g. 400 MB) for the first time. This error can also be
triggered when the WMI Service has run out of total allowed memory. You have 3 options to resolve this
error:
•
•
•
Increase the WMI quota
Backup and clear the event log
Limit the download to a smaller date range
To increase the WMI quota:
From the Object Explorer, navigate to the computer throwing the Quota Violation error.
Right-click and select Host Properties. The Host Properties dialog box displays.
Select the WMI tab.
Double the Memory per host value. If the Memory per host is the same value as Memory all
hosts value, double both the Memory per host and the Memory all hosts values.
5. Click OK.
1.
2.
3.
4.
For more information see the following Microsoft article: WMI Error: 0x8004106C Description: Quota
violation, while running WMI queries
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
196
Printed Documentation
To backup and clear the event log:
1. From the Object Explorer, expand the Log Repositories node.
2. Navigate to the desired log, right-click and select Properties. The Log Properties view
displays.
3. Select the Event Log File (.evtx/.evt) tab.
4. Click Backup Log.
To limit the download date range:
1.
2.
3.
4.
5.
6.
From the Object Explorer, navigate to the computer throwing the Quota Violation error.
Expand the computer and locate the Event Log Consolidation and Monitoring Template.
Right-click and select Template Properties. The Template Properties view displays.
Select the Consolidation and Monitoring tab.
Set the Limit the initial download to the previous to 1 day of log entries.
Click OK.
Related Topics
Computer, Device and Host Properties
WMI Settings
The RPC server is unavailable Errors
The RPC server is unavailable error is thrown by the local WMI Service when an attempt is made to
access WMI functions from a computer that is blocking WMI requests or has a firewall between the
computers.
Verify the error:
1. Open a command-prompt and type:
Wbemtest
the Wbemtest application opens.
2. Click Connect. The Connect dialog displays.
3. From the Namespace text box, type:
\\SERVERNAME\root\cimv2
where SERVERNAME is the name of the remote server throwing the error.
4. If either computer resides on a different domain or within a workgroup specify administrator
credentials that reside on the remote computer or domain.
5. Click Connect. You should receive The RPC server is unavailable error.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
197
Printed Documentation
Resolution Checklist:
1. Open TCP port 135 and all TCP ports above 1024. For more information read the following
Microsoft article: Connecting to WMI Remotely Starting with Windows Vista
Many virus protection solutions such as McAfee and Symantec contain their own
firewalls and may offer a function to allow WMI packets.
2. Configure the WMI Service on each Server 2008, Windows 7 or Vista computer to run on a
specific port then open TCP port 135 and the specified port. Please note this is not an option
for Server 2003 or Windows XP computers. For more information read the following
Microsoft article: Setting Up a Fixed Port for WMI
3. Install Server Manager on each sub-net then push Event Log entries directly to a central
database. Please note this requires you to open the necessary database ports. In the case of
SQL Server this is TCP port 1433 by default.
4. When accessing a Windows 7 or Vista computer that has joined a workgroup rather than a
domain, the remote computer must disable User Access Control (UAC). To disable UAC on a
Windows 7 or Vista computer, search for Turn UAC off within the Windows help system.
5. If the remote computer is running Windows XP Pro, make sure remote logons are not being
coerced to the GUEST account. From the computer you are unable to download logs from,
open a command-prompt and type secpol.msc. Expand the Local Policies node and select
Security Options. Scroll down to the setting titled Network access: Sharing and security
model for local accounts. If this is set to Guest only, change it to Classic and restart your
computer.
6. From the computer you are unable to download logs from, open a command-prompt and
type dcomcnfg. Expand the Component Services/Computers/My Computer node. Right-click
My Computer and then select Properties. Select the COM Security tab. From the Launch and
Activation Permissions, select Edit Limits. Add the appropriate account and assign all
permissions.
7. Check that DCOM is enabled on both the local and the remote computer. Check the following
registry value on both computers: Key: HKLM\Software\Microsoft\OLE, value: EnableDCOM,
should be set to 'Y'.
8. Check that WMI is installed on both the local and remote computer. WMI is present by
default in all flavors of Windows 2000 and later operating systems, but must be installed
manually on NT4 systems. To check for the presence of WMI, open a command-prompt and
type wbemtest. If the WMI Tester application starts up, WMI is present, if not, it must be
installed. Consult Microsoft for more information.
9. Verify WMI is running on both the local and target computers.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
198
Printed Documentation
Windows Firewall
The Windows Firewall may block WMI traffic. If WMI traffic is blocked, Server Manager will typically
throw The RPC server is unavailable error.
To configure the Windows Firewall:
Enable Windows Management Instrumentation (WMI) or Remote Administration. The simplest way to
do this is to open up a command prompt and type the following:
For Windows Server 2012:
Configure-SMRemoting.exe -enable
For Windows Server 2008/8/7/Vista:
netsh advfirewall firewall set rule group="windows management instrumentation
(wmi)" new enable=yes
For Windows Server 2003/XP:
netsh firewall set service RemoteAdmin enable
The effect is immediate and there is no need to restart. For more information follow the links below:
Server 2012
Server 2008/8/7/Vista
Server 2003/XP
Related Topics
The RPC server is unavailable Errors
Troubleshooting
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
199
Printed Documentation
About Veriato
About Veriato
Veriato is the global leader in activity monitoring. More than 36,000 companies, schools, and
government entities worldwide use Veriato solutions to gain insight into the user activity on their
network, and enjoy the security and productivity increases that come with it. As a result, Veriato has
made the prestigious Inc. Magazine List of the Fastest Growing Private Companies in the U.S. eight times
consecutively.
Veriato award-winning solutions include the world's leading employee investigation tool (Investigator),
enterprise-grade Insider Threat detection and employee activity reporting (Veriato 360), and robust
Event and Security Log Management (Server Manager).
We provide the visibility. Our customers become more secure and productive.
Contact Us
When sending email, please include your company name, city, and state to ensure your request is
handled as promptly as possible.
General Contact
Veriato Corporation
1555 Palm Beach Lakes Blvd
West Palm Beach, FL 33401 USA
World Wide Web: www.Veriato.com
U.S. & Canada: 888-598-2788
International: 772-770-5670
Sales Contact
Monday - Friday: 9:00 AM to 10:00 PM EST
Saturday & Sunday: 10:00 AM to 6:00 PM EST
Web: www.Veriato.com
Email: [email protected]
U.S. & Canada: 888-598-2788
International: 772-770-5670
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
200
Printed Documentation
Technical Support
Web: www.Veriato.com/support.aspx
Email: [email protected]
U.S. & Canada: 888-598-2788
International: 772-770-5670
Third Party Software Notices and/or Additional Terms and Conditions
Component License (and link to full license terms) Source Code Storage Address
Aqua Gauge
Controls
The Code Project Open License
(http://www.codeproject.com/info/cpo
l10.aspx)
http://www.codeproject.com/Articles/20341
/Aqua-Gauge
Be.HexEditor The MIT License
(http://opensource.org/licenses/MIT)
http://sourceforge.net/projects/hexbox/
Circle
Animation
The Code Project Open License
(http://www.codeproject.com/info/cpo
l10.aspx)
http://www.codeproject.com/Articles/14841
/How-to-write-a-loading-circle-animation-inNET
DotNetOpen
Mail
BSD License
http://dotnetopenmail.sourceforge.net
Double
Buffered
Tree and
Listviews
The MIT License
(http://opensource.org/licenses/MIT)
http://www.codeproject.com/Articles/37253
/Double-buffered-Tree-and-Listviews
Heijden.DNS
The Code Project Open License
(http://www.codeproject.com/info/cpo
http://www.codeproject.com/Articles/23673
/DNS-NET-Resolver-C
Microsoft Public License
(http://dotnetzip.codeplex.com/license
http://dotnetzip.codeplex.com/
l10.aspx)
Ionic.zip
)
MIL.Html
None
http://www.codeproject.com/Articles/6477/
MIL-HTML-Parser
Network
Shared and
UNC Paths
The Code Project Open License
(http://www.codeproject.com/info/cpo
http://www.codeproject.com/Articles/2939/
Network-Shares-and-UNC-paths
l10.aspx)
Ookii.Dialogs See below
http://www.ookii.org/software/dialogs/
Pie Chart
http://www.codeproject.com/Articles/7321/
The zlib/libpng License
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
201
Printed Documentation
Component License (and link to full license terms) Source Code Storage Address
(http://opensource.org/licenses/zlib-
license.php)
3D-Pie-Chart
SharpSnmpLi The MIT License
b
(http://opensource.org/licenses/MIT)
http://sharpsnmplib.codeplex.com/
SNTP Client
The Code Project Open License
(http://www.codeproject.com/info/cpo
http://www.codeproject.com/Articles/1005/
SNTP-Client-in-C
XPTable
None
http://www.codeproject.com/Articles/11596
/XPTable-NET-ListView-meets-Java-s-JTable
ZedGraph
GNU Lesser General Public License
(http://www.gnu.org/licenses/lgpl-
http://sourceforge.net/projects/zedgraph/
l10.aspx)
2.1.html)
Copyright Notices, Disclaimers and License Agreements
Aqua Gauge Controls; Heijden.DNS; Network Shared and UNC Paths; SNTP Client
THIS WORK IS PROVIDED "AS IS", "WHERE IS" AND "AS AVAILABLE", WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES OR CONDITIONS OR GUARANTEES. YOU, THE USER, ASSUME ALL RISK IN ITS USE,
INCLUDING COPYRIGHT INFRINGEMENT, PATENT INFRINGEMENT, SUITABILITY, ETC. AUTHOR EXPRESSLY
DISCLAIMS ALL EXPRESS, IMPLIED OR STATUTORY WARRANTIES OR CONDITIONS, INCLUDING WITHOUT
LIMITATION, WARRANTIES OR CONDITIONS OF MERCHANTABILITY, MERCHANTABLE QUALITY OR
FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTY OF TITLE OR NON-INFRINGEMENT, OR THAT
THE WORK (OR ANY PORTION THEREOF) IS CORRECT, USEFUL, BUG-FREE OR FREE OF VIRUSES. YOU
MUST PASS THIS DISCLAIMER ON WHENEVER YOU DISTRIBUTE THE WORK OR DERIVATIVE WORKS.
Be.HexEditor
Copyright (c) 2011 Bernhard Elbl
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
202
Printed Documentation
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Circle Animation
Copyright © 2006 Martin R. Gagne
THIS WORK IS PROVIDED "AS IS", "WHERE IS" AND "AS AVAILABLE", WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES OR CONDITIONS OR GUARANTEES. YOU, THE USER, ASSUME ALL RISK IN ITS USE,
INCLUDING COPYRIGHT INFRINGEMENT, PATENT INFRINGEMENT, SUITABILITY, ETC. AUTHOR EXPRESSLY
DISCLAIMS ALL EXPRESS, IMPLIED OR STATUTORY WARRANTIES OR CONDITIONS, INCLUDING WITHOUT
LIMITATION, WARRANTIES OR CONDITIONS OF MERCHANTABILITY, MERCHANTABLE QUALITY OR
FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTY OF TITLE OR NON-INFRINGEMENT, OR THAT
THE WORK (OR ANY PORTION THEREOF) IS CORRECT, USEFUL, BUG-FREE OR FREE OF VIRUSES. YOU
MUST PASS THIS DISCLAIMER ON WHENEVER YOU DISTRIBUTE THE WORK OR DERIVATIVE WORKS.
DotNetOpenMail
Copyright © 2005 Mike Bridge ([email protected])
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Double Buffered Tree and Listviews
Copyright © Display Networks 2009
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
203
Printed Documentation
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Ionic.zip
Copyright © Dino Chiesa 2007, 2008, 2009
This license governs use of the accompanying software. If you use the software, you accept this license.
If you do not accept the license, do not use the software.
1. Definitions
The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning
here as under U.S. copyright law.
A "contribution" is the original software, or any additions or changes to the software.
A "contributor" is any person that distributes its contribution under this license.
"Licensed patents" are a contributor's patent claims that read directly on its contribution.
2. Grant of Rights
(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations
in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to
reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution
or any derivative works that you create.
(B) Patent Grant- Subject to the terms of this license, including the license conditions and limitations in
section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed
patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its
contribution in the software or derivative works of the contribution in the software.
3. Conditions and Limitations
(A) No Trademark License- This license does not grant you rights to use any contributors' name, logo, or
trademarks.
(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the
software, your patent license from such contributor to the software ends automatically.
(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and
attribution notices that are present in the software.
(D) If you distribute any portion of the software in source code form, you may do so only under this
license by including a complete copy of this license with your distribution. If you distribute any portion
of the software in compiled or object code form, you may only do so under a license that complies with
this license.
(E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express
warranties, guarantees or conditions. You may have additional consumer rights under your local laws
which this license cannot change. To the extent permitted under your local laws, the contributors
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
204
Printed Documentation
exclude the implied warranties of merchantability, fitness for a particular purpose and noninfringement.
Ookii.Dialogs
Copyright (c) Sven Groot (Ookii.org) 2009
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. Neither the name of the ORGANIZATION nor the names of its contributors may be used to
endorse or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Pie Chart
Copyright (c) 2004-2006 by Julijan Sribar
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be
held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications,
and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote
the original software. If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented as
being the original software.
3. This notice may not be removed or altered from any source distribution.
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
205
Printed Documentation
SharpSnmpLib
Copyright (c) 2008-2016
Malcolm Crowe, Lex Li, and other contributors.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
XPTable
Copyright (c) 2005, Mathew Hall. All rights reserved.
ZedGraph
Copyright (c) 2003-2007 John Champion
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser
General Public License as published by the Free Software Foundation; either version 2.1 of the License,
or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNULesser
General Public License for more details.
1922160.1
Server Manager Guide
© 2016 Veriato, Inc., all rights reserved.
206

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project