SpectorSoft Server Manager Help

SpectorSoft Server Manager Help
SpectorSoft Server Manager
Help
6/5/2013
Table of Contents
About SpectorSoft Server Manager ............................................................................................................... 1
How does Server Manager work? ............................................................................................................... 1
Getting Started .......................................................................................................................................... 3
Getting Started ....................................................................................................................................... 3
System Requirements ............................................................................................................................ 11
Client Server Architecture ....................................................................................................................... 12
Management Console ............................................................................................................................. 14
Server Manager Terminology .................................................................................................................. 15
Setting Up Server Manager Properties......................................................................................................... 17
Setting Up Server Manager Properties ...................................................................................................... 17
Licensing and Registration ...................................................................................................................... 18
Email Settings ....................................................................................................................................... 20
Database Settings ................................................................................................................................. 22
Active Directory Settings ........................................................................................................................ 38
Syslog Server Settings ........................................................................................................................... 39
Web Server Publishing Settings ............................................................................................................... 41
Management Server Settings .................................................................................................................. 44
HTML and Email Template Settings .......................................................................................................... 45
WMI Settings ........................................................................................................................................ 48
Configuring Web Proxy Server Settings .................................................................................................... 50
Console................................................................................................................................................... 51
Client Server Architecture ....................................................................................................................... 51
Object Explorer ..................................................................................................................................... 53
Enabling and Disabling Objects ............................................................................................................... 55
Options ................................................................................................................................................ 56
Working with Groups ............................................................................................................................. 57
Service ................................................................................................................................................... 62
Service Connections............................................................................................................................... 62
Viewing the Service Log ......................................................................................................................... 63
Running the Service in Verbose Mode ...................................................................................................... 64
Tray Icon ................................................................................................................................................ 65
To receive desktop notifications: ............................................................................................................. 65
To open Server Manager from the tray:.................................................................................................... 65
To clear the alert icon: ........................................................................................................................... 66
To view the message box alert history: .................................................................................................... 66
To temporarily close the tray icon: .......................................................................................................... 66
To restart the tray icon: ......................................................................................................................... 66
To permanently disable or re-enable the tray icon: .................................................................................... 66
Computers, Devices and Hosts ................................................................................................................... 67
Adding Computers, Devices and Hosts ..................................................................................................... 67
Assigning Logon As Credentials ............................................................................................................... 69
Batch Assigning Logon As Credentials ...................................................................................................... 70
ii
Table of Contents
Copying Assignments ............................................................................................................................. 71
Importing a Disk List ............................................................................................................................. 72
Importing a Host List ............................................................................................................................. 73
Mapping Computers, Devices and Hosts ................................................................................................... 74
Modifying Computer, Device and Host Properties ....................................................................................... 75
Searching for Computers, Devices and Hosts ............................................................................................ 76
Selecting Multiple Computers, Devices and Hosts ...................................................................................... 77
Working with the Registry Explorer .......................................................................................................... 78
Templates ............................................................................................................................................... 80
Templates ............................................................................................................................................ 80
Adding Templates .................................................................................................................................. 81
Template Properties ............................................................................................................................... 82
Selecting a Template Type ...................................................................................................................... 84
Working with Multiple Templates ............................................................................................................. 87
Reports ................................................................................................................................................... 88
Reports ................................................................................................................................................ 88
Report Properties .................................................................................................................................. 89
Selecting Multiple Reports ...................................................................................................................... 90
Report Types ........................................................................................................................................ 91
Monitor Hierarchy ....................................................................................................................................134
To configure the monitor hierarchy: ........................................................................................................134
Schedules ..............................................................................................................................................135
Schedules ............................................................................................................................................135
Configuring Day and Time Exclusions ......................................................................................................137
Filters ....................................................................................................................................................138
Filters .................................................................................................................................................138
Adding Filters .......................................................................................................................................139
Filtering Entries from the Log Viewer ......................................................................................................140
Importing and Exporting Filters ..............................................................................................................141
Actions, Alerts and Notifications ................................................................................................................144
Actions, Alerts and Notifications .............................................................................................................144
Desktop Actions, Alerts and Notifications .................................................................................................146
Action Variable Tags .............................................................................................................................147
File Output Options ...............................................................................................................................156
Auto Configurators ..................................................................................................................................157
Auto Configurators ...............................................................................................................................157
Adding Auto Configurators .....................................................................................................................158
Auto Configurator Properties ..................................................................................................................159
Selecting Multiple Auto Configurators ......................................................................................................161
Select Active Directory Organizational Unit ..............................................................................................162
Log Management.....................................................................................................................................163
Viewing Logs........................................................................................................................................163
Emailing Logs ......................................................................................................................................169
Encrypting and Signing Files ..................................................................................................................171
iii
SpectorSoft Server Manager Help
Event Log to Syslog ..............................................................................................................................172
EVT and EVTX Files ...............................................................................................................................174
Exporting Logs .....................................................................................................................................176
Managing Retention Policy .....................................................................................................................177
PCI DSS Compliance .............................................................................................................................178
Searching for Logs ................................................................................................................................180
Selecting Multiple Logs ..........................................................................................................................181
Server and Software Upgrades ..................................................................................................................182
Migrating to a New Server .....................................................................................................................182
Migrating to a New Server .....................................................................................................................184
Troubleshooting ......................................................................................................................................186
Troubleshooting ...................................................................................................................................186
Resolving the "RPC Server is Unavailable" Error .......................................................................................187
Resolving an Access Denied Error ...........................................................................................................189
Resolving a Quota Violation Error ...........................................................................................................191
Viewing the Service Log ........................................................................................................................193
Running the Service in Verbose Mode .....................................................................................................194
Configuring the Windows Firewall ...........................................................................................................195
About SpectorSoft ...................................................................................................................................196
About SpectorSoft Software ...................................................................................................................196
Contact Us ...........................................................................................................................................197
Copyrights and Trademarks ...................................................................................................................198
Index.....................................................................................................................................................199
iv
How does Server Manager work?
About SpectorSoft Server Manager
SpectorSoft Server Manager is an enterprise-wide systems and application monitoring software package
enabling both small business and large enterprise System Administrators to proactively manage their
networks and fulfill compliance requirements.
Consolidates, archives and monitors Windows Event Logs, Syslogs, and Text Log files.
Includes Security Event Log Reports such as:







Object Access Auditing
Failed Logon Attempts
Successful Logons
Logon Sessions
Account Management
Account Lockout
New Accounts
Monitors resources such as:



Disk space
CPU load over time
Memory load over time
Monitors and controls applications and services such as:




Websites
Email servers
Databases
Windows Services and Processes
Monitors Internet connectivity and throughput.
Includes extensive disk and directory monitoring and analysis functions and reports.
Monitors changes to the Windows Registry.
Monitors SSL and digital certificate expiration and validity.
How does Server Manager work?
Server Manager...

Installs to a single computer/server then remotely manages computers, devices, and hosts.
1
SpectorSoft Server Manager Help

Is configured though a client user interface which can be installed to any Windows computer at any
location.


Fires alerts and notifications through email, SMS, remote desktop popups, SNMP traps and more.
Automatically publishes systems and network status to your web server for remote access via your
iPhone or Android.

Generates reports to HTML, PDF, text and CSV.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
2
Getting Started
Required tasks
Optional tasks
What's next?
Getting Started
For new users, we recommend that you get acquainted with how Server Manager works. Here are some
introductory topics to get you started:



Client Server Architecture
Management Console
Terminology
After completing the Server Manager installation for the first time, there are some required and optional
tasks that you will need to do and consider in order to get Server Manager up and running.
Required tasks after installation:
1.
2.
Register your Server Manager license, unless you are using the trial.
Follow the Server Manager Configuration Wizard, which automatically displays after opening
the Server Manager Console immediately after a new installation. (To manually open the
wizard, go to Tools > Server Manager Configuration Wizard.) The task-based screens in
the wizard include:
a.
Service Credentials (For more information, see Change the Service Logon As Credentials)
3
SpectorSoft Server Manager Help
b.
4
Email Settings (For more information, see Configure email settings)
Getting Started
c.
Configuring Server Manager to use a Database (For more information, see Database
Settings).
Server Manager supports SQL Server, MySQL, Oracle as well as our own file system format
(Local File System) when a database is not an option. Server Manager has been optimized
for SQL Server 2012/8/5.
For optimal performance, we recommend that you configure Server Manager
to use SQL Server.
5
SpectorSoft Server Manager Help

6
History Repository:
Getting Started

Primary Log Repository:
7
SpectorSoft Server Manager Help

8
Archive Log Repository:
Getting Started
Optional tasks:

Configure Active Directory Connections

Configure Syslog Server Settings

Configure Web Server Publishing Settings

Configure Management Server Settings

Configure HTML and Email Template Settings

Configure WMI Settings

Configure Web Proxy Server Settings
What's next?

Add Computers, Devices and Hosts to the system

Create and assign Templates

Consolidate and Monitor Logs: This links to the company website where you can view the screencast
for "Event Log Consolidation and Monitoring using Templates."

Generate Reports:

Failed Logons Report

Event Log Error Report
9
SpectorSoft Server Manager Help

Disk Space Summary Report

Troubleshooting - Viewing the Service Log

Receiving Alerts

Set up Auto Configurators
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
10
Getting Started
System Requirements
Supported Operating Systems
Windows Server 2012, 2008 R2, 2008, or 2003
Windows 8, 7, Vista, or XP
Supported CPUs (64-Bit / 32-Bit)
Server Manager is offered in both 64-bit and 32-bit Windows installers. Be sure to install the 64-bit installer
when targeting 64-bit hardware as the 64-bit installer includes 64-bit binaries.
Memory
4 GBs of available memory, 8 GBs suggested for large networks.
Microsoft .NET Framework 3.5 Service Pack 1
The installation detects if the .Net Framework 3.5 Service Pack 1 is already installed. If not, the framework
is automatically downloaded from Microsoft and then installed. Please note the framework may take a
significant amount of time to install. Please be patient while the installation completes.
Domain Administrator Account
To access and manage remote resources Server Manager requires domain administrator rights. If offdomain, local administrator rights. The first time the application is run, you will be prompted to assign
administrator credentials to the service.
Windows Management Instrumentation (client and server)
Many functions within Server Manager utilize Microsoft's Windows Management Instrumentation (WMI) API
(e.g. Event Log management, CPU, memory, services, processes, Access Permissions Reports, SMART). If
unavailable, the dependent functions will not be available.
Optional Components
Microsoft’s SNMP Service - SNMP traps are exposed through Microsoft’s SNMP Service.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
11
SpectorSoft Server Manager Help
Client Server Architecture
Server Manager is implemented using client/server architecture. The server, referred to as the Server
Manager Service, runs as a Windows service and is responsible for all monitor and report execution. The
client, referred to as the Server Manager Console, runs on any Windows supported platform and is
responsible for all configuration and management. The tray icon, also a client, is responsible for desktop
notifications (e.g. message box and sound alerts). You can install the console and tray icon on as many
computers as necessary.
The client/server interface is implemented using TCP port 6766 by default. The TCP interface authenticates
all incoming connections using Windows authentication. Access will only be granted if the user accessing the
service belongs to the Administrator group. For secure environments, the TCP interface can be configured to
encrypt all packets using private keys.
To configure the TCP port and encryption options and settings, see Management Server Settings.
To configure the console or tray icon to connect to a remote service installation, see Service Connections.
12
Getting Started
Server Manager is deployed through a single installer that always installs the
service, console and tray icon. If you only plan to use the console and/or tray
icon, disable the SpectorSoft Server Manager service via the Windows
Service Control Manager.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
13
SpectorSoft Server Manager Help
Management Console
Server Manager is configured through the Management Console. The Console is a Windows client user
interface program that enables you to remotely configure Server Manager, view consolidated log entries,
and view monitor history.
Navigation
The Console contains several panes of interest:

Object Explorer pane is the central navigation view that contains all of Server Manager’s configurable
objects. Use the Object Explorer to create objects, assign objects, update objects, view object detail
and delete objects.

Service Output pane tails a Server Manager log file containing errors, triggers, general activity, and
verbose output. Use the Service Output pane to watch activity and troubleshoot monitors.

Document View displays object properties, reports and monitor detail.
Remote Access
The Console enables you to remotely connect to multiple Server Manager Services running on various
networks. Once connected, both management and interrogation functions are proxied through the Server
Manager Service simplifying remote management. The client/server interface is implemented using TCP
port 6766. The TCP interface authenticates all incoming connections using Windows authentication. Access
will only be granted if the user accessing the service belongs to the Administrators group. For secure
environments, the TCP interface can be configured to encrypt all packets using private keys.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
14
Getting Started
Server Manager Terminology
Term
Definition
Action
Functions that execute in response to a monitor or report completing,
triggering, or erroring. Actions can including sending an email or displaying
a message box alert.
Auto Configurators
A configuration that Server Manager uses to monitor new servers and
workstations. (For more information, see Auto Configurators.)
Desktop Action
Desktop actions are defined as actions that are executed within a user’s
Windows desktop (e.g. message box alerts, sound alerts and optionally
interactive file execution)
Filter
A configuration object that is used to remove/limit the entries from realtime and consolidated log views, monitors, and reports. Filters can also be
applied when manually searching Active Directory for specific servers or
through an Auto Configurator.
Host
The term host is used by Server Manager to refer to either a computer, a
device (e.g. switch, router or firewall) or a host (e.g.
www.spectorsoft.com).
Log Repository
A database or file system location where log entries are maintained. There
are three types:

Primary Log Repository contains the LATEST consolidated log
entries.

Archive Log Repository contains ARCHIVED consolidated logs
entries previously saved to the Primary Log Repository.

Auxiliary Log Repository contains AUXILIARY or BACKUP
consolidated logs. Typically used to view old database backups for
auditing purposes.
Monitor
The result of a host-template assignment.
Report
A configuration object that defines properties for an executable function
that optionally targets multiple hosts. (For more information, see Reports.)
Schedule
An assignable configuration object that defines the frequency to execute a
function (e.g. daily at 6:00 AM).
Server Manager Console
The client application that enables you to configure the service and
manually execute monitors, reports and Auto Configurators.
Server Manager Service
The server application responsible for executing monitors, reports and
Auto Configurators.
Server Manager Tray
Icon
The client application that enables your Windows desktop to display
system status, receive desktop notifications (e.g. message box alerts,
sound alerts and optionally interactive file execution) and launch the
console.
15
SpectorSoft Server Manager Help
Template
A configuration object that defines properties for an executable function
that is assigned to one or more hosts, host groups, template groups, and
summary reports. (For more information, see Templates.)
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
16
Setting Up Server Manager Properties
Setting Up Server Manager Properties
The Server Manager Properties enables you to configure the Server Manager Service (e.g. configure email
server settings and back end database connections).
To view the Server Manager Properties, from the Edit menu item select Server Manager Properties.
The following tab pages are available:

Licensing and Registration

Email Settings

Database Settings

Active Directory Settings

Syslog Server Settings

Web Server Publishing Settings

Management Server Settings

HTML and Email Template Settings

WMI Settings
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
17
SpectorSoft Server Manager Help
Licensing Sample
Register a license
Reset a license
Renew maintenance
Licensing and Registration
Server Manager is licensed by the number of hosts being monitored. A host is defined as an addressable
name or IP address. You can apply as many templates (e.g. CPU, memory, disk space, web content, etc.)
to each host as necessary.
A license is required for each server you would like to install the Server Manager Service onto, however, the
Server Manager Console and the notification Tray Icon are free to install on as many computers as
necessary.
If the software will be installed at a secure location without Internet access,
please email the MAC address of the target server along with the license key
you wish to assign to [email protected]
Contact SpectorSoft for more information.
A simple licensing sample:
If monitoring a single physical server called mycompany that hosts a web server (www.mycompany.com)
and mail server (mail.mycompany.com), 3 hosts within your license will be required for each of the 3
addressable names:

mycompany (e.g. Ping monitor)

www.mycompany.com (e.g. HTTP monitor)

mail.mycompany.com (e.g. SMTP monitor)
If each of the 3 addressable names are on the same IP address, using the IP address instead of the
addressable names will reduce the required hosts from 3 to 1.
To register your license:
1.
After purchasing a license from SpectorSoft, you will receive a license key or set of keys via
email.
18
2.
Install and run Server Manager.
3.
From the Edit menu item select Server Manager Properties.
Setting Up Server Manager Properties
4.
Select the Licensing tab, and then click Register License.
5.
Specify the email address used when purchasing the license and the license key.
6.
Click Submit.
To reset your license:
If you need to move a license to another computer, you can reset your own license for registration on the
new system.
1.
From the Edit menu, select Server Manager Properties.
2.
Select the Licensing tab.
3.
From the Installed Licenses pane, select the license to return then click Return License.
To renew your maintenance:
If your maintenance is near to expiring, you can renew through the console.
1.
From the Edit menu, select Server Manager Properties.
2.
Select the Licensing tab.
3.
From the Installed Licenses pane, select the license to renew then click Renew
Maintenance. A browser window opens to the website to complete your renewal.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
19
SpectorSoft Server Manager Help
Email Settings
Email Settings
In order for Server Manager to email alerts, notifications, and reports, configure the connection to the email
server you would like to send email through and, if required, enter the username/password combination.
To configure your email server connection:
1.
2.
From the Server Manager Properties, select the Email tab.
Enter the Server Information for your email server that will be sending the email
notifications. By default, this section is filled in to where your service is installed.
3.
Enter the Login Information of the SMTP server if it requires authentication. If using
Exchange Server and left blank, the login information defaults to the account the service is
running under.
4.
Optionally, modify the From Information to specify the name and from address to appear
in outgoing mail.
5.
Optionally, set and modify the Email Limiter settings to limit the number of emails sent
over a period of time (seconds, minutes, or hours). Enter a value between 1 and 65535. The
default is set to limit 20 emails per hour. Once the set limit is reached, the rest of the emails
during that period are dropped; however, those dropped messages are logged to the service
log file.
6.
Optionally, configure a Backup Email Server to use in the event that the above configured
email server (primary) is unavailable or unable to send your email alert.
7.
Enter an email address to receive a test message, verifying correct configurations.
8.
Once correctly configured, click Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
20
Setting Up Server Manager Properties
Using Gmail as a Backup Email Server
You can configure Server Manager to use your Gmail account to send email alerts when your primary email
server is unavailable or unable to send.
To configure Gmail as a backup email server:
1.
2.
From the Server Manager Properties, select the Email tab.
Select the Use a backup email server when this server is unavailable or unable to
send check box.
3.
Click Configure Backup. The Configure Backup Email Server Connection dialog box displays.
4.
Specify the following values:


Servername: smtp.gmail.com
TCP Port/Security:




Use port 465 for SSL/TLS
Use port 587 for STARTTLS
Username: enter your email address ([email protected] or
[email protected]_domain.com).
Password: enter your Gmail password.
Under Test Now, enter the email address you want to send the alert, which typically would be
5.
your Gmail account. For example, [email protected]
6.
Click Test.
7.
The packets will output to the Test Status window. Once complete, a message will popup that
shows the success or failure.
8.
Log into your Gmail account and verify you received the test message.
9.
Click OK to accept entries and close the dialog box.
10.
In the Email Settings tab, ensure you click Apply to save changes.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
21
SpectorSoft Server Manager Help
Database Settings
Configure Server Manager to use the Local File System
Convert data to a different database provider
Roles Defined
Database Settings
Server Manager uses 3 database schemas to retain data:

Monitor History (i.e. execution time, state, results such as consumed disk space)

Consolidated Log Entries (i.e. Windows Event Logs, Syslogs, application text logs)

Archived Consolidated Log Entries (i.e. log entries older than 15 days)
Server Manager supports SQL Server, MySQL, Oracle as well as our own file system format (Local File
System) when a database is not an option. When consolidating log entries you will notice significantly better
performance using SQL Server over our file system format. Server Manager has been optimized for SQL
Server 2012/8/5.
When configuring SQL Server or MySQL, the software will automatically
create a database if it does not exist; however, the default database options
are used. To create a database from within the database appropriate
management tools, see Configuring Server Manager to use SQL Server or
Configuring Server Manager to use MySQL.
When configuring a log repository to an Oracle database, you must create
the database(s) first using the appropriate Oracle tools before you can
configure them in Server Manager.
To configure Server Manager to use the Local File System:
The File System is for limited use only and not intended for large file sizes.
Save history and log entries to a SQL Server, MySQL, or Oracle database for
optimal performance. For best practices, see Conserving Disk Space.
Upon a new Server Manager installation, the File System is already configured with the Primary and
Secondary Repositories.
1.
22
Open Server Manager and select Edit > Server Manager Properties > Databases tab.
Setting Up Server Manager Properties
2.
Under the Databases drop-down box, select the applicable repository. Choose "Log
Repository" for configuring the Primary and "Archive Log Repository" for configuring the
Secondary.
3.
Enter the Name that uniquely identifies the data provider. For example, File System (Log
Repository).
4.
Optionally, enter a Description.
5.
Under Provider, select FileSystem.
6.
Enter a directory Path where you would like the file to be saved.
7.
Select the Encoding.
8.
Once complete, click Test Connection. If you were unable to connect, verify you entered the
information correctly.
Once you have successfully tested the connection, click Initialize and then Apply.
9.
To convert database data to a different database provider:
1.
From the Server Manager Properties, select the Databases tab.
2.
Click Convert Data. The Convert Data dialog box displays.
3.
Select the Source data provider from the drop-down.
4.
Select the Target data provider from the drop-down.
5.
Click Convert.
Roles defined:
Server Manager uses the following Roles for databases:



History contains monitor, report, and Auto Configuration history (e.g. disk space history).
LogRepository (Primary Log Repository) contains the LATEST consolidated log entries.
ArchiveLogRepository (Secondary Log Repository) contains ARCHIVED consolidated logs entries
previously saved to the Log Repository.

AuxiliaryLogRepository (Backup Repository) contains AUXILIARY or BACKUP consolidated logs.
Typically used to view old database backups for auditing purposes.

Undefined this database is not used. The Undefined setting allows you to disable a database while
maintaining the connection settings for later use.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
23
SpectorSoft Server Manager Help
Step 1: Create Databases in SQL Server
Step 2: Create User
Step 3: Assign User to Databases
Step 4: Configure Server Manager for SQL Server
Configuring Server Manager to use SQL Server
In this procedure, you will create and configure both a Primary Repository and Secondary Repository in SQL
Server and then connect it in Server Manager.
This procedure applies to SQL Server 2012.
SQL Express is NOT recommended because of its 10GB limit database size.
Step 1: Create a new primary and archive database in SQL Server:
1.
2.
Open Microsoft SQL Server Management Studio and login to your database server.
From Management Studio's Object Explorer, right-click on Databases and select New
Database.
3.
24
Enter the Database name (for example, cbsm).
Setting Up Server Manager Properties
4.
Under Database files, enter an auto growth of 100 MBs and an initial size of 1,000 MB.
5.
Repeat Steps 2-4 to create another database called cbsm_archive with the same options.
Step 2: Create a user for the databases:
25
SpectorSoft Server Manager Help
26
1.
From the Object Explorer, right-click on Security and select New > Login.
2.
Specify the Login name (for example, cbsmuser).
3.
Select SQL Server authentication.
4.
Specify a password and confirm.
5.
De-select Enforce password policy.
Setting Up Server Manager Properties
6.
Under Default database, select cbsm.
Step 3: Assign the user to the cbsm and cbsm_archive databases:
27
SpectorSoft Server Manager Help
1.
From the Object Explorer, expand Databases\cbsm. Right-click on Security and select
New > User.
28
2.
Select a User type: SQL user with login is the default.
3.
Specify the User name (for example, cbsmuser).
4.
Specify the Login name (for example, cbsmuser).
5.
Enter the Default schema (for example, dbo).
Setting Up Server Manager Properties
6.
Under the Select a page area on the left-side of the screen, select User Mapping.
7.
In the top area of the screen, ensure both databases that you just created are selected.
8.
At the bottom of the screen, select db_owner.
9.
Click OK to accept changes.
10. Repeat Steps 1-6 for the cbsm_archive database and then click OK to save changes.
Step 4: Configure Server Manager for SQL Server:
This procedure should be done from the Server Manager server computer.
1.
Open Server Manager and select Edit > Server Manager Properties > Databases tab.
2.
Under the Databases drop-down box, select the applicable repository. Choose "Log
Repository" for configuring the Primary and "Archive Log Repository" for configuring the
Secondary.
3.
Enter the Name that uniquely identifies the data provider. For example, SQL Server (Log
Repository). or SQL Server (Archive Log Repository).
4.
Optionally, enter a Description.
5.
Under Provider, select SqlServer. The SQL Server options display.
6.
Configure the Server Login:
29
SpectorSoft Server Manager Help

Server name specify the host name the database resides. For example,
localhost\sql.

Authentication SQL Server Authentication.

User name cbsmuser.

Password the password you assigned the user when created within SQL Server
Management Studio.
Configure the Connection Properties:
7.

Database cbsm (for Primary) and cbsm_archive (for Secondary).

Optionally, make any further configuration changes.
Once complete, click Test Connection. If you were unable to connect, verify you created and
8.
assigned the user to the database as well as typed the connection information correctly.
Once you have successfully tested the connection, click Initialize and then Apply. See images
9.
below for examples.
Image 1: Primary Log Repository example
30
Setting Up Server Manager Properties
Image 2: Secondary (Archive) Log Repository example
10.
Repeat Steps 2-9 for the Secondary Repository.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
31
SpectorSoft Server Manager Help
Step 1: Download and install MySQL Community Server
Step 2: Create and configure databases for MySQL
Step 3: Configure Server Manager for MySQL
Configuring Server Manager to use MySQL
In this procedure, you will create and configure both a Primary Repository and Secondary Repository for
MySQL from the Command Line and then connect it in Server Manager.
This procedure applies to MySQL 5.6.
Step 1: Download and install MySQL Community Server:
Download and install the latest version (version 5.6) of MySQL Community Server from:
http://mysql.com/downloads/mysql/
Use the default instance.
Ensure that you are logged in with full access.
Step 2: Create and configure databases for MySQL from the Command Line:
In this step from the Command Line, you will create new primary and archive databases in MySQL 5.6 and then
create a user with privileges.
From the Command Line, enter the commands in the order displayed in the image below.
The database name, user name, and password are examples. Change these
accordingly to your needs.
32
Setting Up Server Manager Properties
Step 3: Configure Server Manager for MySQL:
This procedure should be done from the Server Manager server computer.
1.
Open Server Manager and select Edit > Server Manager Properties > Databases tab.
2.
Under the Databases drop-down box, select the applicable repository. Choose "Log
Repository" for configuring the Primary and "Archive Log Repository" for configuring the
Secondary.
3.
Enter the Name that uniquely identifies the data provider. For example, MySQL (Log
Repository).
4.
Optionally, enter a Description.
5.
Under Provider, select MySQL.
6.
7.
Configure the Server Login:

Server name specify the host name the database resides.

Password the password you assigned the user when created within MySQL.
Configure the Connection Properties:

Database cbsm (for Primary) and cbsm_archive (for Secondary).

Optionally, modify the time-out values.
8.
Once complete, click Test Connection. If you were unable to connect, verify you
created and assigned the user to the database as well as typed the connection information
correctly.
9.
Once you have successfully tested the connection, click Initialize and then Apply.
See images below for examples.
33
SpectorSoft Server Manager Help
Image 1: Primary Log Repository example for MySQL
Image 2: Secondary (Archive) Log Repository example for MySQL
34
Setting Up Server Manager Properties
10.
Repeat Steps 2-9 for the Secondary Repository.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
35
SpectorSoft Server Manager Help
Conserving Disk Space
When saving Event Logs to the log repository and using the File System format, new entries are
downloaded and saved to a temporary file. Once the download is complete, the previously downloaded
entries are appended to the temporary file. If saving data for a long period of time or if a server is
generating large Event Logs over a short period of time, such as the Security Event Logs for example, these
temporary files may get large (around 20 GB).
To optimize Server Manager to conserve disk space:

In the Database settings, assign SQL Server for the Primary Log Repository.

Use Schedules to evenly distribute Event Log downloads over time. The end result is a process that
regularly downloads Event Logs rather than a process that fires off 90 downloads all at once. The
default Event Log Consolidation template uses an Hourly Range schedule that automatically distributes
Event Log downloads every hour.

Limit the log retention policy to a manageable period. For example, save entries for 15 days in the
primary log repository and another 30 days in the archive/secondary log repository for a total of 45
days. Every month at the end of the month make a database backup of the archive/secondary log
repository and save it to your organization's archives.

Limit Post Consolidation Filter use. Instead, use reports to access data on a daily basis rather than
using post consolidation filters, which can result in frequent emails.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
36
Setting Up Server Manager Properties
Managing Retention Policy
In general, a retention policy allows you to automatically manage how long data is stored in the log
repositories. The Log Repository Retention Policy template defines the length of time to retain entries in
the Primary Log Repository prior to either removing them from the system or moving them to the
Secondary (Archive) Log Repository. They also define how long entries are retained in the Secondary Log
Repository.
To create a log repository retention policy:
1.
Select File > New > Template. The Select Template Type dialog box displays.
2.
Under Log Management, select Log Repository Retention Policy and click Select. The
Template Properties for the policy displays.
3.
4.
Under the General tab, choose the Execution frequency.
Under the Retention Policy tab, choose your settings. It's recommended to set the Primary
Log Repository to retain no more than 14 days and the Secondary to retain no more than 30
days with an environment of around 40 servers that are being monitored. For larger
environments, consider creating additional databases to handle the data generated.
5.
Under the Advanced tab, enter a number of days for the Retain history for x days. This
sets how long to retain the download history (not the entries). When a download is executed,
the results (e.g. number of entries download, filtered, saved and duration) are saved to the
history database. The history database can be configured in the Database settings.
6.
Click Apply to save changes.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
37
SpectorSoft Server Manager Help
Active Directory Settings
Configure Active Directory connections for the Auto Configurators – and more importantly adding computers
to the system. The Auto Configurators automatically scan for computers connected to Operational Units
(OUs). Once discovered, computers are filtered, added, and then templates and reports are assigned.
For multiple domains, create a connection for each domain's OU and specify the credentials. When the Auto
Configurator runs, the specified credentials are assigned to the newly added computers.
By default Server Manager discovers your Active Directory server; however, if the computer Server
Manager is running is off-domain or you would like to connect to multiple Active Directory Servers you must
configure the connections.
When scanning multiple domains, create a connection for each domain's OU
and specify the appropriate domain administrator credentials. When the Auto
Configurator runs the specified credentials are assigned to all newly added
computers.
To configure the active directory settings:
1.
From the Server Manager Properties, select the Active Directory tab.
2.
Enter the Host.
3.
Enter the Path.
4.
If applicable, enter the authentication credentials for the active directory on specified host.
5.
Click Test Connection to test the settings.
6.
Click Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
38
Setting Up Server Manager Properties
Syslog Server Settings
Server Manager contains both a UDP and TCP Syslog server. These syslog servers can be used to collect,
monitor, and consolidate syslog messages from both computers and devices such as network routers,
firewalls, and Unix, Linux and AS400 servers. By default, when a message is sent from a device, the
receiving Syslog server automatically adds the device's IP or hostname to the Object Explorer. Once added,
the message is saved to the Log Repository.
Use the Syslog Server Settings screen to assign a syslog message consolidation template and optionally
configure that template. Also, select one or both Syslog servers to receive syslog messages.
To configure syslog server settings:
1.
From the Server Manager Properties, select the Syslog Server tab.
2.
Select one of the following:

Save syslog messages from all sources saves incoming Syslog messages from all devices
to the Primary Log Repository. Assign a syslog template from the drop-down menu. You can
modify an existing syslog template or create a new one.

Require explicit Syslog Consolidation template assignment to each device prior to
saving messages: from the Object Explorer, locate the Syslog Consolidation template, rightclick, then select Template Properties. Make your desired template assignments from the
right pane.
3.
To automatically display the Syslog Viewer at startup check Display the Syslog viewer at
startup.
4.
Select one or both syslog server types to receive syslog messages:

Listen for UDP Syslog messages select and modify the UDP Port, if necessary (the default
port is 514). Optionally, enter an IP address to bind.

Listen for TCP Syslog messages select and modify the TCP Port, if necessary (the default
port is 514). Optionally, modify the Idle timeout value (the default value is 120 seconds).
Optionally, select one or more TCP syslog message delimiter types for Server Manager to
read:

CRLF (ASCII 13, ASCII 10) a line break type typically used for Windows OS. One
line terminator.

CR (ASCII 13) a line break type typically used for Mac OS. "CR" is known as
"return."

LF (ASCII 10) - PIX Firewall a line break type typically used for Unix. "LF" is
known as "newline."

5.
Null (ASCII 00) - Netscreen Firewall a line break type typically used for Notepad.
Click Apply.
39
SpectorSoft Server Manager Help
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
40
Setting Up Server Manager Properties
Configure Web Server Publishing Settings
Example: Table of Contents
Example: Grouped Summary grouped by host
Web Server Publishing Settings
Server Manager can automatically publish a table of contents and group summaries to a web server. By
default, this is done once a minute at the top of the minute. Once configured, you can view the current
status of any group, host, or monitor through your Internet browser or handheld device such as an iPhone
or Android.
A Web Server is not included in the Server Manager installation. For more
information on web servers, see IIS or Apache.
To configure web server publishing settings:
1.
From the Server Manager Properties, select the Web Server Publishing tab.
2.
Select Enabled.
3.
Optionally, modify the default file location to write HTML documents.
4.
Choose a display format to group by. Select either Host, Template, or Template Type.
5.
Enter the URL from which to view Server Manager data.
6.
Click Publish Now. Server Manager generates and publishes the data.
7.
Click Apply.
Enter the virtual directory on your web server from which to view Server
Manager data.
41
SpectorSoft Server Manager Help
An example table of contents:
42
Setting Up Server Manager Properties
An example of a grouped summary grouped by host:
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
43
SpectorSoft Server Manager Help
Management Server Settings
The Server Manager Service is controlled by this console through a TCP/IP interface. Configure the port,
bind address, and encryption options.
Once updated, the service must be restarted before the changes can take
effect.
To configure the management server settings:
1.
From the Server Manager Properties, select the Management Server tab.
2.
Enter the TCP Port. The default is 6766.
3.
Enter the Bind address. The default is 0.0.0.0.
4.
Optionally, select to Encrypt packets and enter a private encryption Key.
This is the same key that is used in Service Connections.
5.
Click Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
44
Setting Up Server Manager Properties
Configure HTML and email templates
Assign a custom HTML template to a specific action
Variable Tags
Object Item Sections
Image Variable Tags
Log HTML Templates
HTML and Email Template Settings
When generating HTML files and HTML emails, Server Manager uses HTML templates to generate the
appropriate content. HTML templates are HTML files that define the styles and variable content by using
special tags. For example, when a low free disk space alert is fired, Server Manager loads the appropriate
disk space monitor HTML template, then parses the content and replaces tags such as {FREE_SPACE} with
actual values.
The primary purpose of HTML templates is to enable you to fully customize the styles and content. The
default HTML templates are located in the installation sub-directory, HTMLTemplates. The easiest way to
learn how the HTML templates work is to view them within a text editor. Custom HTML templates must
reside in the program data sub-directory, HTMLTemplates.
The default locations on Server 2008 are:

C:\Program Files\SpectorSoft\Server Manager\HtmlTemplates

C:\ProgramData\CornerBowl\Server Manager\HtmlTemplates
To configure the HTML and email templates:
1.
From the Server Manager Properties, select the HTML and Email Templates tab.
2.
Locate then click the HTML template to override, then click browse (…) button.
3.
Once the Select HTML Template dialog displays, click Open With.
4.
Choose an editing application to open the file.
5.
Use the editor to make any changes, then save the file to another filename. This is important
as changes to the default file will be overwritten the next time you install a new build.
6.
Once you have created your new HTML template file, from the Select HTML Template
dialog, check the Override option, then click the Add (plus sign) button.
7.
Select the file you just created, click Open, and then click OK.
To assign a custom HTML template to a specific action:
45
SpectorSoft Server Manager Help
1.
Create your own custom HTML template as described above; however, do not override the
default HTML template.
2.
Once you have created your custom HTML template, select File > New Action.
3.
From the Create New Action dialog, set the Type to either Email or File.
4.
Fill out the appropriate fields, check the Override default HTML template option then
select the HTML template.
Variable Tags
For a detailed list of the available variable tags see Action Variable Tags.
Object Item Sections
Some functionality, such as Event Log Reports, include arrays of items. These HTML templates include
<ENTRY_ODD> and <ENTRY_EVEN> tags. See Action Variable Tags for a detailed list of available item
variable tags. For free disk space alerts you can define the item variables tags like so:
<ENTRY_ODD>\\{HOST}\{DISK} {FREE} {USED} {CAPACITY}</ENTRY_ODD>
<ENTRY_EVEN>\\{HOST}\{DISK} {FREE} {USED} {CAPACITY}</ENTRY_EVEN>
Image Variable Tags
The following HTML specific image tags are also available:
STATE_IMG
Draws the target object’s state image.
HISTORY_IMG
Draws a server monitor history chart.
DISK_BAR_IMG
Draws a disk utilization horizontal bar image.
DISK_PIE_IMG
Draws a disk utilization pie chart.
DISK_HISTORY_IMG
Draws a disk utilization history chart.
DIRECTORY_BAR_IMG
Draws a directory size horizontal bar image.
DIRECTORY_PIE_IMG
Draws a directory size pie chart.
DIRECTORY_HISTORY_IMG
Draws a directory size history chart.
FILE_COUNT_BAR_IMG
Draws a file count horizontal bar image.
FILE_COUNT_HISTORY_IMG
Draws a file count history chart.
FILE_SIZE_BAR_IMG
Draws a file size horizontal bar image.
FILE_SIZE_HISTORY_IMG
Draws a file size history chart.
To display the object state image define the variable tag like so:
<img src="{STATE_IMG}" border="0" width="16px" height="16px"/>
Log HTML Templates
Some Log HTML templates have the capability of grouping entries by host, host then log, log then host, and
log. To add grouping to your HTML template wrap the <ENTRY_ODD> and <ENTRY_ODD> tags described
above with one or both of the following tags:
46
Setting Up Server Manager Properties
<GROUP_BY_HOST>
<GROUP_BY_LOG>
The type of grouping (host then log, log then host, host, or log) depends on the order you insert the tags.
For example, if you add the following section to an Event Log Report HTML Template, the software will
group by host then log:
<GROUP_BY_HOST><GROUP_BY_LOG>
<div class="hostLogTable" >{GROUP_BY_HOST}\{GROUP_BY_LOG}</div>
<table class="log">
<tr class="hdr"><td>Level</td><td>Computer</td><td>Log</td><td>Date and
Time</td><td>Source</td><td>Event</td></tr>
<ENTRY_ODD>
<tr class="light"><td>{LEVEL}</td><td>{HOST}</td><td>{LOG}</td><td>{DATE}
{TIME}</td><td>{SOURCE}</td><td>{EVENT}</td></tr>
<tr class="light"><td colspan="6" class="msg">{MESSAGE}</td></tr>
</ENTRY_ODD>
<ENTRY_EVEN>
<tr class="dark"><td>{LEVEL}</td><td>{HOST}</td><td>{LOG}</td><td>{DATE}
{TIME}</td><td>{SOURCE}</td><td>{EVENT}</td></tr>
<tr class="dark"><td colspan="6" class="msg">{MESSAGE}</td></tr>
</ENTRY_EVEN>
</table>
</GROUP_BY_LOG></GROUP_BY_HOST>
The styles used are for illustrative purposes only.
The following variable tags are available:
{GROUP_BY_HOST}
Displays the target hostname.
{GROUP_BY_LOG}
Displays the target log.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
47
SpectorSoft Server Manager Help
Configure WMI settings
Troubleshooting WMI issues
WMI Settings
Windows Management Instrumentation (WMI) is used to download remote Event Log entries. Select the
WMI authentication level for packet encryption and enter a packet block size. By default, all entries
downloaded are unencrypted.
To configure WMI settings:
1.
From the Server Manager Properties, select the WMI tab.
2.
Optionally, change the Authentication level from the default unencrypted Packet setting:

Default is set to Packet, which is unencrypted.

None no authentication is performed during the communication between client and server. All
security settings are ignored.

Connect the normal authentication handshake occurs between the client and server, and a
session key is established but that key is never used for communication between the client
and server. All communication after the handshake is insecure.

Call only the headers of the beginning of each call are signed. The rest of the data exchanged
between the client and server is neither signed nor encrypted.

Packet all data passed via WMI is unencrypted.

PacketIntegrity each packet of data is signed in its entirety but is not encrypted. Because
all of the data is signed by the sender, the recipient can be certain that none of the data has
been tampered with during transit.
3.

PacketPrivacy all data passed via WMI is encrypted.

Unchanged authentication remains as it was before.
Optionally, change the block size of the grouped results that WMI will return. The default is
25.
4.
Click Apply.
5.
Optionally, configure WMI Quota settings to prevent Quota Violation Errors.
Troubleshooting WMI issues:
Access Denied
The RPC Server is Unavailable
RELATED TOPICS
48
Setting Up Server Manager Properties
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
49
SpectorSoft Server Manager Help
Configure during registration
Configure with a new HTTP monitor
Enter web proxy server properties
Configuring Web Proxy Server Settings
For security purposes, many organizations require all HTTP/S packets to pass through a web proxy
server. If your organization implements a web proxy server, you can configure Server Manager to forward
all HTTP requests to the proxy server.
You can configure the web proxy server settings when registering your license or creating a new HTTP/S
monitor.
To configure when registering your license:
1.
Select Edit > Server Manager Properties > Licensing tab.
2.
Click Register License. The Register License Key dialog box displays.
3.
Click Configure Web Proxy. The "Web Proxy Server Properties" dialog box displays.
4.
Continue with the "To enter web proxy server properties" procedure below.
To configure when creating a new HTTP monitor:
1.
Select File > New > Template. The Select Template Type dialog displays.
2.
From the menu tree, expand Internet Server Monitors > Web Monitors, and select HTTP/S
Monitor. The "Enter URL" dialog box displays.
3.
Enter the URL to monitor and click OK. The Template Properties dialog box displays.
4.
Select the Monitor tab, then click Configure Web Proxy. The "Web Proxy Server Properties" dialog
box displays.
5.
Continue with the "To enter web proxy server properties" procedure below.
To enter web proxy server properties:
1.
Select the My network requires me to use a proxy server when sending HTTP/S packets check
box.
2.
Specify proxy server’s hostname or IP address and port.
3.
If the proxy server requires you to authenticate, select the Authenticate check box and enter
credentials.
4.
If you are unsure about any of the settings, contact your systems administrator.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
50
Console
Client Server Architecture
Server Manager is implemented using client/server architecture. The server, referred to as the Server
Manager Service, runs as a Windows service and is responsible for all monitor and report execution. The
client, referred to as the Server Manager Console, runs on any Windows supported platform and is
responsible for all configuration and management. The tray icon, also a client, is responsible for desktop
notifications (e.g. message box and sound alerts). You can install the console and tray icon on as many
computers as necessary.
The client/server interface is implemented using TCP port 6766 by default. The TCP interface authenticates
all incoming connections using Windows authentication. Access will only be granted if the user accessing the
service belongs to the Administrator group. For secure environments, the TCP interface can be configured to
encrypt all packets using private keys.
To configure the TCP port and encryption options and settings, see Management Server Settings.
To configure the console or tray icon to connect to a remote service installation, see Service Connections.
51
SpectorSoft Server Manager Help
Server Manager is deployed through a single installer that always installs the
service, console and tray icon. If you only plan to use the console and/or tray
icon, disable the SpectorSoft Server Manager service via the Windows
Service Control Manager.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
52
Console
Search in the Object Explorer
Object Explorer
The Object Explorer is the central navigation view that contains all of Server Manager’s configurable
objects. Use the Object Explorer to create objects, assign objects, update objects, view object detail and
delete objects.
These objects include:
Tree Nodes
Description
Root
Each configured Server Manager connection is added to the root.
Computers,
Devices and
Hosts
Contains all of the managed hosts and their monitors. This includes physical
computers, hardware devices and network addressable applications (e.g. web sites
and SQL Server instances).
Monitors
From within the Computers, Devices and Hosts tree node when viewing a host,
assigned Templates appear under each host. Assigned Templates are referred to as
Monitors. Monitors are a representation of a host-template assignment or the result of
a host group or template group-template assignment.
Templates
Contains monitor definitions.
Reports
Contains informational type monitors (e.g. daily summary email reports and largest
files reports).
Schedules
Contains the frequency to execute monitors, reports and Auto Configurators.
Actions
Contains the actions, alerts, and notifications.
Auto
Configurators
Contains the Auto Configurators.
Filters
Contains Active Directory and log monitoring filters.
To perform a search in the Object Explorer:
1.
Select anywhere within the Object Explorer.
2.
Press CTRL+F. The Find box displays, allowing you to enter your search criteria.
3.
Optionally, select Use regular expressions.
For example, to search for 2 computers you can use the following regular expression:
(server01db|server02db)
53
SpectorSoft Server Manager Help
For more information on Regular expressions, see http://www.regular-expressions.info/reference.html.
4.
Optionally, select Match case.
5.
Enter your desired Search criteria.
6.
Click Find Next.
7.
To repeat the search, click Find Next or press F3.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
54
Console
Disable an object
Batch enable/disable
Enabling and Disabling Objects
When using Server Manager you will likely find times you need to disable a monitor or report. For example,
if you would like to shutdown all monitoring on a particular server while you apply operating system
patches you can disable the host for a pre-determined period of time such as the next 30 minutes. Server
Manager enables you to temporarily or permanently disable hosts, templates, reports and Auto
Configurators.
To disable an object:
1.
From the Object Explorer navigate to the target object (e.g. host group, host or template)
then right click and select Disable.
2.
Once the Enable/Disable Properties dialog loads use the controls to either temporarily or
permanently disable or re-enable the select object.
To batch enable or disable multiple objects:
1.
From the Edit menu item select Batch > Update.
2.
Once the Select Multiple Objects dialog loads check the target objects then click OK.
3.
Once the object specific properties dialog opens use the controls within the dialog to batch
enable or disable the target objects.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
55
SpectorSoft Server Manager Help
Options
The Options dialog box enables you to set user preferences for the Server Manager Console. For example,
automatically displaying the dashboard at startup.
To modify the Server Manager Options:
Select Tools > Options.
The following options are available:


Startup Windows select any of the following to be displayed when a new connection is established:

Dashboard

Service Output

Syslog Viewer

Error Report
WMI Proxying:


Proxy WMI calls through the Server Manager Service
Tray Icon:

Disable the tray icon
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
56
Console
Working with Groups
Example
Create a group
Add objects to a group
Assign templates
Assign Summary Reports
Batch move
Working with Groups
You can group similar or related objects into smaller more manageable groups while also using inheritance.
For example, when assigning a host to a host group, all templates assigned to the host group will be
applied to the new host. Server Manager supports hierarchical grouping as well as multi-assignment.
Example
Let’s say we have 3 servers (coalville, kamas, and marion) of which all provide internal HTTP interfaces on
port 8080. A SQL Server database is hosted on coalville, kamas provides public HTTP interfaces for
www.mycompany.com and www.diskmonitor.com and marion provides SMTP, IMAP and POP3 interfaces for
mail.mycompany.com.
In this example the goal is to ping all physical machines and monitor all HTTP, database, and email
interfaces.
To implement these monitoring requirements:
1.
Create 4 groups: Database Servers, Mail Servers, Physical Servers and Web Servers. Within
the Web Server group I created 2 sub-groups named External and Internal.
2.
Add coalville to the Database Servers group.
3.
Add mail.mycompany.com to the Mail Servers group.
4.
Add coaville, kamas and marion to the Physical Servers group.
5.
Add www.mycompany.com and www.diskmonitor.com to the Web Servers > External group.
6.
Add coaville, kamas and marion to the Web Servers > Internal group.
7.
Create the database, email, ping, external HTTP and internal HTTP templates.
8.
Assign the database template to coalville.
9.
Assign the email templates to mail.mycompany.com.
57
SpectorSoft Server Manager Help
10. Assign the ping template to the Physical Servers group.
11. Assign the public HTTP templates to the External group.
12. Assign the internal HTTP templates to the Internal group. Here is an example of how it
should look:
Assign generic templates (e.g. ping) to groups and host specific templates
(e.g. templates that contain logon as information) directly to the appropriate
host.
To create a group:
1.
From the Object Explorer, navigate to the object collection node (e.g. ‘Computers, Devices
and Hosts’, ‘Templates’ or any user defined groups), right-click then select New Group.
58
Console
2.
From the New Group dialog box, enter the group name, then click OK.
To add objects to a group with drag/drop:
From the Object Explorer select a computer, device, or host object and drag using either mouse
button. When dropped, select one of the following:

Move unassigns the object from the current object and moves it to the target object.

Link links the object to the target object creating a membership to multiple objects.

Cancel cancels the drag and drop operation.
To assign a template to Hosts, Host Groups and Template Groups:
1.
From the Object Explorer navigate to the target template.
2.
Right-click and select Template Properties.
3.
From the Template Properties page, use the Template Assignments combo-boxes to
select the groups you would like to assign the template.
To assign a Summary Report to Hosts, Host Groups and Report Groups:
1.
From the Object Explorer navigate to a summary report, then right-click and select
Properties.
2.
From the Report Properties page, use the Report Assignments combo-boxes to select
the groups you would like to assign the report.
To batch move or assign multiple hosts to another group:
1.
Select Edit > Batch > Assign Hosts to Group. The Select Multiple Computers, Devices and
Hosts dialog box displays.
2.
Select the target hosts and click OK. The Assign Multiple Computers, Devices and Hosts to
Group dialog box displays.
3.
Select Assignment Options.
4.
Select Group Type.
5.
Select Target Group.
6.
Click Assign.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
59
SpectorSoft Server Manager Help
Assign host group to host group
Assign host group to template group
Assign template group to host group
Assign template group to template group
Assigning a Group to a Group
You can move or link groups of hosts and template objects to other groups of hosts or template objects.
To assign a host group to another host group:
1.
2.
In the Object Explorer, expand the Computers, Devices and Hosts.
Right-click on the host group that you want to assign to, and select Assign > Group. The
Assign Group to (x) Group dialog box displays.
3.
4.
Under Group Type, ensure Host is selected.
Under the Select Host Group drop-down box, select the Host group that you want to
assign.
5.
Click Assign. The group is now moved under the group from step 2.
To assign a host group to a template group:
1.
2.
In the Object Explorer, expand the Computers, Devices and Hosts.
Right-click on the host group that you want to assign to, and select Assign > Group. The
Assign Group to (x) Group dialog box displays.
3.
Under Group Type, select Template.
4.
Under Assignment Options, select whether to Link or Move the group.
5.
Under the Select Template Group drop-down box, select the Template group that you
want to assign.
6.
Click Assign. The group is now assigned under the group from step 2.
To assign a template group to a host group:
1.
2.
In the Object Explorer, expand the Templates object.
Right-click on the template group that you want to assign to, and select Assign > Group.
The Assign Group to (x) Templates Group dialog box displays.
3.
Under Group Type, select Host.
4.
Under Assignment Options, select whether to Link or Move the group.
5.
Under the Select Host Group drop-down box, select the Host group that you want to
assign.
60
Console
6.
Click Assign. The group is now assigned under the group from step 2.
To assign a template group to another template group:
1.
In the Object Explorer, expand the Templates object.
2.
Right-click on the template group that you want to assign to, and select Assign > Group.
The Assign Group to (x) Templates Group dialog box displays.
3.
4.
Under Group Type, select Template.
Under the Select Template Group drop-down box, select the Template group that you
want to assign.
5.
Click Assign. The group is now assigned under the group from step 2.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
61
Service
Service Connections
Server Manager is implemented using client/server architecture and deployed through a single installer that
always installs the service, console, and tray icon.
If you are only using the console and/or tray icon, you can disable the
SpectorSoft Server Manager service via the Windows Service Control Panel.
The License Key is required to be entered ONLY where the service is
installed.
To configure the console and tray icon to connect to a remote service installation:
1.
Install Server Manager on a computer that you want to connect from.
2.
Then from that installation's console, select File > New > Server Manager Connection.
3.
Specify the following in the Connect to Service dialog box for connecting to the remote
service location:

Connection name enter a unique name for this connection.

Server name enter the network addressable hostname or IP address where the service is
installed.

TCP Port enter the TCP port that you connect through. The default is port 6766.
Ensure that applicable firewall(s) are configured to allow the outgoing traffic
on port 6766.

Username, Password, and Domain enter credentials, if configured. If left blank, the
Windows login credentials are used. If the service is installed on another domain or within a
workgroup, specify administrator credentials that reside on the target domain or server.

Optionally, select to Encrypt packets and then enter the private encryption Key that you
configured on the Server Manager Properties - Management Server Settings page.
4.
Click Test to verify settings, and then click Connect and Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
62
Service
Tail the service log in the Console
View the entire service log
Open the service log file using Notepad
Viewing the Service Log
The Server Manager Service logs errors, triggers, general activity, and verbose output to a text log file
called cbsmsrv.log. You can view the log file from the console or from a text editor to verify activity or
troubleshoot the system.
To tail the service log in the Console:
Select View > Service Output.
To view the entire service log:
Select Service > View Service Log.
To open the service log file using Notepad:
1.
From the computer the service is installed, open Notepad.
2.
Select File > Open.
3.
Open the applicable file:

Server 2012/2008/8/7/Vista C:\programdata\cornerbowl\server
manager\cbsmsrv.log

Server 2003/XP C:\documents and settings\all users\application
data\cornerbowl\server manager\cbsmsrv.log
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
63
SpectorSoft Server Manager Help
Run service in verbose mode
Return service to normal mode
Running the Service in Verbose Mode
The Server Manager Service logs errors, triggers, and general activity to a text log file called cbsmsrv.log. If
you are not receiving the results you expect and have already reviewed the service log file you may be able
to gain insight by temporarily running the service in verbose mode. When run in verbose mode, the service
logs additional debug messages enabling you to identify executing functions (e.g. executing monitors and
schedule updates).
To run the service in verbose mode:
1.
From the computer the service is installed, open the Console.
2.
Select Service > Stop.
3.
Allow a moment for the service to stop, then select Service > Start Verbose.
To return the service to normal mode:
1.
Select Service > Stop.
2.
Allow a moment for the service to stop, then select Service > Start.
If the computer that the Server Manager Service is installed on is rebooted,
the service will restart normally.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
64
Clear Alert Icon
Open Server Manager
Disable/Enable Tray Icon
Receive Desktop Notifications
Restart Tray Icon
Close Tray Icon
View Message Box Alert
Tray Icon
The Server Manager Tray Icon is client application that enables your Windows desktop to display system
status, receive desktop notifications (e.g. message box alerts, sound alerts and optionally interactive file
execution) and launch the Server Manager Console.
The tray icon can be installed on any Windows computer then configured to connect to the Server Manager
Service (multiple if necessary). Once connected, your desktop is ready to display the system status,
message box alerts and play sound alerts.
The tray icon displays the following system status icons:
Icon
Description
The tray icon has connected to the service and there are no triggers.
The tray icon has connected to the service and there is at least one warning
trigger.
The tray icon has connected to the service and there is at least one critical
trigger.
There is at least one network related error.
To receive desktop notifications:
See Desktop Actions, Alerts and Notifications
To open Server Manager from the tray:
Double-click the tray icon or right-click and select Open SpectorSoft Server Manager Console.
65
SpectorSoft Server Manager Help
If the tray icon is displaying a trigger or error icon, the console will open the
last triggered monitor.
To clear the alert icon:
From the tray icon, right click and select Clear Tray Alert.
To view the message box alert history:
From the tray icon, right click and select View Message Box Alert History.
To temporarily close the tray icon:
From the Tools menu item select Close Tray Icon or from the tray icon right click and select Exit.
Desktop actions will no longer fire.
To restart the tray icon:
From the Tools menu item select Start Tray Icon.
To permanently disable or re-enable the tray icon:
1.
From the Tools menu item select Options.
2.
From the User Preferences tab check the option to disable or un-check to re-enable.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
66
Computers, Devices and Hosts
Adding Computers, Devices and Hosts
Computers, devices (e.g. switches and routers), and hosts (e.g. www.mycompany.com,
mail.mycompany.com) can be added to Server Manager the following ways:

Typing the identifier

Browsing your Windows network

Browsing your Active Directory tree

Directly mapping a computer, device, or host

Selecting the local computer

Importing a list of computers, devices and hosts from a text or CSV file.
To add a computer, device, or host:
1.
From the Object Explorer, select the target host group.
If a target host group is not selected, new hosts will be added to the root.
2.
Select File > New > Computer, Device or Host. The "Add Computers, Devices and Hosts"
dialog box displays.
3.
Enter the identifier. For example, IP address (10.1.0.100) or domain
(mail.mycompany.com).
-ORFrom the drop-down, choose a method to select multiple hosts:

Browse Network - Search for computers on your Windows network. This method is
similar to viewing your network within Windows Explorer.

Browse Active Directory - When logged onto a domain, this method allows you to
scan and search your Active Directory tree. Make your selection(s) and click OK.

Map a Computer, Device or Host - Add a computer that requires logon as credentials
or cannot be discovered within the Windows network.

4.
Select Localhost - Select the local computer.
Click OK.
RELATED TOPICS
67
SpectorSoft Server Manager Help
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
68
Computers, Devices and Hosts
Add a new computer
Add logon as credentials
Map Computer, Device or Host dialog
Assigning Logon As Credentials
When managing Windows servers or workstations in multi-domain or non-domain environments users are
often prompted with ‘Access Denied’ errors. An ‘Access Denied’ error occurs when the account the service
is running under or the account the user is logged in as does not have the required access permissions to
execute WMI functions (e.g. downloading Event Logs or monitoring CPU load) or discover administrator disk
shares (e.g. c$, d$ and e$).
To add a new computer and assign logon as credentials:
1.
Select File > New > Computer, Device or Host.
2.
From the Choose a method to select hosts combo box select Map Computer, Device or Host.
3.
Once the Map Computer, Device or Host dialog loads see the instructions below.
To update or add logon as credentials to an already existing computer:
1.
From the Object Explorer, navigate to the target computer, right-click then select
Properties.
2.
Once the Map Computer, Device or Host dialog box displays see the instructions below.
Using the Map Computer, Device or Host dialog:
From the Map Computer, Device or Host dialog specify the addressable hostname or IP address,
Windows username, password and domain that enables you to access the remote computer. If accessing an
off-domain server or workstation either clear the domain combo-box or specify the remote computer name.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
69
SpectorSoft Server Manager Help
Batch Assigning Logon As Credentials
When accessing multiple Windows servers on another domain you will likely need to periodically update the
logon as credentials.
It is only necessary to assign credentials when accessing computers on
another domain or within a workgroup.
To batch assign logon as credentials:
1.
Select Edit > Batch > Assign Logon As Credentials.
2.
Once the Select Multiple Computers, Devices and Hosts dialog loads check the target
computers or click Search to scan the tree for specific computer names or computers that
match specific Active Directory computer properties (e.g. operatingSystem contains
‘Server’). When you have finished selecting the target computers, click OK.
3.
Once the Computer, Device and Host Properties dialog loads from the Logon As tab
specify the logon as credentials. To set credentials for a single computer contained in the list
select the target computer from the Host combo-box found at the top of the dialog then
specify the logon as credentials.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
70
Computers, Devices and Hosts
Copying Assignments
You can copy all of the assigned templates of a computer, device, or host to another.
To copy assigned templates from a computer, device, or host to another:
1.
From the Object Explorer, right-click on a computer, device, or host and select Copy
Assignments to. The Select the Target Computer, Device or Host dialog box displays.
2.
Click the drop-down arrow
and choose the target Computer, Device, or Host.
-OREnter the name of the Computer, Device, or Host.
-ORClick the Add
icon, and enter the Hostname or IP Address.
3.
To edit the name, click the Edit
4.
To clear the field and re-select, click the Clear
5.
To delete the host from Server Manager, click the Delete
6.
Click OK.
icon.
icon.
icon.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
71
SpectorSoft Server Manager Help
Importing a Disk List
If you have a list of disks or shares in a spreadsheet, CSV (comma separated values), or text file, you can
import your list into Server Manager. When imported disk monitor templates are created and assigned to
each computer, you have the option of creating a single template per computer or a template for each disk
or share listed in your file.
If you have a list of computers, devices and/or hosts you would like to import
see Importing a Host List.
To import a disk list:
1.
Select File > Import > Disk List.
2.
Follow the instructions found within the wizard.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
72
Computers, Devices and Hosts
Importing a Host List
If you have a list of computers, devices and/or hosts in a spreadsheet, CSV (comma separated values) or
text file you can import your list into Server Manager. When imported, you have the option of assigning
logon as credentials, host groups, template groups, templates, report groups, and reports.
If you have a list of disks or shares you would like to import see Importing a
Disk List.
To import a host list:
1.
Select File > Import > Host List.
2.
Follow the instructions in the wizard.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
73
SpectorSoft Server Manager Help
Mapping Computers, Devices and Hosts
When managing Windows servers or workstations in multi-domain or non-domain environments, DNS may
not be able to resolve some computers names. This scenario may result in either "The RPC server is
Unavailable" or "The network path was not found" errors.
Also, the "Access Denied" error occurs when the account the service is running under or the account the
user is logged in as does not have the required access permissions to execute WMI functions or discover
administrator disk shares (e.g. c$, d$ and e$).
Finally, some server names are complex or uninformative (e.g. SRV0001UT). Mapping hosts enables you to
create your own alias for either a hostname or IP address. With the example SRV0001UT, you could assign
an alias such as "UTAH Database Server." Once assigned, all displays of SRV0001UT within the Object
Explorer and properties pages are replaced with the alias.
To map a host:
1.
2.
Select File > New > Computer, Device or Host.
From the combo box select Map Computer, Device or Host. The Map Computer, Device or
Host dialog box displays.
3.
Specify the addressable hostname or IP address, Windows username, password and domain
that enables you to access the remote computer. If accessing an off-domain server or
workstation either clear the domain combo-box or specify the remote computer name.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
74
Computers, Devices and Hosts
Modifying Computer, Device and Host Properties
Assign logon as credentials, enable or disable monitors, configure WMI quotas, or configure SNMP
connectivity.
To modify a computer, device or host’s properties:
1.
From the Object Explorer select the target host or host group then right-click and select
Host Properties.
-orSelect Edit > Batch > Update Computers, Devices and Hosts. The "Select Multiple
Computers, Devices and Hosts" dialog box displays.
2.
Check the target hosts and click OK. The "Host Properties" dialog box displays.
3.
Select a tab:
4.

Logon As assign logon as credentials or provide a hostname or IP address alias.

Enable/Disable enable or disable the host.

WMI increase the WMI quota settings.

SNMP configure Simple Network Management Protocol (SNMP) connectivity.
Click Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
75
SpectorSoft Server Manager Help
Searching for Computers, Devices and Hosts
Run a key word search for computers on your network and/or use an Active Directory filter.
The dialog box is accessible when adding, updating, or deleting Computer, Devices or Hosts:

File > New > Computer, Device or Host. Select Browse Network and click Search.

Edit > Batch > Update/Delete Computers, Devices or Hosts. Make your selections and click
Search.
To search for Computers, Devices and Hosts:
1.
2.
In the Search for Computers, Devices and Hosts dialog box, specify your search criteria.
Optionally, create and/or assign an Active Directory computer property filter, which
enables you to search your AD tree and filter each discovered computer for specific criteria.
For example, only pass computers that have the word ‘Server’ embedded in the
‘operatingSystem’ property.
3.
Optionally, select a Computer type: Servers, Domain Controllers, SQL Servers, or
Workstations.
4.
Optionally, select Search in sub-folders.
5.
Click Search.
6.
From the search results, select one or more computers and click Select Computers. The
"Computer, Device and Host Properties" dialog box displays.
7.
Make your selections to the Computer, Device and Host Properties.
8.
Click Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
76
Computers, Devices and Hosts
Selecting Multiple Computers, Devices and Hosts
Server Manager allows you to re-configure and delete multiple hosts at the same time. For example,
resetting logon as credentials, setting WMI quotas, or assigning templates.
To select multiple computers, devices and hosts:
1.
To update multiple hosts, select Edit > Batch > Update Computers, Devices or Hosts.
and make selections in the Computer, Device and Host Properties dialog box.
2.
To assign a template, template group, report or report group to multiple hosts, from the
Object Explorer, right-click on the object to assign then select Assign Computer, Device
or Host.
3.
4.
To delete multiple hosts, select Edit > Batch > Delete Computers, Devices or Hosts.
From the Select Multiple Computers, Devices and Hosts dialog box, select from a list of
configured hosts.
5.
6.
Perform your desired function:

To search then automatically check hosts, click Search.

To add a new host, click Add.

To select multiple hosts, check each host then click OK.

To select a single host, double-click the host.
Click Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
77
SpectorSoft Server Manager Help
View the Registry Explorer
Modify a registry key
Create a new registry key
Delete a registry key
Search for a registry key
Working with the Registry Explorer
The Registry Explorer allows you to view, modify, create, delete, and search remote registry keys and
values.
To view the Registry Explorer:
From the Object Explorer, right-click on a computer and select Registry Explorer. Navigate in the Registry
Explorer tree to locate the desired registry key(s).
You can sort by columns in the registry table area by dragging a column
header to the top of the table.
To modify a registry key or value:
1.
2.
Open the Registry Explorer for a selected computer.
From the Registry Explorer tree, select the desired registry key folder to modify. The key(s)
display in the table area to the right.
3.
Right-click on the desired registry key and select Properties and then make your desired
changes.
To create a new registry key or value:
1.
Open the Registry Explorer for a selected computer.
2.
From the Registry Explorer tree, select the desired registry key folder to add to.
3.
In the table area, right-click and select New and one of the following registry types: String
Value, Expandable String Value, Multi-String-Value, DWORD Value, QWORD Value, or Binary
Value.
4.
Enter the applicable values for the registry key.
To delete a registry key:
1.
2.
Open the Registry Explorer for a selected computer.
From the Registry Explorer tree, locate and select the desired registry key folder or key to
remove.
3.
Right-click and select Delete.
To search for a registry key:
78
Computers, Devices and Hosts
1.
2.
Open the Registry Explorer for a selected computer.
From the Registry Explorer tree, right-click and select Find or use the Hot key CTRL+F. The
Find dialog box displays.
3.
Enter your search criteria and/or make the appropriate Search and Options selections.
4.
Click Find Next.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
79
Templates
Templates
A template is defined as a configuration object that defines properties for an executable function that is
assigned to one or more hosts, host groups, template groups and summary reports. For example, a Ping
template that defines the failure rate prior to triggering or an HTTP template that sends an email alert when
any assigned website is down.
Server Manager includes several pre-installed templates that are initially assigned to the localhost. The preinstalled templates can be modified and re-assigned as necessary.
From within the Object Explorer, templates can be dragged and dropped to targeted hosts, host groups and
template groups. When dropped, you have the option to move or link the template. Linking a template
retains previous assignments, while moving a template removes previous assignments.
Create templates and then assign them to one or more hosts, host groups, template groups and summary
reports.
To create and assign a template:
This is a general procedure for creating and assigning a new Template; not
all options are available on all templates.
1.
Select File > New > Template. The Select Template Type dialog box displays.
2.
Select a template type and click Select. The Template Properties dialog box displays.
Unlicensed template types appear in gray text.
3.
Configure the Template Properties.
4.
Assign target hosts, host groups, and template groups.
5.
Click Apply to save changes.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
80
Templates
Adding Templates
To create and assign a template:
This is a general procedure for creating and assigning a new Template; not
all options are available on all templates.
1.
Select File > New > Template. The Select Template Type dialog box displays.
2.
Select a template type and click Select. The Template Properties dialog box displays.
Unlicensed template types appear in gray text.
3.
Configure the Template Properties.
4.
Assign target hosts, host groups, and template groups.
5.
Click Apply to save changes.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
81
SpectorSoft Server Manager Help
Template Properties
The Template Properties page allows you view and modify templates and assignments.
The procedure below discusses the most commonly used template properties,
not all of them.
To modify template properties:
1.
From the Object Explorer, select the target template then right-click and select
Properties. -OR-
2.
Select Edit > Batch > Update Templates. Once the Select Multiple Templates dialog
box displays, check the target templates then click OK.
3.
In the General tab, make your desired changes:

Name The appropriate name of the object.

Description A user description of the object.

Enabled Enables scheduled and real-time execution.

Temporarily disable this object Temporarily disables the scheduled template and
terminates real-time execution. Optionally, you can set it to automatically re-enable
after a period of time.

Execution frequency The scheduled frequency to execute the template.

Host Assignment The assigned hosts.

Host Group Assignment The assigned host groups. Assigns all hosts linked to the
host group or child host group.

Template Group Assignment The assigned template groups. Assigns all hosts linked
to the template group or child template group.
4.

In the Advanced tab, make your desired changes:
Retain History The number of days to retain the monitor execution history and
monitor data such as ping response time and consumed disk space.
This setting does not apply to log entry data.
82
Templates

Automatically open all monitors at startup The console automatically opens the
monitor’s detail view when the console connects to the service. A maximum of 20
monitor detail windows will open during startup.
5.
Click Apply to save changes.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
83
SpectorSoft Server Manager Help
Selecting a Template Type
When adding a new template you are prompted to select a template type (e.g. Ping Monitor, CPU Monitor or
Event Log Consolidation). If you would like to create a template that is not currently licensed, please
contact SpectorSoft and upgrade your license.
Unlicensed template types appear in gray text in the Console.
The following template types are available:
84
Type
Description
Licensing
Event Log Backup
Backup, archive, compress, encrypt
and sign Event Log files (.evt and
.evtx files).
Log Manager
Event Log Consolidation
Download, consolidate, filter and alert
on Windows Event Log entries.
Log Manager
Event Log Monitor
Real-Time monitor mission critical
Event Logs for specific entries.
Log Manager
File Size Monitor
Monitor a file for maximum size.
Log Manager
Idle File Monitor
Monitor application text log files for
inactivity.
Log Manager
Syslog Backup
Backup, archive, compress, encrypt
and sign consolidated syslog entries.
Log Manager
Syslog Consolidation
Consolidate syslog messages.
Log Manager
Syslog Monitor
Monitor syslog messages for specific
entries.
Log Manager
Text Log Backup
Backup, archive, compress, encrypt
and sign text log files.
Log Manager
Text Log Consolidation
Consolidate application text log files.
Log Manager
Text Log Monitor
Monitor application text log files for
specific entries.
Log Manager
Defragment Disks
Schedule the service to remote
execute disk defragmentation.
Disk Monitor
Delete Temporary Files
Delete old temporary files.
Disk Monitor
Directory Cleaner
Delete old files.
Disk Monitor
Templates
Directory Size Monitor
Monitor a directory's size.
Disk Monitor
Directory Watcher
Monitor, log and trigger alerts when a
directory or file is created, modified,
renamed or deleted.
Disk Monitor
Disk Space Monitor
Monitor free disk space.
Disk Monitor
File Count Monitor
Monitor the number of files a directory
contains.
Disk Monitor
SMART Status Monitor
Monitor SMART Predictive Failure
status.
Disk Monitor
Active Directory Monitor
Verify your Active Directory is up and
running.
Internet Server Monitor
CPU Monitor
Monitor CPU load over time.
Internet Server Monitor
Create Process
Schedule a process or batch file to
run.
Internet Server Monitor
DNS Monitor
Check the availability of a DNS server
and the accuracy of a record.
Internet Server Monitor
Domain Expiration
Check a domain's expiration date.
Internet Server Monitor
FTP Monitor
Verify the availability of an FTP
server.
Internet Server Monitor
HTTP/S Monitor
Verify a website is available and
returning the expected content.
Internet Server Monitor
IMAP Monitor
Verify the availability of an IMAP email
server.
Internet Server Monitor
Memory Monitor
Monitor memory load over time.
Internet Server Monitor
MySQL Monitor
Verify a MySQL database is available
and able to execute a select
statement.
Internet Server Monitor
ODBC Monitor
Verify an ODBC database is available
and able to execute a select
statement.
Internet Server Monitor
Oracle Monitor
Verify an Oracle database is available
and able to execute a select
statement.
Internet Server Monitor
Ping Monitor
Use ICMP to ping a remote host.
Internet Server Monitor
POP3 Monitor
Verify the availability of a POP3 email
server.
Internet Server Monitor
Process Monitor
Monitor a process.
Internet Server Monitor
SMTP Monitor
Verify an SMTP email server is
available and able to send email.
Internet Server Monitor
SNMP Get Monitor
Monitor SNMP variables.
Internet Server Monitor
SQL Server Monitor
Verify a SQL Server database is
Internet Server Monitor
85
SpectorSoft Server Manager Help
available and able to execute a select
statement.
SSL Certificate Expiration
Check an SSL certificate's expiration
date.
Internet Server Monitor
TCP Port Monitor
Verify a TCP port is accepting
connections and optionally returning a
packet.
Internet Server Monitor
Throughput Monitor
Uploads and downloads a file to an
FTP server then calculates and saves
the throughput information.
Internet Server Monitor
Windows Service Monitor
Verify a Windows Service is either
running or stopped.
Internet Server Monitor
Once the Template Properties dialog loads, use the controls to configure the properties and assign target
hosts, host groups and template groups.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
86
Templates
Modify multiple Templates
Assign multiple Templates
Working with Multiple Templates
You can update or delete multiple templates of the same type at the same time. For example, assign a
different schedule or trigger action.
To modify multiple templates of the same type:
1.
Select Edit > Batch > Update Templates. The Select Multiple Templates dialog box
displays.
2.
Locate and select the desired template type:

Filter by configured template types Click the drop-down arrow and choose a
template.

3.
Add To add a new template.
To select a single template, double-click the template.
4.
To delete the selected template(s), click Delete.
5.
Click OK.
6.
If updating templates, update the Template Properties.
To assign multiple templates to a host or host group:
1.
From the Object Explorer, right-click on the target host or host group then select Assign
Template.
2.
Locate and select the desired template type:

Filter by configured template types Click the drop-down arrow and choose a
template.

3.
Add To add a new template.
Click OK.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
87
Reports
Create a new report
Batch update reports
Reports
A report is defined as a configuration object that defines properties for an executable function that
optionally targets multiple hosts. For example:


a weekly Event Log Error report that returns all error events from all production servers, and
a Duplicate Files report that scans directories on 3 different servers.
There are several types of reports; however, here are 3 of the more popular reports:

Event Log Security Reports enable you to quickly monitor and audit user and account activity. For
example, Account Management, Failed Logons, and Success Logons.

Disk Monitor Reports enable you to quickly get a handle on information such as production server
disk space utilization and user access. For example, Graphical Disk Space Utilization Over Time, File
and Directory Access Permissions Detail or Summary, and the Top 100 Largest Files.

Summary Reports enable you to target specific production servers and monitors of interest.
To create a new Report:
1.
Select File > New > Report. -ORFrom the Object Explorer, right-click on Reports and select New Report.
2.
Once the Select Report Type dialog box displays, select the report type and then click
Select.
Unlicensed report types appear in gray text.
3.
Once the Report Properties dialog loads, use the controls to configure the
properties.
To batch update existing Reports:
Select Edit > Batch > Update Reports.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
88
Reports
Report Properties
View and modify reports and, when applicable, assignments.
To view or edit a Report:
1.
From the Object Explorer, select the target report then right-click and select Properties. ORSelect Edit > Batch > Update Reports. Once the Select Multiple Reports dialog box
displays, check the target reports then click OK.
2.
In the General tab, make your desired changes:

Name The appropriate name of the object.

Description A user description of the object.

Enabled Enables scheduled and real-time execution.

Temporarily disable this object Temporarily disables the scheduled report and
terminates real-time execution. Optionally, you can set it to automatically re-enable
after a period of time.

Execution frequency The scheduled frequency to execute the report.

Retain history for...days The number of days to retain the report execution history.
Monitor data is not saved to the history database.

Automatically open at startup The console automatically opens the report when the
console connects to the service.
3.
Click Apply to save changes.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
89
SpectorSoft Server Manager Help
Update or delete multiple reports
Select multiple reports
Selecting Multiple Reports
Server Managerprovides you with the ability to quickly re-configure and delete multiple reports at the same
time (e.g. assign a different schedule or complete action).
To update or delete multiple reports
Select Edit > Batch > Update Reports
Using the Select Multiple Reports dialog
The Select Multiple Reports dialog enables you to select from a list of configured reports. The dialog
includes a report type filter, an Add button and a Delete button.

To filter by report type, select the type from the Filter combo box

To add a new report, select the target group then click Add.

To delete a report, check each report then click Delete.

To select multiple reports, check each report then click OK.

To select a single report, double-click the report.
If updating reports, the Report Properties dialog will load.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
90
Reports
Report Types
Selecting a Report Type
When adding a new report you are prompted to select a template type (e.g. Failed Logons or Largest
Files).
The following report types are available:
Type
Description
Licensing
Summary
Displays details for a list of monitors.
None Required
Event Log
Scans consolidated Event Logs for entries of
interest.
Log Manager
Failed Logons
Scans consolidated Security Event Logs for
failed logon attempts.
Log Manager
Success Logons
Scans consolidated Security Event Logs for
successful Logons.
Log Manager
Logon Sessions
Scans consolidated Security Event Logs for
logon sessions.
Log Manager
Account Lockout
Scans consolidated Security Event Logs for
locked out user accounts.
Log Manager
Account Management
Scans consolidated Security Event Logs for
Account Management audit events.
Log Manager
New Accounts
Scans consolidated Security Event Logs for
new user accounts.
Log Manager
Object Access
Scans consolidated Security Event Log entries
for object access events.
Log Manager
Syslog
Scans consolidated Syslogs for entries of
interest.
Log Manager
Text Log
Scans consolidated text logs for entries of
interest.
Log Manager
File and Directory Access
Permission
Scans a single or multiple directories and/or
files for user/account and group access
permissions (e.g. read, write) and returns
summary or item detail.
Disk Monitor
Duplicate Files
Scans a single or multiple directories and
returns a list of duplicates files.
Disk Monitor
Largest Files
Scans a single or multiple directories and
returns a list of the largest files.
Disk Monitor
91
SpectorSoft Server Manager Help
Recently Accessed Files
Scans a single or multiple directories and
returns a list of the most active or recently
accessed files.
Disk Monitor
Least Accessed Files
Scans a single or multiple directories and
returns a list of in-active, idle or the least
accessed files.
Disk Monitor
Once the Report Properties dialog box displays, use the controls to configure the properties.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
92
Reports
Summary Reports
A Summary Report enables you to assign a single or set of templates, then target specific hosts or vice
versa. Summary reports by default display the last known monitor results. For example, receive a daily
email that includes disk utilization, CPU load and memory load information from multiple servers.
To create a summary report:
1.
2.
Select File > New > Report.
Once the Select Report Type dialog displays select Summary then click Select. The
Reports dialog box displays.
3.
Configure the General tab:
See the example image below:
a.
Enter a Name and Description.
b.
Under Execution frequency, select a schedule to execute the report.
c.
Use the Retain history for x days controls to configure the number of days you would like Server
Manager to retain history.
4.
The Templates tab enables you to assign a single template or template groups to the
report. Once assigned, all computers, devices and hosts that are assigned to the template are included.
93
SpectorSoft Server Manager Help
See the example image below:
If you assign a template but do not assign any hosts, all hosts assigned to
the template will be included.
5.
The Template Options page enables you to either use the cached monitor results or
execute each monitor. Some templates include options. Use the Templates combo-box to
select the options to apply. Please note template options are only used when the report is
grouped by template or template type. See the example image below:
94
Reports
6.
The Actions tab enables you to assign the actions such as Email or HTML files to
generate. See the example image below:
a.
To limit report content to triggered monitors, check Only show triggered, failed and errored
monitors.
b.
To hide off-line computers, check Hide off-line or inaccessible computers.
c.
Use the Group by combo-box to group monitors by host, template or template type. When grouped
by template or template type some monitors produce monitor specific data columns and/or graphical
images (i.e. disk space, directory size, file count, etc.).
7.
Under Report Assignments, choose the Hosts, Host Groups, or Report Groups. See the
example image below:
95
SpectorSoft Server Manager Help
If you assign a host but do not assign any templates, all templates assigned
to the host will be included.
Click Apply to save changes.
8.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
96
Reports
Disk Monitor Reports
Display report
Schedule a report
Action Variable Tags
File and Directory Access Permissions Reports
File and Directory Access Permissions Reports are comprised of a list of directories, files, users, and
assigned permissions (e.g. read, write, delete). You have the option to scan a single directory or multiple
directories contained on the same or multiple computers. Scans can optionally recursively scan all subdirectories. When recursively scanned the report can optionally show detail for each file or summarize by
concatenating permissions. The report can optionally validate users against the domain’s Active
Directory. Users not validated are removed from the report.
When run on-demand within the console, once complete, you can filter by directory and user, print the
report, export the report to a file, and re-run with different options.
To display a report:
1.
From the Object Explorer navigate to the target computer and find the assigned disk or directory
monitor template. If one does not exist, first create and assign a new Disk Space Monitor template.
2.
Right-click on the assigned template and select Explore.
3.
Once the monitor detail loads select the Explorer tab.
4.
From the Explorer tab select the target disk, share or directory then right click and select File and
Directory Access Permissions Report.
To schedule a report:
1.
Select File > New > Report.
2.
Once the Select Report Type dialog loads expand the Disk Monitor tree node then select File and
Directory Access Permissions.
Action Variable Tags:
Supports General Variable Tags.
The following header tags are available:
PATH
The full path to the target directory.
PATH_FILTER
When saved from an on-demand report, the path filter.
USER_FILTER
When saved from an on-demand report, the user filter.
The following item tags are available:
PATH
The full path to the target sub-directory.
97
SpectorSoft Server Manager Help
ACCESS_FLAGS
The access flags (e.g. ObjectInherit, ContainerInherit, Inherited).
ACCESS_TYPES
The access types (e.g. Allowed or Denied)
PERMISSIONS
The permissions (e.g. Read, Write, Delete)
USER
The user name.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {ACCESS_FLAGS}, {ACCESS_TYPES}, {PERMISSIONS}, {USER}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
98
Reports
Display report
Schedule a report
Action Variable Tags
Duplicate Files Reports
Duplicate Files Reports list all files that have the same name, and/or are the same size, and/or have the
same modified date. You have the option to scan a single directory or multiple directories contained on the
same or multiple computers. All scans are recursive.
To display a Duplicate Files Report:
1.
From the Object Explorer navigate to the target computer and find the assigned disk or
directory monitor template. If one does not exist, first create and assign a new Disk Space
Monitor template.
2.
Right click on the assigned template and select Explore.
3.
Once the monitor detail loads select the Explorer tab.
4.
From the Explorer tab select the target disk, share or directory then right click and select
Duplicate Files Report.
To schedule a Duplicate Files Report:
1.
2.
Select File > New > Report.
Once the Select Report Type dialog loads expand the Disk Monitor tree node then select
Duplicate Files.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
PATH
The full path to the target directory.
The following item tags are available:
NAME
The target filename.
FILENAME
FULLNAME
The full path to the target file.
PATH
The path to the target file.
99
SpectorSoft Server Manager Help
FILE_COUNT
The number of duplicate files.
SIZE
The size of the duplicate files.
DATE
The last modified date.
TIME
The last modified time.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {FILENAME}, {FILE_COUNT}, {SIZE}, {DATE}, {TIME}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
100
Reports
Display report
Schedule a report
Action Variable Tags
Largest Files Reports
Largest Files Reports list the largest files on a disk within a directory structure. You have the option to scan
a single directory or multiple directories contained on the same or multiple computers. All scans are
recursive.
To display a Largest Files Report:
1.
From the Object Explorer navigate to the target computer and find the assigned disk or directory
monitor template. If one does not exist, first create and assign a new Disk Space Monitor template.
2.
Right-click on the assigned template and select Explore.
3.
Once the monitor detail loads, select the Explorer tab.
4.
From the Explorer tab, select the target disk, share, or directory.
5.
Right-click and select Largest Files Report.
To schedule a report:
1.
Select File > New > Report.
2.
Once the Select Report Type dialog loads expand the Disk Monitor tree node then select Duplicate
Files.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
PATH
The full path to the target directory.
The following item tags are available:
NAME
The target filename.
FILENAME
FULLNAME
The full path to the target file.
PATH
The path to the target file.
SIZE
The size of the file.
DATE
The last modified date.
TIME
The last modified time.
For example:
101
SpectorSoft Server Manager Help
{NAME}
{PATH}
<ITEM>{PATH}, {FILENAME}, {SIZE}, {DATE}, {TIME}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
102
Reports
Display report
Schedule a report
Action Variable Tags
Recently Accessed Files Reports
Recently Accessed Files Reports list recently accessed files. Although not required by Windows applications,
some applications update a file’s last accessed time value whenever the application opens a file. This report
scans a directory and sorts all files descending by last accessed time. The top results are displayed. When
run on-demand within the console, you can print the report, export the report to a file and re-run with
different options.
You can scan a single directory or multiple directories contained on the same or multiple computers. All
scans are recursive.
To display a Recently Accessed Files Report:
1.
From the Object Explorer navigate to the target computer and find the assigned disk or directory
monitor template. If one does not exist, first create and assign a new Disk Space Monitor template.
2.
Right click on the assigned template and select Explore.
3.
Once the monitor detail loads select the Explorer tab.
4.
From the Explorer tab select the target disk, share or directory then right click and select Recently
Accessed Files Report.
To schedule a Recently Accessed Files Report:
1.
Select File > New > Report.
2.
Once the Select Report Type dialog loads expand the Disk Monitor tree node then select Recently
Accessed Files.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
PATH
The full path to the target directory.
The following item tags are available:
NAME
The target filename.
FILENAME
FULLNAME
The full path to the target file.
PATH
The path to the target file.
SIZE
The size of the file.
103
SpectorSoft Server Manager Help
DATE
The last accessed date.
TIME
The last accessed time.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {FILENAME}, {SIZE}, {DATE}, {TIME}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
104
Reports
Display report
Schedule a report
Action Variable Tags
Least Accessed Files Reports
Least Accessed Files Reports list files that have not been recently accessed. Although not required by
Windows applications, some applications update a file’s last accessed time value whenever the application
opens a file. This report scans a directory and sorts all files ascending by last accessed time. The top results
are displayed. When run on-demand within the console, you can print the report, export the report to a file
and re-run with different options.
You can scan a single directory or multiple directories contained on the same or multiple computers. All
scans are recursive.
To display a Least Accessed Files Report:
From the Object Explorer navigate to the target computer and find the assigned disk or
1.
directory monitor template. If one does not exist, first create and assign a new Disk Space
Monitor template.
2.
Right click on the assigned template and select Explore.
3.
Once the monitor detail loads select the Explorer tab.
From the Explorer tab select the target disk, share or directory then right click and select
4.
Least Accessed Files Report.
To schedule a Least Accessed Files Report:
Select File > New > Report.
1.
Once the Select Report Type dialog loads expand the Disk Monitor tree node then select
2.
Least Accessed Files.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
PATH
The full path to the target directory.
The following item tags are available:
NAME
The target filename.
FILENAME
105
SpectorSoft Server Manager Help
FULLNAME
The full path to the target file.
PATH
The path to the target file.
SIZE
The size of the file.
DATE
The last accessed date.
TIME
The last accessed time.
For example:
{NAME}
{PATH}
<ITEM>{PATH}, {FILENAME}, {SIZE}, {DATE}, {TIME}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
106
Reports
File Extension Reports
File Extension Reports list the present extensions, total size and file count. Once complete you can drill
down into a directory structure to see to which sub-directory file types of interest reside, print the report
and export to a file.
To display a File Extension report:
1.
From the Object Explorer navigate to the target computer and find the assigned disk or
directory monitor template. If one does not exist, first create and assign a new Disk Space
Monitor template.
2.
Right-click on the assigned template and select Explore.
3.
Once the monitor detail loads select the Explorer tab.
4.
From the Explorer tab select the target disk, share, or directory then right-click and select
File Extension Report.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
107
SpectorSoft Server Manager Help
Display report
Schedule deletion of Temporary Files
Temporary Files Reports
Temporary Files Reports list all System and User temporary directories on any target Windows
computer. The total size, file count, and sub-directory count is totaled and listed. Once complete, you can
drill down into sub-directories to view the details within each temporary directory, delete temporary
directory contents including files and sub-directories directly from within the report, print the report and
export the report to a file.
You can also configure the service to automatically delete all temporary files not locked and, optionally,
older than a number of days.
To display a Temporary Files Report:
From the Object Explorer navigate to the target computer right-click and select Temporary Files
Report.
To schedule the deletion of temporary files:
1.
2.
Select File > New > Template.
Once the Select Template Type dialog loads, expand the Disk Monitors tree node, then
select Delete Temporary Files.
3.
Once the Template Properties dialog box displays, configure the properties, assign target
hosts, host groups and template groups.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
108
Reports
Log Monitor Reports
Event Log Reports
Event Log reports scan the consolidated Event Logs for entries of interest then typically email or save
results to a file. For example, you can create a daily server error report that contains all error entries for
the last week from all servers on your network.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
A distinct comma separated list of the target log names.
FILTER
A comma separated list of applied filters.
AD_USER
When firing an email report, the tag is replaced with the Active Directory assigned
email address for the user listed within the USER column of the entry. If multiple
entries pass the post consolidation filter the first entry that contains a non-null value
within the USER column is used for the lookup.
USER
When firing an email report, the email address can be changed to the contents of the
USER column within the entry. If multiple entries pass the filter the first entry that
contains a non-null value within the USER column is used for the replacement. If the
USER column contains a domain name, the domain name is removed.
For example:
If the Event Log entry USER column contains:
LITTLEWATER\jdoe
and the email address within the email action is defined as:
{USER}@spectorsoft.com
the actual email address used is:
[email protected]
The following item tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the
actual hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
109
SpectorSoft Server Manager Help
TIME
The time the entry was generated.
LOG
The log name (e.g. System).
LEVEL
The Event Log entry level (e.g. Warning or Critical).
NOTE: When forwarding entries the to a Syslog server/device the entry level is
mapped to an appropriate Syslog priority.
SOURCE
The entry source.
EVENT
The entry event ID.
CATEGORY
The entry category.
USER
The entry user.
MESSAGE
The entry message.
DATA
The entry data in hexadecimal format.
DATA_ASCII
The entry data in ASCII format.
DATA_UNICODE
The entry data in Unicode format.
FLAG
The user set flag (e.g. Flagged, Complete)
COUNT
When a report is configured to hide duplicates or display a count of similar
entries, the count of entries.
For example:
{NAME}
{HOST}
{LOG}
<ITEM>{DATE}, {TIME}, {HOST}, {LOG}, {LEVEL}, {MESSAGE}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
110
Reports
Security Event Log Reports
Security Event Log Reports
Server Manager includes several Windows Event Log Security reports that enable you to quickly monitor
and audit user and account activity. These reports are used for auditing requirements, such as PCI DSS,
HIPAA, etc.

Failed Logons

Success Logons

Logon Sessions

Account Lockout

Account Management

New Accounts

Object Access Reports
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
111
SpectorSoft Server Manager Help
Failed Logons Reports
Windows writes many different Event Log entries related to logon failures. Some of these events are specific
to OS versions while others span multiple versions. Logon events embed important information within the
message portion of the entry that enable system administrators to track down malicious activity.
Server Manager parses these messages and places the results into data tables. The result enables Server
Manager to:

Create summary reports that list the number of times users attempt to logon to a domain or a
computer

Summarize different event ID messages into a single view.

Detail all similar events into a single table.
Select up to 7 different report types within a single report:
Report Type Name
Description
Account logon failure summary
Parses and summarizes account logon events 672, 675 and 680.
Account logon failure (672)
Parses and displays all 672 event message parameters. The
'Result Code' is replaced with the Kerberos description per RFC
1510.
Account logon failure (675)
Parses and displays all 675 event message parameters. The
'Result Code' is replaced with the Kerberos description per RFC
1510.
Account logon failure (680)
Parses and displays all 680 event message parameters. The NTLM
'Error Code' is replaced with a short description.
Logon failure summary
Parses and summarizes logon events 529, 530, 531, 532, 533,
534, 535, 539 and 4625.
Logon failure (2000/XP/2003)
Parses and displays all 529, 530, 531, 532, 533, 534, 535 and
539 event message parameters. The 'Logon Type' is replaced with
a short description.
Logon failure (Vista/2008)
Parses and displays all 4625 event message parameters. The
'Logon Type' is replaced with a short description. The NTLM 'Sub
Status' is replaced with a short description.
To manually run a failed logon report:
1.
From the Log Repository view, check the Security Event Logs to run the report against, rightclick and select Reports | Failed Logons.
2.
Follow the instructions within the wizard.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
112
Reports
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
The target log name.
DATE_ RANGE
The target date range of the report.
NOTE: Failed Logon Reports do not support item variable tag replacement.
For example:
{DATE} {TIME}
{NAME}
{HOST}
{LOG}
{DATE_RANGE}
<ITEM></ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
113
SpectorSoft Server Manager Help
Run a Success Logon Report
Create a Report
Action Variable Tags
Success Logons Reports
Windows writes many different Event Log entries related to logons. Some of these events are specific to OS
versions while others span multiple versions. Logon events embed important information within the
message portion of the entry that enable system administrators to track down activity.
Server Manager parses these messages and places the results into data tables. The result enables Server
Manager to:

Create summary reports that list the number of times a user logs into a domain or a computer.

Summarize different event ID messages into a single view.

Detail all similar events into a single table.
Select up to 11 different report types within a single report:
Report Type Name
Description
Supported OS
Domain Logon Summary
Parses and summarizes Domain
Logon events 672 and 4768.
Server 2008/2003
Domain Logon 672
Parses domain logon event 672.
Server 2003
Domain Logon 4768
Parses domain logon event
4768.
Server 2008
Logon Summary
Parses and summarizes logon
events 528, 540 and 4624.
Server 2008/2003
Logon 528
Parses successful logon event
528.
Server 2003
Logoff 538
Parses logoff event 538.
Server 2003
Logon 540
Parses successful network logon
event 540.
Server 2003
Logoff 551
Parses user initiated logoff
event 551.
Server 2003
Logon 4624
Parses successful logon event
4624.
Server 2008
Logoff 4634
Parses logoff event 4634.
Server 2008
Logoff 4647
Parses user initiated logoff
Server 2008
114
Reports
event 4647.
To run a success logon report:
1.
From the Log Repository view, check the Security Event Logs to run the report against,
right-click and select Reports | Successful Logons.
2.
Follow the instructions within the wizard.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
LOG
The target log name.
DATE_ RANGE
The target date range of the report.
Success Logon Reports do not support item variable tag replacement.
EXAMPLE
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
115
SpectorSoft Server Manager Help
Logon Sessions Reports
Windows writes many different Event Log entries related to logons. Some of these events are specific to OS
versions while others span multiple versions. Logon events embed important information within the
message portion of the entry that enable system administrators to track down activity.
Server Manager parses these messages and places the results into data tables. The result enables Server
Manager to:

Create summary reports that list the number of times a user logs into a domain or a computer

Summarize different event ID messages into a single view.

Detail all similar events into a single table.
Select up to 11 different report types within a single report:
Report Type Name
Description
Supported OS
Domain Logon Summary
Parses and summarizes Domain
Logon events 672 and 4768.
Server 2008/2003
Domain Logon 672
Parses domain logon event 672.
Server 2003
Domain Logon 4768
Parses domain logon event
4768.
Server 2008
Logon Summary
Parses and summarizes logon
events 528, 540 and 4624.
Server 2008/2003
Logon 528
Parses successful logon event
528.
Server 2003
Logoff 538
Parses logoff event 538.
Server 2003
Logon 540
Parses successful network logon
event 540.
Server 2003
Logoff 551
Parses user initiated logoff
event 551.
Server 2003
Logon 4624
Parses successful logon event
4624.
Server 2008
Logoff 4634
Parses logoff event 4634.
Server 2008
Logoff 4647
Parses user initiated logoff
event 4647.
Server 2008
To manually run a success logon report:
1.
From the Log Repository view, check the Security Event Logs to run the report against,
right click and select Reports | Successful Logons.
116
Reports
2.
Follow the instructions within the wizard.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
The target log name.
DATE_ RANGE
The target date range of the report.
The following item tags are available:
HOST
The host the entry was generated from.
USER
The user that logged in.
DOMAIN
The domain the user logged into.
LOGON_TYPE
The type of logon (e.g. Interactive or Network)
CALLER_HOST
The hostname of the computer the user logged in from.
CALLER_IP
The IP address of the computer the user logged in from.
PROCESS_NAME
The process that logged in.
LOGON_DATE_TIME
The date and time the user logged in.
LOGOFF_DATE_TIME
The date and time the user logged off.
DURATION
The duration of the session.
For example:
{NAME}
{DATE_RANGE}
<ITEM>{HOST}, {DOMAIN}\{USER}, {LOGON_DATE_TIME}, {DURATION}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
117
SpectorSoft Server Manager Help
Account Lockout Reports
Use Server Manager to generate on-demand or scheduled account lockout reports. The report engine
queries consolidated Security Event Logs for account lockout events and returns a list of locked out
accounts along with lockout history summary information.
To manually run an account lockout report:
1.
From the Log Repository view, check the Security Event Logs to run the report against, right click and
select Reports | Account Lockouts.
2.
Follow the instructions within the wizard.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
The target log name.
DATE_ RANGE
The target date range of the report.
The following item tags are available:
DATE
The date the entry was generated.
TIME
The time the entry was generated.
HOST
The host the Event Log entry was generated from.
USER
The user account that was locked.
LOCKED
X for locked otherwise empty.
LOCK_DATE_TIME
The date and time the user account was locked.
CALLER_HOST
The host the user attempted to logon from.
UNLOCK_DATE_TIME
The last date and time the user account was unlocked.
UNLOCKED_BY
The administrator’s username that last unlocked the user account.
LOCK_COUNT
The total number of times the user account has been locked out.
UNLOCK_COUNT
The total number of times the user account has been unlocked.
For example:
{NAME}
118
Reports
{DATE_RANGE}
<ITEM>{DATE}, {TIME}, {HOST}, {USER}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
119
SpectorSoft Server Manager Help
Account Management Reports
Many regulatory agencies require account management reports for compliance purposes. As you are
probably already aware, Windows writes many different Event Log entries related to account management.
Some of these events are specific to OS versions while others span multiple versions. Account management
events embed important information within the message portion of the entry that enables systems
administrators to track down activity. Server Manager parses these messages then places the results into a
list.
Account management reports enable you to limit results to a subset of users that you define or are listed in
your domain’s Active Directory tree.
To manually run an Account Management report:
1.
From the Log Repository view, check the Security Event Logs to run the report against,
right click and select Reports | Account Management.
2.
Follow the instructions within the wizard.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
The target log name.
DATE_ RANGE
The target date range of the report.
The following item tags are available:
DATE
The date the entry was generated.
TIME
The time the entry was generated.
HOST
The host the entry was generated from.
USER
The user or group that was updated.
DOMAIN
The updated user’s domain.
CALLER_USER
The administrator’s username that updated the user or group.
CALLER_DOMAIN
The administrator’s domain that updated the user or group.
CALLER_HOST
The host the user or group was updated from.
EVENT
The entry’s ID.
120
Reports
DESCRIPTION
The entry’s parsed description.
For example:
{NAME}
{DATE_RANGE}
<ITEM>{DATE}, {TIME}, {HOST}, {DOMAIN}\{USER}, {DESCRIPTION}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
121
SpectorSoft Server Manager Help
New Accounts Reports
Use Server Manager to generate on-demand or scheduled new user account reports. The report engine
queries consolidated Security Event Logs for new user account events and summarizes for easy review.
To manually run a new user account report:
1.
From the Log Repository view, check the Security Event Logs to run the report against,
right-click and select Reports | New User Accounts.
2.
Follow the instructions within the wizard.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
The target log name.
DATE_ RANGE
The target date range of the report.
The following item tags are available:
DATE
The date the entry was generated.
TIME
The time the entry was generated.
HOST
The host the entry was generated from.
USER
The user or group that was updated.
DOMAIN
The new user or group’s domain.
CALLER_USER
The administrator’s username that created the user account or group.
CALLER_DOMAIN
The administrator’s domain that created the user account or group.
For example:
{NAME}
{DATE_RANGE}
<ITEM>{DATE}, {TIME}, {HOST}, {USER}, {DOMAIN}</ITEM>
RELATED TOPICS
122
Reports
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
123
SpectorSoft Server Manager Help
Step 1: Configure Windows Server or Workstation
Step 2: Configure and Assign Template
Step 3: Create an Object Access Report
Action Variable Tags
Object Access Reports
Use Object Access Reports to view user access to files, directories and registry data. For example, receive
a daily email report of users that accessed a specific directory. This report uses data previously
downloaded to the Primary Log Repository or other explicitly assigned log repository. An Event Log
Consolidation and Monitoring Template must be assigned to each targeted computer.
Supports Windows Server 2012, 2008 R2 and 2008.
Server 2003 is not supported.
There are 3 steps to create an Object Access Report:



Configure servers and /or workstations for Object Access Auditing
Configure and assign an Event Log Consolidation and Monitoring Template
Create an Object Access Report
Step 1: Configure the Windows Server or Workstation:
124
Reports
1.
Turn on Object Access Auditing on your Windows Server or Workstation.
2.
Configure the Auditing Settings based on your company policy.
Please see the following Microsoft TechNet articles for detailed information:

Server 2012: Scenario: File Access Auditing

Server 2008 R2: Managing Security Auditing
Step 2: Configure and assign an Event Log Consolidation and Monitoring Template:
Each computer you would like to report on must be configured to download and consolidate the Security
Event Log entries. Server Manager includes a sample template called 'Event Log Consolidation and
Monitoring' that has been pre-configured to download Security Event Log entries once an hour. Once
assigned to each target computer, Server Manager will automatically download and consolidate the Security
Event Log entries every hour.
1.
Locate and double-click the sample template: Object Explorer > Templates > Sample
Templates > Event Log Consolidation and Monitoring Template. The template
properties for Event Log Consolidation and Monitoring template displays.
125
SpectorSoft Server Manager Help
2.
On the General tab:

Set the Execution frequency for how often you want the object to run.
On the Logs tab:
3.

Servers/Workstations, optionally, select a server or workstation.
If a computer is selected, Server Manager displays the discovered logs. If no
computer is selected, the default server logs are displayed: Application,
System, Security, Directory Service, DNS Server and File Replication Service.

On the Event Logs tab, select Security. You can also select other settings of your
choosing. For this example, we selected Application, Security, and System.

4.
Microsoft Application Logs, optionally, select from these logs.
On the Consolidation and Monitoring tab, optionally, assign and configure a
Consolidation Filter and Post Consolidation Filters and Actions to limit the entries.
5.
On the Advanced tab, optionally, create an action to occur when the log completes.
6.
Under the Template Assignments area, assign one or more Hosts.
7.
Click Close to save the changes and close the view.
Step 3: Create an Object Access Report
126
Reports
1.
2.
Select File > New > Report. The Select Report Type dialog box displays.
Select Log Monitors > Event Logs > Object Access report. The Reports properties
display.
3.
On the General tab:

Enter a Name for the report.

Set the Execution frequency for how often you want the report to run.
4.
On the Logs tab, optionally, add Explicitly Assigned Consolidated Logs.
5.
On the Options tab:

Select Summarize to group similar events. When summarized, an extra column is
added that displays the count of entries.

Use the Group by drop-down to select the column to group by.

Assign a Filter to limit the entries in the report.
6.
On the Date and Time Range tab select the date range to include within the report.
7.
On the Filter Users/Accounts tab configure to include or exclude specific users.
8.
On the Actions tab assign an email or file output action.
9.
Under the Report Assignments area, assign one or more Hosts or report groups.
127
SpectorSoft Server Manager Help
10.
Click OK to save the changes and close the dialog.
11.
To view the report within the Console, right-click the Event Log Consolidation and
Monitoring template you assigned in Step 2 then select Execute Now. When executed Server
Manager will download the latest Security Event Log entries from the assigned computers. Finally,
right-click the report you just created and select View Report.
Action Variable Tags
The following header variable tags are available:
DATE
The date the report was generated.
TIME
The time the report was generated.
LOCALHOST
The host name of the computer the software is installed.
MESSAGE
A detailed message.
NAME
The report name.
OBJECT_TYPE
The type of report.
HOST
The target host names.
TEXT: comma delimited
HTML: line feed delimited (<br />)
128
Reports
IPv4
The target IPv4 addresses.
TEXT: comma delimited
HTML: line feed delimited (<br />)
IPv6
The target IPv6 addresses.
TEXT: comma delimited
HTML: line feed delimited (<br />)
LOG
The target log name.
DATE_RANGE
The time span to check (e.g. daily).
STATE_IMG
The object state image (e.g. OK, Warning, Critical, Error).
Applies to HTML output only.
The following entry item variable tags are available for text-based actions only (HTML is not supported):
DATE
The date the entry was generated.
TIME
The time the entry was generated.
USER
The username of the account that triggered the event.
DOMAIN
The user's domain.
OBJECT_NAME
The directory, file or registry data.
PROCESS_NAME
The full path to executable.
ACCESS_FLAGS
The access type (e.g. Read, Write, Delete).
For example:
{USER}
<ITEM>{DATE}, {TIME}, {OBJECT_NAME}, {PROCESS_NAME}, {DOMAIN}, {ACCESS_FLAGS}</ITEM>
129
SpectorSoft Server Manager Help
Syslog Reports
Syslog reports scan the consolidated Syslogs for entries of interest then typically email or save results to a
file. For example, you can create a daily hardware device error report that contains all error entries for the
last week from all hardware devices on your network.
To create a report:
1.
Select File > New > Report.
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
The log name (e.g. Syslog).
FILTER
A comma separated list of applied filters.
The following item tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the
actual hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
TIME
The time the entry was generated.
LOG
The log name (e.g. Syslog).
PRIORITY
The Syslog priority (e.g. Warning or Critical).
NOTE: When forwarding entries the to an Event Log the priority is mapped to an
appropriate Event Log level.
FACILITY
The Syslog facility (e.g. Local1, Kernal, etc.)
MESSAGE
The entry message.
FLAG
The user set flag (e.g. Flagged, Complete)
COUNT
When a report is configured to hide duplicates or display a count of similar
entries, the count of entries.
130
Reports
For example:
{NAME}
{HOST}
{LOG}
<ITEM>{DATE}, {TIME}, {HOST}, {PRIORITY}, {FACILITY}, {MESSAGE}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
131
SpectorSoft Server Manager Help
Text Log Reports
Text Log reports scan the consolidated text logs for entries of interest then typically email or save results to
a file. For example, you can create a daily application error report that contains all error entries for the last
week from multiple applications on your network.
To create a report:
1.
Select File > New > Report
2.
Follow the instructions within the wizard.
Action Variable Tags
Supports General Variable Tags.
The following header tags are available:
LOG
A comma separated list of the target path and filenames.
FILTER
A comma separated list of applied filters.
The following item tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the
actual hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was consolidated.
TIME
The time the entry was consolidated.
LOG
The path and filename.
FILENAME
The target filename.
PATH
The target log’s path.
MESSAGE
The entry message.
FLAG
The user set flag (e.g. Flagged, Complete)
COUNT
When a report is configured to hide duplicates or display a count of similar
entries, the count of entries.
For example:
132
Reports
{NAME}
{HOST}
{LOG}
<ITEM>{DATE}, {TIME}, {HOST}, {MESSAGE}</ITEM>
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
133
Monitor Hierarchy
Depending on the state of the directly assigned monitors, hierarchy rules enable you to suppress child
group trigger and/or recovery actions.
To configure the monitor hierarchy:
1.
From the Object Explorer, right-click on Monitor Hierarchy and select New Group.
2.
Enter a Name for the group.
3.
Optionally, select Suppress child group monitor trigger actions...
4.
Optionally, select Suppress child group monitor recovery actions...
5.
Click OK.
6.
From the Object Explorer, drag and drop single monitors you would like to disable alerting
for when ALL of the parent monitors fail. If any one parent is OK (For example,
www.spectorsoft.com or www.microsoft.com) the child monitors will still trigger alerts.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
134
Schedules
Load Balancing and Range Scheduling
Schedule Types Defined
Add a schedule
Modify a schedule
Configure a schedule
Delete a schedule
Schedules
A schedule is defined as an assignable configuration object that defines the frequency to execute a function
(e.g. daily at 6:00 AM or every 5 minutes). Templates, reports and Auto Configurators all require schedule
assignment.
During the installation a number of sample schedules are created. You have the option of using these
schedules, modifying them or if prefer removing all of them and defining your own.
Load Balancing and Range Scheduling
Imagine a mid-size environment with 100 servers. Your task is to consolidate Event Log entries to a SQL
Server database while also monitoring uptime. If you configure Server Manager to download daily at 2:00
AM and each server contains 3 logs of interest, at 2:00 AM Server Manager will create 300 threads and
commence downloading of the Event Log entries. Understandably the consolidation database will more than
likely bottleneck and timeout while attempting to commit the Security Event Log entries.
To alleviate the pressure on the consolidation database as well as the server hosting Server Manager,
Server Manager includes range scheduling, a very powerful function to evenly distribute download, monitor
and report execution over time. You can enable range scheduling by setting a schedule’s type to Range.
Schedule Types Defined
Fixed
Defines a specific time to execute (e.g. every hour at 30 minutes past the
hour). Supports, seconds, minutes, hourly, daily, weekly and monthly.
Range
Defines a range of available times which to execute (e.g. at any time but at minimum
once an hour).
Example: 3 HTTP monitors www.mycompany.com, www.diskmonitor.com and
www.networkeventviewer.com with a schedule of once every 15 minutes would result in
the following monitor executions:
www.mycompany.com:
Executing at 0:00, 0:15, 0:30 and 0:45
135
SpectorSoft Server Manager Help
www.diskmonitor.com:
Executing at 0:05, 0:20, 0:35 and 0:50
www.networkeventviewer.com:
Executing at 0:10, 0:25, 0:40 and 0:55
Supports minutes, hourly, daily and weekly. Seconds and monthly frequencies are not
supported.
To add a new schedule:
1.
Select File > New > Schedule.
2.
Once the Schedule Properties dialog loads see instructions below.
To modify an existing schedule:
1.
From the Object Explorer, navigate to the schedule then right-click and select Properties.
2.
Once the Schedule Properties page loads see instructions below.
To configure a schedule:
1.
The Schedule Properties page enables you to set the schedule type, frequency and apply
maintenance windows or other days or time ranges to exclude from the schedule.
2.
3.
From the Type combo-box select the schedule type: Fixed or Range.
From the Frequency combo-box select the frequency. Depending on the type of frequency
selected, different configuration controls will be provided. Set the control values as
appropriate.
4.
When applicable to the schedule type and frequency use the Day of Week and Time of Day
Exclusions controls to add maintenance windows as well as any other days or time ranges
you want to exclude from the schedule.
5.
When you have finished configuring the schedule, you have the option of applying an autogenerating name based on the schedule you have just configured (e.g. Every 4 hours). To
auto-generate a name click the Generate button.
To delete a schedule:
From the Object Explorer navigate to the target schedule then right-click and select Delete.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
136
Schedules
Add a range exclusion
Modify a range exclusion
Configuring Day and Time Exclusions
When configuring execution schedules some frequency types support day and time exclusions (e.g. execute
every hour excluding Sunday between 2 AM and 4 AM). Day and time exclusions enable you to configure
maintenance windows into the software.
Using day and time exclusions you can also create multiple monitors for each shift operator (e.g. create a
ping monitor for 12 AM – 12 PM which emails system administrator A then create a ping monitor for 12 PM 12 AM which emails system administrator B).
To add a day or time range exclusion:
1.
From the Object Explorer navigate to the target schedule then right click and select Properties.
2.
From the Schedule properties page any frequency that supports exclusion periods will include a list
control titled Day of Week and Time of Day Exclusions.
3.
Click Add.
4.
From the Exclusion Period dialog select the day of week or time ranges to exclude.
To edit, delete, or clear existing day and time range exclusions:
1.
From the Object Explorer navigate to the target schedule then right click and select Properties.
2.
From the Schedule properties page any frequency that supports exclusion periods will include a list
control titled Day of Week and Time of Day Exclusions.
3.
Click Edit, Delete and/or Clear to achieve the desired results.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
137
Filters
Filters
Logs typically contain thousands of entries. Use Filters to remove/limit the entries and/or computers from
real-time and consolidated log views, monitors, and reports.
You can perform advanced filtering searches through consolidated logs to locate log entries of interest or
remove unwanted entries. Both simple and complex regular expression filters are offered. Selectively flag
and add notes to log entries of interest.
To create a filter:
1.
From the File menu item select New > Filter.
2.
Once the Create New Filter dialog displays, choose the type of filter to create
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
138
Filters
Adding Filters
To create a filter:
1.
From the File menu item select New > Filter.
2.
Once the Create New Filter dialog displays, choose the type of filter to create:
Type
Description
Active Directory
A complex computer property filter that can be applied to recursive Active Directory
scans to target or exclude computers. For example, the filter ‘operatingSystem
contains server’ would return all servers.
Event Log Simple
A simple Event Log entry filter. For example, the filter ‘Event ID = 100-200’ would
return all entries with an Event ID value between 100 and 200.
Event Log
Complex
A complex Event Log entry filter that provides criteria grouping, nesting and AND, OR
and NOT rules.
Event Log
Account
Management
A Security Event Log filter that targets account management entries. Designed for
PCI compliance.
Event Log Failed
Logon
A Security Event Log filter that targets failed logon entries on both 2008 and 2003
servers. Designed for PCI compliance.
Event Log
Success Logon
A Security Event Log filter that targets success logon entries on both 2008 and 2003
servers. Designed for PCI compliance.
Syslog
A complex syslog entry filter that provides criteria grouping, nesting and AND, OR
and NOT rules.
Text Log
A complex application or text log filter that provides criteria grouping, nesting and
AND, OR and NOT rules.
CSV
A complex filter for comma separated value files (CSV) that provides decimal value
monitoring, criteria grouping, nesting and AND, OR and NOT rules. For example ‘cfs
> 3000’ would return all entries who’s cubic feet per second column value is greater
than 3000.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
139
SpectorSoft Server Manager Help
Filtering Entries from the Log Viewer
Assign a filter to limit the log entries displayed.
To filter entries from the log viewer:
1.
2.
From the Object Explorer expand the Log Repository node then navigate to the log.
Right-click on the log and select View Consolidated Log Entries. The Select Display Filters
dialog box displays.
a.
Choose the desired Level(s) to display.
b.
Choose a Filter from the drop-down menu.
c.
Select a date range.
3.
Once the log viewer loads, you can filter entries further:
a.
Locate and select one or more entries in the list, then right-click and select Filter Selected Entries.
Make your desired selections. Once applied, the new filter is accessible from the tool bar within the log
window.
b.
From the tool bar, you can:

Add a note

Search for particular expressions in the log entries

Use the icons to add/remove entry criteria

Use the drop-down filter selector to display particular entries

Apply tags to entries

Export, print, or email displayed results
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
140
Filters
Importing and Exporting Filters
In mulit-service installation environments you may find it quite useful to copy a set of filters from one
installation to another. Although the Console enables you to copy and paste individual filters between
connected services you can also export a set of filters that can be later imported to another inaccessible
installation of Server Manager or posted online for support or optimization.
To export filters:
1.
2.
From the Object Explorer, expand the Filters tree.
Select the filter group tree or filter to export, right-click then select Export. The Save As
dialog displays.
3.
Choose the location and filename to save the filters. The filters are saved with a DAT
extension. This is a binary format which can only be read by the Console.
The name of the output file is independent of the group or filter names.
To import filters:
1.
From the Object Explorer, expand the Filters tree.
141
SpectorSoft Server Manager Help
2.
Select the group to import the filters under. If no group is selected the filters are imported
under the Filters node.
3.
Select File > Import > Filters.
4.
Locate and select the DAT file that contains the group or filter(s).
5.
Click Open.
6.
If the filter(s) already exist, you will be prompted to either "Overwrite existing filters" or to
"Rename conflicting new filters."
If you choose to rename, the imported groups or filters will appear within the active area
(whatever sub-folder you have selected) under the Filters tree with a number in parentheses.
If you choose to overwrite, the imported groups or filters will simply be overwritten wherever
142
Filters
they occur within the Filters tree.
7.
Click OK to finish the filter import.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
143
Actions, Alerts and Notifications
Actions, Alerts and Notifications
Actions, alerts and notifications are executed when:

A monitor is triggered, recovers, and in some cases is complete (e.g. Delete Temporary Files and
Create Process monitors)

A report is complete or has errors

An Auto Configurator is complete or errors
The following actions are available:
Database
When monitoring log entries, writes each filtered log entry to a user defined
database table. Please note error and recovery alerts are not supported.
Email
Sends a simple text message or a detailed HTML message. Both text messages
and HTML messages can be customized using Actions Tags or by creating your
own HTML Templates.
Event Log
Writes a custom entry to the Event Log of your choice.
When monitoring log entries, writes each filtered log entry.
The Event Log Source field supports the following Action Variable Tags: {HOST},
{IPv4}, {IPv6}
File
Saves results to file.
When monitoring log entries, writes each filtered log entry.
Supports: CSV, EVT, HTML and TXT.
Manage a Process
Restarts, stops or starts a Windows process.
The arguments field supports the following Action Variable Tags: {HOST},
{IPv4}, {IPv6}, {MESSAGE}
When monitoring log entries, to start a process for each log entry, include one of
the following tags within the arguments field: {HOST}, {IPv4}, {IPv6},
{MESSAGE}. These fields are replaced with the appropriate values within each
entry prior to the process being started.
Manage a Service
Restarts, stops or starts a Windows Service.
Message Box
Displays a message box on any computer that has the Server Manager Tray Icon
installed.
144
Actions, Alerts and Notifications
Requires TCP port 6766.
For more information see Desktop Actions.
SMS (Pager)
Sends a text message using one of several web SMS online gateway services.
SNMP Trap
Sends a SNMP trap via Microsoft’s SNMP Service.
Sound
Plays a sound on any computer that has the Server Manager Tray Icon installed.
Requires TCP port 6766.
For more information see Desktop Actions.
Syslog Message
Writes a message to any syslog server.
When monitoring log entries, writes each filtered log entry.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
145
SpectorSoft Server Manager Help
Desktop Actions, Alerts and Notifications
Desktop actions are defined as actions that are executed within a user’s Windows desktop (e.g. message
box alerts, sound alerts and optionally interactive file execution).
Server Manager enables you to receive desktop notifications from any Windows computer that has network
access to the Server Manager Service.
To configure desktop notifications:
1.
From the target computer, install Server Manager.
2.
Once installed, select File > New Server Manager Connection.
3.
Once the Connect to Service dialog loads, specify a connection name.
4.
From the Server name text box, enter the routable hostname or IP address the service is
installed.
5.
Specify credentials that provide administrator access to the server the service is installed.
6.
Click Connect.
7.
Once connected, from the Object Explorer navigate to the target desktop action then rightclick and select Properties or create a new action.
8.
From the Action Properties page locate the Target list box and command buttons. Click
Add Computer.
9.
Once the Add Computers, Devices and Hosts dialog loads, from the combo-box select
Localhost then click OK.
10. From the Action Properties page click Apply or OK to save your changes.
11. Click Test. You should now see the test message box or hear the sound alert on the target
computer as well as all other computers assigned to the action. If the connection fails due to
a network error, be sure to open TCP port 6766 on your organization’s firewall.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
146
Actions, Alerts and Notifications
Auto Configurator Tags
Defrag Monitor Item
Directory Cleaner Monitor Item
Directory Size Monitor Item
Directory Watcher
Disk Size Summary Report Item
Disk Space Monitor Item
Entry Not Found Alert
Event Log Alerts
Event Log Consolidation
File Consolidation
File Count Monitor Item
File Size Monitor Item
General Monitor Item Tags
General Variable Tags
Idle File Monitor Item
Ping Monitor
SMART Monitor Item
Text Log Consolidation
Action Variable Tags
Action variable tags are used to insert variable values when firing actions, generating reports, and exporting
logs. When necessary, each tag is parsed out and replaced with the appropriate value. The available
variable tags depend on the current functionality that is running.
General Variable Tags
HOST
The target host names.
TEXT: comma delimited
HTML: line feed delimited (<br />)
IPv4
The target IPv4 addresses.
TEXT: comma delimited
HTML: line feed delimited (<br />)
147
SpectorSoft Server Manager Help
IPv6
The target IPv6 addresses.
TEXT: comma delimited
HTML: line feed delimited (<br />)
DATE
The current date.
TIME
The current time.
LOCALHOST
The host name of the machine the software is installed.
NAME
The object’s name.
TEMPLATE
The name of the template when applicable.
OBJECT_TYPE
Auto Configurator: Auto Configurator.
Monitor: The type of template.
Report: The type of report.
SHORT_MESSAGE
A short descriptive message.
MESSAGE
A detailed message.
STATE
The object state (e.g. OK, Warning, Critical, Error).
Auto Configurator Tags
DURATION
The total time it takes an object to execute.
PATH
The Active Directory path.
STS
A list of all informational messages.
ERR
A list of all error messages.
Ping Monitor
DISK
The name of the target disk (e.g. c$)
NET_NAME
ROUND_TRIP_TIME
The ping response time.
Some functionality, such as disk space alerts, include arrays of items. When firing text based actions, such
as Text Email (verses HTML Email) or Message Box alerts, customize item content by wrapping the target
action variable tags within <ITEM> </ITEM> tags. For example, when firing a free disk space alert you can
define the item variables to display like so:
<ITEM>\\{HOST}\{DISK} {FREE} {USED} {CAPACITY}</ITEM>
General Monitor Item Tags
HOST
The target host name.
IPv4
The target Ipv4 address.
Ipv6
The target Ipv6 address.
148
Actions, Alerts and Notifications
NAME
Monitor: The name of the monitor (e.g. Host Name (Template Name)
Summary Report Items: When grouped by Template or Template Type,
the target host name.
TRIGGER_MESSAGE
When the object state is Warning, Critical or Error a short descriptive
message, otherwise an empty string.
ITEM_MESSAGE
When a monitor contains multiple items (e.g. a disk monitor) the item’s
message without the item’s key (e.g. c$).
START_TIME
The time an object’s execution begins.
END_TIME
The time an object’s execution ends.
DURATION
The total time it takes an object to execute.
Defrag Monitor Item
DISK
The name of the target disk (e.g. c$)
Directory Cleaner Monitor Item
PATH
The full path of the target
directory.
FILE_COUNT
The number of files deleted.
DIRECTORY_CLEANER_NUMBER_OF_FILES_DELETED
SIZE
The size of files deleted.
DIRECTORY_CLEANER_SIZE_OF_FILES_DELETED
DIRECTORY_CLEANER_SIZE_OF_FILES_BEFORE
The size of directory prior to
cleaning the directory.
DIRECTORY_CLEANER_SIZE_OF_FILES_AFTER
The size of the directory post
cleaning the directory.
DIRECTORY_CLEANER_NUMBER_OF_FILES_BEFORE
The number of files prior to
cleaning the directory.
DIRECTORY_CLEANER_NUMBER_OF_FILES_AFTER
The number of files after
cleaning the directory.
Directory Size Monitor Item
SIZE
The size of the disk.
USED_SPACE
The used disk space.
USED_SPACE_PERCENT
The percent of used disk space.
FREE_SPACE
The free disk space.
FREE_SPACE_PERCENT
The percent of free disk space.
PATH
The full path of the target directory.
DIRECTORY_SIZE
The size of the directory.
DIRECTORY_SIZE_PERCENT
The percent of disk space the directory is consuming.
149
SpectorSoft Server Manager Help
FILE_COUNT
The number of files.
SUB_DIRECTORY_COUNT
The number of sub-directories.
LAST_KNOWN_USED_SPACE
The size of the directory when the previous monitor was
executed.
DELTA_SIZE
The change in directory size between monitor executions.
DELTA_PERCENT
The percent change in directory size between monitor
executions.
THRESHOLD
The triggered threshold (e.g. 10 GBs).
In addition to the directory size monitor item tags, here are the available directory size summary report
items:
DATE_RANGE
The target date range.
CONSUMPTION_RATE_HOURLY
Given the target date range, the calculated hourly consumption rate.
CONSUMPTION_RATE_DAILY
Given the target date range, the calculated daily consumption rate.
CONSUMPTION_RATE_WEEKLY
Given the target date range, the calculated weekly consumption
rate.
CONSUMPTION_RATE_MONTHLY
Given the target date range, the calculated monthly consumption
rate.
CONSUMPTION_RATE_QUARTERLY
Given the target date range, the calculated quarterly consumption
rate.
CONSUMPTION_RATE_YEARLY
Given the target date range, the calculated yearly consumption rate.
Directory Watcher
PATH
The full path of the target directory.
FILENAME
The full path and filename of the target file.
CHANGE_TYPE
The change type (e.g. Created, Deleted, Changed, or Renamed)
NEW_NAME
When a file is renamed, the new name of the file otherwise an empty string.
Disk Space Monitor Item
DISK
The caption or if unavailable the network name of the disk (e.g. OS (C:)).
NET_NAME
PATH (deprecated)
The network name of the disk (e.g. c$).
SIZE
The size of the disk.
USED_SPACE
The used disk space.
USED_SPACE_PERCENT
The percent of used disk space.
FREE_SPACE
The free disk space.
FREE_SPACE_PERCENT
The percent of free disk space.
150
Actions, Alerts and Notifications
LAST_KNOWN_USED_SPACE
The used disk space when the previous monitor was executed.
DELTA_SIZE
The change in used disk space between monitor executions.
DELTA_PERCENT
The percent change in used disk size between monitor executions.
THRESHOLD
The triggered threshold (e.g. 10 GBs)
Disk Size Summary Report Item
In addition to the disk space monitor item tags:
DATE_RANGE
The target date range.
CONSUMPTION_RATE_HOURLY
Given the target date range, the calculated hourly consumption rate.
CONSUMPTION_RATE_DAILY
Given the target date range, the calculated daily consumption rate.
CONSUMPTION_RATE_WEEKLY
Given the target date range, the calculated weekly consumption
rate.
CONSUMPTION_RATE_MONTHLY
Given the target date range, the calculated monthly consumption
rate.
CONSUMPTION_RATE_QUARTERLY
Given the target date range, the calculated quarterly consumption
rate.
CONSUMPTION_RATE_YEARLY
Given the target date range, the calculated yearly consumption rate.
File Count Monitor Item
PATH
The full path of the target directory.
DIRECTORY_SIZE
The size of the directory.
FILE_COUNT
The number of files.
SUB_DIRECTORY_COUNT
The number of sub-directories.
LAST_KNOWN_FILE_COUNT
The number of files when the previous monitor was executed.
THRESHOLD
The triggered threshold (e.g. 5000 files).
File Size Monitor Item
PATH
The full path of the target directory.
FILE_SIZE
The size of the file.
LAST_KNOWN_FILE_SIZE
The last known size of the file.
THRESHOLD
The threshold that was triggered.
Idle File Monitor Item
FILENAME
The target log’s filename.
LOG
The target log’s full path and filename.
PATH
151
SpectorSoft Server Manager Help
MASK
The full path and filename or mask.
TIME_SPAN
The time span since the last verified update.
SMART Monitor Item
DISK
The name of the target disk (e.g. c$)
NET_NAME
SMART
The SMART status.
Summary Report Item
See General Monitor Item Tags
In addition to the summary report items, here are the available Directory Size Summary Report items:
NET_NAME
The target share name.
PATH
The full path to the target directory.
DIRECTORY_SIZE
The size of the directory.
DIRECTORY_SIZE_PERCENT
The percent of disk space the directory is consuming.
FILE_COUNT
The number of files.
SUB_DIRECTORY_COUNT
The number of sub-directories.
SIZE
The size of the disk.
USED_SPACE
The used disk space.
USED_SPACE_PERCENT
The percent of used disk space.
FREE_SPACE
The free disk space.
FREE_SPACE_PERCENT
The percent of free disk space.
Entry Not Found Alert
LOG
The target log name.
FILTER
The applied filter name.
DATE_RANGE
The time span to check (e.g. daily).
EXPECTED_COUNT
The expected number of entries per time span.
COUNT
The actual number of entries found during the time span.
Event Log Consolidation
LOG
The target log name.
DOWNLOADED_COUNT
The number of entries downloaded.
DUPLICATE_COUNT
The number of entries previously downloaded. This value is typically 1 however
if an application writes several entries to the Event Log at the same millisecond
this value may be greater than 1.
152
Actions, Alerts and Notifications
FILTERED_COUNT
When a consolidation filter is assigned, the number of entries that passed the
consolidation filter.
SAVED_COUNT
The number of entries saved to the log repository.
FROM
The oldest date which to download.
File Consolidation
PATH
The target path.
FILE_COUNT_COPIED
The number of files copied.
FILE_SIZE_COPIED
The size of the files copied.
FILE_COUNT_DELETED
The number of files deleted.
FILE_SIZE_DELETED
The size of the files deleted.
DIRECTORY_SIZE
The size of the directory.
The following output directory and filename tags are available:
LOG
The source path and filename of the file copied.
NAME
The name of the source file copied.
PATH
The source path.
Text Log Consolidation
FILENAME
The target log’s filename.
LOG
The target log’s full path and filename.
MASK
The full path and filename or mask.
DOWNLOADED_COUNT
The number of entries downloaded.
FILTERED_COUNT
When a consolidation filter is assigned, the number of entries that
passed the consolidation filter.
SAVED_COUNT
The number of entries saved to the log repository.
FROM
The position within the file data was read from. This value is typically
the last known length.
SIZE
The size or length of the data read.
Event Log Alerts
LOG
The log file.
FILTER
The applied filter name.
AD_USER
When firing an email alert for an Event Log entry that passes a
monitor’s filter, the tag is replaced with the Active Directory assigned
email address for the user listed within the USER column of the entry.
If multiple entries pass the post consolidation filter the first entry that
contains a non-null value within the USER column is used for the
lookup.
153
SpectorSoft Server Manager Help
USER
When firing an email alert for an Event Log entry that passes a
monitor’s filter, the email address can be changed to the contents of
the USER column within the entry. If multiple entries pass the filter
the first entry that contains a non-null value within the USER column
is used for the replacement. If the USER column contains a domain
name, the domain name is removed.
For example:
If the Event Log entry USER column contains:
LITTLEWATER\jdoe
and the email address within the email action is defined as:
{USER}@spectorsoft.com
the actual email address used is:
[email protected]
When firing an email alert for an Account Lockout, the subject line can
be changed to include the USER account.
The following item tags are available:
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used inplace of the actual hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The date the entry was generated.
TIME
The time the entry was generated.
LOG
The log file.
LEVEL
The Event Log entry level (e.g. Warning or Critical).
NOTE: When forwarding entries the Syslog message priority is
automatically set to each Event Log entry’s level.
SOURCE
The entry source.
EVENT
The entry event ID.
CATEGORY
The entry category.
USER
The entry user.
MESSAGE
The entry message.
DATA
The entry data in hexadecimal format.
DATA_ASCII
The entry data in ASCII format.
DATA_UNICODE
The entry data in Unicode format.
RELATED TOPICS
154
Actions, Alerts and Notifications
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
155
SpectorSoft Server Manager Help
File Output Options
When running on-demand reports (e.g. failed logon attempts or largest files), you have the option to save
the report results to file. HTML, Text, and CSV file formats are supported.
When saved, previously generated reports can be:
Overwritten
Deletes the old file and replaces with the new file.
Backed up
Moves the previously generated file to a backup sub-directory and renames the file
using a combination of the current filename and current date.
Appended to
Text and CSV only. Appends the report to the previous file.
By default, HTML and Text files are saved using UTF8 encoding meaning any language will display as
expected, however, if your primary language requires Unicode (e.g. Japanese or Chinese), reports may be
reduced in size by saving to Unicode format.
Microsoft Excel requires CSV files be saved in UTF7 (ASCII) encoding. To minimize interface requirements
with Excel, CSV files are saved using UTF7 encoding. If your language requires UTF8 (e.g. non-English
based languages) save CSV files to Unicode. When opened in Excel, you will be prompted to define the
column delimiters.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
156
Auto Configurators
How it works
Create new Auto Configurator
Batch update Auto Configurators
Auto Configurators
An Auto Configurator is a configuration object that Server Manager uses to monitor new servers and
workstations. When utilized in large environments, Auto Configurators can be a very powerful tool enabling
Server Manager to automatically monitor new and renamed servers without any interaction between
yourself and Server Manager.
How it works:
When executed, an Auto Configurator scans your Active Directory tree or targeted organizational unit for
computers. Once found, each computer is filtered through an optional property filter (e.g. operatingSystem
contains Server) and an exclusion list. Once filtered, each computer is then added to the system. Finally,
targeted templates and reports are assigned to each computer.
When executed, any computer that has already been added to Server Manager will be updated with the
latest template, report, and group assignments assigned to the Auto Configurator. Previous assignments
are left unmodified. For example, if you have previously configured a server and have modified the Auto
Configurator to include a new template such as a Disk Space Monitor template, the template will be
assigned to all computers that reside in both the Active Directory tree and Server Manager.
To create a new Auto Configurator:
Select File > New > Auto Configurator.
To batch update existing Auto Configurators:
Select Edit > Batch > Update Auto Configurator.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
157
SpectorSoft Server Manager Help
Adding Auto Configurators
To add a new Auto Configurator:
1.
2.
Select File > New > Auto Configurator
From the Select Active Directory Organizational Unit dialog, select the target
organizational unit.
3.
Once the Auto Configurator Properties dialog loads, use the controls to configure the
properties and assign target groups, templates and reports.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
158
Auto Configurators
View or edit an Auto Configurator
Configuration Objects
Auto Configurator Properties
The Auto Configurator Properties page enables you view and modify the Auto Configurators.
To view or edit an Auto Configurator
From the Object Explorer select the target Auto Configurator or Auto Configurator group then right click and
select Properties. -ORSelect Edit > Batch > Update Auto Configurators. Once the Select Multiple Auto Configurators dialog loads,
check the target Auto Configurators then click OK.
Configuration Objects
Auto Configurators include the following configuration objects:
Configuration Object
Description
Name
The friendly name of the object.
Description
A user description of the object.
Active Directory path
The full path to the target organizational unit.
Recurs OU
Option to recursively scan the organizational unit.
Append domain name
Option to append a domain name so computers can be accessed
using their FQDN.
Enabled
Enables the scheduled execution.
Temporarily disabled
Temporarily disables scheduled execution.
Execution frequency
The frequency to execute.
Object assignment
The groups and objects to assign discovered computers (e.g.
templates).
Exclusion filters
Complex Active Directory computer property filters (e.g.
operatingSystem contains ‘Server’) and computer name exclusion list
with import function.
History retention policy
The number of days to retain execution results in the history
database.
Complete actions
Actions and notifications to execute when complete (e.g. receive a
daily report that shows a detailed list of updates).
Error actions
Actions, alerts and notifications to fire when there is an execution
159
SpectorSoft Server Manager Help
error (e.g. the Active Directory path cannot be found).
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
160
Auto Configurators
Update multiple Auto Configurators
Using the Select Multiple Auto Configurators dialog
Selecting Multiple Auto Configurators
Server Manager provides you with the ability to quickly re-configure multiple Auto Configurators at the
same time (e.g. assign a different schedule or complete action).
To update multiple Auto Configurators:
Select Edit > Batch > Update Reports.
Using the Select Multiple Auto Configurators dialog:
The Select Multiple Auto Configurators dialog enables you to select from a list of configured Auto
Configurators. The dialog includes an Add button.

To add a new Auto Configurator, select the target group then click Add.

To select multiple Auto Configurators, check each Auto Configurator then click OK.

To select a single Auto Configurator, double-click the Auto Configurator.
Once selected, the Auto Configurator Properties dialog will load.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
161
SpectorSoft Server Manager Help
Select Active Directory Organizational Unit
When adding a new Auto Configurator you are prompted to select an organizational unit (OU) within your
Active Directory tree.
To select an organizational unit:
1.
From the Active Directory connection combo-box select the target Active Directory
connection.
2.
From the tree view navigate to the target organizational unit then click Select.
3.
To edit an existing Active Directory connection or create a new connection: click Edit.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
162
Log Management
Viewing Logs
View consolidated logs
View logs in real-time
View text logs
Viewing Logs
Server Manager enables you to view consolidated log files (primary and secondary repositories), backed up
log files, and text log files. When you view the content, the content is paged enabling you to load large files
without consuming large amounts of memory or time to load.
To view consolidated logs:
1.
From the Object Explorer expand the Log Repositories tree node and expand the target
log repository.
2.
3.
Select one of the following:

Primary Log Repository

Secondary Log Repository (Archive)

Auxiliary Log Repositories (Backup) this will only be available if you create it.
Navigate to the host, computer, or device of interest then expand until you find the target
log.
4.
Right-click on the log then select one of the following options:

View Top 10000 Consolidated Entries Displays the latest 10,000 entries from the log
repository. The log viewer displays log entries in pages of 10,000 entries.

View Consolidated Log Entries Displays today’s entries. The log viewer displays log entries
in pages of one day.

Merge Merges today’s entries from multiple logs. The log viewer displays log entries in pages
of one day.
To view logs in real-time:
1.
From the Object Explorer expand the Computers, Devices and Hosts tree node.
2.
Navigate to the host, computer or device of interest then expand and locate the target
monitor or, in the case of Event Logs or Text Logs, the target log.
163
SpectorSoft Server Manager Help
3.
Right-click and select Watch.
To view text log files:
You can view the following file types by selecting File > Open:

Event Log files .evtx, .evt

Text log files .log, .txt

Log Repository files .elf, .slf

Backed up files, including Encrypted (.cbx), Signed, (.signed), and Zipped (.zip)
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
164
Log Management
Event Log Viewer
Server Manager provides the following Event Log viewers.
Viewer
Description
.ELF
Displays .elf files. Elf files are consolidated logs that have been saved using Server
Manager’s binary file format. Supports flags and notes.
Page by Day
Displays consolidated log entries in paged by days. Supports merging, flags and
notes.
Page by Rows
Displays the top 10,000 consolidated log entries. Does not support merging.
Supports flags and notes.
Real-Time
Displays in real-time received syslog messages. Does not support merging, flags or
notes.
Report
Displays consolidated log entries in paged by days. Supports merging, flags and
notes.
Each viewer has different functions and options. Functions and options are available from both toolbar buttons
and right-click (context) menus. Note that some functions are only available from the toolbar, while others are
only available from the right-click menus (e.g. Filter Selected Entries).
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
165
SpectorSoft Server Manager Help
Syslog Viewer
Server Manager has several syslog viewers:
Viewer
Description
.SLF
Displays .slf files. Slf files are consolidated logs that have been saved using Server
Manager’s binary file format. Supports flags and notes.
Page by Day
Displays consolidated log entries in paged by days. Supports merging, flags and
notes.
Page by Rows
Displays the top 10,000 consolidated log entries. Does not support merging.
Supports flags and notes.
Real-Time
Displays in real-time received syslog messages. Does not support merging, flags or
notes.
Report
Displays consolidated log entries in paged by days. Supports merging, flags and
notes.
Each viewer has different functions and options. Functions and options are available from both toolbar buttons
and right-click (context) menus. Note that some functions are only available from the toolbar, while others are
only available from the right-click menus (e.g. Filter Selected Entries).
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
166
Log Management
Text Log Viewer
Server Manager has several text log viewers.
The Real-Time viewer is not a scheduled viewer; it is for viewing the logs in
actual time as they are being generated.
Viewer
Description
Page by Day
Displays consolidated log entries in paged by days. Supports merging, flags and
notes.
Page by Rows
Displays the top 10,000 consolidated log entries. Does not support merging.
Supports flags and notes.
Real-Time
Displays the actual log rather than consolidated entries. Supports tailing files. Does
not support merging, flags or notes.
Report
Displays consolidated log entries in paged by days. Supports merging, flags and
notes.
Each viewer has different functions and options. Functions and options are available from both toolbar buttons
and right-click (context) menus. Note that some functions are only available from the toolbar, while others are
only available from the right-click menus (e.g. Filter Selected Entries).
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
167
SpectorSoft Server Manager Help
Go To Line
The Go To Line function allows you to quickly navigate to a particular line number in a log. It is available in
some of the Log Viewers by pressing CTRL+G. For example:
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
168
Log Management
Email multiple consolidated logs
Email log entry page
Email selected log entries
Emailing Logs
Server Manager includes the capability to email consolidated logs as well as filtered log entries to other coworkers. You can email multiple consolidated logs as well as an entire page or selected entries from any of
log viewers.
To email multiple consolidated logs:
1.
From the Logs menu item select Email Logs.
2.
Once the Select Log Type dialog opens, select the log type then click OK.
3.
Once the Select Multiple Logs dialog opens, select the logs to email then click OK.
4.
Once the Email Consolidated Logs dialog opens, use the To combo-box to select the target
email address or type the target email addresses separated by commas
5.
Override the Subject and Message if necessary.
6.
Choose the File type (e.g. CSV, HTML, TXT, ELF, SLF). ELF and SLF files are SpectorSoft
Software’s binary file format (ELF: Event Log File, SLF: Syslog File). Email recipients must
use their own installation of Server Manager Console to view these files.
7.
If generating CSV files and your data includes Unicode characters (e.g. Japanese), check
UTF-8.
8.
Check Compress to ZIP format if you would like compress the output files to a single ZIP
file.
9.
If emailing HTML files and you would like to apply your own HTML template, check Override
the default HTML template, click the Browse button then select your custom HTML
template.
To email an entire page of log entries:
From any of the log viewers, right-click and select Email.
To email selected log entries:
From any of the log viewers use the Shift and/or Ctrl key along with the mouse and select multiple entries,
then right-click and select Email Selected Entries.
RELATED TOPICS
169
SpectorSoft Server Manager Help
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
170
Log Management
Back up, encrypt and sign Event logs
Back up, encrypt and sign Application logs
Encrypting and Signing Files
Many compliance regulations, such as PCI DSS Requirement 10.5.3 state IT must “Verify that current audit
trail files are promptly backed up to a centralized log server or media that is difficult to alter“. To fulfill this
requirement Server Manager includes functions to encrypt, password protect digitally sign centrally backed
up log files. When Server Manager encrypts a file the filename extension is replaced with .cbx. CBX files can
only be decrypted using a valid password through the Server Manager Console.
To back up, encrypt and sign Event Log Files:
1.
Select File > New Template. Once the Select Template dialog loads select, Log Management\Event
Log Management\Event Log File Backup.
2.
Use the Template Wizard to configure the function parameters and assign target computers.
The Event Log File Backup function includes options to automatically delete
old archived EVT/X files enabling the software to run without any manual file
management.
To backup, encrypt and sign Application Log Files:
1.
Select File > New Template. Once the Select Template dialog loads select, Log Management\File
Consolidation.
2.
Use the Template Wizard to configure the function parameters and assign target computers.
The Text Log File Backup function includes options to automatically delete old
archived files enabling the software to run without any manual file
management.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
171
SpectorSoft Server Manager Help
Prepend syslog entries
Customize syslog message
Event Log to Syslog
Server Manager comes pre-installed with 2 sample actions that forward Event Log entries to another Syslog
server or device. The actions are called:

Event Log to Syslog

Event Log to Customizable Syslog
The actions are located in the Object Explorer under Actions\Logs.
To prepend each Syslog entry with a constant string:
1.
From the Object Explorer navigate to one of the Event Log to Syslog actions, right-click
then select Properties.
2.
Once the properties page loads, type the constant value preceding the message value.
For example:
WINEVT: {ENTRY}
To customize the Syslog message:
1.
From the Object Explorer navigate to Actions\Logs\Event Log to Customizable Syslog.
2.
Right-click then select Properties.
3.
Once the properties page loads, modify the message value as appropriate.
For example:
<ITEM>{DATE} {TIME} {HOST} ‘{LOG}’ ‘{SOURCE}’ ID: {EVENTID} {MESSAGE}</ITEM>
The following item tags are available:
TAG
Description
HOST
The host that generated the entry.
NOTE: If an alias has been assigned to the host the alias is used in-place of the actual hostname.
IPv4
The IPv4 address of the host that generated the entry.
IPv6
The IPv6 address of the host that generated the entry.
DATE
The entry date.
TIME
The entry time of day.
172
Log Management
LOG
The log file.
LEVEL
The Event Log entry level (e.g. Warning or Critical).
NOTE: When forwarding entries the Syslog message priority is automatically set to each Event Log
entry’s level.
SOURCE
The entry source.
EVENT
The entry event ID.
CATEGORY The entry category.
USER
The entry user.
MESSAGE The entry message.
DATA
The entry data in hexadecimal format.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
173
SpectorSoft Server Manager Help
Event log compliance
Consolidate event logs
Backup and archive EVT/X files
EVT and EVTX Files
The Windows operating system stores Event Log entries to binary EVT and EVTX files. EVT files contain each
entry’s information, however; these files may not contain each entry’s actual message but rather
replacement tags (e.g. %1). Prior to displaying an entry, the Windows Event Viewer loads an associated
message DLL then, using the event ID, loads the appropriate replacement values. This format limits the size
of Event Logs; however, if you are using Server 2008 when viewed on another computer, the entry
message may not load because the EVTX files optionally contain each entry’s full message.
How do EVT/X Files relate to Event Log Consolidation, Archiving and Compliance?
Many compliance regulations require Event Logs be maintained for several years so disk space may be a
concern. Heavily loaded domain controllers can easily require several terabytes to store one or more years
of data.
Server Manager provides 2 methods for backing up and archiving Event Logs. These methods are referred
to as Event Log Consolidation and Event Log File Backup.
When Server Manager consolidates (downloads and saves to a database) entries, each entry’s entire
message is saved to the log repository database. This method is preferred but requires the most disk space,
CPU and memory. Consolidation is required to automate Event Log reports such as Failed Logon Attempts
and Account Management. This method provides the fastest data retrieval method ideal for Event Log
analysis.
When Server Manager backs-up Server 2008 Event Log files we have opted to always save the full
message. When Server 2003 EVT files are backed-up, only the replacement tags are included in the EVT
files, however, like the Windows Event Viewer, the Server Manager Console includes functions to attempt to
load the actual messages from the local system. Server Manager not only provides an easy method to
backup EVT/X files to a central location but also includes compression, encryption and file signing functions
enabling you to minimize disk footprint while guaranteeing file integrity a common compliance
requirement. Backing up EVT/X files is the most efficient method to fulfill log retention compliance
requirements.
174
Log Management
It is a best practice to have redundant systems in place by implementing both Event Log Consolidation and
Event Log File Backup functions. The end result provides a method to quickly select database records for
on-demand and scheduled weekly auditing while also saving log files in their native format ensuring your
organization is not permanently tied to a software vendor.
To consolidate Event Logs to the log repository database:
1.
Select File > New > Template. Once the Select Template dialog loads select: Log
Management > Event Log Management > Event Log Consolidation and Monitoring.
2.
Use the Template Wizard to configure the function parameters and assign target
computers.
To backup and archive EVT/X files:
1.
Select File > New Template. Once the Select Template dialog loads select: Log
Management > Event Log Management > Event Log File Backup.
2.
Use the Template Wizard to configure the function parameters and assign target
computers.
The Event Log File Backup function includes options to automatically delete
old archived EVT/X files enabling the software to run without any manual file
management.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
175
SpectorSoft Server Manager Help
Exporting Logs
Server Manager enables you to export consolidated logs to the following formats:
CSV
Comma separated values document for Microsoft Excel or other spreadsheet program.
HTML
HTML document for Intranet viewing.
Text
Plain text document.
ELF
SpectorSoft Event Log File. Binary file format that can be opened and viewed in Server
Manager Console. Supports notes and flags.
SLF
SpectorSoft Syslog File. Binary file format that can be opened and viewed in Server Manager
Console. Supports notes and flags.
To export previously consolidated logs
1.
From the Logs menu item select Email Logs.
2.
Once the Select Log Type dialog opens, select the log type then click OK.
3.
Once the Select Multiple Logs dialog opens, select the logs to email then click OK.
4.
Once the Save Logs As dialog opens, type the target path.
5.
From the File type combo-box select the type of file to generate.
6.
If generating CSV files and your data includes Unicode characters (e.g. Japanese), check
UTF-8.
7.
If generating HTML files and you would like to apply your own HTML template, check
Override the default HTML template, click the Browse button then select your custom
HTML template.
8.
Check Compress to ZIP format if you would like compress the output files to a single ZIP
file.
9.
Check Encrypt and password protect to encrypt and password protect the output files. If
checked, type a password.
10. Check Digitally sign to sign the output files using a code signing certificate. If checked click
the Browse button, select your code signing certificate, then type a password.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
176
Log Management
Managing Retention Policy
In general, a retention policy allows you to automatically manage how long data is stored in the log
repositories. The Log Repository Retention Policy template defines the length of time to retain entries in
the Primary Log Repository prior to either removing them from the system or moving them to the
Secondary (Archive) Log Repository. They also define how long entries are retained in the Secondary Log
Repository.
To create a log repository retention policy:
1.
2.
Select File > New > Template. The Select Template Type dialog box displays.
Under Log Management, select Log Repository Retention Policy and click Select. The
Template Properties for the policy displays.
3.
Under the General tab, choose the Execution frequency.
4.
Under the Retention Policy tab, choose your settings. It's recommended to set the Primary
Log Repository to retain no more than 14 days and the Secondary to retain no more than 30
days with an environment of around 40 servers that are being monitored. For larger
environments, consider creating additional databases to handle the data generated.
5.
Under the Advanced tab, enter a number of days for the Retain history for x days. This
sets how long to retain the download history (not the entries). When a download is executed,
the results (e.g. number of entries download, filtered, saved and duration) are saved to the
history database. The history database can be configured in the Database settings.
6.
Click Apply to save changes.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
177
SpectorSoft Server Manager Help
PCI DSS Compliance
Server Manager provides software solutions to meet PCI DSS compliance requirements as defined in v2.0
section 10 of the PCI Data Security Standard.
Section
Requirement
Solution
10.2
Implement automated audit
trails for all system
components to reconstruct the
following events.
Out-of-the-box Security Event Log
filters and reports such as:
•
Failed Logons
•
Success Logons
•
Account Management
•
Logon Sessions
•
New User Accounts
•
Account Lockout
Real-time and scheduled monitoring of
all Object Access Security Event Log
entries.
10.4
Using time-synchronization
technology, synchronize all
critical system clocks and times
and ensure that the following is
implemented for acquiring,
distributing, and storing time.
Pre-installed Synchronize Clocks
template which uses NTP to
synchronize clocks on all discovered
Windows servers.
Note: One example of time
synchronization technology is
Network Time Protocol (NTP).
10.5
Secure audit trails so they
cannot be altered.
Pre-installed Event Log File Backup
template which can be scheduled to
consolidate to a central log server then
encrypt, password protect and digitally
sign output files ensuring file integrity.
Includes a File Consolidation template
which can be scheduled to consolidate
to a central log server any set of files
then encrypt, password protect and
digitally sign output files ensuring file
integrity.
Pre-installed Syslog Backup template
which can be scheduled to archive
consolidated Syslog messages to a
central log server then encrypt,
password protect and digitally sign
output files ensuring file integrity.
10.5.3
178
Promptly back up audit trail
Pre-installed Event Log Consolidation
Log Management
files to a centralized log server
or media that is difficult to
alter.
template which can be scheduled to
download Event Logs to a central log
server then save to SQL Server,
MySQL, Oracle or our own binary file
format.
Includes a Syslog Server that is preconfigured to save all received Syslog
messages. Optionally supports saving
messages to SQL Server, MySQL or
Oracle.
Includes several Text Log Monitoring
templates that can be configured to
save all entries to a central log
server. Supported output includes:
SQL Server, MySQL, Oracle and our
own binary file format.
10.6
Review logs for all system
components at least daily. Log
reviews must include those
servers that perform security
functions like intrusiondetection system (IDS) and
authentication, authorization,
and accounting protocol (AAA)
servers (for example, RADIUS).
Note: Log harvesting, parsing,
and alerting tools may be used
to meet compliance with
Requirement 10.6.
Includes:
Numerous log viewers that enable
users to page through large volumes of
data, hide duplicate entries, filter and
merge multiple logs into a single view.
Out-of-the-box filters.
Customizable filters with AND, OR,
NOT, criteria nesting and regular
expression support.
Automated and on-demand reporting.
REFERENCES
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
179
SpectorSoft Server Manager Help
Searching for Logs
Server Manager is capable of executing complex log search algorithms (e.g. search and select all Security
Event Logs on production servers). Logs can be searched by:

Computer name owner (supports regular expressions, e.g. \A(SRV*|SERVER*)

Active Directory computer property filter (e.g. select all computers in which the operating system
name includes the word ‘Server’)

Computer type (Server, Domain Controller (DC), SQL Server, Workstation)

Log name
Use the Search for Consolidate Logs dialog when displaying or merging multiple consolidated logs.
To search for logs click Search within the Select Multiple Logs dialog.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
180
Log Management
Selecting Multiple Logs
Use the Select Multiple Logs to dialog select multiple logs when displaying or merging multiple consolidated
logs.
To select multiple logs check each log to select.
To search for logs that meet specific criteria click Search.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
181
Server and Software Upgrades
Migrating to a New Server
If necessary, Server Manager can be moved to a different or upgraded server.
To install Server Manager to another server:
1.
Ensure the latest version of Server Manager is installed on the existing server: select Help >
Check for Update.
2.
Backup the configuration:
a.
With the latest version installed, select Tools > Backup Configuration.
b.
Save your Server Manager configuration files to a Windows directory you can access from the new
server.
c.
3.
If you are also moving the database, make a database backup.
Return the License:
a.
Ensure you have the license key (written down or in a text file) before returning it, so it is available
to register on the new machine.
b.
From the Server Manager menu bar, select Edit > Server Manager Properties.
c.
Select the Licensing tab.
d.
On the Licensing panel, under Installed Licenses, select the license to move.
e.
Scroll down to the bottom of the panel and click Return License.
f.
Confirm that you want to return the license and disable all associated monitors. Click Yes. This
returns and deactivates the license key.
If your computers are unable to access the Internet, send SpectorSoft the
MAC address of the new computer. We will send you a key file.
4.
Install and register on the new computer:
a.
From the new computer, access http://www.cornerbowl.com/Download.aspx. Download and install
the latest version of Server Manager.
b.
Register your license. Select Edit > Server Manager Properties > Licensing and Register
License. Enter the license key you returned.
c.
Select Tools > Restore Configuration. Select the directory where you backed up the latest
configuration.
d.
If you are moving the database, restore the database to the new server.
e.
Select Edit > Server Manager Properties > Databases and update your data providers to point
to the new server.
182
Server and Software Upgrades
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
183
SpectorSoft Server Manager Help
Migrating to a New Server
If necessary, Server Manager can be moved to a different or upgraded server.
To install Server Manager to another server:
1.
Ensure the latest version of Server Manager is installed on the existing server: select Help >
Check for Update.
2.
Backup the configuration:
a.
With the latest version installed, select Tools > Backup Configuration.
b.
Save your Server Manager configuration files to a Windows directory you can access from the new
server.
c.
3.
If you are also moving the database, make a database backup.
Return the License:
a.
Ensure you have the license key (written down or in a text file) before returning it, so it is available
to register on the new machine.
b.
From the Server Manager menu bar, select Edit > Server Manager Properties.
c.
Select the Licensing tab.
d.
On the Licensing panel, under Installed Licenses, select the license to move.
e.
Scroll down to the bottom of the panel and click Return License.
f.
Confirm that you want to return the license and disable all associated monitors. Click Yes. This
returns and deactivates the license key.
If your computers are unable to access the Internet, send SpectorSoft the
MAC address of the new computer. We will send you a key file.
4.
Install and register on the new computer:
a.
From the new computer, access http://www.cornerbowl.com/Download.aspx. Download and install
the latest version of Server Manager.
b.
Register your license. Select Edit > Server Manager Properties > Licensing and Register
License. Enter the license key you returned.
c.
Select Tools > Restore Configuration. Select the directory where you backed up the latest
configuration.
d.
If you are moving the database, restore the database to the new server.
e.
Select Edit > Server Manager Properties > Databases and update your data providers to point
to the new server.
RELATED TOPICS
184
Server and Software Upgrades
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
185
Troubleshooting
Troubleshooting
Select the link below that is most closely related to your issue, or explore the Contents to the left.

Resolving the RPC Server is Unavailable error

Resolving an Access Denied error

Resolving a Quota Violation error

Viewing the Service Log File

Running the Service in Verbose Mode

Configuring the Windows Firewall
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
186
Troubleshooting
Verify "RPC Server is Unavailable" error
Resolution Checklist
Resolving the "RPC Server is Unavailable" Error
A “The RPC server is unavailable” is thrown by the local WMI Service when an attempt is made to access
WMI functions from a computer that is blocking WMI requests or has a firewall between the computers.
To verify the "RPC Server is Unavailable" error:
1.
Open a command-prompt and type: Wbemtest.
2.
Once loaded, click Connect.
3.
From the Namespace text box, type: \\SERVERNAME\root\cimv2 where SERVERNAME is the
name of the remote server throwing the RPC server is unavailable error.
4.
If either computer resides on a different domain or within a workgroup specify administrator
credentials that reside on the remote computer or domain.
5.
Once finished, click Connect. You should receive the RPC server is unavailable error.
Resolution Checklist:

Open TCP port 135 and all TCP ports above 1024. For more information read the following Microsoft
article: Connecting to WMI Remotely Starting with Windows Vista
Many virus protection solutions such as McAfee and Symantec contain their
own firewalls and may offer a function to allow WMI packets.

Configure the WMI Service on each Server 2008, Windows 7 or Vista computer to run on a specific
port then open TCP port 135 and the specified port. Please note this is not an option for Server 2003
or Windows XP computers. For more information read the following Microsoft article: Setting Up a
Fixed Port for WMI

Install Server Manager on each sub-net then push Event Log entries directly to a central
database. Please note this requires you to open the necessary database ports. In the case of SQL
Server this is TCP port 1433 by default.

When accessing a Windows 7 or Vista computer that has joined a workgroup rather than a domain, the
remote computer must disable User Access Control (UAC). To disable UAC on a Windows 7 or Vista
computer, search for Turn UAC off within the Windows help system.

If the remote computer is running Windows XP Pro, make sure remote logons are not being coerced to
the GUEST account. From the computer you are unable to download logs from, open a commandprompt and type secpol.msc. Expand the Local Policies node and select Security Options. Scroll
187
SpectorSoft Server Manager Help
down to the setting titled Network access: Sharing and security model for local accounts. If this
is set to Guest only, change it to Classic and restart your computer.

From the computer you are unable to download logs from, open a command-prompt and type
dcomcnfg. Expand the Component Services/Computers/My Computer node. Right-click My
Computer and then select Properties. Select the COM Security tab. From the Launch and
Activation Permissions, select Edit Limits. Add the appropriate account and assign all permissions.

Check that DCOM is enabled on both the local and the remote computer. Check the following registry
value on both computers: Key: HKLM\Software\Microsoft\OLE, value: EnableDCOM, should be set to
'Y'.

Check that WMI is installed on both the local and remote computer. WMI is present by default in all
flavors of Windows 2000 and later operating systems, but must be installed manually on NT4
systems. To check for the presence of WMI, open a command-prompt and type wbemtest. If the WMI
Tester application starts up, WMI is present, if not, it must be installed. Consult Microsoft for more
information.

Verify WMI is running on both the local and target computers.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
188
Troubleshooting
Verify "Access Denied" error
Verify domain administrator credentials
Verification Checklist
Resolving an Access Denied Error
An “Access Denied” error is typically thrown by the local WMI Service when an attempt is made to access
WMI functions from a computer that is either not logged into the domain or when the SpectorSoft Server
Manager service is not running with domain administrator credentials.
Verify "Access Denied" error:
1.
Open a command-prompt and type Wbemtest.
2.
Once loaded, click Connect.
3.
From the Namespace text box, type \\SERVERNAME\root\cimv2 where SERVERNAME is
the name of the remote server throwing the RPC server is unavailable error. If either
computer resides on a different domain or within a workgroup, specify administrator
credentials that reside on the remote computer or domain.
4.
Click Connect. You should receive the Access Denied error.
Verify domain administrator credentials:
1.
Verify local computer credentials:
a.
From Server Manager, select Service > Change Service Logon.
b.
Specify domain administrator credentials then click OK. The service will automatically restart using
the credentials you specified. If the service fails to start, check the credentials and try again.
2.
Verify target computer credentials:
a.
Go to Object Explorer > Computers, Devices and Hosts, and select a computer or group of
computers.
b.
Right-click and select Host Properties.
c.
Verify and Test the configured settings.
d.
Click Apply to save changes.
Verification Checklist:

Ensure WMI permissions have been set correctly. From the remote computer throwing the error, open
a command-prompt and type: wmimgmt.msc. Right click on the WMI Control (local) node and
select Properties. Select the Security tab and navigate to root/CIMV2. Click the Security
button. Grant the account you and the service are using to access logs Remote Enable and Read
Security rights.
189
SpectorSoft Server Manager Help

If access is denied to a Windows Server 2003 log, grant the account you are logged in as and the
account the service is running under access to each event log. For more information read the following
MSDN article: How to set event log security locally or by using Group Policy in Windows Server 2003

When accessing a Windows 7 or Vista computer that has joined a workgroup rather than a domain, the
remote computer must disable User Access Control (UAC). To disable UAC on a Windows 7 or Vista
computer, search for Turn UAC off within the Windows help system.

If the remote computer is running Windows XP Pro, make sure remote logons are not being coerced to
the GUEST account. From the computer you are unable to download logs from, open a commandprompt and type secpol.msc. Expand the Local Policies node and select Security Options. Scroll
down to the setting titled Network access: Sharing and security model for local accounts. If this
is set to Guest only, change it to Classic and restart your computer.

From the computer you are unable to download logs from, open a command-prompt and type
dcomcnfg. Expand the Component Services/Computers/My Computer node. Right-click My
Computer and then select Properties. Select the COM Security tab. From the Launch and
Activation Permissions, select Edit Limits. Add the appropriate account and assign all permissions.

Check that DCOM is enabled on both the local and the remote computer. Check the following registry
value on both computers: Key: HKLM\Software\Microsoft\OLE, value: EnableDCOM, should be set to
'Y'.

Check that WMI is installed on both the local and remote computer. WMI is present by default in all
flavors of Windows 2000 and later operating systems, but must be installed manually on NT4
systems. To check for the presence of WMI, open a command-prompt and type wbemtest. If the WMI
Tester application starts up, WMI is present, if not, it must be installed. Consult Microsoft for more
information.

Verify the Windows Management Instrumentation is running on both the local and target computers.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
190
Troubleshooting
Increase WMI quota
Backup and clear event log
Limit download date range
Resolving a Quota Violation Error
A “Quota Violation” is thrown by the WMI Service running on the target machine when Server Manager
requests the contents of a large Event Log (400 MB) for the first time. This error can also be triggered when
the WMI Service has run out of total allowed memory. You have 3 options to resolve this error:

Increase the WMI quota

Backup and clear the event log

Limit the download to a smaller date range
To increase the WMI quota:
1.
From the Object Explorer, navigate to the computer throwing the Quota Violation error,
then right-click and select Host Properties. The "Host Properties" dialog box displays.
2.
Select the WMI tab.
3.
Double the Memory per host value. If the Memory per host is the same value as Memory
all hosts value, double both the Memory per host and the Memory all hosts values.
4.
Click Apply.
For more information read the following Microsoft article: WMI Error: 0x8004106C Description: Quota
violation, while running WMI queries
To backup and clear the event log:
1.
From the Object Explorer, expand the Log Repositories tree node.
2.
Navigate to the desired log, right-click and select Properties. The Properties page displays.
3.
Select the Event Log File (.evtx/.evt) page.
4.
Select the Maximum log size.
5.
Choose an action for Windows to take when the maximum event log size is reached.
6.
Click Backup Log.
7.
Click Apply.
To limit the download date range:
1.
From the Object Explorer, navigate to the Event Log Consolidation and Monitoring
template, right click then select Template Properties.
191
SpectorSoft Server Manager Help
2.
In the property page, select the Consolidation and Monitoring tab.
3.
Set the Limit the initial download to the previous 1 day of log entries.
4.
Click Apply.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
192
Troubleshooting
Tail the service log in the Console
View the entire service log
Open the service log file using Notepad
Viewing the Service Log
The Server Manager Service logs errors, triggers, general activity, and verbose output to a text log file
called cbsmsrv.log. You can view the log file from the console or from a text editor to verify activity or
troubleshoot the system.
To tail the service log in the Console:
Select View > Service Output.
To view the entire service log:
Select Service > View Service Log.
To open the service log file using Notepad:
1.
From the computer the service is installed, open Notepad.
2.
Select File > Open.
3.
Open the applicable file:

Server 2012/2008/8/7/Vista C:\programdata\cornerbowl\server
manager\cbsmsrv.log

Server 2003/XP C:\documents and settings\all users\application
data\cornerbowl\server manager\cbsmsrv.log
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
193
SpectorSoft Server Manager Help
Run service in verbose mode
Return service to normal mode
Running the Service in Verbose Mode
The Server Manager Service logs errors, triggers, and general activity to a text log file called cbsmsrv.log. If
you are not receiving the results you expect and have already reviewed the service log file you may be able
to gain insight by temporarily running the service in verbose mode. When run in verbose mode, the service
logs additional debug messages enabling you to identify executing functions (e.g. executing monitors and
schedule updates).
To run the service in verbose mode:
1.
From the computer the service is installed, open the Console.
2.
Select Service > Stop.
3.
Allow a moment for the service to stop, then select Service > Start Verbose.
To return the service to normal mode:
1.
Select Service > Stop.
2.
Allow a moment for the service to stop, then select Service > Start.
If the computer that the Server Manager Service is installed on is rebooted,
the service will restart normally.
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
194
Troubleshooting
Configuring the Windows Firewall
The Windows Firewall may block WMI traffic. If WMI traffic is blocked, Server Manager will typically throw
an RPC Server is Unavailable error.
To configure the Windows Firewall:
Enable Windows Management Instrumentation (WMI) or Remote Administration. The simplest way to do
this is to open up a command prompt and type the following:
For Windows Server 2012:
Configure-SMRemoting.exe -enable
For Windows Server 2008/8/7/Vista:
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new
enable=yes
For Windows Server 2003/XP:
netsh firewall set service RemoteAdmin enable
The effect is immediate and there is no need to restart. To read more about this, consult the following
Microsoft articles:
Server 2012
Server 2008/7/Vista
Server 2003/XP
RELATED TOPICS
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
195
About SpectorSoft
About SpectorSoft Software
SpectorSoft provides Information Technology professionals with software tools to consolidate and monitor
Windows Event Logs, Syslogs and text log files, monitor server resources such as disk space, CPU and
memory load and monitor network and application availability.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
196
About SpectorSoft
Contact Us
When sending email or a web request, please include your company name, city, and state to ensure your
request is handled as promptly as possible.
General Contact
SpectorSoft Corporation
1555 Indian River Blvd., B-210
Vero Beach, FL 32960 USA
World Wide Web: www.spectorsoft.com
U.S. & Canada: 888-598-2788
International: 772-770-5670
Sales Contact
Contact our sales staff for pre-sales questions, information about the latest SpectorSoft products, upgrade
options, and pricing for our current products. SpectorSoft Corporation’s professional sales staff is ready to
answer your sales questions:
Monday - Friday; 9:00 AM to 10:00 PM EST
Saturday & Sunday; 10:00 AM to 6:00 PM EST
Web: Purchase Information
Email: [email protected]
Sales Fax: 772-770-3442
Technical Support
Web: Request Support
U.S. & Canada: 888-598-2788
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
197
SpectorSoft Server Manager Help
Copyrights and Trademarks
Copyright Notice
Copyright © 2013 SpectorSoft Corporation, 1555 Indian River Blvd., B-210, Vero Beach, Florida 32960
U.S.A. All rights reserved.
SpectorSoft Server Manager, Copyright © 1998 2001-2013 SpectorSoft Corporation.
SpectorSoft and Spector are Registered Trademarks of SpectorSoft Corporation.
This software includes code under license from Microsoft Corporation. © 1995-2013 Microsoft
Corporation. All rights reserved.
All materials appearing anywhere within SpectorSoft’s Help file are protected by worldwide copyright laws
and treaty provisions. The copyright on such materials is held by SpectorSoft Corporation or its subsidiaries
(collectively, "SpectorSoft"), or by the original creator of the materials. None of the materials may be
copied (other than for personal use), reproduced (other than for personal use), displayed, modified,
published, uploaded, posted, transmitted, or distributed in any form or by any means without SpectorSoft’s
prior written permission. All rights not expressly granted herein are reserved. Any unauthorized use of the
materials appearing on SpectorSoft’s Help Files may violate copyright, trademark, and other applicable laws
and could result in criminal or civil penalties.
Your use of SpectorSoft’s Help Files constitutes your acknowledgment and acceptance of
SpectorSoft’s terms of use. If you do not agree with these terms of use, please do not use
SpectorSoft’s Help Files.
Trademarks for other companies
Microsoft Windows, MSN and other Microsoft products referenced herein are either registered trademarks or
trademarks of Microsoft Corporation in the U.S. and / or other countries.
These Help Files may contain other names and phrases (marks) that may or may not be trademarks of
other organizations. All other trademarks and service marks are the property of their respective owners.
© 2013 SpectorSoft Corporation. All rights reserved.
Support | Purchase | Knowledge Base
198
Index
A
Configuring .....................................................138
About SpectorSoft ................................................ 197
Desktop ............................................................147
Access Denied .................................................... 190
Devices and Hosts ........................... 68, 75, 76, 77, 78
Account Lockout Reports ........................................ 119
Disabling Objects .................................................. 56
Account Management Reports................................... 121
Disk List ............................................................ 73
Action Variable Tags ............................................. 148
Importing ........................................................ 73
Actions ..................................................... 145, 147
Disk Space ......................................................... 37
Active Directory Settings .......................................... 39
Duplicate Files Reports ...........................................100
Adding
E
Auto Configurators ............................................ 159
Email Settings ...................................................... 20
Computers........................................................ 68
Emailing Logs.....................................................170
Filters ........................................................... 140
Enabling Objects ................................................... 56
Reports ........................................................... 89
Encrypting Files ...................................................172
Templates ........................................................ 81
Event Log Reports ................................................110
Alerts and Notifications ................................... 145, 147
Event Log to Syslog ..............................................173
Assigning
Event Log Viewer ................................................166
Batch Assign Logon As Credentials ............................ 71
EVT and EVTX Files .............................................175
Group to a Group ................................................ 61
Exporting
Logon As Credentials ........................................... 70
Filters ...........................................................142
Auto Configurators ................................ 158, 159, 160
Logs .............................................................177
Adding ......................................................... 159
B
F
Failed Logons Reports ............................................113
Browse Active Directory ........................................... 68
File and Directory Access Permissions Reports .................. 98
Browse Network .................................................... 68
File Extension Reports............................................108
C
File Output Options ...............................................157
Client Server Architecture ................................... 12, 52
Filters ..............................................................139
Computers .......................................................... 76
Adding Filters ..................................................140
Adding ........................................................... 68
Filtering entries .................................................141
Mapping .......................................................... 75
Importing and Exporting .......................................142
Searching for ..................................................... 77
Firewall ............................................................196
Configuring
G
Active Directory Settings ....................................... 39
Gmail Connection Settings ........................................ 21
Day and Time Exclusions ..................................... 138
Go To Line ........................................................169
Email Server Connections....................................... 20
Groups ......................................................... 58, 61
Server Manager to use MySQL ................................. 33
H
Server Manager to use SQL Server ............................. 24
Host List ............................................................ 74
Web Proxy Server Settings...................................... 51
Importing ........................................................ 74
Web Server Publishing Settings ................................ 42
HTML and Email Templates ...................................... 46
Windows Firewall ............................................. 196
D
I
Importing
Database Settings ................................................... 22
a Disk List ....................................................... 73
Day and Time Exclusions ........................................ 138
a Host List ....................................................... 74
199
SpectorSoft Server Manager Help
Filters ........................................................... 142
L
Registration ........................................................ 18
Report Properties .................................................. 90
Largest Files Reports ............................................. 102
Report Type ........................................................ 92
Least Accessed Files Reports .................................... 106
Reports ............................................................. 89
Licensing and Registration......................................... 18
adding ............................................................ 89
Logon As
selecting multiple ............................................... 91
Assigning Logon As Credentials ............................... 70
Retention Policy ............................................ 38, 178
Email Server Connections....................................... 20
RPC Server is Unavailable .......................................188
Logon Sessions Reports .......................................... 117
Logs
Exporting ....................................................... 177
Searching for ................................................... 181
Viewing ........................................................ 164
M
S
Schedules ..........................................................136
Searching
for Computers ................................................... 77
for Logs .........................................................181
Security Event Log Reports ......................................112
Management Server Settings ...................................... 45
Select Active Directory Organizational Unit ....................163
Mapping
Server Manager Properties ........................................ 17
Computers........................................................ 75
Service
Migrating .................................................. 183, 185
Running the Service in Verbose Mode.................. 65, 195
Multiple Auto Configurators
Service Connections ............................................ 63
Selecting ....................................................... 162
Multiple Computers
Selecting ......................................................... 78
Multiple Logs
Selecting ....................................................... 182
Multiple Reports
Selecting ......................................................... 91
Multiple Templates
Selecting ......................................................... 88
MySQL ............................................................. 33
N
Viewing the Service Log File ........................... 64, 194
Signing Files ......................................................172
SQL Server ......................................................... 24
Success Logons Reports ..........................................115
Summary Reports .................................................. 94
Syslog Reports ....................................................131
Syslog Server Settings ............................................. 40
Syslog Viewer.....................................................167
System Requirements .............................................. 11
T
TCP ports ...................................................... 12, 52
New Accounts Reports ........................................... 123
Templates .......................................................... 81
Notifications ...................................................... 147
Adding ........................................................... 81
O
Object Access Reports ........................................... 125
Object Explorer ..................................................... 54
Objects
Disabling and Enabling.......................................... 56
Options .............................................................. 57
P
PCI DSS compliance ............................................. 179
Q
Quota Violation................................................... 192
R
Recently Accessed Files Reports ................................ 104
200
Properties ........................................................ 83
Selecting ..................... 78, 85, 88, 91, 92, 162, 182
a Report Type................................................. 92
a Template Type .............................................. 85
Multiple Auto Configurators................................162
Multiple Computers .......................................... 78
Multiple Logs ................................................182
Multiple Reports.............................................. 91
Multiple Templates ........................................... 88
Temporary Files Reports .........................................109
Terminology........................................................ 15
Text Log Reports .................................................133
Index
Text Log Viewer ................................................. 168
Tray icon ............................................................ 66
U
Upgrading .................................................. 183, 185
V
the Service Log File ...................................... 64, 194
W
Web Proxy Server Settings ........................................ 51
Web Server Publishing Settings................................... 42
Windows Firewall ................................................196
Verbose Mode ...............................................65, 195
WMI Settings ...................................................... 49
Viewing
Working with Groups .............................................. 58
Logs ............................................................ 164
201
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement