The following case studies show how CIAgent® can be used in real-world situations. These scenarios show how CIAgent can be used to monitor and restart critical applications, detect root login failures (possible system intruders), and monitor host machine resources.
These scenarios use the Critical Application Subagent, the Log File Monitor, and the File System Monitor. Each of these CIAgent components have multiple uses (see the Applied Uses page).
Three scenarios are discussed:
Log files provide critical information about the processes running on a system. Using Log File Monitor, system log files can be monitored for key events: processes being restarted, login failures, etc.
Log File Monitor examines log files and performs actions when user defined patterns are encountered or when the log file exceeds a certain size.
When a pattern is defined for a particular log file, the Subagent will count the number of times that it encounters the regular expression. On subsequent searches, the Subagent will update the count as new matches are identified. A trap or a command (or both) can be executed when a match occurs.
Let's say you would like to keep track of the CPU usage and file system on a given host, where a host is can mean computer that is connected to a network and can be accessed by a management stations. Using Host Resources, File System Monitor, and Event Subagents, CPU usage can be monitored and, should the usage level meet a configured threshold, a notification can be sent to a manager.
The Host Resources Subagent reports information about systems and the applications running on those systems, including type and number of CPU(s), processor speeds, system uptime, time and date functions, processor load, number and type of disk(s), disk usage, system swap configuration, system memory, system memory usage, installed software, and running software. Host Resources is not configured; rather it reports what is happening on the system being monitoring.
The File System Monitor shows current file systems and sends a notification when the file system reaches near capacity. In addition, it has the ability to perform actions based on file system problems. Other functions include execution of programs or scripts and/or sending notifications.
The Event MIB Subagent provides a way to cause an event to happen based upon
How are the systems monitored? Once installed, the Subagents are configured to monitor the desired resource(s). The monitoring could check available disk space or CPU usage reaches a configured threshold.
Using the Critical Application Monitor subagent, you can view the application's current status and can set up a process to automatically restart the application should it quit unexpectedly.
The Critical Application Subagent monitors system processes by reporting process status, initiating process restarts, and forwarding traps based on process status. The Subagent can be set to detect a currently running process or to start that process when the Subagent starts. If a process terminates, the Subagent can take two actions: restart the application and/or send an SNMP trap to notify the manager.
To monitor and configure the Critical Application Monitor, the Company A engineer can use either the DR-Web interface to access the Critical Application Monitor's Custom Page or any standard SNMP management station product (e.g., HP® OpenView™ Network Node Manager™, IBM® Tivoli® Netview™, or SNMP Research's EnterPol® or command-line utilities).
In addition to process status, the subagent can be queried about the execution state of the critical applications, the time and exit code for the last time a critical application terminated, and the statistics on how many times an application has been restarted by the subagent.
Next Topic: Supported MIBs