Operating System KBs
This page was last modified 06:00, 21 July 2006.From Documentation
Revision as of 00:37, 13 July 2006 Moff (Talk | contribs) (→OS Knowledge Base Versions) ← Previous diff |
Current revision Mike (Talk | contribs) (→Services Sentry) |
||
Line 72: | Line 72: | ||
|HPUX parisc ||align="center" |2.1 ||11th May, 2004 ||align="center" |4.4 | |HPUX parisc ||align="center" |2.1 ||11th May, 2004 ||align="center" |4.4 | ||
|- | |- | ||
- | |HPUX intel ||align="center" |2.2 || 6th Jul, 2006 ||align="center" |4.4 | + | |HPUX intel ||align="center" |2.2 || 6th Jul, 2006 ||align="center" |4.4.3 |
|- | |- | ||
|Linux intel ||align="center" |2.1 ||20th Apr, 2004 ||align="center" |4.4.3 | |Linux intel ||align="center" |2.1 ||20th Apr, 2004 ||align="center" |4.4.3 | ||
Line 84: | Line 84: | ||
|Unixware intel ||align="center" |1.0 ||10th Mar, 2004 ||align="center" |4.2 | |Unixware intel ||align="center" |1.0 ||10th Mar, 2004 ||align="center" |4.2 | ||
|- | |- | ||
- | |Windows intel ||align="center" |2.2 ||14th Feb, 2006 ||align="center" |4.4 | + | |Windows intel ||align="center" |2.2 ||28th Apr, 2006 ||align="center" |4.4.3 |
|} | |} | ||
Line 117: | Line 117: | ||
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
Line 125: | Line 125: | ||
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
Line 143: | Line 143: | ||
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
- | | | + | | |
|- | |- | ||
|System_Calls | |System_Calls | ||
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
Line 176: | Line 176: | ||
|- | |- | ||
|HPUX | |HPUX | ||
- | | | + | | |
- | | | + | | |
|} | |} | ||
Line 220: | Line 220: | ||
|Error_Log | |Error_Log | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
- | | | + | | |
- | | | + | | |
- | | | + | | |
- | | | + | | |
- | | | + | | |
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | ==== Event Log Class ==== | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="125" | Sentry | ||
+ | !width="65" | AIX | ||
+ | !width="65" | HPUX | ||
+ | !width="65" | Linux | ||
+ | !width="65" | SCO | ||
+ | !width="65" | Solaris | ||
+ | !width="65" | Tru64 | ||
+ | !width="65" | Windows | ||
+ | |- | ||
+ | |EventLog | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |align="center" | √ | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | ==== Files Class ==== | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="125" | Sentry | ||
+ | !width="65" | AIX | ||
+ | !width="65" | HPUX | ||
+ | !width="65" | Linux | ||
+ | !width="65" | SCO | ||
+ | !width="65" | Solaris | ||
+ | !width="65" | Tru64 | ||
+ | !width="65" | Windows | ||
+ | |- | ||
+ | |File_Info | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |align="center" | √ | ||
|} | |} | ||
Line 267: | Line 315: | ||
!width="65" | Tru64 | !width="65" | Tru64 | ||
!width="65" | Windows | !width="65" | Windows | ||
+ | |- | ||
+ | |Paging_File_Space | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |align="center" | √ | ||
|- | |- | ||
|Paging_Rate | |Paging_Rate | ||
Line 275: | Line 332: | ||
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
|- | |- | ||
|Physical_Memory | |Physical_Memory | ||
- | | | + | | |
- | | | + | |
|align="center" | √ | |align="center" | √ | ||
- | | | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
+ | |align="center" | √ | ||
+ | | | ||
|align="center" | √ | |align="center" | √ | ||
|- | |- | ||
|Swap_Rate | |Swap_Rate | ||
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
- | | | + | | |
- | | | + | | |
|- | |- | ||
|Swap_Space | |Swap_Space | ||
Line 302: | Line 359: | ||
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
+ | | | ||
+ | |- | ||
+ | |Virtual_Memory | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
|align="center" | √ | |align="center" | √ | ||
|} | |} | ||
;NOTE:Certain operating systems do not provide all the memory statistics, as it may not be relevant (eg Swap_Rate on Tru64 and AIX). | ;NOTE:Certain operating systems do not provide all the memory statistics, as it may not be relevant (eg Swap_Rate on Tru64 and AIX). | ||
- | |||
- | <br> | ||
- | |||
- | ==== Network Class ==== | ||
- | |||
- | {| border="1" cellpadding="6" cellspacing="0" | ||
- | !width="125" | Sentry | ||
- | !width="65" | AIX | ||
- | !width="65" | HPUX | ||
- | !width="65" | Linux | ||
- | !width="65" | SCO | ||
- | !width="65" | Solaris | ||
- | !width="65" | Tru64 | ||
- | !width="65" | Windows | ||
- | |- | ||
- | |Network | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |} | ||
<br> | <br> | ||
Line 346: | Line 388: | ||
|- | |- | ||
|Printers | |Printers | ||
- | | | + | | |
- | | | + | | |
- | |align="center" | √ | + | | |
- | | | + | | |
- | |align="center" | √¹ | + | | |
- | | | + | | |
|align="center" | √ | |align="center" | √ | ||
|} | |} | ||
- | |||
- | ¹ The Solaris Printer class is "off" by default. This is due to an intermittent issue with the printer agent. The symptoms are excessive cpu usage by the Eventmanager. This only occurs on a very small number of systems. | ||
<br> | <br> | ||
- | ==== Processes Class ==== | + | ==== Network Class ==== |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 371: | Line 411: | ||
!width="65" | Windows | !width="65" | Windows | ||
|- | |- | ||
- | |CPU_Usage | + | |Network |
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
Line 379: | Line 419: | ||
|align="center" | √ | |align="center" | √ | ||
|align="center" | √ | |align="center" | √ | ||
- | |- | ||
- | |MEM_Usage | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | | | ||
- | |- | ||
- | |Processes¹ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | |align="center" | √ | ||
- | | | ||
|} | |} | ||
- | |||
- | ;NOTE:All OS Knowledge Bases support the Process Management Console, provided as an action against Processes sentry class. | ||
- | |||
- | ¹ On certain OSes the Processes sentry is turned off by default. Certain instances are provided as examples (nmdb, smdb) only, but should be changed to reflect the system on which the KB is installed. Note also that system services (daemons) are normally monitored via the Services sentry, so check in the Services folder before adding processes to be monitored. | ||
<br> | <br> | ||
- | ==== Security Class ==== | + | ==== Processes Class ==== |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 416: | Line 434: | ||
!width="65" | Windows | !width="65" | Windows | ||
|- | |- | ||
- | |Bad_SU | + | |Process |
- | | | + | |align="center" | ¹ |
- | |align="center" | √¹ | + | |align="center" | ¹ |
- | | | + | |align="center" | ¹ |
- | | | + | |align="center" | ¹ |
- | | | + | |align="center" | ¹ |
- | | | + | |align="center" | ¹ |
- | | | + | |align="center" | √ |
|} | |} | ||
- | + | ¹ Use the Process Knowledge Base instead. | |
- | ¹ On Linux, the Bad_SU sentry is not started by default, as it needs specific configuration to work correctly. Please read the sentry notes for more information on how to configure this sentry. | + | |
- | + | ||
<br> | <br> | ||
Line 509: | Line 525: | ||
<br> | <br> | ||
+ | |||
== Sentry Details == | == Sentry Details == | ||
Line 523: | Line 540: | ||
|CPU_States ||CPU ||Performance ||60s ||AIX only ||align="center" | √ | |CPU_States ||CPU ||Performance ||60s ||AIX only ||align="center" | √ | ||
|- | |- | ||
- | |Context_Switches ||CPU ||Performance ||60s || ||align="center" | √ | + | |Context_Switches ||CPU ||Performance ||60s || ||align="center" | √ |
|- | |- | ||
- | |Interrupts ||CPU ||Performance ||60s || ||align="center" | √ | + | |Interrupts ||CPU ||Performance ||60s || ||align="center" | √ |
|- | |- | ||
|Run_Queue ||CPU ||Performance ||60s ||align="center" | √ ||align="center" | √ | |Run_Queue ||CPU ||Performance ||60s ||align="center" | √ ||align="center" | √ | ||
|- | |- | ||
- | |Processors ||CPU/Processors ||MultiProcessor ||60s || || | + | |Processors ||CPU/Processors ||MultiProcessor ||60s || || |
|- | |- | ||
- | |System_Calls ||CPU ||Performance ||60s ||align="center" | √ || | + | |System_Calls ||CPU ||Performance ||60s || ||align="center" | √ |
|- | |- | ||
|Disk ||Disk ||Disk ||120s ||align="center" | √ ||align="center" | √ | |Disk ||Disk ||Disk ||120s ||align="center" | √ ||align="center" | √ | ||
|- | |- | ||
- | |Error_Log ||Error_Log ||ErrorLog ||120s ||align="center" | √ || | + | |Error_Log ||Error_Log ||ErrorLog ||120s ||align="center" | √ || |
+ | |- | ||
+ | |EventLog ||EventLog ||EventLog ||90s ||align="center" | √ || | ||
+ | |- | ||
+ | |File_Info ||Files ||FileInfo ||60s ||align="center" | √ || | ||
|- | |- | ||
|Filesystem ||Filesystem ||Filesystem ||300s ||align="center" | √ ||align="center" | √ | |Filesystem ||Filesystem ||Filesystem ||300s ||align="center" | √ ||align="center" | √ | ||
+ | |- | ||
+ | |Paging_File_Space ||Memory ||PageSpace ||180s ||align="center" | √ ||align="center" | √ | ||
|- | |- | ||
|Paging_Rate ||Memory ||Performance ||60s ||AIX only ||align="center" | √ | |Paging_Rate ||Memory ||Performance ||60s ||AIX only ||align="center" | √ | ||
Line 543: | Line 566: | ||
|Physical_Memory ||Memory ||Performance ||60s ||Solaris only ||align="center" | √ | |Physical_Memory ||Memory ||Performance ||60s ||Solaris only ||align="center" | √ | ||
|- | |- | ||
- | |Swap_Rate ||Memory ||Performance ||60s || ||align="center" | √ | + | |Swap_Rate ||Memory ||Performance ||60s || ||align="center" | √ |
|- | |- | ||
|Swap_Space (Linux)||Memory ||Performance ||60s ||align="center" | √ ||align="center" | √ | |Swap_Space (Linux)||Memory ||Performance ||60s ||align="center" | √ ||align="center" | √ | ||
|- | |- | ||
- | |Swap_Space (non-Linux)||Memory ||Swap ||180s ||align="center" | √ ||align="center" | √ | + | |Swap_Space (Unix) ||Memory ||Swap ||180s ||align="center" | √ ||align="center" | √ |
+ | |- | ||
+ | |Virtual_Memory ||Memory ||MemoryInfo ||60s || ||align="center" | √ | ||
|- | |- | ||
|Network ||Network ||Network ||120s ||align="center" | √ ||align="center" | √ | |Network ||Network ||Network ||120s ||align="center" | √ ||align="center" | √ | ||
|- | |- | ||
- | |Printers ||Printers ||Printer ||180s ||Solaris only || | + | |Printers ||Printers ||Printers ||180s ||align="center" | √ || |
- | |- | + | |
- | |CPU_Usage ||Processes ||ProcessInfo ||75s ||align="center" | √ ||align="center" | √ | + | |
- | |- | + | |
- | |MEM_Usage ||Processes ||ProcessInfo ||75s ||align="center" | √ ||align="center" | √ | + | |
- | |- | + | |
- | |Processes ||Processes ||ProcessInfo ||75s ||align="center" | √ || | + | |
|- | |- | ||
- | |Bad_SU ||Security ||BadSU ||n/a² ||align="center" | √ || | + | |Process ||Processes ||ProcessInfo ||75s ||align="center" | √ ||align="center" | √ |
|- | |- | ||
- | |Services ||Services ||Service ||120s ||align="center" | √ || | + | |Services ||Services ||Service ||120s ||align="center" | √ || |
|- | |- | ||
- | |CPU_Information ||System ||Information ||n/a³ || || | + | |CPU_Information ||System ||Information ||n/a³ || || |
|- | |- | ||
- | |Memory_Information||System ||Information ||n/a³ || || | + | |Memory_Information||System ||Information ||n/a³ || || |
|- | |- | ||
- | |Operating_System ||System ||Information ||n/a³ || || | + | |Operating_System ||System ||Information ||n/a³ || || |
|- | |- | ||
- | |System_Uptime ||System ||Uptime ||100s || || | + | |System_Uptime ||System ||Uptime ||100s || || |
|} | |} | ||
Line 620: | Line 639: | ||
|NOT_BUSY | |NOT_BUSY | ||
|normal | |normal | ||
- | | | + | | |
- | | | + | | |
|} | |} | ||
Line 656: | Line 675: | ||
|Busy ||normal ||$run_queue > $RUNQ_WARN ||warning after 210s | |Busy ||normal ||$run_queue > $RUNQ_WARN ||warning after 210s | ||
|- | |- | ||
- | |OK ||normal || || | + | |OK ||normal || || |
|} | |} | ||
Line 679: | Line 698: | ||
|NORMAL | |NORMAL | ||
|normal | |normal | ||
- | | | + | | |
- | | | + | | |
|} | |} | ||
Line 687: | Line 706: | ||
==== System Calls Sentry ==== | ==== System Calls Sentry ==== | ||
- | ;Availability: AIX, HPUX, SCO, Tru64, Windows | + | ;Availability: AIX, SCO, Tru64 |
- | '''Constants''' | + | '''Constants (AIX, SCO, Tru64)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 696: | Line 715: | ||
!width="65" bgcolor="#cccccc" | Value | !width="65" bgcolor="#cccccc" | Value | ||
|- | |- | ||
- | |CPU_SYSCALLS | + | |CPU_SYSCALLS ||Too many system calls per second ||10000 |
- | |Too many system calls per second | + | |
- | |10000 | + | |
|} | |} | ||
- | '''States''' | + | '''States (AIX, SCO, Tru64)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 709: | Line 726: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |BUSY | + | |BUSY ||normal ||$sys_per_sec > $CPU_SYSCALLS ||alarm after 120s |
- | |normal | + | |
- | |$sys_per_sec > $CPU_SYSCALLS | + | |
- | |alarm after 120s | + | |
|- | |- | ||
- | |NORMAL | + | |NORMAL ||normal || || |
- | |normal | + | |
- | | | + | |
- | | | + | |
|} | |} | ||
Line 726: | Line 737: | ||
;Availability: AIX¹, HPUX, Linux, SCO, Solaris, Tru64, Windows | ;Availability: AIX¹, HPUX, Linux, SCO, Solaris, Tru64, Windows | ||
- | '''Constants (Linux, Solaris, Tru64)''' | + | '''Constants (HPUX, Linux, Solaris, Tru64)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 748: | Line 759: | ||
|Indicates a very long service time (ms) | |Indicates a very long service time (ms) | ||
|50 | |50 | ||
- | |} | ||
- | |||
- | '''States (Linux, Solaris, Tru64)''' | ||
- | |||
- | {| border="1" cellpadding="6" cellspacing="0" | ||
- | !width="125" bgcolor="#cccccc" | State | ||
- | !width="65" bgcolor="#cccccc" | Severity | ||
- | !width="390" bgcolor="#cccccc" | Condition | ||
- | !width="120" bgcolor="#cccccc" | Escalation | ||
- | |- | ||
- | |Very_Busy ||warning ||$percent_busy >= $DSK_BUSY_PROB && $service_time >= $DSK_SVCT_PROB ||alarm after 390s | ||
- | |- | ||
- | |Busy ||normal ||$percent_busy >= $DSK_BUSY_WARN && $service_time >= $DSK_SVCT_WARN ||warning after 390s | ||
- | |- | ||
- | |OK ||normal || || | ||
- | |- | ||
- | |Delete ||built-in ||No data state || | ||
|} | |} | ||
Line 781: | Line 775: | ||
|% busy indicating disk is very busy | |% busy indicating disk is very busy | ||
|60 | |60 | ||
+ | |} | ||
+ | |||
+ | '''States (HPUX, Linux, Solaris, Tru64)''' | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="125" bgcolor="#cccccc" | State | ||
+ | !width="65" bgcolor="#cccccc" | Severity | ||
+ | !width="390" bgcolor="#cccccc" | Condition | ||
+ | !width="120" bgcolor="#cccccc" | Escalation | ||
+ | |- | ||
+ | |Very_Busy ||warning ||$percent_busy >= $DSK_BUSY_PROB && $service_time >= $DSK_SVCT_PROB ||alarm after 390s | ||
+ | |- | ||
+ | |Busy ||normal ||$percent_busy >= $DSK_BUSY_WARN && $service_time >= $DSK_SVCT_WARN ||warning after 390s | ||
+ | |- | ||
+ | |OK ||normal || || | ||
+ | |- | ||
+ | |Delete ||built-in ||No data state || | ||
|} | |} | ||
Line 803: | Line 814: | ||
|DSK_NORMAL | |DSK_NORMAL | ||
|normal | |normal | ||
- | | | + | | |
- | | | + | | |
|} | |} | ||
¹ Unfortunately the service time statistic is not available on AIX. The service time is a better indicator of disk IO performance. Even if a disk is 100% busy, there is no real problem unless the service time for the disk is also getting high. | ¹ Unfortunately the service time statistic is not available on AIX. The service time is a better indicator of disk IO performance. Even if a disk is 100% busy, there is no real problem unless the service time for the disk is also getting high. | ||
+ | |||
+ | '''States (Windows only)''' | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="125" bgcolor="#cccccc" | State | ||
+ | !width="65" bgcolor="#cccccc" | Severity | ||
+ | !width="390" bgcolor="#cccccc" | Condition | ||
+ | !width="120" bgcolor="#cccccc" | Escalation | ||
+ | |- | ||
+ | |Very_Busy ||warning ||$percent_busy >= $DSK_BUSY_PROB ||alarm after 390s | ||
+ | |- | ||
+ | |Busy ||normal ||$percent_busy >= $DSK_BUSY_WARN ||warning after 390s | ||
+ | |- | ||
+ | |OK ||normal || || | ||
+ | |} | ||
<br> | <br> | ||
Line 857: | Line 883: | ||
<br> | <br> | ||
+ | ==== EventLog Sentry ==== | ||
+ | |||
+ | ;Availability: Windows only | ||
+ | |||
+ | '''States (Windows only)''' | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="125" bgcolor="#cccccc" | State | ||
+ | !width="65" bgcolor="#cccccc" | Severity | ||
+ | !width="390" bgcolor="#cccccc" | Condition | ||
+ | !width="120" bgcolor="#cccccc" | Escalation | ||
+ | |- | ||
+ | |Error ||severe ||$type == “error” || $type == “audit failure” ||delete after acknowledgement | ||
+ | |- | ||
+ | |Warning ||warning ||$type == “temporary” ||delete after acknowledgement | ||
+ | |- | ||
+ | |Information ||info ||$type == “information” || $type == “audit success” ||delete after acknowledgement | ||
+ | |- | ||
+ | |Unknown ||alarm || ||delete after acknowledgement | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | ==== FileInfo Sentry ==== | ||
+ | |||
+ | ;Availability: Windows only | ||
+ | |||
+ | '''States (Windows only)''' | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="125" bgcolor="#cccccc" | State | ||
+ | !width="65" bgcolor="#cccccc" | Severity | ||
+ | !width="390" bgcolor="#cccccc" | Condition | ||
+ | !width="120" bgcolor="#cccccc" | Escalation | ||
+ | |- | ||
+ | |Nonexistent ||alarm ||$exists == 0 || | ||
+ | |- | ||
+ | |No_Access ||warning ||$owner == “CAN'T ACCESS FILE” || | ||
+ | |- | ||
+ | |Dir_Exists ||normal ||$type == “directory” || | ||
+ | |- | ||
+ | |File_Exists ||normal || || | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
==== Filesystem Sentry ==== | ==== Filesystem Sentry ==== | ||
Line 877: | Line 949: | ||
|} | |} | ||
- | '''States (Linux, Solaris, Tru64)''' | + | '''States (HPUX, Linux, Solaris, Tru64, Windows)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 885: | Line 957: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |Full ||critical ||$pct_free == $FS_FULL || | + | |Full ||critical ||$pct_free == $FS_FULL || |
|- | |- | ||
|Nearly_Full ||alarm ||$pct_free < $FS_NEARLY_FULL ||severe after 930s | |Nearly_Full ||alarm ||$pct_free < $FS_NEARLY_FULL ||severe after 930s | ||
Line 893: | Line 965: | ||
|Low ||normal ||$pct_free < $FS_LOW ||warning after 930s | |Low ||normal ||$pct_free < $FS_LOW ||warning after 930s | ||
|- | |- | ||
- | |OK ||normal || || | + | |OK ||normal || || |
|- | |- | ||
- | |Delete ||built-in ||No data state || | + | |Delete ||built-in ||No data state || |
|} | |} | ||
Line 909: | Line 981: | ||
|critical | |critical | ||
|$pct_free == $FS_FULL | |$pct_free == $FS_FULL | ||
- | | | + | | |
|- | |- | ||
|NO_INODES | |NO_INODES | ||
|critical | |critical | ||
|$pct_free_inodes == $FS_FULL | |$pct_free_inodes == $FS_FULL | ||
- | | | + | | |
|- | |- | ||
|NEARLY_FULL | |NEARLY_FULL | ||
|severe | |severe | ||
|$pct_free < $FS_NEARLY_FULL | |$pct_free < $FS_NEARLY_FULL | ||
- | | | + | | |
|- | |- | ||
|FEW_INODES | |FEW_INODES | ||
|severe | |severe | ||
|$pct_free_inodes < $FS_NEARLY_FULL | |$pct_free_inodes < $FS_NEARLY_FULL | ||
- | | | + | | |
|- | |- | ||
|VERY_LOW | |VERY_LOW | ||
|alarm | |alarm | ||
|$pct_free < $FS_VERY_LOW | |$pct_free < $FS_VERY_LOW | ||
- | | | + | | |
|- | |- | ||
|VLOW_INODES | |VLOW_INODES | ||
|alarm | |alarm | ||
|$pct_free_inodes < $FS_VERY_LOW | |$pct_free_inodes < $FS_VERY_LOW | ||
- | | | + | | |
|- | |- | ||
|LOW | |LOW | ||
|warning | |warning | ||
|$pct_free < $FS_LOW | |$pct_free < $FS_LOW | ||
- | | | + | | |
|- | |- | ||
|LOW_INODES | |LOW_INODES | ||
|warning | |warning | ||
|$pct_free_inodes < $FS_LOW | |$pct_free_inodes < $FS_LOW | ||
- | | | + | | |
|- | |- | ||
|SUFFICIENT | |SUFFICIENT | ||
|normal | |normal | ||
- | | | + | | |
- | | | + | | |
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | ==== Paging File Space Sentry ==== | ||
+ | |||
+ | ;Availability: Windows only | ||
+ | |||
+ | '''Constants''' | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="150" bgcolor="#cccccc" | Constant | ||
+ | !width="500" bgcolor="#cccccc" | Description | ||
+ | !width="65" bgcolor="#cccccc" | Value | ||
+ | |- | ||
+ | |SWAP_LOW ||Low percent free swap space ||15 | ||
+ | |- | ||
+ | |SWAP_VERY_LOW ||Very low percent free swap space ||8 | ||
+ | |} | ||
+ | |||
+ | '''States''' | ||
+ | |||
+ | {| border="1" cellpadding="6" cellspacing="0" | ||
+ | !width="125" bgcolor="#cccccc" | State | ||
+ | !width="65" bgcolor="#cccccc" | Severity | ||
+ | !width="390" bgcolor="#cccccc" | Condition | ||
+ | !width="120" bgcolor="#cccccc" | Escalation | ||
+ | |- | ||
+ | |Very_Low ||warning ||$pct_avail_page <= $SWAP_VERY_LOW ||alarm after 570s | ||
+ | |- | ||
+ | |Low ||normal ||$pct_avail_page <= $SWAP_LOW ||warning after 570s | ||
+ | |- | ||
+ | |OK ||normal || || | ||
|} | |} | ||
Line 956: | Line 1,061: | ||
==== Paging Rate Sentry ==== | ==== Paging Rate Sentry ==== | ||
- | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64 | + | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows |
'''Constants (AIX only)''' | '''Constants (AIX only)''' | ||
Line 985: | Line 1,090: | ||
|ACCEPTABLE | |ACCEPTABLE | ||
|normal | |normal | ||
- | | | + | | |
- | | | + | | |
|} | |} | ||
Line 993: | Line 1,098: | ||
==== Physical Memory Sentry ==== | ==== Physical Memory Sentry ==== | ||
- | ;Availability: Linux, Solaris, Windows | + | ;Availability: HPUX, Linux, Solaris, Windows |
'''Constants (Solaris only)''' | '''Constants (Solaris only)''' | ||
Line 1,021: | Line 1,126: | ||
|Low ||normal ||$residency_time <= $RESTIME_OK ||warning after 210s | |Low ||normal ||$residency_time <= $RESTIME_OK ||warning after 210s | ||
|- | |- | ||
- | |OK ||normal || || | + | |OK ||normal || || |
|} | |} | ||
Line 1,028: | Line 1,133: | ||
==== Swap Space Sentry ==== | ==== Swap Space Sentry ==== | ||
- | ;Availability: AIX, HPUX, Linux, Solaris, Tru64, Windows | + | ;Availability: AIX, HPUX, Linux, Solaris, Tru64 |
'''Constants''' | '''Constants''' | ||
Line 1,054: | Line 1,159: | ||
|Low ||normal ||$swap_pct_free <= $SWAP_LOW ||warning after 570s | |Low ||normal ||$swap_pct_free <= $SWAP_LOW ||warning after 570s | ||
|- | |- | ||
- | |OK ||normal || || | + | |OK ||normal || || |
|} | |} | ||
Line 1,063: | Line 1,168: | ||
;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows | ||
- | '''Constants''' | + | '''Constants (AIX, HPUX, Linux, SCO, Solaris, Tru64)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,081: | Line 1,186: | ||
|} | |} | ||
- | '''States''' | + | '''States (AIX, HPUX, Linux, SCO, Solaris, Tru64)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,097: | Line 1,202: | ||
|Busy ||normal ||$collisions >= $NET_COLL_WARN && $pckts_transmit > $NET_WORKING ||warning after 390s | |Busy ||normal ||$collisions >= $NET_COLL_WARN && $pckts_transmit > $NET_WORKING ||warning after 390s | ||
|- | |- | ||
- | |OK ||normal || || | + | |OK ||normal || || |
|} | |} | ||
- | <br> | + | '''Constants (Windows only)''' |
- | ==== Printers Sentry ==== | + | {| border="1" cellpadding="6" cellspacing="0" |
+ | !width="150" bgcolor="#cccccc" | Constant | ||
+ | !width="500" bgcolor="#cccccc" | Description | ||
+ | !width="65" bgcolor="#cccccc" | Value | ||
+ | |- | ||
+ | |NET_DROP_OK ||Indicating excessive collisions ||0 | ||
+ | |- | ||
+ | |NET_DROP_PROB ||Indicating many collisions ||1 | ||
+ | |- | ||
+ | |NET_ERROR_OK ||Indicating hardware is OK ||0 | ||
+ | |- | ||
+ | |NET_ERROR_PROB ||Indicating possible hardware error ||0.05 | ||
+ | |} | ||
- | ;Availability: Linux, Solaris, Windows | + | '''States (Windows only)''' |
- | + | ||
- | '''States (Solaris only)''' | + | |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,114: | Line 1,229: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |NO_PAPER | + | |Many_Errors ||warning ||$pkts_errs_sec >= $NET_ERROR_PROB ||alarm after 390s |
- | |alarm | + | |
- | |$status == “faulted” && $reason == “paper” | + | |
- | | | + | |
|- | |- | ||
- | |FAULTED | + | |Many_Drops ||warning ||$pkts_drps_sec >= $NET_DROP_PROB ||alarm after 390s |
- | |alarm | + | |
- | |$status == “faulted” | + | |
- | | | + | |
|- | |- | ||
- | |UNKNOWN | + | |Some_Errors ||normal ||$pkts_errs_sec > $NET_ERROR_OK ||warning after 390s |
- | |warning | + | |
- | |$status == “unknown” | + | |
- | | | + | |
|- | |- | ||
- | |IDLE | + | |Some_Drops ||normal ||$pkts_drps_sec > $NET_DROP_OK ||warning after 390s |
- | |normal | + | |
- | |$status == “idle” | + | |
- | | | + | |
|- | |- | ||
- | |PRINTING | + | |OK ||normal || || |
- | |normal | + | |
- | |$status == “printing” | + | |
- | | | + | |
- | |- | + | |
- | |WAITING | + | |
- | |normal | + | |
- | |$status == “waiting” | + | |
- | | | + | |
- | |- | + | |
- | |DISABLED | + | |
- | |disabled | + | |
- | |$status == “disabled” | + | |
- | | | + | |
|} | |} | ||
<br> | <br> | ||
- | ==== CPU_Usage Sentry ==== | ||
- | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64 | + | ==== Printers Sentry ==== |
- | '''Constants''' | + | ;Availability: Windows |
- | {| border="1" cellpadding="6" cellspacing="0" | + | '''States (Windows only)''' |
- | !width="150" bgcolor="#cccccc" | Constant | + | |
- | !width="500" bgcolor="#cccccc" | Description | + | |
- | !width="65" bgcolor="#cccccc" | Value | + | |
- | |- | + | |
- | |CPU_HIGH | + | |
- | |Percentage CPU usage considered high for a process | + | |
- | |10 | + | |
- | |- | + | |
- | |CPU_PROBLEM | + | |
- | |Unacceptable percentage CPU usage for a process | + | |
- | |50 | + | |
- | |} | + | |
- | + | ||
- | '''States''' | + | |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,179: | Line 1,254: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |VHIGH_CPU | + | |Idle ||normal ||$status == “Idle” || |
- | |info | + | |
- | |$cpu_percent >= $CPU_PROBLEM | + | |
- | |warning after 120s, alarm after 180s | + | |
|- | |- | ||
- | |HIGH_CPU | + | |Printing ||normal ||$status == “Printing” || |
- | |normal | + | |
- | |$cpu_percent >= $CPU_HIGH | + | |
- | | | + | |
|- | |- | ||
- | |OK_CPU | + | |No_Paper ||alarm ||$status == “Paperout” || |
- | |disabled | + | |- |
- | | | + | |Offline ||info ||$status == “Offline” || |
- | |delete immediately | + | |- |
+ | |Paused ||info ||$status == “Paused” || | ||
+ | |- | ||
+ | |Problem ||alarm ||$status == “Error” || | ||
+ | |- | ||
+ | |No_Access ||alarm ||$status == “NoAccess” || | ||
+ | |- | ||
+ | |Unknown ||alarm || || | ||
|} | |} | ||
<br> | <br> | ||
- | ==== MEM_Usage Sentry ==== | ||
- | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64 | + | ==== Process Sentry ==== |
- | '''Constants''' | + | ;Availability: Windows |
+ | |||
+ | '''Constants (Windows only)''' | ||
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,207: | Line 1,284: | ||
!width="65" bgcolor="#cccccc" | Value | !width="65" bgcolor="#cccccc" | Value | ||
|- | |- | ||
- | |MEMORY_HIGH | + | |CPU_HIGH ||Percentage CPU usage considered high for a process ||10 |
- | |Percentage memory usage considered high for a process | + | |
- | |10 | + | |
|- | |- | ||
- | |MEMORY_PROBLEM | + | |CPU_PROBLEM ||Unacceptable percentage CPU usage for a process ||50 |
- | |Unacceptable percentage memory usage for a process | + | |
- | |50 | + | |
|} | |} | ||
- | '''States''' | + | '''States (Windows only)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,224: | Line 1,297: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |VHIGH_MEMORY | + | |VeryHigh_CPU ||info ||$pct_proc_time >= $CPU_PROBLEM ||warning after 120s, alarm after 300s |
- | |info | + | |
- | |$mem_percent >= $MEMORY_PROBLEM | + | |
- | |warning after 120s, alarm after 180s | + | |
|- | |- | ||
- | |HIGH_MEMORY | + | |High_CPU ||info ||$pct_proc_time >= $CPU_HIGH || |
- | |normal | + | |
- | |$mem_percent >= $MEMORY_HIGH | + | |
- | | | + | |
|- | |- | ||
- | |OK_MEMORY | + | |OK_CPU ||normal || || |
- | |disabled | + | |- |
- | | | + | |Not_Running ||built-in ||No data state || |
- | |delete immediately | + | |
|} | |} | ||
<br> | <br> | ||
- | ==== Processes Sentry ==== | ||
- | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64 | + | ==== Services Sentry ==== |
+ | |||
+ | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows | ||
'''States (AIX only)''' | '''States (AIX only)''' | ||
Line 1,253: | Line 1,320: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |DOWN | + | |INACTIVE |
- | |alarm | + | |disabled |
- | |$count == 0 | + | |$status == “inoperative” |
- | | | + | | |
|- | |- | ||
- | |UP | + | |ACTIVE |
|normal | |normal | ||
- | | | + | | |
- | | | + | | |
|} | |} | ||
- | |||
- | <br> | ||
- | ==== BadSU Sentry ==== | ||
- | |||
- | ;Availability: Linux | ||
- | |||
- | '''States''' | ||
- | |||
- | {| border="1" cellpadding="6" cellspacing="0" | ||
- | !width="125" bgcolor="#cccccc" | State | ||
- | !width="65" bgcolor="#cccccc" | Severity | ||
- | !width="390" bgcolor="#cccccc" | Condition | ||
- | !width="120" bgcolor="#cccccc" | Escalation | ||
- | |- | ||
- | |Violation | ||
- | |alarm | ||
- | |$Count > 1 | ||
- | |acknowledgment | ||
- | |- | ||
- | |Report | ||
- | |info | ||
- | |$Count == 1 | ||
- | |acknowledgment | ||
- | |} | ||
- | |||
- | <br> | ||
- | ==== Services Sentry ==== | ||
- | |||
- | ;Availability: AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows | ||
'''States (Linux only)''' | '''States (Linux only)''' | ||
Line 1,301: | Line 1,339: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |Confused ||info ||$Status == “Off” && $PID != “-1” || | + | |Confused ||info ||$Status == “Off” && $PID != “-1” || |
|- | |- | ||
- | |Off ||normal ||$Status == “Off” || | + | |Off ||normal ||$Status == “Off” || |
|- | |- | ||
- | |Not_Running ||warning ||$PID == -1 || | + | |Not_Running ||warning ||$PID == -1 || |
|- | |- | ||
- | |Running ||normal ||$PID != -1 || | + | |Running ||normal ||$PID != -1 || |
- | |- | + | |
- | |Delete ||built-in ||No data state || | + | |
|} | |} | ||
- | '''States (Solaris, Tru64)''' | + | '''States (HPUX, Solaris, Tru64)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,320: | Line 1,356: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |Not_Running ||warning ||$count == 0 || | + | |Not_Running ||warning ||$count == 0 || |
|- | |- | ||
- | |Runing ||normal || || | + | |Runing ||normal || || |
- | |- | + | |
- | |Delete ||built-in ||No data state || | + | |
|} | |} | ||
- | '''States (AIX only)''' | + | '''States (Windows only)''' |
{| border="1" cellpadding="6" cellspacing="0" | {| border="1" cellpadding="6" cellspacing="0" | ||
Line 1,335: | Line 1,369: | ||
!width="120" bgcolor="#cccccc" | Escalation | !width="120" bgcolor="#cccccc" | Escalation | ||
|- | |- | ||
- | |INACTIVE | + | |Down ||alarm ||$state == “Stopped” && $start == “Automatic” || |
- | |disabled | + | |
- | |$status == “inoperative” | + | |
- | | | + | |
|- | |- | ||
- | |ACTIVE | + | |Confused ||info ||$state == “Running” && $start == “Disabled” || |
- | |normal | + | |- |
- | | | + | |Running ||normal ||$state == “Running” || |
- | | | + | |- |
+ | |Disabled ||disabled ||$state == “Stopped” && $start == “Disabled” || | ||
+ | |- | ||
+ | |Paused ||info ||$state == “Running” || | ||
+ | |- | ||
+ | |Intermediate||info ||$state == “Starting” || $state == “Stopping” || $state == “Continue pending” || $state == “Pause pending” || | ||
+ | |- | ||
+ | |Unknown ||alarm || || | ||
|} | |} | ||
<br> | <br> |
Current revision
Overview
The primary aim of the operating system knowledge bases in Sentinel3G is to provide a base level of operations monitoring that is consistent across various UNIX/Linux platforms. Due to differences between the various operating systems we monitor, complete consistency is not always achievable. This document describes the general content of the OS knowledge bases, and the discrepancies between them on different platforms.
Standard Knowledge Base
The standard knowledge base is OS independent, and so is packaged with Sentinel3G on all Operating Systems. It can be upgraded, but not uninstalled.
Sentry | AIX | HPUX | Linux | Solaris | Tru64 | Unixware | Windows |
---|---|---|---|---|---|---|---|
Connectivity¹ | √ | √ | √ | √ | √ | √ | √ |
Event_Manager¹ | √ | √ | √ | √ | √ | √ | √ |
Host_Monitor | √ | √ | √ | √ | √ | √ | √ |
Scheduler² | √ | √ | √ | √ | √ | √ | √ |
¹ Connectivity and Event_Manager sentries are only started on the Event Host.
² Scheduler sentry is not started by default. Please read the online documentation for details on how to use the Scheduler sentry.
OS Knowledge Base Versions
OS | Version | Availability Date | Min Sentinel Version |
---|---|---|---|
AIX risc | 2.1 | 17th Mar, 2004 | 4.4 |
HPUX parisc | 2.1 | 11th May, 2004 | 4.4 |
HPUX intel | 2.2 | 6th Jul, 2006 | 4.4.3 |
Linux intel | 2.1 | 20th Apr, 2004 | 4.4.3 |
Solaris intel | 2.1 | 14th Jan, 2003 | 4.4 |
Solaris sparc | 2.2 | 10th Apr, 2006 | 4.4.3 |
Tru64 alpha | 2.1 | 2nd Jun, 2004 | 4.4 |
Unixware intel | 1.0 | 10th Mar, 2004 | 4.2 |
Windows intel | 2.2 | 28th Apr, 2006 | 4.4.3 |
OS Knowledge Bases
CPU Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
CPU_States¹ | √ | √ | √ | √ | √ | √ | √ |
Context_Switches | √ | √ | √ | √ | √ | √ | |
Interrupts | √ | √ | √ | √ | √ | ||
Run_Queue | √ | √ | √ | √ | √ | √ | √ |
Processors | √ | √ | √ | √ | |||
System_Calls | √ | √ | √ | √ | √ |
- NOTE
- Certain operating systems do not provide all the CPU statistics by default, and collecting them may require kernel patches or third party collection tools. Solaris requires packages SUNWaccr and SUNWaccu. Tru64 requires …
¹ All operating systems monitor % System, % User and % Idle CPU time, some OSes provide more information:
OS | More CPU_States Information | Description |
---|---|---|
AIX, Solaris, Tru64 | % Wait IO | The amount of time spent waiting for blocked I/0 to complete. |
Linux | % Nice CPU | The percentage of time that the system is in the user state running processes at low (nice) scheduling priority. |
HPUX |
Disk Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Disk | √ | √ | √ | √ | √ | √ | √ |
Error Log Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Error_Log | √ |
Event Log Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
EventLog | √ |
Files Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
File_Info | √ |
Filesystem Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Filesystem | √¹ | √ | √ | √ | √ | √ | √ |
¹ AIX provides two sentries for free space monitoring, one sentry specifically for /usr (with less sensitive thresholds) and another for the other filesystems.
Memory Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Paging_File_Space | √ | ||||||
Paging_Rate | √ | √ | √ | √ | √ | √ | |
Physical_Memory | √ | √ | √ | √ | |||
Swap_Rate | √ | √ | √ | ||||
Swap_Space | √ | √ | √ | √ | √ | √ | |
Virtual_Memory | √ |
- NOTE
- Certain operating systems do not provide all the memory statistics, as it may not be relevant (eg Swap_Rate on Tru64 and AIX).
Printers Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Printers | √ |
Network Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Network | √ | √ | √ | √ | √ | √ | √ |
Processes Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Process | ¹ | ¹ | ¹ | ¹ | ¹ | ¹ | √ |
¹ Use the Process Knowledge Base instead.
Services Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
Services | √¹ | √ | √² | √ | √ | √ | √ |
¹ AIX provides a complete service management interface using lssrc, startsrc and stopsrc. This interface has been implemented via actions on the Services sentry on AIX.
² Linux provides a complete service management interface using chkconfig and the startup/shutdown scripts in /etc/init.d (/etc/rc.d/init.d on older systems). This interface has been implemented via actions on the Services sentry on Linux.
System Class
Sentry | AIX | HPUX | Linux | SCO | Solaris | Tru64 | Windows |
---|---|---|---|---|---|---|---|
CPU_Information | √ | √ | √¹ | √ | √ | √ | √ |
Memory_Information | √ | √ | √ | √ | √ | √ | √ |
Operating_System | √ | √ | √ | √ | √ | √ | √ |
System_Uptime | √ | √ | √ | √ | √ | √ | √ |
¹ The Linux OS on the i386 platform provides additional CPU information including the approximate speed and vendor of the processors.
Sentry Details
Overview
Sentry | Class | Agent | Poll Time | States | Logging |
---|---|---|---|---|---|
CPU_States | CPU | Performance | 60s | AIX only | √ |
Context_Switches | CPU | Performance | 60s | √ | |
Interrupts | CPU | Performance | 60s | √ | |
Run_Queue | CPU | Performance | 60s | √ | √ |
Processors | CPU/Processors | MultiProcessor | 60s | ||
System_Calls | CPU | Performance | 60s | √ | |
Disk | Disk | Disk | 120s | √ | √ |
Error_Log | Error_Log | ErrorLog | 120s | √ | |
EventLog | EventLog | EventLog | 90s | √ | |
File_Info | Files | FileInfo | 60s | √ | |
Filesystem | Filesystem | Filesystem | 300s | √ | √ |
Paging_File_Space | Memory | PageSpace | 180s | √ | √ |
Paging_Rate | Memory | Performance | 60s | AIX only | √ |
Physical_Memory | Memory | Performance | 60s | Solaris only | √ |
Swap_Rate | Memory | Performance | 60s | √ | |
Swap_Space (Linux) | Memory | Performance | 60s | √ | √ |
Swap_Space (Unix) | Memory | Swap | 180s | √ | √ |
Virtual_Memory | Memory | MemoryInfo | 60s | √ | |
Network | Network | Network | 120s | √ | √ |
Printers | Printers | Printers | 180s | √ | |
Process | Processes | ProcessInfo | 75s | √ | √ |
Services | Services | Service | 120s | √ | |
CPU_Information | System | Information | n/a³ | ||
Memory_Information | System | Information | n/a³ | ||
Operating_System | System | Information | n/a³ | ||
System_Uptime | System | Uptime | 100s |
¹ Packets sent and received are known only as sent and received on Solaris and Linux.
² The BadSU agent is a LogFile agent, and so does not have a poll time. Any new data is interpreted whenever the logfile being monitored changes.
³ The Information agent (Hardware agent on Linux) is essentially run only once.
Sentry State Details
CPU States Sentry
- Availability
- AIX¹, HPUX, Linux, SCO, Solaris, Tru64, Windows
Constants (AIX only)
Constant | Description | Value |
---|---|---|
CPU_BUSY | User + System percentage indicating the CPU is busy | 90 |
CPU_OVERLOADED | User + System percentage indicating the CPU is overloaded | 95 |
States (AIX only)
State | Severity | Condition | Escalation |
---|---|---|---|
OVERLOAD_CPU | warning | $cpu_user + $cpu_system > $CPU_OVERLOADED | severe after 120s |
BUSY_CPU | normal | $cpu_user + $cpu_system > $CPU_BUSY | warning after 120s |
NOT_BUSY | normal |
¹ The CPU States sentry only has constants and states defined for AIX.
Run Queue Sentry
- Availability
- AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows
Constants
Constant | Description | Value |
---|---|---|
RUNQ_WARN | Run queue is getting long | 3 |
RUNQ_PROB | Run queue is too long | 6 |
States (HPUX, Linux, SCO, Solaris, Tru64, Windows)
State | Severity | Condition | Escalation |
---|---|---|---|
Very_Busy | warning | $run_queue > $RUNQ_PROB | alarm after 210s |
Busy | normal | $run_queue > $RUNQ_WARN | warning after 210s |
OK | normal |
States (AIX only)
State | Severity | Condition | Escalation |
---|---|---|---|
OVERLOAD | warning | $run_queue > $RUNQ_PROB | severe after 120s |
BUSY | normal | $run_queue > $RUNQ_WARN | warning after 120s |
NORMAL | normal |
System Calls Sentry
- Availability
- AIX, SCO, Tru64
Constants (AIX, SCO, Tru64)
Constant | Description | Value |
---|---|---|
CPU_SYSCALLS | Too many system calls per second | 10000 |
States (AIX, SCO, Tru64)
State | Severity | Condition | Escalation |
---|---|---|---|
BUSY | normal | $sys_per_sec > $CPU_SYSCALLS | alarm after 120s |
NORMAL | normal |
Disk Sentry
- Availability
- AIX¹, HPUX, Linux, SCO, Solaris, Tru64, Windows
Constants (HPUX, Linux, Solaris, Tru64)
Constant | Description | Value |
---|---|---|
DSK_BUSY_WARN | % busy indicating disk is busy | 5 |
DSK_BUSY_PROB | % busy indicating disk is very busy | 20 |
DSK_SVCT_WARN | Indicates a long service time (ms) | 30 |
DSK_SVCT_PROB | Indicates a very long service time (ms) | 50 |
Constants (AIX, Windows)
Constant | Description | Value |
---|---|---|
DSK_BUSY_WARN | % busy indicating disk is busy | 40 |
DSK_BUSY_PROB | % busy indicating disk is very busy | 60 |
States (HPUX, Linux, Solaris, Tru64)
State | Severity | Condition | Escalation |
---|---|---|---|
Very_Busy | warning | $percent_busy >= $DSK_BUSY_PROB && $service_time >= $DSK_SVCT_PROB | alarm after 390s |
Busy | normal | $percent_busy >= $DSK_BUSY_WARN && $service_time >= $DSK_SVCT_WARN | warning after 390s |
OK | normal | ||
Delete | built-in | No data state |
States (AIX only)
State | Severity | Condition | Escalation |
---|---|---|---|
DSK_VERYBUSY | warning | $percent_busy > $DSK_BUSY_PROB | severe after 120s |
DSK_BUSY | normal | $percent_busy > $DSK_BUSY_WARN | warning after 120s |
DSK_NORMAL | normal |
¹ Unfortunately the service time statistic is not available on AIX. The service time is a better indicator of disk IO performance. Even if a disk is 100% busy, there is no real problem unless the service time for the disk is also getting high.
States (Windows only)
State | Severity | Condition | Escalation |
---|---|---|---|
Very_Busy | warning | $percent_busy >= $DSK_BUSY_PROB | alarm after 390s |
Busy | normal | $percent_busy >= $DSK_BUSY_WARN | warning after 390s |
OK | normal |
Error Log Sentry
- Availability
- AIX only
- NOTE
- Certain error log entries are ignored by Sentinel 3G. The list of error codes can be found in a file called exclude_errors under the distrib.db folder under the Sentinel installation (/usr/lpp/cosmos/sentinel_4.2/distrib.db by default on AIX)
States (AIX only)
State | Severity | Condition | Escalation |
---|---|---|---|
UNKNOWN | severe | $Type == “unknown” | acknowledgement |
PERMANENT | alarm | $Type == “permanent” | acknowledgement |
TEMPORARY | warning | $Type == “temporary” | acknowledgement |
INFORMATION | info | $Type == “informational” | acknowledgement |
PENDING | info | $Type == “pending” | acknowledgement |
PERFORMANCE | info | $Type == “performance” | acknowledgement |
EventLog Sentry
- Availability
- Windows only
States (Windows only)
State | Severity | Condition | Escalation |
---|---|---|---|
Error | severe | $type == “error” || $type == “audit failure” | delete after acknowledgement |
Warning | warning | $type == “temporary” | delete after acknowledgement |
Information | info | $type == “information” || $type == “audit success” | delete after acknowledgement |
Unknown | alarm | delete after acknowledgement |
FileInfo Sentry
- Availability
- Windows only
States (Windows only)
State | Severity | Condition | Escalation |
---|---|---|---|
Nonexistent | alarm | $exists == 0 | |
No_Access | warning | $owner == “CAN'T ACCESS FILE” | |
Dir_Exists | normal | $type == “directory” | |
File_Exists | normal |
Filesystem Sentry
- Availability
- AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows
Constants
Constant | Description | Value |
---|---|---|
LOW | Indicating low free space | 10 |
VERY_LOW | Indicating very low free space | 5 |
NEARLY_FULL | Indicating the filesystem is nearly full | 2 |
FULL | Indicating the filesystem is full | 0 |
States (HPUX, Linux, Solaris, Tru64, Windows)
State | Severity | Condition | Escalation |
---|---|---|---|
Full | critical | $pct_free == $FS_FULL | |
Nearly_Full | alarm | $pct_free < $FS_NEARLY_FULL | severe after 930s |
Very_Low | warning | $pct_free < $FS_VERY_LOW | alarm after 930s |
Low | normal | $pct_free < $FS_LOW | warning after 930s |
OK | normal | ||
Delete | built-in | No data state |
States (AIX only)
State | Severity | Condition | Escalation |
---|---|---|---|
FULL | critical | $pct_free == $FS_FULL | |
NO_INODES | critical | $pct_free_inodes == $FS_FULL | |
NEARLY_FULL | severe | $pct_free < $FS_NEARLY_FULL | |
FEW_INODES | severe | $pct_free_inodes < $FS_NEARLY_FULL | |
VERY_LOW | alarm | $pct_free < $FS_VERY_LOW | |
VLOW_INODES | alarm | $pct_free_inodes < $FS_VERY_LOW | |
LOW | warning | $pct_free < $FS_LOW | |
LOW_INODES | warning | $pct_free_inodes < $FS_LOW | |
SUFFICIENT | normal |
Paging File Space Sentry
- Availability
- Windows only
Constants
Constant | Description | Value |
---|---|---|
SWAP_LOW | Low percent free swap space | 15 |
SWAP_VERY_LOW | Very low percent free swap space | 8 |
States
State | Severity | Condition | Escalation |
---|---|---|---|
Very_Low | warning | $pct_avail_page <= $SWAP_VERY_LOW | alarm after 570s |
Low | normal | $pct_avail_page <= $SWAP_LOW | warning after 570s |
OK | normal |
Paging Rate Sentry
- Availability
- AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows
Constants (AIX only)
Constant | Description | Value |
---|---|---|
OVER_PAGING | Too many page ins or outs per second | 10 |
States (AIX only)
State | Severity | Condition | Escalation |
---|---|---|---|
BUSY | normal | $pgins_per_sec >= $OVER_PAGING || $pgouts_per_sec >= $OVER_PAGING | alarm after 62s |
ACCEPTABLE | normal |
Physical Memory Sentry
- Availability
- HPUX, Linux, Solaris, Windows
Constants (Solaris only)
Constant | Description | Value |
---|---|---|
RESTIME_LONG | Very long residency time | 600 |
RESTIME_OK | Acceptable residency time (ms) | 40 |
RESTIME_PROB | Indicating residency time is too short | 20 |
States (Solaris only)
State | Severity | Condition | Escalation |
---|---|---|---|
Very_Low | warning | $residency_time <= $RESTIME_PROB | alarm after 210s |
Low | normal | $residency_time <= $RESTIME_OK | warning after 210s |
OK | normal |
Swap Space Sentry
- Availability
- AIX, HPUX, Linux, Solaris, Tru64
Constants
Constant | Description | Value |
---|---|---|
SWAP_LOW | Low percent free swap space | 15 |
SWAP_VERY_LOW | Very low percent free swap space | 10 |
States
State | Severity | Condition | Escalation |
---|---|---|---|
Very_Low | warning | $swap_pct_free <= $SWAP_VERY_LOW | alarm after 570s |
Low | normal | $swap_pct_free <= $SWAP_LOW | warning after 570s |
OK | normal |
Network Sentry
- Availability
- AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows
Constants (AIX, HPUX, Linux, SCO, Solaris, Tru64)
Constant | Description | Value |
---|---|---|
NET_WORKING | Less than this many transfers and the network is under-utilised | 50 |
NET_COLL_PROB | Indicating excessive collisions | 30 |
NET_COLL_WARN | Indicating many collisions | 15 |
NET_ERROR_OK | Indicating hardware is OK | 0 |
NET_ERROR_PROB | Indicating possible hardware error | 0.05 |
States (AIX, HPUX, Linux, SCO, Solaris, Tru64)
State | Severity | Condition | Escalation |
---|---|---|---|
Many_Errors | warning | $errors_total >= $NET_ERROR_PROB | alarm after 390s |
Very_Busy | warning | $collisions >= $NET_COLL_PROB && $pckts_transmit > $NET_WORKING | alarm after 390s |
Some_Errors | normal | $errors_total > $NET_ERROR_OK | warning after 390s |
Busy | normal | $collisions >= $NET_COLL_WARN && $pckts_transmit > $NET_WORKING | warning after 390s |
OK | normal |
Constants (Windows only)
Constant | Description | Value |
---|---|---|
NET_DROP_OK | Indicating excessive collisions | 0 |
NET_DROP_PROB | Indicating many collisions | 1 |
NET_ERROR_OK | Indicating hardware is OK | 0 |
NET_ERROR_PROB | Indicating possible hardware error | 0.05 |
States (Windows only)
State | Severity | Condition | Escalation |
---|---|---|---|
Many_Errors | warning | $pkts_errs_sec >= $NET_ERROR_PROB | alarm after 390s |
Many_Drops | warning | $pkts_drps_sec >= $NET_DROP_PROB | alarm after 390s |
Some_Errors | normal | $pkts_errs_sec > $NET_ERROR_OK | warning after 390s |
Some_Drops | normal | $pkts_drps_sec > $NET_DROP_OK | warning after 390s |
OK | normal |
Printers Sentry
- Availability
- Windows
States (Windows only)
State | Severity | Condition | Escalation |
---|---|---|---|
Idle | normal | $status == “Idle” | |
Printing | normal | $status == “Printing” | |
No_Paper | alarm | $status == “Paperout” | |
Offline | info | $status == “Offline” | |
Paused | info | $status == “Paused” | |
Problem | alarm | $status == “Error” | |
No_Access | alarm | $status == “NoAccess” | |
Unknown | alarm |
Process Sentry
- Availability
- Windows
Constants (Windows only)
Constant | Description | Value |
---|---|---|
CPU_HIGH | Percentage CPU usage considered high for a process | 10 |
CPU_PROBLEM | Unacceptable percentage CPU usage for a process | 50 |
States (Windows only)
State | Severity | Condition | Escalation |
---|---|---|---|
VeryHigh_CPU | info | $pct_proc_time >= $CPU_PROBLEM | warning after 120s, alarm after 300s |
High_CPU | info | $pct_proc_time >= $CPU_HIGH | |
OK_CPU | normal | ||
Not_Running | built-in | No data state |
Services Sentry
- Availability
- AIX, HPUX, Linux, SCO, Solaris, Tru64, Windows
States (AIX only)
State | Severity | Condition | Escalation |
---|---|---|---|
INACTIVE | disabled | $status == “inoperative” | |
ACTIVE | normal |
States (Linux only)
State | Severity | Condition | Escalation |
---|---|---|---|
Confused | info | $Status == “Off” && $PID != “-1” | |
Off | normal | $Status == “Off” | |
Not_Running | warning | $PID == -1 | |
Running | normal | $PID != -1 |
States (HPUX, Solaris, Tru64)
State | Severity | Condition | Escalation |
---|---|---|---|
Not_Running | warning | $count == 0 | |
Runing | normal |
States (Windows only)
State | Severity | Condition | Escalation |
---|---|---|---|
Down | alarm | $state == “Stopped” && $start == “Automatic” | |
Confused | info | $state == “Running” && $start == “Disabled” | |
Running | normal | $state == “Running” | |
Disabled | disabled | $state == “Stopped” && $start == “Disabled” | |
Paused | info | $state == “Running” | |
Intermediate | info | $state == “Starting” || $state == “Stopping” || $state == “Continue pending” || $state == “Pause pending” | |
Unknown | alarm |