Server Monitoring

Server monitoring with NightWatch is easy to set up and manage. A single instance of NightWatch on a PC or server can monitor hundreds of servers.

NightWatch server monitoring allows great flexibility by using expert monitored object types such as Disc Space, Event Logs, Unix Server, Unix Syslog etc. Each monitored object type is dedicated to a specialist server monitoring role. There are over 100 monitored object types to choose from.

Server Monitoring objects can be customised to provide specific monitoring duties. For example, Windows Event Logs can be examined by a VB Script which can be edited by the user to pick out any unusual events in the Windows Event Logs. For example, security monitoring can be easily accomplished by looking for problems in the Windows Security Event Log.

NightWatch Monitored Object Selection Screen

Over 100 different monitor types can be chosen

Server Monitoring Summary

· Monitor HUNDREDS of vital apps including

· EXCHANGE, SQL, IIS, Lotus Notes, SAP,

· Backups, Legato, Oracle, Webservers

· FAILSAFE features for 100% up time

· Windows Event Logs with error filters

· Restart paused/failed Services

· Monitor WEB page efficiency and content

· Windows Performance Counters, SNMP

· Trap UNIX Syslog & Novell Console errors

· Disc space, mounted volumes, storeage errors

· Web Browser HelpDesk Interface

· Automatic problem correction eg restart services

· SQL Database Logging with Crystal Reporting

· Monitor OpenVMS, HP3000, AS/400

· Unix HP9000, RS6000, SUN, SCO, Compaq

· Alert to email, pagers, SMS mobile phones

· Vodafone, O2, Orange, all networks supported

· Advanced features such as Monitored

· Object Dependencies, Alert Escalation,

· Scheduling, Quiet Times, Multi-Threading,

· TCP/ip Services (Ports), SNMP Queries,

· SNMP Traps, VB and Java Scripting

NightWatch SNMP MIB Walk

Hundreds of MIB types can be selected

SNMP MONITORING WITH NIGHTWATCH

Go to OPTIONS/ADD OBJECT and double-click SNMP QUERY. In the System Name box enter or select the name or IP address of the system on which the query will be executed.

NOTE - Click the ... button to select from a list of known SNMP systems on your network.

SNMP enable systems (agents) expose a virtual data structure called a MIB or Management Information Base. An SNMP management application (manager) like NightWatch can query agents for the values of data items or objects, defined by the agent's Mib. The retrieved value can be compared to a test value to determine if an alarm condition exists. Mib data items, or objects, are assigned a unique indentifier called an object ID. The definiton of objects in a Mib is defined in a schema, called a Mib file. The Mib file describes the Mib objects including thier type and purpose. The agent inmplements the Mib schema on the agent's system and the managment application uses the Mib file to determine what objects are available on the agent.

NightWatch ships with a standard set of Mib files. If a device on your network is not covered by one of the supplied Mib files, please contact tech support. In all likelyhood a Mib file for your device can be obtained and processed for use with NightWatch.

You determine what Mib objects are available on an agent system and add them to an SNMP Query by using the SNMP Mib Explorer.

MIB EXPLORER

This screen is used to explore the SNMP Mib implemented in an SNMP enabled system (agent). Click the System button on the tool bar to retrieve (walk) the Mib from the target system. This can take several seconds.

Once the Mib is retrieved, it is presented in a tree view in the left pane. Mibs are organized in a hierachial fashion. When you reach the end of a branch in the Mib tree, at an actual Mib data object, the object's information and current value are displayed in the right pane.

You may also click the Full Mib List button to display the Mib in a full linear list in the right pane. If you left click on an object in the right pane, the tree view will be adjusted to show the object's location in the Mib tree. If available from a Mib file, the object's description will be displayed below the right pane. Any time you right click on an object, It's current value to retrieved from the target system and displayed.

You can left click an object in the right pane to select it to be added to the SNMP Query you came from. A blue plus sign will display to show selected objects. You may left click again to deselect an object.

When all desired objects are selected, click the Plus button to add your selected objects to the SNMP Query you came from and return to that Query.

EXAMPLES

Here are some examples to help understand how the SNMP Query monitored object operates. Lets say that a query contains two SNMP objects:

CpuBusy > 75
TotalFreeDisk < 15

When the query is executed, the values for the two objects are retrieved and tested. If the actual value of CpuBusy is more than 75, an alarm will be generated. If the actual value of TotalFreeDisk is less than 15, an alarm will be generated. If a query has one or more objects in alarm state, the query object is in the alarm state. If all objects that had alarms come back into tolerance on a subsequent scan, the alarm state of the query object will be cleared.

Now lets modify the examples:

CpuBusy > 75 averaged 5
TotalFreeDisk < 15 persistent 10

In this case, for CpuBusy, five queries are executed and the values retrieved for the object and accumulated and then the average is compared to the test value. If the average is greater than 75, an alarm is generated. Once five values have been accumulated, the average is taken over the last five values on each subsequent scan.

For TotalFreeDisk, ten queries are executed and if each query's retrieved value was less than 15%, an alarm is generated. If any value is equal to or greater than 15, the accumulation starts over. Only if the actual value is less than 15 on each of the last 10 scans is an alarm generated.

Please note that many SNMP object values are already averaged or accumulated numbers. The average and persistent alarm modes are intended for application over multiple scan periods. Be sure to read the object description on the SNMP Mib Explorer screen carefully to make sure the way you test an object is consistent with It's content.

NIGHTWATCH MONITORED OBJECT VARIABLES

Event Log
Detects new event records in the System, Application, Security or other event logs on the local or any remote NT/2000/XP system. Alarms are raised based on the severity of the event or by keyword matching on the content of the event record text.
[TYPE] expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[EVENTLOG]expands to event log name as defined for the MO.
[EVENT] expands to the event log record description of the event.
[EVENTREC]expands to the complete event log record formatted as a string.
[EVENTTIME]expands to the event record date and time.
[EVENTSYSTEM]expands to the event record originating system.
[EVENTTYPE]expands to the event record event record type.
[EVENTID]expands to the event record event ID number.
[EVENTSOURCE]expands to the event record source application.
[EVENTCATEGORY] expands to the event record event category.
[EVENTUSER]expands to the event record user (account) name.
[TIME]expands to the current time.
[DATE]expands to the current date.
[AGENT]expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

NT System
Checks NT system to determine if it is up. Alarm is raised if the NT system does not respond to a probe.
[TYPE] expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Windows 2000 System
Checks 2000 system to determine if it is up. Alarm is raised if the 2000 system does not respond to a probe
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Windows XP System
Checks XP system to determine if it is up. Alarm is raised if the XP system does not respond to a probe
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Disk Space
Monitors disk volume free space on Windows (Win32) systems. Alarm raised if free space falls below a specified amount or percent of total space.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SYSNAME]expands to the system being monitored.
[VOLNAME]expands to the disk volume name.
[VOLLABEL]expands to the disk volume label.
[VOLFS] expands to the disk volume file system name.
[VOLSIZE]expands to the disk volume size in bytes.
[VOLFREE]expands to the current disk volume free space in bytes.
[THRESHTYPE]expands to the free space threshold type, blank=actual bytes, "PCT"=percent free.
[THRESHOLD]expands to the free space threshold value.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

NetWare Server
Checks NetWare server to determine if it is up. Alarm is raised if the server does not respond to a probe.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

TCP/IP Device (Ping)
Checks any device supporting TCP/IP by pinging it. Alarm is raised if the device does not respond to a ping.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Host Process
Checks host system (via Telnet) for a list of processes expected to be present. Alarm is raised if a process is not present.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SYSNAME]expands to the system being monitored.
[PROCESS]expands to the process name that has generated the alarm.
[STATUS]expands to the status message for the process that has generated the alarm.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Host Volume
Checks host system (via Telnet) for disk volume free space. Alarm is raised if volume free space drops below a selected threshhold.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SYSNAME]expands to the system being monitored.
[VOLNAME]expands to the disk volume name.
[VOLLABEL]expands to the disk volume label.
[VOLFS] expands to the disk volume file system name.
[VOLSIZE]expands to the disk volume size.
[VOLFREE]expands to the current disk volume free space.
[THRESHTYPE]expands to the free space threshold type, blank=actual size, "PCT"=percent free.
[THRESHOLD]expands to the free space threshold value.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Host Login
Checks availability of host systems and performs monitoring functions by logging on to the host.
[TYPE]   expands to the monitored object's type.
[ID] or [IDX]expands to the monitored object's unique indentification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[HOST] expands to the host name.
[USER] expands to the user name.
[SCRIPTFILE]expands to the script file name.
[INTERVAL]expands to the Interval seconds.
[DELAY] expands to the Delay seconds.
[SEVERITY]expands to the Severity value.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Disk File
Examines new records in disk files and checks for alarm conditions by matching the files contents against a list of words or phrases.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[RECORD]expands to the text of the disk file record.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Service
Checks Windows Services on the local or remote NT/2000/XP system and raises an alarm if the service is not running. Can attempt to restart failed services.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[SVCNAME]expands to the service name.
[DISPNAME]expands to the service display name.
[TARGET]expands to the target system name.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[STATE] expands to the service's current state.
[WINEXIT]expands to the service's Win32 Exit Code.
[SVCEXIT]expands to the service's own Exit Code.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Performance Counter Query
Checks Windows Performance Counters on the local or remote NT/2000/XP system and raises an alarm if counter values are out of tolerance.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[IDX] expands to the monitored object's identification string and includes the target system name.
[TARGET]expands to the target system name.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[PATH] expands to the full counter path that caused the current alarm.
[NAME] expands to the counter name without it's object path.
[RELOP] expands to the relop for the counter that caused the current alarm.
[TEST] expands to the test value defined for the counter that caused the current alarm.
[VALUE] expands to the actual retrieved counter value for the counter that caused the current alarm.
[COUNTER]expands to a formatted string with full counter path, relop, test value and current value giving a complete description of the counter.
[COUNTERN]same as [COUNTER] but with counter name instead of full path.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Win32 Process checking
Checks a list of processes on the local or remote Windows 32 bit system to ensure the processes are running. Raises an alarm if a process is not present.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string, the name or IP address of the target system or blank for local system.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SYSNAME]expands to the name or IP address of the target system or "Local System".
[PROCESS]expands to the name of the process that has generated the current alarm.
[STATUS]expands to the description of the problem with the current process.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Windows Management Instrumentation (WMI) Query
Checks WMI objects on the local or remote Windows system and raises an alarm if WMI object values are out of tolerance.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[IDX] expands to the monitored object's identification string and includes the target system name.
[TARGET]expands to the target system name.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[PATH] expands to the full object path that caused the current alarm.
[OBJECT] expands to the object name without key selection.
[KEY] expands to the name of the object property being used as an instance key.
[KEYVAL] expands to the key value being used to select an instance of the WMI object.
[PROPERTY]expands to the name of the object property to be tested.
[CIMTYPE]expands to the data type of the property.
[RELOP] expands to the relop for the object's current value to the test value.
[TEST] expands to the test value defined for the object.
[VALUE] expands to the actual retrieved property value for the object that caused the current alarm.
[FOBJECTP]expands to a formatted string with full object path, property, relop, test value and current value giving a complete description of the property.
[FOBJECT]same as [FOBJECTP] but with property name only instead of full path.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Domain Name System
Checks DNS servers and raises and alarm if the server does not respond or incorrectly resolves sample requests.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string, the Request string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[REQUEST]expands to the Request string sent to the DNS server.
[REPLYTEST]expands to expected reply string.
[LASTREPLY]expands to the last reply received from the DNS server.
[LASTERROR]expands to the last error posted by this monitored object.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

SNMP Query
Checks SNMP Mib object values on SNMP agents and raises an alarm if object values are out of tolerance.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[IDX] expands to the monitored object's unique indentification string plus the target system.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[TARGET]expands to the target system name or IP address.
[OBJECT] expands to the full description of the object that caused the current alarm, including the relop, test value and current value.
[OBJNAME]expands to the name of the object that caused the current alarm.
[COMMUNITY]expands to the community name.
[OBJID] expands to the object ID of the object that caused the current alarm.
[RELOP] expands to the relop for the objectr that caused the current alarm.
[TEST] expands to the test value defined for the object that caused the current alarm.
[VALUE] expands to the actual retrieved object value for the object that caused the current alarm.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

TCP Services
Checks the availability of TCP Network Services (such as FTP, SMTP, HTTP and more) on selected systems.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string, the name or IP address of the target system.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SVCNAME]expands to the name and port number of the TCP Service that has failed testing.
[SVCERROR]expands to a description of the error when a service fails testing.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Web Page
Checks web servers by Downloading a specified web page from the server. Raises an alarm if the page fails to download or takes too long.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Email Check
Reads email messages on mail server and scans them for text strings. Generate alarm or execute Task if strings found.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SERVER] expands to the name/IP address of the mail server.
[SUBJECT]expands to the SUBJECT field of the mail message.
[BODY] expands to the body of the mail message.
[FROM] expands to the FROM field of the mail message.
[SENDER] expands to the SENDER field of the mail message.
[TO] expands to the TO field of the mail message.
[CC] expands to the CC field of the mail message.
[REPLYTO]expands to the REPLY-TO field of the mail message.
[MSGID] expands to the unique mail message identfier assigned by the mail server.
[MAILER] expands to the name of the mail client that created the message.
[ORG] expands to the name of the organization that owns the mail server.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Email Ping
Sends a unique mail message to a mail server and tries to read that message back in a set time period to monitor timely mail delivery.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SERVER] expands to the name/IP address of the mail server.
[RECIP] expands to the recipient of the ping mail message.
[TIMEOUT]expands to the ping timeout value.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

Syslog
Receives Syslog logging messages from Unix systems and raises alarms as needed based on message severity or searching the message for specified words or phrases. Allows Nightwatch to monitor Unix host systems.
[TYPE]   expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string. Will be name or IP address of associated host system or blank for default.
[IDX] expands to the formatted identification string. Same as [ID] except for the default Syslog MO. Then this expands to "Default".
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SENDER] expands to the IP address of the sending system.
[LEVEL] expands to the severity level code in the message.
[FACILITY]expands to the facility code in the message.
[MSG] expands to the text of the Syslog message.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

SNMP Trap
Receives SNMP Trap messages from SNMP agents and raises alarms. Allows Nightwatch to handle SNMP Traps.
[TYPE] expands to the monitored object's type.
[ID] expands to the monitored object's unique identification string. This is the value of the Agent field.
[DESC] expands to the monitored object's long description.
[ALARMID]expands to the unique numeric identifier for the monitored object's current alarm event.
[SOURCE]expands to the IP address or name of the sending system.
[TRAPTEXT]expands to the formatted text of the trap message.
[SYSNAME]expands to the name of the sending system, as retrieved from that system.
[SYSIP] expands to the IP address of the sending system.
[SYSDESC]expands to the system description text retrieved from the sending system.
[SYSLOC]expands to the location text retrieved from the sending system.
[SYSCON]expands to the contact name retrieved from the sending system.
[COMMUNITY]expands to the community name under which the trap was sent.
[TRAPOID]expands to the trap's SNMP object ID.
[TRAPNUM]expands the trap's number.
[TRAPNAME]expands to the textual name of the trap if found in one of the SNMP MIBs.
[STIME] expands to the time the trap was generated. This is from the point of view of the SNMP agent and is in clock ticks since the agent was initialized.
[OID1] expands to the object ID of the first additional SNMP object returned in the trap message, if any.
[OIDNAME1]expands to the name of the object ID described above.
[VAL1] expands to the value of the object ID described above.
[TIME] expands to the current time.
[DATE] expands to the current date.
[AGENT] expands to the the application name of "Nightwatch".
[SYSTEM]expands to the name of this system.

· Massive alerting options from SMS to Twitter

NightWatch Server Monitoring