/usr/share/doc/cricket/html/win2kwmi.html is in cricket 1.0.5-20.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="author" content="Jake Brutlag" />
<meta name="Version" content="Draft 4: Aug 8, 2001" />
<title>Installing Cricket on Win2K to Monitor WMI Counters</title>
</head>
<body>
<h1>Installing Cricket on Win2K to Monitor WMI Counters</h1>
<p>
Windows 2000 includes Windows Management Instrumentation (WMI),
an implementation of the Web-based Enterprise Management (WBEM)
industry standard. Hardware, operating system, and application
(such as SQL Server, and IIS) performance data counters are
available through WMI.
</p>
<p>
Cricket is an open-source software tool originally designed for
network monitoring and trend analysis on UNIX platforms. The
source data monitored by Cricket is not restricted to network
data and it has been successfully applied to monitor hosts and
applications at WebTV. Cricket is written in Perl, and its
underlying data storage technology, RRDtool, is available for
Win32 platforms. Cricket includes a CGI component for monitoring
access from any web browser.
</p>
<p>
This document describes the process of installing Cricket on
Windows 2000, running Cricket with Internet Information Server
(IIS), and using Cricket to collect data from WMI counters. It
assumes some familiarity with Windows 2000, IIS, WMI, Perl
Modules, and Cricket.
</p>
<p>
You may wish to review John Zola's document <a
href="http://cricket.sourceforge.net/support/FAQ/nt_cricket.html
">Installing Cricket on NT 4.0</a>. He discusses some of the
details omitted from this document (such as compiling RRDs).
</p>
<div>
<h2>The Materials List</h2>
<p>
Deploying Cricket on Windows 2000 to monitor WMI relies on a
number of Perl packages and some external software.
Fortunately, these packages and software are all available
and compatible with Windows 2000. The following is a list of
the components along with their provider.
</p>
<p>Perl Packages:</p>
<ul>
<li>
<a
href="http://www.activestate.com/perl/">ActiveState
Package Repository</a> or <a
href="http://www.cpan.org">CPAN</a>
<ul>
<li>Digest (MD5)</li>
<li>DB_File</li>
<li>TimeDate</li>
</ul>
</li>
<li><a href="http://www.rrdtool.org">www.rrdtool.org</a>
<ul><li>RRDs</li></ul>
</li>
<li>
<a
href="http://www.switch.ch/misc/leinen/snmp/perl">www.
switch.ch/misc/leinen/snmp/perl</a>
<ul><li>SNMP_Session</li></ul>
</li>
</ul>
<p>Binaries:</p>
<ul>
<li>
Berkeley DB (<a
href="http://www.sleepycat.com">www.sleepycat.com</a>)
</li>
<li>
ActivePerl (<a href="http://www.activestate.com">www.activestate.com</a>)
</li>
</ul>
</div>
<div>
<h2>Installation Instructions:</h2>
<p>
Before you begin, install Windows 2000 Server with IIS. You
will need Microsoft Visual C++. These instructions assume
the default configuration for IIS.
</p>
<p>
1. Create a monitoring account in the domain. Give this
account administrator access on the monitoring machine (the
machine that will run Cricket). On the remote hosts to be
monitored, set the proper permissions for the monitoring
account (this will require the assistance of your domain
administrator).
</p>
<div>
<p>
a. On each remote host, the following WMI permissions
need to granted to the monitoring account for the
namespace that includes the counters you wish to
monitor: Execute Methods, Provider Write, Enable
Account, and Remote Enable (Windows 2000 sets the first
three to allow by default for Everyone). This can be
done through scripting, or the WMI Control management
snap-in (run wmimgmt.msc on a Windows 2000 host).
</p>
<p>
b. WMI permissions are not sufficient alone to access
some system objects/properties you may wish to monitor
if these objects/properties are managed through the host
or domain security policy. On the remote Windows 2000
computer, use the Local Security Policy control panel
applet (under Administrative Tools). For example, you
may need to change the settings on Profile System
Performance under Local Policies\User Rights Assignment.
</p>
<p>
c. You can use the WMI program, wbemtest.exe (found in
the %system32%\wbem directory) to confirm permissions
are set correctly. If step (a) is not completed for a
host, you will receive an access denied message. If step
(b) is not completed, WMI queries will seem to work, but
NULL or zero values will be returned (this can be hard
to determine because some fields may legitimately be
NULL or zero).
</p>
<p>
d. If you have security difficulties, one option is to
make the monitoring account an administrator on each
remote host it will monitor. But the "right thing to do"
is for the monitoring account to be a regular domain
user with just the additional permissions it needs for
read only access to the WMI counters and objects to be
monitored.
</p>
</div>
<p>
2. Login to the monitoring machine using the monitoring account.
</p>
<p>
3. Install Perl from the ActiveState distribution. Notes on
the ActiveState installer: installing PerlScript and
Perl for ISAPI is not required. Enable the options
registering Perl with the Web Server and adding the Perl bin
directory to your path.
</p>
<p>
4. Install Berkeley DB. Following the instructions included
with the distribution. Your goal is compile the DLL
libdb31.dll. Once compiled, make certain this DLL is on your
path..
</p>
<p>
5. Install Cricket. You may find John Zola's <a
href="http://cricket.sourceforge.net/support/FAQ/nt_cricket.
html">Installing Cricket on NT 4.0</a> helpful, although
many of its specific suggestions are obsolete given the
cricket-conf.pl configuration scheme introduced with Cricket
1.0.3. The remainder of the document refers to the
installation directory as <install dir> (gInstallRoot in
the code). The cricket subdirectory of <install dir>
contains the Cricket source code (gConfigRoot in the code).
</p>
<div>
<p>
a. Set Cricket environment variable settings in
grapher.cgi, mini-graph.cgi, and cricket-conf.pl.
In grapher.cgi and mini-grapher.cgi, set programdir
explicitly. In mini-graph.cgi you may also need to
replace 'perl' with the complete path to the Perl
executable (i.e. c:/perl/bin/perl) on the exec() call
mini-graph.cgi uses to invoke grapher.cgi in the
doGraph() subroutine. In cricket-conf.pl, set
gCricketHome. You may also choose to set gConfigRoot and
gCacheDir. Use forward slashes in pathnames.
</p>
</div>
<p>
6. Install the additional Perl packages. For Perl extensions
(a package that includes a compiled DLL), the extension
build must be compatible with the build of ActiveState
installed. Currently, ActiveState builds 5xx are Perl 5.005
and ActiveState builds 6xx are Perl 5.6. The packages
DB_File, Digest-MD5, and TimeDate are available at the
ActiveState Perl Package Archive for both 5xx and 6xx
ActiveState builds. They can be installed via the utility <a
href="http://aspn.activestate.com/ASPN/Reference/Products/ActivePerl/faq/ActivePerl-faq2.html">ppm</a>. You will need to compile the
source for the RRDs package after installing ActiveState.
The source of RRDs is available from <a
href="http://www.rrdtool.org/">www.rrdtool.org</a>. After
compilation, manually install this packages to the site/lib
subtree of your Perl installation. SNMP_Session package does
not need to be compiled because it does not rely on an
auxiliary DLL. After you download the archive, extract the
*.pm files and install them in your site/lib subtree.
</p>
<p>
7. Configure IIS. Start the Internet Services Manager.
</p>
<div>
<p>
a. Create a virtual directory called crickethome. Set
the local directory to <install dir>.
</p>
<p>
b. Register *.cgi files to be processed by the Perl
executable. Right-click properties on the crickethome
virtual directory. Disable read, write, and directory
browsing. Set Execute Permissions to "None". Click the
Configuration button. Look at the settings for the *.pl
extension. Then create a new Application mapping for
*.cgi and enter the same information.
</p>
<p>
c. Enable permissions on the cricket subdirectory of
<install dir> Again, right-click properties. Grant
read and set Execute Permissions to "Scripts and
Executables".
</p>
<p>d. Stop and restart the Default Web Site.</p>
</div>
<p>
8. Create a scheduled task to run the Cricket script
collect-subtrees (this the a wrapper script which
invokes the Cricket collector and performs logging).
</p>
<div>
<p>
a. Click on Add Scheduled Task under Control
Panel\Scheduled Tasks. Click through the wizard, choose
a dummy application, give it the name "Cricket
Collector", and choose a dummy run schedule. Enter the
username and password the monitoring account. Enable the
"Open advanced properties" check box and click Finish.
</p>
<p>
b. Now configure the real task. Enter a command line
similar to the following (substituting paths on your
system as appropriate):
</p>
<p>c:\Perl\bin\perl <install dir>/cricket/collect-subtrees</p>
<p>Set the "Start in" field to <install dir></p>
<p>
c. Select the Schedule tab. Schedule the task daily;
then click the Advanced button. Don't choose an End
Date. Enable and complete the Repeat task section. Set
the task to run every 5 minutes (or other interval, this
should match the <a
href="reference.html#target">rrd-poll-interval</a> you
are using). Set the duration to 23 hours and 55 minutes
(or 24 hours - whatever interval you are using).
</p>
<p>d. Back on the Task tab, uncheck the Enabled checkbox.</p>
</div>
<p>
9. Create and compile a Cricket config tree. Configure the
subtree-sets file (in <install dir>\cricket). Refer to <a
href="reference.html">Cricket documentation</a> and the next
section on this document, <a href="#wbemodbc">Monitoring WMI
Counters</a>. After successful compilation, you may choose
to run the collector manually to check for any errors.
</p>
<p>10. Enable the scheduled task you created in step (8).</p>
<p>
11. After a few minutes, check log files in <install
dir>/cricket-logs to verify everything is running okay. Test
the grapher on the monitoring machine with the URL: <a
href="http://localhost/crickethome/cricket/grapher.cgi">http://localhost/crickethome/cricket/grapher.cgi</a>
</p>
</div>
<div>
<h2><a name="wbemodbc"></a>Monitoring WMI Counters</h2>
<p>
Polling WMI counters is facilitated through the fetch
module, wbem.pm. This diagram illustrates the layers of the
data collection mechanism:
</p>
<p><img src="win2kw1.gif" height="261" width="363" alt="" /></p>
<p>
As described in the Cricket documentation, each data
collection mechanism has a scheme, which describes a mapping
between the ds-source tag of the data source dictionary
entry and the list of arguments passed to the fetch module.
For WBEM, the scheme is:
</p>
<pre>wbem:host:namespace:class:field:predicate</pre>
<p>
The arguments host and namespace are used to establish a
connection to either the local or a remote machine. The
arguments class, field, and predicate are use to construct a
WQL query.
</p>
<p>
No username and password are specified for remote queries.
The DCOM layer automatically substitutes the username and
password of the monitoring account when a connection is
established to a remote machine.
</p>
<p>
Host is a Win2K host name. Host should be blank or
unspecified for the local machine.
</p>
<p>
Namespace refers to the WMI namespace to be queried. Most of
the interesting WMI classes are under Root\CIMV2.
Backslashes in the namespace specification must be escaped.
</p>
<p>
WQL is a language very similar to SQL for querying WMI
classes. A WMI class can be thought of as a table, with one
or more records, or instances. The attributes of the class
are the table fields. Conceptually, the class, field, and
predicate for a WBEM data source generate the query:
</p>
<pre>Select field from class where predicate</pre>
<p>
If the class of interest has only once instance, then the
predicate argument can be omitted. If the class has multiple
instances, you should specific a predicate to restrict the
result to a single instance. Although Cricket supports
multiple instances for SNMP data sources, this is not the
case for WBEM data sources. Each data source must be mapped
to exactly one WMI instance; in other words, each WQL query
must be a singleton select.
</p>
<p>
Similar to the Cricket SNMP fetch modules, wbem.pm
consolidates multiple requests to the same remote host and
the same WMI class (table) as long as the data sources are
within the same target (RRD file). Separate targets
requiring remote connections to the same host will result in
separate connections.
</p>
<p>
For example, suppose you wish to monitor both the
ReadOperationCount and WriteOperationCount for some
Win32_Process on the same machine. Here are the two
ds-source entries:
</p>
<pre>
wbem:host:Root\\CIMV2:Win32_Process:ReadOperationCount:Name='process.exe'
wbem:host:Root\\CIMV2:Win32_Process:WriteOperationCount:Name='process.exe'
</pre>
<p>
If these data source are in the same target, wbem.pm will
establish a single connection to host as username and issue
the WQL query:
</p>
<pre>
Select "ReadOperationCount", "WriteOperationCount" from "Win32_Process" where Name = 'process.exe'
</pre>
<p>
If you are uncertain as to what can be monitored via WMI,
you can use the WMI Object Browser included with the WMI
SDK. You can test the semantics and syntax of WQL queries
through wbemtest.exe, a utility included on all Win2K
systems.
</p>
</div>
<div>
<h3>Acknowledgments</h3>
<p>
Thanks to Brian Gann, Cary Yee, Adam Meltzer, Jeff Allen,
and John Zola. Questions or comments: contact <a
href="mailto:%20jakeb@users.sourceforge.net">Jake
Brutlag</a>.
</p>
</div>
</body>
</html>
|