Configuring the SL1 Agent

This section covers how to configure the agent based on the SL1 architecture you are using. This section also describes additional agent configurations, such as enabling extensible collection with an SL1 agent.

Use the following menu options to navigate the SL1 user interface:

• To view a pop-out list of menu options, click the menu icon ().
• To view a page containing all of the menu options, click the Advanced menu icon ().

Configuring Agent Monitoring Based on SL1Architecture

Based on your SL1 architecture, you will have access to different workflows for configuring the monitoring settings on an SL1 agent:

• If the SL1 agent is used in an SL1 Extended Architecture (which includes Compute Nodes, Storage Nodes, and a Management node), use the following configuration workflows:

• To configure basic settings related to how the agent collects data, see Configuring Agent Settings from the Device Investigator Page.

• To configure log file monitoring and Windows event log monitoring with the agent, see Monitoring Device Logs Using an Agent.

• To configure and view data collected by the agent, see the relevant tabs on the Device Investigator page, including the following tabs:

  • Settings
  • Collections
  • Interfaces
  • Logs
  • Processes
  • Services

For more information about these tabs, see Using the Device Investigator.

• If the SL1 agent is used in an SL1 Distributed Architecture (where the SL1 Agent collects and transfers data to a Message Collector), use the following configuration workflows:

• To configure basic settings related to how the agent collects data, see Configuring an SL1 Agent on the Device Manager Page.

• To configure log file monitoring and Windows event log monitoring with the agent, see Monitoring Device Logs Using an Agent.

• To configure and view data collected by the agent, see the relevant tabs on the Device Investigator page, including the following tabs:

  • Settings
  • Collections
  • Interfaces
  • Logs
  • Processes
  • Services

For more information about these tabs, see Using the Device Investigator.

• To configure system vitals monitoring with the agent, see Monitoring Vitals Using an Agent.
• To configure port monitoring with the agent, see the section on Monitoring Ports.

Configuring Agent Settings from the Device Investigator Page

If a device does not have an agent running on it, the Settings tab of the Device Investigator page for the device will display the Collection section at top left. However, if the device has an agent running on it, the Agents section appears above the Collection section:

In the Agents section, you can configure the disk space, excludes, includes, and other settings related to how you want the agent to collect data.

The Agents section appears on the Settings tab only when you are using the SL1 Extended Architecture. If your version of SL1 does not have an Agents section, see Configuring an SL1 Agent on the Device Manager Page.

To configure agent settings:

1. From the Devices page, select the device with the agent that you want to configure. The Device Investigator page appears.

   To quickly find all devices on the Devices page that have agents installed on them, type "agent" in the Search field and select the "ANY: agent" search.

2. Click the Settings tab and click Edit.

3. In the Agent section, complete the following fields, as needed:

• Disk Space. Specify the amount of disk space in MB that the agent can use to store data. If the agent loses connectivity to SL1, this disk space will be used to store collected data until the connection to SL1 is restored. When connectivity is re-established, the agent uploads all of its stored data.
• Excludes. Type a list of processes and directories, separated by semi-colons, that you do not want the agent to monitor.

• Includes. Type a list of processes and directories, separated by semi-colons, that you want the agent to monitor. This field ensures that specific processes are monitored.

  If a process or directory is included in both the Excludes field and the Includes field, the item in the Includes field will override the item in the Excludes field.

• Collect File Information. Select this option if you want the agent to report the names of files accessed by each monitored process.
• Collect Named Pipe Information. Select this option if you want the agent to collect named pipe information.
• Collect Socket Information. Select this option if you want the agent to collect socket information.
• Collect Thread Information. Select this option if you want the agent to collect thread information.
• Collect Non-Intercepted Processes. Select this option if you want the agent to collect limited information for processes that do not contain the agent library.
• Processes Aggregation. Specify how you want the agent to collect limited information for processes that do not have the agent library in them, and how to aggregate short-lived processes. Your options include the following:

• All: Aggregate every short-lived process into its parent.
• None: Do not aggregate any short-lived process.
• Without Sockets: Aggregate short-lived processes unless those processes have sockets.

• Upload Interval. Specify how often the agent should upload data. Your options include the following:

• 20 Seconds. Upload a data snapshot every 20 seconds.

• 60 Seconds. Upload a data summary every 60 seconds. This is the default setting starting with SL1 version 11.1.0, and version 174 of the Linux agent and version 133 for the Windows agent. This option uses an improved data format that requires fewer SL1 resources. The SL1 agent continues to internally collect and poll data every 20 seconds, but the agent summarizes and uploads that data every 60 seconds. There is no data loss even though the data is uploaded less frequently.

  Starting with SL1 version 11.3.0, if you specify 60 seconds for the upload interval, the summary upload now will include "watched" or "monitored" files, just like the snapshot upload does.

4. Click the Save button to save your configuration settings for the agent.

You can view and configure additional agent settings from the Device Investigator page for the device on which the agent is installed, including the following tabs: Interfaces, Processes, Services, and Collections. For more information about these tabs, see Using the Device Investigator.

Configuring Extensible Collection

You can use the SL1 agent for "extensible collection", where you align an SL1 agent with Dynamic Applications to gather metrics and attributes from other infrastructures and applications.

Dynamic Applications are customizable policies, created for a specific vendor and a specific type of device or system, that tell SL1:

• What data to collect from devices
• How to present the data that has been collected
• When to generate alerts and events based on the data that has been collected

SL1 includes Dynamic Applications for the most common hardware and software. You can customize these default Dynamic Applications to best work in your environment. You can also create custom Dynamic Applications.

You can align the agent with PowerShell Dynamic Applications (for Windows agents) and JMX Dynamic Applications (for Linux agents).

In addition, Dynamic Applications that leverage the Low Code No Code CLI/SSH framework can execute using the agent.

To enable extensible collection:

1. On the Devices page, search for the device with the agent installed on it.

   To quickly find all devices that have agents installed on them, type "agent" in the Search field on the Devices page, and select the "ANY: agent" search.

2. Select the device. The Device Investigator page appears.

3. Click the Collections tab, click Edit, and click Align Dynamic App. The Align Dynamic Application window appears:

   

4. Click Choose Dynamic Application and search for the Dynamic Application you want to align.

5. Select the Dynamic Application and click Select. The Align Dynamic Application window appears again.

6. Click Choose Credential to search for a credential for the agent. The Choose Credential page appears.

   The Account Type for the credential must be Local for the agent. Do not use the SNMP credential.

7. Select the credential and click Select. The Align Dynamic Application window appears again.

8. Click Align Dynamic App. The Collections tab appears, and a pop-up message displays when the Dynamic Application is aligned.

   

9. Click Save.
   

10. To view the metrics from that newly aligned Dynamic Application, click the Investigator tab.

11. Click the EDIT button in the right-hand pane of the Investigator tab.

12. In the Add a metric field, select a metric from the new Dynamic Application to view its data in the right-hand pane. The widget is added to the tab.

    The metrics from the new Dynamic Application might take a minute or two to display in the list of metrics. Click Refresh in your browser if needed.

Configuring Run Book Automations for an SL1 Agent

You can enable an SL1 agent to execute Run Book Automation by customizing the Automation and Action policies in the following PowerPacks:

• Linux SSH Automations PowerPack version 103 or later
• Windows PowerShell Automations PowerPack version 103 or later

To find the relevant Action and Automation policies to use with the agent, look for policies with "(Agent)" at the end of the policy names, such as "Windows Disk I/O Diagnostics (Agent)".

Action Type

You need to use the "Execute Local PowerShell Request (Agent)" Action Type from the Windows PowerShell Automations PowerPack version 103 or later in your agent-based Run Book Action or Run Book Automation policy.

This Action Type (Registry > Run Book > Action Types) contains the code in the Input Parameters pane that lets you need to run the actions on the agent.

Configuring a Run Book Automation for an Agent Device

You configure a Run Book Automation with an SL1 agent in the same way you configure an Automation on a non-agent device. For more information about creating Run Book Action and Automation policies, see Run Book Automation.

The following steps provide an example of configuring a User-initiated Automation with an SL1 agent:

1. Make sure you have the latest version of the Linux SSH Automations and Windows PowerShell Automations PowerPacks installed on your SL1 system.

2. Go to the Automation Policy Manager page (Registry > Run Book > Automation).

3. Click the Create button to create a new Run Book Automation policy or click the edit icon () to edit an existing PowerShell or Linux SSH action policy, such as the "Windows Diagnostic Commands (Agent)" user-initiated policy.

4. In the Aligned Devices field, make sure that the SL1 agent device is selected.
5. In the Available Events pane, select the SL1 event that will trigger this automation and click the right-arrow button.

6. In the Available Actions pane, select an action policy by highlighting it and clicking the right arrow-button.

7. Complete the other fields as needed, and then click Save.

8. Go to the Actions page (Registry > Run Book > Actions).

9. Click the Create button to create a new Run Book Action policy or click the edit icon () to edit an existing PowerShell or Linux SSH Action policy, such as the "Windows Disk I/O Diagnostics (Agent)" action policy.

10. For the Action Type field, select Execute Local PowerShell Request (Agent).

11. Update the commands in the Input Parameters section as needed.

12. Click Save and close the Policy Editor window.

13. When an event occurs on the agent device, you can open the Event Investigator page for that event and run this user-initiated Run Book Action by selecting the action from the Tools pane:

    

Configuring an SL1 Agent on the Device Manager Page

To configure agent settings for an agent, you must first add the SL Agent column to the Device Manager page. For more information about adding the SL Agent column, see Adding the SL Agent Column to the Device Manager Page.

If you are using the SL1 Extended Architecture, you can access these settings from the Settings tab of the Device Investigator page for the device on which the agent is installed. For more information, see Configuring Agent Settings from the Device Investigator Page.

You can control how an agent runs on a device by configuring the following agent settings on the Device Manager page (Devices > Device Manager or Registry > Devices > Device Manager):

• Disk Space. Controls the amount of disk space that the agent can use to store data. If an agent loses connectivity to SL1, this disk space will be used to store collected data until the connection to SL1 is restored.
• Data Directory. Defines the directory in which the agent will store temporary data.
• Excludes. Defines the list of processes and directories to explicitly exclude from monitoring by the agent.

• Includes. Defines the list of processes and directories that must be explicitly monitored by the agent. Use the Includes field to ensure that specific processes are monitored.

  If a process or directory is included in both the Excludes field and the Includes field, that process or directory will be monitored by the agent.

Adding the "SL Agent" Column to the Device Manager Page

The SL Agent column allows you to access the configuration settings for the agent on a device. For more information about agent configuration settings, see Configuring Agent Settings on a Device. By default, the SL Agent column is not displayed in the Device Manager page.

To add the SL Agent column to the Device Manager page:

1. Go to the Device Manager page (Devices > Device Manager or Registry > Devices > Device Manager in the classic user interface).

2. Click Actions, and then select Device Manager Preferences. The Edit Device Manager Preferences modal page appears.

3. In the Device Manager Columns field, control-click Agent.
4. Click Save.

Configuring Agent Settings on a Device

To configure agent settings, you must first add the SL Agent column to the Device Manager page. For more information about adding the SL Agent column, see Adding the SL Agent Column to the Device Manager Page.

To configure agent settings on a device:

1. Go to the Device Manager page (Devices > Device Manager or Registry > Devices > Device Manager).

2. Find the device for which you want to edit agent settings. In the SL Agent column, click the gear icon () for the device. The Agent Configuration page appears.

3. Supply values in the following fields:
• Disk Space. Enter the amount of disk space that the agent can use to store data. If the agent loses connectivity to SL1, this disk space will be used to store collected data until the connection to SL1 is restored.
• Data Directory. Enter the directory in which the agent will store temporary data.
• Excludes. Enter a semi-colon delimited list of processes and directories to explicitly exclude from monitoring by the agent.
• Includes. Enter a semi-colon delimited list of processes and directories that must be monitored by the agent. Use the Includes field to ensure that specific processes are monitored.

If a process or directory is included in both the Excludes field and the Includes field, that process or directory will be monitored by the agent.

4. Click Save.