Introduction to the SL1 Agent

Download this manual as a PDF file

This section describes the SL1 Agent and provides instructions for viewing device and interface data collected by the agent.

If your current ScienceLogic SL1 solution subscription does not include the SL1 Agent, contact your ScienceLogic Customer Success Manager or Customer Support to learn more.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

What is the SL1 Agent?

The SL1 agent is a program that you can install on a device monitored by SL1. There is a Windows agent, an AIX agent, a Solaris agent, and a Linux agent. The agent collects data from the device and pushes that data back to SL1.

Similar to a Data Collector or Message Collector, the agent collects data about infrastructure and applications.

You can configure an agent to communicate with either the Message Collector or the Compute Cluster.

The following minimum agent versions are required for SL1 12.1.1 and later: Windows version 131; Linux version 174; AIX version 180; and Solaris version 180. Users who require agent-based log collection on a device with a Windows agent or a Linux agent must have the minimum Windows agent (131), or for a Linux agent (174). ScienceLogic recommends that users perform an upgrade, if they do not have the minimum required agent versions, via the Upgrade button on the Agent page in the current user interface, or by downloading and upgrading the agent manually.

How the SL1 Agent Works in Different Environments

There are two supported "generations" of the SL1 agent that you can use to gather data: Gen 1 and Gen 3. The agent itself is the same from one generation to the next; the only difference between the generations is the environment where the agent is used.

In brief, a Gen 1 agent uses the SL1 Distributed Environment to upload data directly to a Message Collector (MC), while a Gen 3 agent uses the SL1 Extended Architecture to upload data to the "Streamer" service running on the SL1 Compute Node cluster.

The following list provides more details about how SL1 uses the different generations of the SL1 agent:

  • Gen 1 agent: Introduced in SL1 version 8.2.0, the Gen 1 agent uses a Distributed Environment to upload data directly to a Message Collector (MC). Next, Dynamic Applications running on a Data Collector query data from the Message Collector with an API. The Data Collector (DC) then sends the data to the SL1 Database Server:

    The Gen 1 agent provides limited infrastructure health reporting, including Log File Monitoring, Processes, and System Vitals like Availability, CPU Usage, Memory Usage, and Disk Usage. This agent is sometimes called the "P0" agent.

  • Gen 2 agent: This version of the agent has been deprecated.
  • Gen 3 agent: Introduced in SL1 version 8.12.0, the Gen 3 agent uses the SL1 Extended Architecture to upload data through a load balancer to the "Streamer" service running on the SL1 Compute Node cluster. The Streamer service then forks and forwards data to other services, and eventually some services will store parsed data in the SL1Database Server:

    The Gen 3 agent provides full infrastructure health reporting, including system vitals (file system, network interface, and Windows service data), log monitoring, and optionally allows you to align PowerShell Dynamic Applications to your device. Also, the Dynamic Applications in the ScienceLogic: Agent PowerPack are automatically aligned with the device with the Gen 3 agent installed on it.

If you are already running the Gen 1 agent in a distributed environment and you upgrade your SL1 system to use the SL1 Extended Architecture, any existing devices monitored by SL1 agents will work the same as before (streaming data to a Message Collector). However, if you upgrade to the SL1 Extended Architecture, ScienceLogic recommends that you start streaming your agents to the Compute Node cluster instead of to a Message Collector.

To identify the version of the agent installed on a device:

  • Gen 1. On the Devices > Device Investigator > Settings tab for that device, the Collection Poller field displays the name of the collector group that includes the Message Collector used by the agent. On the Device Manager page (Devices > Device Manager), the Collection Group column displays the name of the collector group that includes the Message Collector used by the agent.
  • Gen 3. On the Devices > Device Investigator > Settings tab for that device, the Collection Poller field displays the label Agents. On the Device Manager page (Devices > Device Manager), the Collection Group column displays the label Agents.

The following table provides an overview of the features available when using the Gen 1 or the Gen 3 agent:

Product Capability Gen 1 Agent Gen 3 Agent

System Vitals

Availability and Uptime

Yes

Yes

CPU, Memory, File Systems, and Network Interface

CPU and Memory only

Yes

Processes and Windows Services

Processes only

Yes

Installed Software

No

Yes

Log Monitoring

Event Logs

Yes

Yes

Syslog

Yes

Yes

Text Logs

Yes

Yes

Extensible Collection

PowerShell

No

Yes

JMX

No

Yes

For a detailed list of the system vital metrics you can monitor with the SL1 agent, see What System Vital Metrics Can the SL1 Agent Collect?

For a current list of supported operating systems and host system requirements for the SL1 agent, see the System Requirements for the Agent page at the ScienceLogic Support Site.

Users who are running version 102 or later of the Microsoft: Windows Server PowerPack can collect data via the SL1 agent. For more information, see Monitoring Windows Systems with PowerShell.

What System Vital Metrics Can the SL1 Agent Collect?

The following sections describe the system vitals that can be collected with SL1 and with the SL1 Agent, including definitions of each metric type and the collection methods that are and are not supported for each.

Metric Descriptions

The following table describes the system vital metrics that can be collected with SL1 and the SL1 Agent:

Metric Type Description
Availability Performance The ability to communicate with the managed entity or device.
File Systems Configuration The configuration of the file systems found within a managed entity that can include attributes like name, size, and type.
File Systems Performance Time series data associated with file system utilization that can include metrics like free space, size, and usage percentage.
Installed Software Configuration The software found on a managed entity that can include attributes like name, version, and installation date.
Network Interfaces Configuration The configuration of the network interface found within a managed entity that includes attributes like MAC address, IP address, position, and speed.
Network Interfaces Performance Time series data associated with physical memory utilization that includes metrics like inbound and outbound utilization, number of errors, and discard and usage percentage.
Physical Memory Configuration The configuration of the physical memory found within a managed entity that can include attributes like memory size.
Physical Memory Performance Time series data associated with physical memory utilization that can include metrics like memory used.
Ports Configuration The ports discovered on a managed entity.
Ports Performance Time series data associated with port availability.
Ports (Illicit) Performance An analysis of ports. When a port from the illicit port list is found on a managed system, the system will trigger an event indicating an illicit port has been found.
Processes Configuration The processes found on a managed entity that can include attributes like name, process ID (PID), and state.
Processes Performance Time series data associated with process performance that can include metrics like availability percentage.
Processor Configuration The configuration of the processor found within a managed entity that can include attributes like number of cores, processor model, processor speed, cache size, and CPU ID.
Processor Performance Time series data associated with processor utilization that can include metrics like CPU idle time, CPU wait time, and overall CPU time.
Restarts Performance An analysis of uptime. When uptime is less than 15 minutes, the system triggers an event indicating the system was restarted.
SSL Certificates Configuration The certificates found on a managed system.
SSL Certificates Performance An analysis of certificate expiration date. The system will trigger an event when certificates are nearing expiration.
Uptime Performance The timespan since the managed entity was last initialized.
Virtual Memory (Swap) Configuration The configuration of the virtual memory found within a managed entity.
Virtual Memory (Swap) Performance Time series data associated with virtual memory utilization.
Windows Services Configuration The services found on a managed entity that can include attributes like name and state.
Windows Services Performance Time series data associated with service performance that can include metrics like availability percentage.

Supported Data Collection Methods for Monitoring Windows

The following table describes which methods of data collection are supported when running SL1 and the SL1 Agent on monitored Windows systems:

Metric Type Agentless Agent-Based
SNMP WMI PowerShell Gen-01 Gen-03
Availability Performance Yes Yes Yes Yes Yes
File Systems Configuration Yes Some Yes Some Yes
File Systems Performance Yes Some Yes Some Yes
Installed Software Configuration Yes No Yes No Yes
Network Interfaces Configuration Yes Some Yes Some Yes
Network Interfaces Performance Yes Some Yes Some Yes
Physical Memory Configuration Yes Yes Yes Yes Yes
Physical Memory Performance Yes Yes Yes Yes Yes
Ports Configuration Yes No Yes Yes No
Ports Performance Yes No Yes Yes No
Ports (Illicit) Performance Yes No Yes Yes No
Processes Configuration Yes Some Yes Yes Yes
Processes Performance Yes No Yes Yes Yes
Processor Configuration Yes Yes Yes Yes Yes
Processor Performance Yes Yes Yes Yes Yes
Restarts Performance Yes No Yes Yes Yes
SSL Certificates Configuration Yes No No No No
SSL Certificates Performance Yes No No No No
Uptime Performance Yes No Yes Yes Yes
Virtual Memory (Swap) Configuration Yes Yes Yes Yes Yes
Virtual Memory (Swap) Performance Yes Yes Yes Yes Yes
Windows Services Configuration Yes Some Yes No Yes
Windows Services Performance Yes Some Yes No Yes

Supported Data Collection Methods for Monitoring Linux

The following table describes which methods of data collection are supported when running SL1 and the SL1 Agent on monitored Linux systems:

Metric Type Agentless Agent-Based
SNMP SSH Gen-01 Gen-03
Availability Performance Yes Yes Yes Yes
File Systems Configuration Yes Yes Some Yes
File Systems Performance Yes Yes Some Yes
Installed Software Configuration Yes No No Yes
Network Interfaces Configuration Yes Yes Some Yes
Network Interfaces Performance Yes Yes Some Yes
Physical Memory Configuration Yes Yes Yes Yes
Physical Memory Performance Yes Yes Yes Yes
Ports Configuration Yes Yes Yes No
Ports Performance Yes Yes Yes No
Ports (Illicit) Performance Yes Yes Yes No
Processes Configuration Yes Yes Yes Yes
Processes Performance Yes Yes Yes Yes
Processor Configuration Yes Yes Yes Yes
Processor Performance Yes Yes Yes Yes
Restarts Performance Yes Yes Yes Yes
SSL Certificates Configuration Yes No No No
SSL Certificates Performance Yes No No No
Uptime Performance Yes Yes Yes Yes
Virtual Memory (Swap) Configuration Yes Yes Yes Yes
Virtual Memory (Swap) Performance Yes Yes Yes Yes
Windows Services Configuration N/A N/A N/A N/A
Windows Services Performance N/A N/A N/A N/A

Extensible Collection

In addition to the capabilities listed above, you can use the SL1 agent for "extensible collection", where you align the agent with Dynamic Applications to gather metrics and attributes from other infrastructures and applications.

The SL1 Extended Architecture supports aligning PowerShell Dynamic Applications to devices monitored by the SL1 Windows agent. The SL1 Extended Architecture supports aligning JMX Dynamic Applications to devices monitored by the SL1 Linux agent.

In addition, Dynamic Applications that leverage the Low Code No Code CLI/SSH framework can execute using the agent.

For more information, see Configuring Extensible Collection.

Agent PowerPacks

SL1 includes two PowerPacks that can be used to collect agent-based system configuration and performance data: the ScienceLogic: Agent PowerPack and the Host Agent PowerPack.

Both PowerPacks are installed by default on your SL1 system, and they include the following features:

  • Dynamic Applications that collect configuration data and performance metrics from devices that are using agent-based collection
  • Event Policies and alerts that are triggered when devices that are using agent-based collection meet certain status criteria

The ScienceLogic: Agent PowerPack collects agent-based data for devices on SL1 systems running on the SL1 Extended Architecture (Gen 3 agents). This PowerPack contains two Dynamic Applications:

  • The "ScienceLogic Agent: System Configuration" Dynamic Applications collects the following data:
  • CPU
  • CPU Information
  • CPUs
  • Hardware Totals
  • Memory
  • Speed (MHz)
  • Swap Capacity
  • The "ScienceLogic Agent: System Performance" Dynamic Applications collects the following data:
  • CPU Name
  • CPU Utilization
  • CPU Utilization Breakdown
  • Disk Average Queue Length
  • Disk IO Utilization
  • Disk Name
  • Memory Utilization
  • Network Read
  • Network Write
  • Sample Time
  • Swap Utilization

The Host Agent PowerPack, which collects agent-based data for devices on SL1 systems running on a Distributed Architecture (Gen 1 agents). This PowerPack contains two Dynamic Applications:

  • The "Host Agent: System Config" Dynamic Applications collects the following data:
  • CPU
  • CPU Information
  • CPUs
  • Disk
  • Disk Information
  • Disk Space
  • Disks
  • Hardware Totals
  • Memory
  • Size
  • Speed (MHz)
  • The "Host Agent: System Perf" Dynamic Applications collects the following data:
  • CPU Name
  • CPU Utilization
  • CPU Utilization Breakdown
  • Disk Average Queue Length
  • Disk Name
  • Disk Utilization
  • Memory Utilization
  • Network Read
  • Network Write
  • Sample Time
  • Storage Available
  • Storage Name
  • Storage Total
  • Storage Utilization

Because the ScienceLogic: Agent PowerPack is required to collect data from devices that are using agent-based collection, SL1 does not enable you to delete or modify this PowerPack.

Agent-Compatible PowerPacks

In addition to the ScienceLogic: Agent PowerPack and the Host Agent PowerPack, there are several other Agent-compatible PowerPacks that you can use to collect data from specific device types.

Windows Devices

The following PowerPacks include the SL1 Agent PowerShell Default credential and SL1 Agent device template, which you can use to execute the SL1 Agent on Windows devices with PowerShell:

  • Microsoft: Windows Server
  • SL1 Agent Templates for Microsoft PowerPacks, which includes templates for the following:
  • Microsoft: DHCP Server
  • Microsoft: DNS Server
  • Microsoft: Exchange Server

    The Microsoft: Exchange Server PowerPack has two device templates. If the Exchange server monitored contains all Exchange roles, use the "SL1 Agent for Microsoft: Exchange Server Template." If your Exchange server has an Exchange Transport role, use the "SL1 Agent for Microsoft: Exchange Transport Server Template."

  • Microsoft: IIS Server
  • Microsoft: Lync Server
  • Microsoft: SharePoint Server
  • Microsoft: SQL Server
  • Microsoft: Windows Server

For more information, see the section on Executing the SL1 Agent with Windows PowerShell.

Java Management Extensions (JMX) Resources

You can also use the JMX Base Pack  PowerPack to monitor JMX resources with the SL1 agent.

For more information, see the section on Executing the SL1 Agent with JMX.

Agent Architecture

The following sections describe how the SL1 agent works in the SL1 Distributed Architecture and in the SL1 Extended Architecture.

SL1 Distributed Architecture

In an SL1 Distributed Architecture, the SL1 Agent collects data from the device on which it is installed and transfers that data to a Message Collector in an SL1 system using the HTTPS protocol. The Data Collector on which the Dynamic Applications and collection processes run then poll the Message Collector using the HTTPS protocol to transfer data to SL1.

TCP port 443 must be open between the Message Collector and the device on which an agent is installed.

In a Distributed Architecture, the SL1 agent requires a standalone, dedicated Message Collector. The Message Collector does not need to be dedicated to agent usage, but the Message Collector cannot be a Data Collector that also performs message collection

NOTE: Message Collectors that process data from the agent have different system requirements than Message Collectors that do not process data from the agent. For more information about the system requirements when running agents in a Distributed Architecture, see the System Requirements page at the ScienceLogic Support Site.

The diagram below shows the collection layer of a Distributed System containing both Data Collectors and Message Collectors in which the SL1 Agent is installed on a managed device.

The collection layer of a distributed system

SL1 Extended Architecture

In the SL1 Extended Architecture, an SL1 agent collects data from the device on which it is installed and sends that data to a Load Balancer in front of a Compute Cluster. The Compute Cluster transforms the data and stores high-volume performance data in the Storage Cluster and other performance and configuration data in the Database Server.

If required, agents can use an HTTP proxy server as an intermediate step in sending data to SL1.

In the diagram below:

  • The SL1 agent collects data from managed devices and sends the data to the Load Balancer and Compute Node cluster for processing.
  • The optional Message Collector collects asynchronous traps and syslog messages and sends them to the Database Server.
  • The Data Collector collects data from managed devices and sends the data to the Load Balancer and Compute Node cluster for processing and then storage.

A diagram showing the relationship between the SL1 agent, the Message Collector, and the Data Collector

Using an agent in the SL1 Extended Architecture provides more configuration and performance data than using an agent in a Distributed Architecture. This additional data includes system vitals, log data, and extensible collection.

Uploads that occur in 20-second intervals, sometimes called "snapshot uploads", are no longer supported for users using the non-Scylla pipeline. These 20-second uploads were replaced with the 1-minute upload default in SL1 version 11.2. ScienceLogic highly recommends that you ensure your agents are uploading in one-minute summarized uploads prior to upgrading. You can verify your uploads from the Settings tab in the current SL1 user interface. The agent pipeline is able to consume and summarize 1-minute and 5-minute payloads without the need for Scylla.

NOTE: For more information about the system requirements when running agents in an Extended Architecture, see the System Requirements page at the ScienceLogic Support Site.