Argent AT Root Cause Analysis
Argent AT runs Rules against target servers to identify certain conditions. When a condition happens, you probably want to know the cause as much as the symptom. This can be easily implemented in Argent AT.
In the Relator definition, you can optionally specify the Instant Correction for each Rule. When the Rule is broken, the Instance Correction is executed. The Instant Correction make use of the Correction portion of the Alert definitions, including:
- PowerShell Action Script
- WMI Action Script
- SNMP Alert
- ODBC Query
- System Command – W200x
- System Command – iSeries
- System Reboot
- W200x Service Alert
- Linux Action Script
- UNIX Action Script
Although Instant Correction and Correction Alerts implement the same alerting logic, Instant Correction is executed by the Monitoring Engine, while the Correction Alert is executed by the Argent Console engine.
Generally speaking, Instant Correction is more desirable as it is more efficient, running under the same security context as the monitoring Rules.
Instant Correction can also used as Root Cause Analysis:
When the Instant Correction is executed as Root Cause Analysis, its output is sent as part of an event. Youcan easily see the content on the A1B screen.
The following Correction Alerts are great for Root Cause Analysis:
- PowerShell Action Script
- WMI Action Script
- ODBC Query
- System Command – W200x
- System Command – iSeries
- Linux Action Script
- UNIX Action Script
System Command Alert
There are plenty of command line utilities used daily by system administrators to analyze network environments. One example is the Windows Resource Kit.
When System Command Alerts are used, the output of the system command is captured, and saved as the Root Cause Analysis content.
The simple demo Relator uses TASKLIST.EXE to dump out the current running processes after it finds that the CPU usage exceeds the threshold.
ODBC Query
There are two situations where you can retrieve useful information from an ODBC data source.
- Run System SQL Queries to retrieve the health information of an ODBC backend. For example, DBCC in SQL Server, Oracle System Views in Oracle Server.
- Run Custom Queries to retrieve application data. For example, the Argent Predictor database can be queried to analyse the trend of a SAN storage usage.
A SELECT query or stored procedure should be used for Root Cause Analysis, and output should be captured.
WMI Action Script And PowerShell Action Script
Although Windows is increasingly adopting .NET technology, WMI scripts still account for a majority of all Windows Administration scripts. In the mean time, if any .NET libraries are required, PowerShell Action Scripts are the only choice to interface the new technology.
Recent examples include Exchange 2007, SharePoint 2007, and SQL 2008.
WMI and PowerShell provide the complete programming environment. It can be imagined that almost anything is possible here. To use them for Root Cause Analysis, the key point is to use the method ‘WriteStatus’ to compose the content for Root Cause Analysis.
