Define CA SystemEDGE Policy Control Settings
To control the following agent behavior, use the hse policy control settings:
casa
To control the following agent behavior, use the
CA SystemEDGE
policy control settings:- Security settings
- SNMP settings
- MIB table population
- UNIX settings
- Performance monitoring settings
To segregate these common control settings from specific server workload configurations, add them to the Base Policy.
You can apply the control settings that are defined in the policy to all systems you want to monitor with this configuration.
Follow these steps:
- Click the Resources tab, open the Configure pane, expand Policies, and clickSystemEDGE.
- From the table on the Available Policies page, select the policy.
- On the Summary page for the policy, clickControl Settings.
- (Optional) On the Control page, clickUse Defaults.The default selections pane opens. You can change the default settings.
- Configure the following control settings:
- SNMPDefines the following basic SNMP properties:
- Bind AddressDefines an interface to which the agent binds and listens for incoming SNMP requests. IPv4 or IPv6 addresses are valid.The corresponding default _port is specified during installation.
- Bind PortDefines the trap port to which the agent binds for sending SNMP traps. If no bind_address is specified, the agent binds to all available UDP addresses.Default:The port that the system selects.
- IP FamilySpecifies the agent communication method.Values:IPv4 only, IPv6 only, or both.Default:The agent tries using IPv4, then IPv6.
- FIPS ModeDefines the agent to use FIPS-compliant encryption. If they fail, select FIPS Only Mode to enable the RSA BSAFE Crypto-C Micro Edition FIPS-compliant libraries without encryption.Values:
- Non-FIPS Mode:Enable the CA eTrust Public Key Infrastructure libraries. If this method fails, revert to the internal minimum security solution.
- FIPS Co-existence Mode:Enable FIPS-compliant encryption. If this method fails, revert to the CA eTrust Public Key Infrastructure Libraries.
- FIPS Only Mode:If Non-FIPS Mode and FIPS Co-existence Mode fail, selectFIPS Only Modeto enable the RSA BSAFE Crypto-C Micro Edition FIPS-compliant libraries and use no encryption.
Default:Non-FIPS Mode - Trap SourceDefines the source address that is used to send traps.Values:An IPv4 or IPv6 address, or a host nameDefault:The agent host name
- Security SettingsDefines the following security preferences:
- Authentication TrapsSpecifies whether to send an authentication failure trap when the agent receives an SNMP message with a community name that the agent cannot recognize.Default:Disabled
- Process SetsSpecifies whether to permits access to processes and other software running on agent systems in the Process table and the Running Software table.Allowing the SNMP sets on these tables can cause security issues.
- Remote Shell GroupSpecifies whether to permit management systems to instruct the agent remotely to run shell scripts and programs on the agent system through the Remote Shell group.Disclosing this type of information can pose a potential security risk.
- Execution ActionSpecifies whether to enable the execution of action commands with the monitoring tables when a threshold breach occurs.The ability to run action commands and scripts can cause security issues.
- MIB Table PopulationPopulates the following tables in the Systems Management MIB:
- Process Table
- User Group Table
- Who Table
- Trap Community Table
- Monitor Mirror Table
- Aggregate Mirror Table
- Top Processes Table
Default:Enable the population of all tables except for the process table. - MiscellaneousLets you define the following miscellaneous settings:
- Allow agent to be Updated using SNMPSpecifies whether to permits agent updates using SNMP Sets (for example, removes write communities). If you permit SNMP Sets on the agent, updates through this method cause a notification of an SNMP Set change. These updates also cause an exception when viewing policy details for the system.
- Notify Manager of Configuration UpdatesSpecifies whether to enable the agent to notify the manager for any SNMP Set request that the agent processes.
- Warm Start DiscoverySpecifies whether to enable an agent rediscovery of all devices after every warm start configuration update.If you manage a system with many devices, a discovery after every warm start can consume too much time and too many resources.
- Use Perl Compatible Regular ExpressionsSpecifies whether to use Perl Compatible Regular Expressions (PCRE) to specify i18n-compatible regular expressions while defining monitors that support regular expressions. Examples of regular expressions include
- Log file
- Process
- Process group
- Windows services
- Windows events
CA SystemEDGEagent 5.1.0 and later. - Automatically Resolve Index ConflictsSpecifies whether to resolve an Index conflicts. When you apply the layered templates to all systems, the application assigns indexes to the monitors added in the template. If the assigned indexes conflict with existing indexes in the base policy or another template, this option reassigns unique index values.Indexes in the base policy are always maintained in the delivered configuration. If you disable this option, you cannot resolve conflicting indexes. However, when you apply layered templates to the systems, the conflicting indexes are displayed as errors on the layered templates that caused the conflicting indexes.
- Historical Performance MonitoringLets you define the following settings for the Performance Cube AIM, which collects history information in Systems Performance cubes for historical performance management:
- Collection IntervalSpecifies how often to collect information from the History table to performance cubes.
- Index Range StartDefines the start of the reserved range of indexes, where the agent by default creates history control entries for collecting performance cube data. This reserved range is used, for example, if Service Response Monitoring (SRM) is configured to collect performance data.
- Index Range EndDefines the end of the reserved range of indexes, where the agent by default creates history control entries for collecting performance cube data. This reserved range is used, for example, if SRM is configured to collect performance data.
- UNIX Control SettingsLets you define the following settings for agents running on UNIX systems:
- Sub-program GroupDefines a group name other than root under which to run subprograms.
- Sub-program UserDefines a user name other than root under which to run subprograms.
- Linux Freemem IncludeSpecifies whether to include system buffers, disk cached memory, or both in free memory calculation.
- Query System DevicesLets you enable querying of the following system device metrics:
- Serial device status
- Floppy disk status
- Disk size, capacity, description, and other properties (Probe Disks)
- NFS file system status
- HP-UX graphics status
- ClickPlugins.The Plugins pane opens. This pane controls which AIMs to load with the agent.
- Completeoneof the following actions:
- SelectLoad all available pluginsto load all AIMs that are available on the agent system.
- SelectLoad plugins selected in the table.
- Click+ (New)on the External Plugins toolbar to add an AIM to the External Plugins table.
Seethe hse Using section for more information about available AIMs.AIM loading is configured. - ClickAggregate Monitors.
- Configure aggregate monitors as described in Configure Object Aggregation.
- ClickSave Policy.