Define CA SystemEDGE Policy Control Settings

To control the following agent behavior, use the hse policy control settings:
casa
To control the following agent behavior, use the 
CA SystemEDGE
 policy control settings:
  • Security settings
  • SNMP settings
  • MIB table population
  • UNIX settings
  • Performance monitoring settings
To segregate these common control settings from specific server workload configurations, add them to the Base Policy.
You can apply the control settings that are defined in the policy to all systems you want to monitor with this configuration.
Follow these steps:
  1. Click the Resources tab, open the Configure pane, expand Policies, and click
    SystemEDGE.
  2. From the table on the Available Policies page, select the policy.
  3. On the Summary page for the policy, click
    Control Settings
    .
  4. (Optional) On the Control page, click
    Use Defaults
    .
    The default selections pane opens. You can change the default settings.
  5. Configure the following control settings:
    • SNMP
      Defines the following basic SNMP properties:
      • Bind Address
        Defines an interface to which the agent binds and listens for incoming SNMP requests. IPv4 or IPv6 addresses are valid.
        The corresponding default _port is specified during installation.
      • Bind Port
        Defines the trap port to which the agent binds for sending SNMP traps. If no bind_address is specified, the agent binds to all available UDP addresses.
        Default:
        The port that the system selects.
      • IP Family
        Specifies the agent communication method.
        Values:
        IPv4 only, IPv6 only, or both.
        Default:
        The agent tries using IPv4, then IPv6.
      • FIPS Mode
        Defines the agent to use FIPS-compliant encryption. If they fail, select FIPS Only Mode to enable the RSA BSAFE Crypto-C Micro Edition FIPS-compliant libraries without encryption.
        Values:
        • Non-FIPS Mode:
          Enable the CA eTrust Public Key Infrastructure libraries. If this method fails, revert to the internal minimum security solution.
        • FIPS Co-existence Mode:
          Enable FIPS-compliant encryption. If this method fails, revert to the CA eTrust Public Key Infrastructure Libraries.
        • FIPS Only Mode:
          If Non-FIPS Mode and FIPS Co-existence Mode fail, select
          FIPS Only Mode
          to enable the RSA BSAFE Crypto-C Micro Edition FIPS-compliant libraries and use no encryption.
        Default:
        Non-FIPS Mode
      • Trap Source
        Defines the source address that is used to send traps.
        Values:
        An IPv4 or IPv6 address, or a host name
        Default:
        The agent host name
    • Security Settings
      Defines the following security preferences:
      • Authentication Traps
        Specifies whether to send an authentication failure trap when the agent receives an SNMP message with a community name that the agent cannot recognize.
        Default:
        Disabled
      • Process Sets
        Specifies whether to permits access to processes and other software running on agent systems in the Process table and the Running Software table.
        Allowing the SNMP sets on these tables can cause security issues.
      • Remote Shell Group
        Specifies whether to permit management systems to instruct the agent remotely to run shell scripts and programs on the agent system through the Remote Shell group.
        Disclosing this type of information can pose a potential security risk.
      • Execution Action
        Specifies whether to enable the execution of action commands with the monitoring tables when a threshold breach occurs.
        The ability to run action commands and scripts can cause security issues.
    • MIB Table Population
      Populates the following tables in the Systems Management MIB:
      • Process Table
      • User Group Table
      • Who Table
      • Trap Community Table
      • Monitor Mirror Table
      • Aggregate Mirror Table
      • Top Processes Table
      Each table either contains sensitive information that you can expose in a MIB or nonessential information that you can disable to save disk space.
      Default:
      Enable the population of all tables except for the process table.
    • Miscellaneous
      Lets you define the following miscellaneous settings:
      • Allow agent to be Updated using SNMP
        Specifies whether to permits agent updates using SNMP Sets (for example, removes write communities). If you permit SNMP Sets on the agent, updates through this method cause a notification of an SNMP Set change. These updates also cause an exception when viewing policy details for the system.
      • Notify Manager of Configuration Updates
        Specifies whether to enable the agent to notify the manager for any SNMP Set request that the agent processes.
      • Warm Start Discovery
        Specifies whether to enable an agent rediscovery of all devices after every warm start configuration update.
        If you manage a system with many devices, a discovery after every warm start can consume too much time and too many resources.
      • Use Perl Compatible Regular Expressions
        Specifies whether to use Perl Compatible Regular Expressions (PCRE) to specify i18n-compatible regular expressions while defining monitors that support regular expressions. Examples of regular expressions include
        • Log file
        • Process
        • Process group
        • Windows services
        • Windows events
        You can also use this option to create more complex regular expressions. This option is provided in 
        CA SystemEDGE
         agent 5.1.0 and later.
      • Automatically Resolve Index Conflicts
        Specifies whether to resolve an Index conflicts. When you apply the layered templates to all systems, the application assigns indexes to the monitors added in the template. If the assigned indexes conflict with existing indexes in the base policy or another template, this option reassigns unique index values.
        Indexes in the base policy are always maintained in the delivered configuration. If you disable this option, you cannot resolve conflicting indexes. However, when you apply layered templates to the systems, the conflicting indexes are displayed as errors on the layered templates that caused the conflicting indexes.
    • Historical Performance Monitoring
      Lets you define the following settings for the Performance Cube AIM, which collects history information in Systems Performance cubes for historical performance management:
      • Collection Interval
        Specifies how often to collect information from the History table to performance cubes.
      • Index Range Start
        Defines the start of the reserved range of indexes, where the agent by default creates history control entries for collecting performance cube data. This reserved range is used, for example, if Service Response Monitoring (SRM) is configured to collect performance data.
      • Index Range End
        Defines the end of the reserved range of indexes, where the agent by default creates history control entries for collecting performance cube data. This reserved range is used, for example, if SRM is configured to collect performance data.
    • UNIX Control Settings
      Lets you define the following settings for agents running on UNIX systems:
      • Sub-program Group
        Defines a group name other than root under which to run subprograms.
      • Sub-program User
        Defines a user name other than root under which to run subprograms.
      • Linux Freemem Include
        Specifies whether to include system buffers, disk cached memory, or both in free memory calculation.
    • Query System Devices
      Lets you enable querying of the following system device metrics:
      • Serial device status
      • Floppy disk status
      • Disk size, capacity, description, and other properties (Probe Disks)
      • NFS file system status
      • HP-UX graphics status
      Querying these metrics can cause issues with potential agent blocking. The default settings enable querying of only serial device status and NFS file system status.
  6. Click
    Plugins
    .
    The Plugins pane opens. This pane controls which AIMs to load with the agent.
  7. Complete
    one
    of the following actions:
    • Select
      Load all available plugins
      to load all AIMs that are available on the agent system.
    • Select
      Load plugins selected in the table
      .
    • Click
      + (New)
      on the External Plugins toolbar to add an AIM to the External Plugins table.
    See
    the hse Using section for more information about available AIMs.
    AIM loading is configured.
  8. Click
    Aggregate Monitors
    .
  9. Configure aggregate monitors as described in Configure Object Aggregation.
  10. Click
    Save Policy
    .