Enterprise SIEM, Centralized Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software
Table of Contents

Agent-Based Monitoring Templates

Server Manager includes an agent-based solution to push logs from remote computers. The agent-based solution solves several potential problems. Event Logs and are downloaded using a WMI whereas Text Logs require either Windows Shares, SFTP/SSH or FTP/S to pull logs. WMI transmits data relatively slow. In some cases, large Security Event Logs can take hours to download the first time. Second, WMI requires multiple ports one of which is randomly assigned. The randomly assigned port can be configured to use fixed port, however, the single port must be configured on each client host. Third, Server Manager typically is installed on a management server that does not have a public IP address. If so, there is no way to remote manage computers over the Internet. Lastly, hosts that periodically connect to the network, such as laptops, can be difficult to manage as a pulling schedule would need to be fast enough to catch the laptop when it just so happens to be logged into the network.

Corner Bowl Software solves these issues with our Server-Side Server Agent and our remotely installed lightweight Server Manager Agent.

Corner Bowl Server Manager Agent

Server Manager includes an option to flag several templates for remote execution. Once set, the Template is referred to as an Agent-Based Template. Once an Agent-Based Template is assigned to a remote host, Server Manager uses Windows Shares to upload the agent installation file to the host then uses WMI to remote install onto the host. If Server Manager is unable to penetrate the firewall to upload and remote install, you have the option to manually install the agent to the remote host. Once installed, the agent connects once a minute to get list of templates to execute. Once the Server Manager Agent Server determines it is time to run a template on the target host, the template and any required filters are returned to the agent for execution.

If the server instance of Server Manager is not available on a public IP address, an Azure Hybrid Relay can be setup to proxy the connection.

The following templates are currently supported:

To configure the Agent Server

  • From the Explorer View, navigate to Agent Server then right click and select Properties. The Agent Server Properties View displays.
  • From the Agent Server Properties View check the Enabled Checkbox to enable the server.
    Once enabled, the server attempts to install the agent to all configured hosts that have Agent Based Templates assigned to them. If you do not want to automatically install the agent to each host that has an Agent Based Template assigned, use the Host Properties View to disable the automatic installation of the agent.
    For more information see: Host Properties
  • Use the Host identification method drop-down to select how you would like connecting hosts to be identified.
    OptionDescription
    DNS LookupThe server uses DNS to resolve the hostname.
    DNS and FQDN LookupThe server uses DNS and Active Directory to resolve the Fully Qualified Domain Name (FQDN).
    Remote IP AddressThe server uses the IP address.
    Local HostnameThe client sends its local hostname to server for identification.
    Local FQDNThe client sends its locally resolved FQDN to server for identification.
    Local IP AddressThe client sends its local IP address to server for identification.
  • Use the Assign the following templates to all new clients check box to automatically add new hosts to the Agent Server Host Group then assign the listed templates.

To enable remote Server Manager Agent installation

  • From the Explorer View, navigate to Agent Server then right click and select Properties. The Agent Server Properties View displays.
  • Check Enabled.
  • Click Save.
  • From the Explorer View, navigate to Templates | Sample Templates | Log Consolidation then right click on Agent-Based Event Log Consolidation and select Assign.
    You can assign any template that has been flagged as an Agent-Based Template. For more information see below.
    The Select Services, Devices and Endpoints View displays.
  • From the Select Services, Devices and Endpoints View, check each host you would like to install the Server Manager Agent, then click OK.
  • Once assigned, Server Manager will attempt to remote install the Server Manager Agent onto each assigned host.

To manually install the Server Manager Agent on remote hosts

  • From the host you have installed Server Manager, copy the following file to each target host:
    C:\Program Files\Corner Bowl\Server Manager\ServerManagerAgentInstaller.exe
  • From each target host, open a command prompt as Administrator then run the executable with the following command line options:
    ParameterDescription
    HOSTThe fully qualified hostname of the host Server Manager is installed.
    PORTThe port to connect with. The default value is 21843
    TLSENABLEDtrue to enable TLS 1.2. Please note the server must be configured to use TLS. For more information see: Server Configuration
    TLSCERTIFICATEThe optional TLS client certificate to use for TLS 1.2.
    RELAYENABLEDtrue to proxy communication through an Azure Relay Connection.
    RELAYNAMESPACEThe Azure Relay Connection namespace.
    RELAYCONNECTIONNAMEThe Azure Relay Connection name.
    RELAYKEYNAMEThe Azure Relay Connection key name.
    RELAYKEYThe Azure Relay Connection key value.
    -qSilently run the installation.
    -norestartSuppress reboot.
    For Example:
    ServerManagerAgentInstaller.exe -q HOST=1.2.3.4 PORT=21843

To update the Agent configuration

Just like the Service, the agent uses an XML configuration file to load the parameters to connect to the server. Configuration is implemented through the cbsmsrv.exe.config file located in the program data directory. The default location is:
C:\ProgramData\Corner Bowl\Server Manager Agent 2022\cbsmagt.exe.config

Configuration File Reference

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <configSections>
        <section name="server" type="XPlatformWindowsShared.Configuration.ServerConfigurationSectionHandler,XPlatformWindowsShared" />
    </configSections>

    <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
    </startup>

    <server>
        <host value="SERVERNAME" />
        <port value="21843" />
        <tls value="False" certificate="" requireRemoteCertificate="false" allowSelfSignedCertificate="true" checkCertificateRevocation="false" allowCertificateChainErrors="true" />
        <idleTimeout value="300" />
        <readTimeout value="120" />
        <writeTimeout value="120" />
        <azure value="False" relayNamespace="" connectionName="" keyName="" key="" />
    </server>

    <appSettings>
        <add key="AutoUpdate" value="true" />
    </appSettings>

</configuration>
                            

To configure Agent-Based Event templates

  • Select File | New Template. The Select Template Type view displays.
  • Click the Template type to create. The Template Properties view displays.
  • Select the Agent Template Tab
  • Use the Enabled Check Box to flag the template as an Agent-Based Template.
  • Use the Trigger Check Box to trigger actions when assigned hosts do not connect within the configured time span.
  • Use the On Host Not Connecting Drop-Down to assign the actions to fire when assigned hosts do not connect within the configured time span.

To configure Agent-Based Event Log Consolidation for remote hosts

After following the steps above, the pre-installed Template is automatically assigned to each host. You have the option to modify this Template or create your own.

  • To modify the pre-installed Template, navigate to Templates | Sample Templates | Log Consolidation | Agent-Based Event Log Consolidation then right click and select Template Properties.
  • To create a new template, select Files | New | Templates | Log Managements | Log Consolidations then from the properties page set the Sub Type to Event Log.
  • Use the General tab to schedule the frequency.
  • Use the Logs tab to select the target logs.
  • Use the Options tab to specify consolidation filters and log entry retention policy.
  • Use the Agent Template tab to configure Server Manager to remotely install the Corner Bowl Server Manager Agent to the assigned hosts.
    If using the sample template notice the Enabled option is checked. If you are creating your own template this option must be selected. The Server Manager Agent logs into the server anonymously with access limited to reading assigned templates and pushing log entries.
  • The Monitor tab enables you to scan entries on the server-side to fire actions or notifications when necessary.
  • Use the Actions tab to assign actions or notifications when the template starts, completes or errors.
  • Use the Hosts and Host Groups drop-down boxes on the right side of the screen to assign hosts to this Template.
  • Click Save.

To configure Agent-Based Native Event Log File Backup for remote hosts

After following the steps above, the pre-installed Template is automatically assigned to each host. You have the option to modify this Template or create your own.

  • To modify the pre-installed Template, navigate to Templates | Sample Templates | Log Consolidation | Agent-Based Event Log File Backup then right click and select Template Properties.
  • To create a new template, select Files | New | Templates | Log Managements | Log Backup then from the properties page set the Sub Type to Event Log.
  • Use the General tab to schedule the frequency.
  • Use the Logs tab to select the target logs.
  • Use the Options tab to specify backup options. For more information see: Log Backup Template
  • Use the Agent Template tab to configure Server Manager to remotely install the Corner Bowl Server Manager Agent to the assigned hosts.
    If using the sample template notice the Enabled option is checked. If you are creating your own template this option must be selected. The Server Manager Agent logs into the server anonymously with access limited to reading assigned templates and upload log entries.
  • The Monitor tab enables you to scan entries on the server-side to fire actions or notifications when necessary.
  • Use the Actions tab to assign actions or notifications when the template starts, completes or errors.
  • Use the Hosts and Host Groups drop-down boxes on the right side of the screen to assign hosts to this Template.
  • Click Save.

Troubleshooting

If the Agent does not appear to be connecting or processing templates you can view the Agent's verbose output log for detailed information. The log file is located in the following directory on each remotely managed host:

c:\ProgramData\Corner Bowl\Server Manager Agent 2022\agent.log

Related Topics

Relay Hybrid Connection

Server Configuration