Introduction
System Requirements
Assign Service Logon As Credentials
Server Configuration
Agent-Based Monitoring
Azure Relay Hybrid Connection
Account Lockout Monitoring and Reporting
Data Providers
- Data Provider Properties
- File System Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- Elasticsearch Properties
Directory Services
Hosts
- Host Properties
- Batch Update Hosts
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Properties
- WMI
- Contact
- Template Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
Monitor Hierarchy
Reports
- Report Properties
- Security Reports
- Generic Log Reports
- File and Permission Reports
- Summary Reports
Auto-Configurators
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Web Proxy Settings
- Miscellaneous Settings
Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- Microsoft Teams Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Action Variables
Filters
- Simple Filters
- Complex Filters
- C# Script Filters
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Shared Views
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Active Directory Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
SNMP Browser
SSH Shell
Exporting and Importing Configuration Objects
Command Line Interface
Troubleshooting
- Arithmetic Overflow
- Access Denied
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
- Windows Service Log File
Terminology

Agent-Based Monitoring Templates

Server Manager includes an agent-based solution to push logs from remote computers. The agent-based solution solves several potential problems. Event Logs and are downloaded using a WMI whereas Text Logs require either Windows Shares, SFTP/SSH or FTP/S to pull logs. WMI transmits data relatively slow. In some cases, large Security Event Logs can take hours to download the first time. Second, WMI requires multiple ports one of which is randomly assigned. The randomly assigned port can be configured to use fixed port, however, the single port must be configured on each client host. Third, Server Manager typically is installed on a management server that does not have a public IP address. If so, there is no way to remote manage computers over the Internet. Lastly, hosts that periodically connect to the network, such as laptops, can be difficult to manage as a pulling schedule would need to be fast enough to catch the laptop when it just so happens to be logged into the network.

Corner Bowl Software solves these issues with our Server-Side Server Agent and our remotely installed lightweight Server Manager Agent.

Corner Bowl Server Manager Agent

Server Manager includes an option to flag several templates for remote execution. Once set, the Template is referred to as an Agent-Based Template. Once an Agent-Based Template is assigned to a remote host, Server Manager uses Windows Shares to upload the agent installation file to the host then uses WMI to remote install onto the host. If Server Manager is unable to penetrate the firewall to upload and remote install, you have the option to manually install the agent to the remote host. Once installed, the agent connects once a minute to get list of templates to execute. Once the Server Manager Agent Server determines it is time to run a template on the target host, the template and any required filters are returned to the agent for execution.

If the server instance of Server Manager is not available on a public IP address, an Azure Hybrid Relay can be setup to proxy the connection.

The following templates are currently supported:

To configure the Agent Server

From the Explorer View, navigate to Agent Server then right click and select Properties. The Agent Server Properties View displays.

From the Agent Server Properties View check the Enabled Checkbox to enable the server.

Once enabled, the server attempts to install the agent to all configured hosts that have Agent Based Templates assigned to them. If you do not want to automatically install the agent to each host that has an Agent Based Template assigned, use the Host Properties View to disable the automatic installation of the agent.
For more information see: Host Properties

Use the Host identification method drop-down to select how you would like connecting hosts to be identified.

Option	Description
DNS Lookup	The server uses DNS to resolve the hostname.
DNS and FQDN Lookup	The server uses DNS and Active Directory to resolve the Fully Qualified Domain Name (FQDN).
Remote IP Address	The server uses the IP address.
Local Hostname	The client sends its local hostname to server for identification.
Local FQDN	The client sends its locally resolved FQDN to server for identification.
Local IP Address	The client sends its local IP address to server for identification.

Use the Assign the following templates to all new clients check box to automatically add new hosts to the Agent Server Host Group then assign the listed templates.

To enable remote Server Manager Agent installation

From the Explorer View, navigate to Agent Server then right click and select Properties. The Agent Server Properties View displays.
Check Enabled.
Click Save.

From the Explorer View, navigate to Templates | Sample Templates | Log Consolidation then right click on Agent-Based Event Log Consolidation and select Assign.

You can assign any template that has been flagged as an Agent-Based Template. For more information see below.

The Select Services, Devices and Endpoints View displays.

From the Select Services, Devices and Endpoints View, check each host you would like to install the Server Manager Agent, then click OK.
Once assigned, Server Manager will attempt to remote install the Server Manager Agent onto each assigned host.

To manually install the Server Manager Agent on remote hosts

From the host you have installed Server Manager, copy the following file to each target host:

C:\Program Files\Corner Bowl\Server Manager\ServerManagerAgentInstaller.exe

From each target host, open a command prompt as Administrator then run the executable with the following command line options:

Parameter	Description
HOST	The fully qualified hostname of the host Server Manager is installed.
PORT	The port to connect with. The default value is 21843
TLSENABLED	true to enable TLS 1.2. Please note the server must be configured to use TLS. For more information see: Server Configuration
TLSCERTIFICATE	The optional TLS client certificate to use for TLS 1.2.
RELAYENABLED	true to proxy communication through an Azure Relay Connection.
RELAYNAMESPACE	The Azure Relay Connection namespace.
RELAYCONNECTIONNAME	The Azure Relay Connection name.
RELAYKEYNAME	The Azure Relay Connection key name.
RELAYKEY	The Azure Relay Connection key value.
-q	Silently run the installation.
-norestart	Suppress reboot.

For Example:

ServerManagerAgentInstaller.exe -q HOST=1.2.3.4 PORT=21843

To update the Agent configuration

Just like the Service, the agent uses an XML configuration file to load the parameters to connect to the server. Configuration is implemented through the cbsmsrv.exe.config file located in the program data directory. The default location is:
C:\ProgramData\Corner Bowl\Server Manager Agent 2022\cbsmagt.exe.config

Configuration File Reference

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <configSections>
        <section name="server" type="XPlatformWindowsShared.Configuration.ServerConfigurationSectionHandler,XPlatformWindowsShared" />
    </configSections>

    <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
    </startup>

    <server>
        <host value="SERVERNAME" />
        <port value="21843" />
        <tls value="False" certificate="" requireRemoteCertificate="false" allowSelfSignedCertificate="true" checkCertificateRevocation="false" allowCertificateChainErrors="true" />
        <idleTimeout value="300" />
        <readTimeout value="120" />
        <writeTimeout value="120" />
        <azure value="False" relayNamespace="" connectionName="" keyName="" key="" />
    </server>

    <appSettings>
        <add key="AutoUpdate" value="true" />
    </appSettings>

</configuration>

To configure Agent-Based Event templates

Select File | New Template. The Select Template Type view displays.
Click the Template type to create. The Template Properties view displays.
Select the Agent Template Tab
Use the Enabled Check Box to flag the template as an Agent-Based Template.
Use the Trigger Check Box to trigger actions when assigned hosts do not connect within the configured time span.
Use the On Host Not Connecting Drop-Down to assign the actions to fire when assigned hosts do not connect within the configured time span.

To configure Agent-Based Event Log Consolidation for remote hosts

After following the steps above, the pre-installed Template is automatically assigned to each host. You have the option to modify this Template or create your own.

To modify the pre-installed Template, navigate to Templates | Sample Templates | Log Consolidation | Agent-Based Event Log Consolidation then right click and select Template Properties.
To create a new template, select Files | New | Templates | Log Managements | Log Consolidations then from the properties page set the Sub Type to Event Log.
Use the General tab to schedule the frequency.
Use the Logs tab to select the target logs.
Use the Options tab to specify consolidation filters and log entry retention policy.

Use the Agent Template tab to configure Server Manager to remotely install the Corner Bowl Server Manager Agent to the assigned hosts.

If using the sample template notice the Enabled option is checked. If you are creating your own template this option must be selected. The Server Manager Agent logs into the server anonymously with access limited to reading assigned templates and pushing log entries.

The Monitor tab enables you to scan entries on the server-side to fire actions or notifications when necessary.
Use the Actions tab to assign actions or notifications when the template starts, completes or errors.
Use the Hosts and Host Groups drop-down boxes on the right side of the screen to assign hosts to this Template.
Click Save.

To configure Agent-Based Native Event Log File Backup for remote hosts