

			BBNT

An NT **CLIENT** for Big Brother Systems & Network Monitor (BB) (Version 1.04f)

1. You may not sell Big Brother NT Client, nor sell any of the functionality
   it provides. No part of the Big Brother NT Client system may be used as part
   of any commercial product without having first obtained a commercial licence
   from Robert-Andre Croteau and the MacLawran Group
2. The executable and documentation which makes up Big Brother NT Client are
   Copyright (C) 1997-1998 Robert-Andre Croteau and the MacLawran Group.
   You agree to respect these rights.
3. You understand that this software is provided as-is. Robert-Andre Croteau
   and The MacLawran Group makes no claims towards its suitability for any
   purpose and accepts absolutely no liability for any damages the software
   may cause. Use at your own risks. Eh! It might not even work.

Questions/suggestions/bugs ? Contact:
	Robert-Andre Croteau
	E-mail: rcroteau@videotron.ca rcroteau@motu.ca robert@maclawran.ca


This client runs on NT 4.0 (SP4) 

This client REQUIRES that you already have installed the
"Big Brother Systems & Network Monitor" server package which runs under UNIX

PLEASE SEE NOTE AT BOTTOM FOR MEMORY LEAK PROBLEMS (THEY AREN'T MINE !!!)
ALSO SEE NOTE IF SPURRIOUS EVENT LOGS ARE GENERATED BY PERFORMANCE RETRIEVAL



HISTORY (Should have started it a long time ago...)

1.04f)
	Fixed External plugin bug where only the first file would be
	sent across



1) To install BBNT:

As an administrative user
Unzip the bbnt.zip file into any directory (on a LOCAL drive !!!)
Start a console window
CD to that directory

If you are on an x86 platform:
REN bbnt-x86.exe bbnt.exe

If you are on an Alpha pltaform:
REN bbnt-axp.exe bbnt.exe

and then execute BBNT with the following arguments:

bbnt [-y] -install BBDISPLAY FQDN IPPORT

BBDISPLAY: IP address of the BB display server
FQDN: Return the Fully qualified domain name of the station (Y or N)
IPPORT: Port used for communication between BB client and BB server

These variables are in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\BB

BBNT has been installed as a service: check in Control Panel -> Services
See "Register variables" for more info on these and other variables.

e.g.:

bbnt -install 201.201.201.201 N 1984

or

bbnt -install 201.201.201.201
	(This will set 'N' for FQDN and 1984 for IPPORT as defaults)

or

bbnt -y -install 201.201.201.201
	(Same as previous but automatically agrees to license agreement
	 which appears at the top of this README file)


IMPORTANT: YOU MUST SPECIFY AN ADMINISTRATIVE ACCOUNT TO RUN
	THE SERVICE IF YOU ARE GOING TO MONITOR NETWORK DRIVES
	
	Control Panel -> Services
	Select Big Brother
	Click on Startup on the right-hand side
	In the "Log On As:" window specify "This Account"
		and put in an administrative account with password

	Make sure that the bbnt.exe file is only 
	readable/executable/writable by an administrative account


2) To upgrade BBNT:

IT DOES NOT CHECK IF AN INSTANCE IS ALREADY RUNNING. IF YOU DON'T STOP IT,
THE SERVICE WILL USE THE NEW EXECUTABLE ONLY AT NEXT SERVICE RESTART
(MANUALLY OR REBOOT)

As an administrative user
Stop the current instance of BBNT: Control Panel -> Services
Backup the previous version !
Unzip the bbnt.zip file into any directory (you can use the 
	previous installation directory).
Start a console window
CD to that directory

and the execute BBNT with the following arguments:

bbnt -upgrade

It will automatically remove registry variables that are not
required for the new version.  It will also create new variables that
are required.

Note: After an upgrade make sure that the SvcErrList registry variables
	constains all services that you want paged on.  Upgrades do not
	update this value.

Restart BBNT: Control Panel -> Services


3) To run BBNT: in Control Panel -> Services, select BB and start

4) To remove BBNT just type at the prompt

bbnt -remove

This removes all keys in the registry and removes the BBNT service


Registry Variables: (A GUI utility is provided to edit these fields: bbntcfg)

Activatelog: (Y or N) - Sends some debug output to a file named BB.LOG
	The log is saved where the TEMP env variable points (if TEMP
	isn't there then it uses TMP and if it's not there then it puts
	it in C:\TEMP).

BBDISPLAY: IP Address of BB display server

BBPAGE: IP Address of BB pager server

BBWARNStyleAlerts:  Set to 'Y' is your BBPAGER host is 1.08b or higher

CPUalwaysGreen: (Y or N) - CPU test always returns GREEN

Defaults: Default thresholds for CPU & DISK
	By default CPU is 80:95 & DISK is 90:95
	format is "service:yellow:red"
	Values are in the 1-100 range, anything else will be reset to
		system default.
	i.e.    CPU:75:85
		CPU:75:95 DISK:80:90
	Also, drives with Yellow/Red status will be marked with
		* (yellow) or ** (red) identifiers

DISKalwaysGreen: (Y or N) - DISK test always returns GREEN

DiskList: List of drives with different yellow/red thresholds than
		defaults (90/95)
	  i.e. D:98:99 G:93:98 L Z:101:101
		drive:yellow:red
		Only FIXED drives are checked automatically
		Other drives are checked for values only if they are
		defined in this list !!! (You don't want 50 workstations
		turning to red because a server went red).
		In this case drive G,L,Z are checked with L
		 using defaults (Z will never go yellow or red)
		Syntax checking is very loose so be carefull

EventsalwaysGreen: (Y or N) - Event log test always returns GREEN
	N.B. It still returns the events log entries that match the
		"Msg Levels" field entries.
	     The equivalent would be achieved by removing all entries in the
		"Msg Levels". Or by specifying values of 0 minutes in the
		entries in the "Msg Levels" field.

ExternPath: Directory where external programs can save BB status messages
		to be sent by BBNT.  This acts as a plugin facility where
		external program create their own status messages.
		Files that have no extensions (the file name should be the
		service name) are sent to BB.  So first create your file
		with an extension and when it's ready to be sent over then
		rename it to the service name only. Remember to put the
		following pattern [] in the status file.  Basic style paging
		will receive the message starting at [.
		e.g. this is the status file
		red Thu 08 21:10:24 1998 [xxx.domain.com]
		blah blah
		blah blah

		Then the basic style paging will receive:
		[xxx.domain.com]
		blah blah
		blah blah

		N.B. BBWARN style paging receives the whole status file

		I use the [] to insert a system identifier such that
		DHCP stations are easily recognized.  I strongly suggest you
		do the same thing when creating your own status messages
		regardless of paging method.

		Don't forget to add the service name and paging code in the
		service error codes field:
		e.g. Your service is called "oracle" then add a svc:id
			combination:  ORACLE:800
		You do not need this if you are using BBWARN style paging
		*** BUT *** you must update the SVCERRLIST environment variable
		that contains all the services:ids combination.


FQDN: (Y or N) - Return host name as Fully Qualified Domain Name

IgnoreMsgs: Ignore the event log messages that contain this text.  You can
		also specify an event source.

		Message will be checked with the text squeezed and
		ignoring case.  If you make a type you are out of luck !
		Multiple messages can be defined: seperate each msg with a ';'

		i.e. service "Remote Access"; Access to performance data

			If the message text/event source contains either 
		strings then it will not be return in the status message.  
		Note, the comparison is case insensitive and spaces are 
		ignored.

		A maximum of 2048 characters for all messages is allowed

IPport: Ip port for communication between client and server

MsgLevels: Type of message to look associated with a type level
		Message source: SEC - Security
				SYS - System
				APP - Applications
		Message Level:  ERR  - Error
				WARN - Warning
				INFO - Informational
				SUCCESS_AUDIT - Audit success
				FAIL_AUDIT - Audit fail

		Additional specifiers are
			Y/N     Y (red & page) / N (Yellow & don't page)
			Elapsed time: How many minutes before ignoring msg
					(default 30 mins)
		i.e. SYS:ERR:Y:30 SYS:WARN:N:15 APP:ERR:Y:30 APP:WARN:N:15 

		If a Source:Level pair is not specified then it is ignored

Procs: List of process names to check if they are running
	i.e snmp smtp
	space/tab is the delimiter between process names.  Process names are 
		typed without their extention.
	N.B. process with .com may require full name. Set ActivateLog to Y
		and check process list to see how the process name should
		be entered (or use task manager or pview).
	     This key cannot exceed 1024 characters in length.
	This does not check for correct behavior (the proc might be running
		but it might be totally screwed up)
	Extra qualifiers are possible for each process:
		smtpproc:Y:3
		This means that smtproc must be running at least 3 instances
			and that if it's not then send a page alert.
		Y will set to red / N will set to yellow
		   
SendPageAlerts: Enable paging (Y/N, Y is default)
		Overrides any other values.

SvcErrList: Codes to send when paging (if not using BBWARN style messages)
	This is required only if your BBPAGER host is pre-1.08b
	Default values are "DISK:100 CPU:200 PROCS:300 MSGS:400"
	
Timer:  Waiting period between checks in seconds
	Default is 300 seconds


NOTICE:

The hostname is given in the status message to aid admins with DHCP stations

BB does not have to be restarted when changing the registry variables
	with regedit or the config editor.  Variables are reloaded everytime.

CPU test: The % is for the last 5 minutes
	     PhysicalMem - in MB - the value in parentheses is % used

DISK test: Local drives are alerted on. Remote drives are only
		alerted if they are specified in DiskList registry variable

It only returns CPU, DISK, PROCS and MSGS information (there a lot more on the Unix side)

Empty Procs registry variable will not return anything
	(If Procs were previously checked, then you will get a purple
	 condition after 30 minutes, so you better remove the host.procs
	 file in the $BBHOME/www/logs directory)

If your NT workstation is DHCP enabled you will have to change
	$BBHOME/web/mkbb.sh on your BB display server to gather the list of hosts
	from the $BBLOGS directory instead of using bb-hosts.
	Something along the lines of:
	$LS -1 $BBLOGS/*.* | $SED 's/\..*$//g' | $SORT -u

In the CPU test it always returns 1 user (i think, never really tested this)...

When using bbntcfg, the HOST is the NT name not the IP name (You should always
	set both to the same name).  bbnt uses the IP name & bbntcfg uses
	the NT name (my fault, I should have always the NT name but
	it's too late now.  Consider this a feature ;-))


DIGITAL ALPHA USERS:

Note that there are no bbntcfg.exe for alpha.  Use bbntcfg on an x86
platform and configure across the network. Or install FX!32 from
Digital (it's an X86 emulator and it's free) and run it directly
on the Alpha box.


MEMORY LEAKS:

I have (and others) noticed memory leaks depending on the server which is
running BB.  These leaks are caused by performance extensions in services.
You will have to disable all extensions by renaming them.  Then reenable
them one by one until you find the culprit(s) which you will disable.
It also has been reported that BBNT does not start because of 3rd party
performace DLLs.

Using Regedit go to HKEY_LOCAL_MACHINE/SYSTEM/CurrenttControlSet/Services.
Search for the string "Performance".  Rename to xPerformance.
Set the Timer in BB to 1 to accelerate the refresh.  At this point the
memory leak should have dissapeared.  Reenable one performance extension at
a time.  Wait a while (15 minutes) and check using Task manager if the
memory usage of BBNT has increased. If so disable it. Don't forget to reset
the refresh to 300 seconds...

I strongly suggest you read article Q178887 at MicroSoft support (MSDN)
http://support.microsoft.com/support/kb/articles/q178/8/87.asp

In my own experience I've had problems with tapiperf.dll, rasman.dll,
perfctrs.dll on both X86 and AXP platforms.  They are a real pain in the ...


WISH LIST:

At install, accept config file (either registry format or proprietary).
Make it work with NT clusters
Convert bbntcfg from a C++Builder env to MSVC++ env.  Then bbntcfg will
be native to Alpha.

