Prerequisites for Adding Data Collectors (Microsoft Windows Server) Version 10.3.00P13

Identify a server where the Data Collector software will be installed. Server requirements include:

• 64-bit OS. See the APTARE IT Analytics Certified Configurations Guide for supported operating systems.

• For performance reasons, do not install Data Collectors on the same server as the APTARE IT Analytics Portal. However, if you must have both on the same server, verify that the Portal and Data Collector software do not reside in the same directory.

• The collector must have WMI network access to the Windows servers. User credentials must allow access to the root\cimv2, root\Microsoft\Windows\Storage, root\Microsoft\Windows\SMB and root\Microsoft\Windows\NFS WMI namespaces.

• The Data Collector Service that is initially installed uses the Local System as the Login account. Sometimes this account does not have permissions to run remote WMI commands. Change the Service configuration to use a Login account that has Local Administrative privileges.

• The collector uses a PowerShell script that uses WMI to communicate with the Windows Server, and makes a number of read-only calls to gather the information. PowerShell script execution must be enabled on the system running this script. The PowerShell version on the system must be 5.0 or above.

• A full collection path to Windows server attached SAN or NAS storage requires that Host Resource collection be run first against the Windows servers.

• WMI uses DCOM for networking. DCOM dynamically allocates port numbers for clients. DCOM's service runs on port 135 (a static port) and any client communicating with a host connects on this port. The DCOM service allocates the specific port for the WMI service.

To set up a fixed port for WMI, see http:// msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx.

By default, the Windows Event Logs probe collects event messages from the Windows Logs. All events of the type Information and Audit Success are excluded from collection.

On the first collection, the Windows Event Logs probe collects all events that have occurred over the past one hour. Subsequent collections will collect starting from the time of the most current event.

Starting with release 10.2.01 P10, the Windows Event Logs probe has been enhanced to provide the collection of Events from the Applications and Services Logs.

To enable this collection, set two Advanced Parameters:

The parameter WINDOWS_EVENTLOGS_NAME_FILTER is set to the log name or group of logs to collect from. Wild card characters are supported. For example, to collect from the Windows SMB logs (which are presented by Windows Event Viewer in the folder structure Applications and Services Logs/Microsoft/Windows/SMBClient and Applications and Services Logs/Microsoft/Windows/SMBServer etc.) enter Microsoft-Windows-SMB* as the parameter value.

See https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-winevent in the LogName section regarding what type of values are supported.

By default only Critical, Error and Warning events are collected. To also collect Information Events, set the WINDOWS_EVENTLOGS_INFO_EVENTID_FILTER parameter. Setting the value to '*' enables all Information Events to be collected. You can specify certain Event IDs by entering values such as 'EventID=30811 or EventID=1012' which will only collect Information events that match these EventIDs.