BigFix Monitoring

This page has not been liked. Updated 4/12/13, 1:07 PM by KarenKueTags: None

BigFix Server

Many companies consider BigFix components to be part of their critical IT infrastructure and wish to monitor the different components using third-party monitoring tools to ensure proper functionality. Below is information on how to monitor each BigFix component.

The BigFix Server is the most important component to monitor. Here are a number of options for monitoring the BigFix Server.

  1. Network Accessibility: Ping the BigFix Server periodically to make sure it is up and accessible from the network. It should be reachable by all top level BigFix Relays.
  2. Services: The following services should be running. If they are not running, the BigFix Server will not function properly.
    • BigFix Root Server: Handles all incoming connections to the server.
    • BigFix FillDB: Puts information from the BigFix Clients into the database.
    • BigFix GatherDB: Puts new Fixlet information into the database.
    • BigFix Gather: Contacts the Internet to download files and to download new Fixlet messages.
    • BigFix Client (optional): The BigFix Client will check for known issues on the BigFix Server.

      Note: Without a BigFix Client on the BigFix Server, the BigFix Server will not become relevant for BigFix Server upgrade Fixlet messages.
    • BigFix Web Reports (optional): Many times the BigFix Web Reports runs on the same computer as the other BigFix Server components.
  3. BufferDir: The bufferdir temporarily stores reports from the BigFix Clients before being put into the database. By default, the bufferdir directory resides at C:\Program Files\BigFix Enterprise\BES Server\FillDBData\BufferDir\.
    • The bufferdir will be "full" if it has 3MB of files or if it has more than 10,000 files (by default).
    • It is a good idea to monitor the bufferdir folder and issue an alert if the folder has more than 2.5 MB of files or has more than 9000 files.
    • Be careful to not monitor this folder too often because it might cause performance problems (checking once every 10 minutes is OK, but don't check every 10 seconds).
    • The bufferdir is one of the most important monitoring activities because if the bufferdir fills up, it indicates a information is not getting to the BigFix Server quickly, and can be a severe problem.
  4. Database: The database is at the central core of the information going into and out of BigFix, and there are a few basic components which can be monitored.
    • Make sure the MSSQLServer service is running.
    • Make sure the SQL Server Agent is running.
    • Any additional standard SQL Server checks will be useful as well.
  5. Ensure the BigFix Server is getting up-to-date Fixlet information: The BigFix Server will periodically gather from the main BigFix Fixlet servers to get the latest data.
    • Each Fixlet message site that your BigFix Server subscribes to has a "GatherURL" (the GatherURL is stored in the masthead file for each site). For example, the "Patches for Windows (Enterprise Security)" site has a GatherURL of http://sync.bigfix.com/cgi-bin/bfgather/bessecurity. If you enter the URL into a browser and retrieve the data at that location, you will receive some information about the site. Within this returned data approximately 13 lines from the top, the line "Version: XXX" will indicate the current version of the site provided.
    • Each Fixlet message site is "mirrored" on the BigFix Server. The mirrored GatherUrl should give the same information as the GatherURL of the BigFix Fixlet servers. For example, to access the mirrored GatherURL: http://yourservername:52311/cgi-bin/bfenterprise/besgathermirror.exe?url=http://sync.bigfix.com/cgi-bin/bfgather/bessecurity.
    • By default the BigFix Server will look for new Fixlet message sites every 60 minutes from the main Fixlet servers so there is a potential lag of 60 minutes when the two URLs will not match.



BigFix Relay Server

BigFix Relays are important to monitor because if a BigFix Client doesn't have a nearby BigFix Relay, it might need to travel over slow WAN links to download large files. Many of the monitoring steps that apply to the main BigFix Server also apply to BigFix Relays.

  1. Network Accessibility: Ping each BigFix Relay periodically to make sure it is up and accessible from the network. It should be reachable by all of the BigFix Clients that should select this BigFix Relay.
  2. Services: The following services should be running. If they are not running, the BigFix Server will not function properly.
    • BigFix Relay: Handles all incoming connections to the BigFix Relay.
    • BigFix Gather: Contacts the main BigFix Server to download files and to download new Fixlet messages. (BigFix Gather is removed in BigFix 6.0).
    • BigFix Client: The BigFix Client is important to the normal operations of the BigFix Relay.
  3. BufferDir: The bufferdir temporarily stores reports from the BigFix Clients before being put into the database. By default, the bufferdir directory resides at C:\Program Files\BigFix Enterprise\BES Server\FillDBData\BufferDir\.
    • The bufferdir will be "full" if it has 3MB of files or if it has more than 10,000 files (by default).
    • It is a good idea to monitor the bufferdir folder and issue an alert if the folder has more than 2.5 MB of files or has more than 9000 files.
    • Be careful to not monitor this folder too often because it might cause performance problems (checking once every 10 minutes is OK, but don't check every 10 seconds).
    • The bufferdir is one of the most important monitoring activities because if the bufferdir fills up, it indicates that information is not getting to the BigFix Server quickly, and can be a severe problem.
  4. Ensure the BigFix Relay is getting up-to-date Fixlet information: A BigFix Relay will gather new Fixlet messages from the main BigFix Servers whenever the new Fixlet message site versions are available.
    • The BigFix Relay mirrors data in the same way as the main BigFix Server.
    • In almost all cases, BigFix Relays should have the same information as the BigFix Server within a few seconds/minutes of the BigFix Server being updated.
    • You can check to see if the BigFix Relay is mirroring the same information as the BigFix Server by hitting the URL http://yourrelayname:52311/cgi-bin/bfenterprise/besgathermirror.exe?url=http://sync.bigfix.com/cgi-bin/bfgather/bessecurity and comparing that information mirrored by the main BigFix Server.
    • You will likely want to check to make sure the actionsite and opsites are being mirrored properly as well.