Step 7: Configuring Policy Agent to automatically monitor applications

You can use the Policy Agent to automatically start, stop, and monitor a set of related applications. Policy Agent starts the applications and monitors them to ensure that they remain active.

To configure the Policy Agent for automatic monitoring, perform the following steps:

1. Decide what applications you want to monitor. You can use the Policy Agent to monitor any or all of the following applications:
   • Defense Manager daemon (DMD)
   • Internet Key Exchange daemon (IKED)
   • Network security services daemon (NSSD)
   • Syslog daemon (SYSLOGD)
   • Traffic Regulation Management daemon (TRMD)

   Determine which of these applications you currently use, or want to start using, in your environment, and for each application, determine whether you want the Policy Agent to start, stop, and monitor the application.

   Requirements:

   • To start the application, you must use a cataloged procedure that accepts a number of variables that are provided by the Policy Agent. A sample procedure is included in SEZAINST(EZAPOLPR).
   • If you want to manually start, restart, or stop the application, you must use MODIFY commands that are directed to the Policy Agent. If you issue the commands directly to the application itself, Policy Agent is not aware of the action and the monitoring logic will probably not produce the expected results.
   Results:

   • If you start the Policy Agent after you have already started an application to be monitored, Policy Agent starts monitoring the application if it was originally started with the same job name that is configured to the Policy Agent. If the application needs to be restarted later, it is restarted using the cataloged procedure configured to the Policy Agent. This might not be the same procedure that was originally used to start the application.
   • If you start the Policy Agent after you have already started an application to be monitored, but the application does not use the same job name that is configured to the Policy Agent, then the Policy Agent is not able to detect that the application is active. The Policy Agent will try to start another instance of the application, which is likely to fail.
   Tip: If you configure applications to be monitored by the Policy Agent, ensure those applications are not running before starting the Policy Agent. However, you probably want to start syslogd before starting the Policy Agent, so you should ensure that Policy Agent is configured with the correct syslogd job name.
2. Configure the applications that you want to monitor using the AutoMonitorApps statement. You can configure applications that you want to monitor that are or are not associated with a particular TCP/IP stack. You can specify the cataloged procedure used to start each application, the job name for the application, and other application-specific parameters on the AutoMonitorApps statement.

   Perform the following steps to configure the applications that you want to monitor:

   1. Specify the AutoMonitorApps statement in the main Policy Agent configuration file.
      • Use the AppName parameter to specify each application that is not associated with a particular TCP/IP stack. All supported applications except TRMD fall into this category.
      • Use the TcpImageName and AppName parameters to specify each application that is associated with a particular TCP/IP stack. TRMD is the only application that falls into this category.
   2. Use the ProcName parameter for each AppName parameter on the AutoMonitorApps statement to specify the cataloged procedure that is used to start each application. Because all key data is passed to the procedure as variables, you can use a single procedure for all configured applications. You can also use a unique procedure for one or more applications.
   3. Use the Jobname parameter for each AppName parameter on the AutoMonitorApps statement to specify the job name for each application.
   4. Use the StartParms parameter for each AppName parameter on the AutoMonitorApps statement to specify start parameters for each application.
   5. Use one or more EnvVar parameters for each AppName parameter on the AutoMonitorApps statement to specify application-specific parameters, such as time zone or configuration file name. You can specify any or all environment variables that are accepted by the specific application.

   The following example shows the AutoMonitorApps statement:

   AutoMonitorApps
   {
     AppName           IKED
     {
       Procname        POLPROC
     }
     AppName           TRMD
     {
       TcpImageName    TCPIP1
       {
         Procname      POLPROC
         Jobname       TRMD1
       }
       TcpImageName    TCPIP3
       {
         Procname      POLPROC
         Jobname       TRMD3
       }
     }
   }

   This example shows how to specify parameters for two types of applications:

   • An application without stack affinity, meaning that a single copy of the application runs regardless of how many TCP/IP stacks are running. This example uses IKED as such an application.
   • An application with stack affinity, meaning that one instance of the application runs on each TCP/IP stack. This example uses TRMD as such an application.
3. Configure global monitoring parameters using the AutoMonitorParms statement. Use the AutoMonitorParms statement in the main Policy Agent configuration file to specify global monitoring parameters, such as the monitor time interval and retry limits.
   • Use the MonitorInterval parameter to specify the monitor interval in seconds.
   • Use the RetryLimitCount and RetryLimitPeriod parameters to specify how many times within a given time period Policy Agent should try to start or restart an application. If the application fails to successfully start or restart after the retry limit has been reached, Policy Agent stops trying until the application is manually started using the MODIFY procname,MON,START,application command.