Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Application Monitoring

Created: 27 Oct 2011 | 12 comments

Testing application monitoring and dont seem to be getting anywhere. I've enabled the policy to monitor word. (default settings). The agent policy is on and installed on 95% machines. this has been running a month. I check the reports and theres nothing in there!  any ideas ?

CMS v7.01

Comments 12 CommentsJump to latest comment

cnpalmer75's picture

Debugging  start/stop events and monthly summary for Application Metering

There are 4 DLLs related to application metering.

  1. AMAgent.dll
  2. AeXSystemPerformance.dll
  3. AMInit32.dll
  4. AMInit64.dll

 

  1. AMAgent.dll:
    1. This is a plug-in to the Altiris agent.
    2. It’s usually present at <Altiris agent installation directory>\Agents\Application Metering Agent\
    3. This is a COM DLL. I.e. needs to be registered using regsvr32 for it to come into effect. If you are replacing or need to reregister this DLL.
    4. This DLL is responsible for client side scheduling i.e. scheduling sending of metering events.
    5. It also matches applications with policies to determine which applications need to be metered and/or denied.
  2. AeXSystemPerformance.dll:
    1. This DLL interacts with the AMAgent.dll.
    2. It’s usually present in the system32 folder.
    3. This is a COM DLL. I.e. needs to be registered using regsvr32 for it to come into effect.
    4. It’s responsible to keep the performance statistics of all applications for which we send in monthly summary for.
  3. AMInit32.dll:
    1. This DLL interacts with the AMAgent.dll.
    2. It’s usually present in the system32 folder on 32-bit OS and syswow64 on 64-bit machines.
    3. This is not a COM DLL so it does not require COM registration.
    4. To enable this file on 32-bit OS, one must make its entry in the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs also the key LoadAppInit_DLLs should be set to 1. On some OSs the LoadAppInit_DLLs might not be present or needed.
    5. To enable this file on 64-bit OS, one must make its entry in the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\SYSWOW64\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs also the key LoadAppInit_DLLs should be set to 1. On some OSs the LoadAppInit_DLLs might not be present or needed.
    6. This DLL maps into almost every 32-bit exe that’s launched after making the registry entry. It is responsible for sending the information about the process (like exe path, its PID etc) to the AMAgent.dll. AMAgent.dll then compares this information with its policies that it has received from NS. If the process shouldn’t be running, AMAgent.dll sends a message back to the same AMInit32.dll and asks to terminate itself, eventually taking down the entire process.
    7. If the agent isn’t started yet, this DLL writes the messages in the folder Temp\AeXAM. As soon as the agent starts up. It first scans this folder for the messages and makes events out of it for the time it was down.
  4. AMInit64.dll:
    1. This DLL is same as the AMInit32.dll except it’s used for 64-bit applications.
    2. It’s present in the system32 folder and found only on 64-bit OS.
    3. To enable this file on 64-bit OS, one must make its entry in the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs also the key LoadAppInit_DLLs should be set to 1. On some OSs the LoadAppInit_DLLs might not be present or needed.
    4. This DLL maps into almost every 64-bit exe that’s launched after making the registry entry.

How to capture events (or any NSE) sent form the client?

  1. Open up the registry editor using regedit.exe
  2. Locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Transport
  3. Locate the value Capture Events folder
  4. Set it to a folder path where you want to capture events that are being sent from the client to NS.
  5. To check quickly, make Altiris agent to send Basic Inventory. Notice that an NSE is captured as soon as you send the basic inventory in the Capture Events Folder that you just set.

 

How to quickly see if metering is sending events?

This manual modification will override the send events interval set on the NS for metering events.

  1. Set the Capture Events Folder to capture the outgoing NSEs. (See How to capture events (or any NSE) sent from the client)
  2. Open up the registry editor using regedit.exe
  3. Locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent
  4. In the key Altiris Agent Make a New > Key named AMAgent.
  5. In the key AMAgent, make a DWORD value named Interval.
  6. Set the value of Interval to a value 30(Decimal).
  7. Restart the Altiris agent service once to enable this hack.
  8. Try launching applications which would trigger sending events.
  9. The events should get captured in under a minute in the Captured events folder that you’ve just set.

Some other points:

  1. The metering agent is not supported on Server OSs like Windows 2003 or Windows 2008 etc. Please ensure the agent is not running on this server-based platforms.
  2. If the metering agent is not rolling out to some machines, probably the machine’s OS is server OS like Windows 2003 etc. Again, this is an unsupported environment and any server OSs need to be removed from the rollout filter.
  3. There’s some confusion about how sending monthly summary data works. To send monthly summary data we need to do two things:

The Monthly Summary "global switch" aka "Send Summary Data" setting, needs to be explicitly turned on. This is not turned on by default. This is turned on out of the box in 7.1.

Benjamin Palmer
Specialist | Client Design
Director | Symantec CT User Group

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solu

mclemson's picture

Can you upload a screenshot of the policy you're using -- all settings, target, schedule, etc?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

BugTastic's picture

Sorry - logged this under an old cached account. anyway - see attached!

 

Joe.

AttachmentSize
The Policy.doc 643 KB
BugTastic's picture

I took off the word.exe monitor and added MS office monitor. I didn't realise that was there.

cnpalmer75's picture

Any reason why you are using stand-alone metering policies and not inegrating this into a Software Catalog entry?

Also, I would suggest trying to eliminate the amount of criteria per metering rule and see if that helps.

Benjamin Palmer
Specialist | Client Design
Director | Symantec CT User Group

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solu

BugTastic's picture

>> Any reason why you are using stand-alone metering policies and not inegrating this into a Software Catalog entry?

I have no idea what you mean by the above. sorry. 

>> Also, I would suggest trying to eliminate the amount of criteria per metering rule and see if that helps.

so would you suggest just monitoring winword.exe (as an example) ?

Joe.

 

p.s. the reason I want to do this is so I can see who is not using MS office. For licensing reasons.

cnpalmer75's picture

Are you runnign 7.0 or 7.1?

I would suggest just editing the the current rule to monitor something very simple... maybe even create a new one to monitor notepad.exe then run thru my recommendations in my first post to see if you can capture the metering NSE to make sure it is working.

If not... try re-regitering the amagent.dll.

Benjamin Palmer
Specialist | Client Design
Director | Symantec CT User Group

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solu

BugTastic's picture

version 7.0 - I was hoping it was something I was doing wrong rather than yet another issue with this software! 

mclemson's picture

Manage > Software Catalog

Select a Managed product or make a product managed

Select the Meter/track usage tab

Add an associated program if none are listed, then check 'Turn on metering / usage tracking for this application'

On the same tab, enter a number in the box for how many days to look at for use, for example, used in the last 30 days, 90 days, etc.

On the licenses tab, enter a purchased license.

 

Within the Software tab, go to Managed Software, and select the managed software you're working with.  The right pane shows your licensing usage against licenses owned, and whether you can save money by renewing for fewer licenses, or whether you have a potential cost in order to true-up on licensing.  You probably want to use the usage data to harvest in either case, because that only saves you even more money.

 

Does this make sense?  To add licenses, you must own Asset Management Suite.  But you can do everything else listed without entering license data, and you'll still get license information on the same page I mentioned above.  The difference is you will "own 0", so your usage number will automatically show you as over.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

BugTastic's picture

I'm running version 7.0 - it doesnt have these options.

mclemson's picture

Yeah, that must be new in 7.1.

This screenshot shows an example App Metering policy from 7.1 for MS Office 2007.   You can see what they defined in order to get a functional app metering rule.  I would suggest mimicking this for the applications that make up your MS Office 2010 license, verifying the details by examining the files on a computer that has your copy of Office 2010 installed.  Don't be so restrictive that you look for a single version, but leave it open by using '14*' for 2010.  I would only include the primary applications that make up your license, e.g. Access, Word, Excel, PowerPoint, Outlook.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

BugTastic's picture

I've already done this by adding in MS office 2007 from the software caltalog into the App meter and it adds all these files and vrersin autonatically.

Can I ask if you use application monitoring in your envirnoment ?

Thanks

Joe