

			BBNT

An NT client for Big Brother Systems & Network Monitor (BB) (Version 1.03)

1. You may not sell Big Brother NT Client, nor sell any of the functionality
   it provides. No part of the Big Brother NT Client system may be used as part
   of any commercial product without having first obtained a commercial licence
   from Robert-Andre Croteau and the MacLawran Group
2. The executable and documentation which makes up Big Brother NT Client are
   Copyright (C) 1997-1998 Robert-Andre Croteau and the MacLawran Group.
   You agree to respect these rights.
3. You understand that this software is provided as-is. Robert-Andre Croteau
   and The MacLawran Group makes no claims towards its suitability for any
   purpose and accepts absolutely no liability for any damages the software
   may cause. Use at your own risks. Eh! It might not even work.

Questions/suggestions/bugs ? Contact:
	Robert-Andre Croteau
	E-mail: rcroteau@videotron.ca rcroteau@iti.qc.ca


***** This client runs on NT 4.0 *****

***** This client requires that you already have installed
***** the "Big Brother Systems & Network Monitor" package
***** which runs under UNIX

1) To install BBNT:

As an administrative user
Unzip the bbnt.zip file into any directory.
Start a console window
CD to that directory

and the execute BBNT with the following arguments:

bbnt [-y] -install BBDISPLAY FQDN IPPORT

BBDISPLAY: IP address of the BB display server
FQDN: Return the Fully qualified domain name of the station (Y or N)
IPPORT: Port used for communication between BB client and BB server

These variables are in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\BB
BBNT has been installed as a service: check in Control Panel -> Services
See "Register variables" for more info on these and other variables.

e.g.:

bbnt -install 201.201.201.201 N 1984

or

bbnt -install 201.201.201.201
	(This will set 'N' for FQDN and 1984 for IPPORT as defaults)

or

bbnt -y -install 201.201.201.201
	(Same as previous but automatically agrees to license agreement
	 which appears at the top of this README file)


IMPORTANT: YOU MUST SPECIFY AN ADMINISTRATIVE ACCOUNT TO RUN
	THE SERVICE
	
	Control Panel -> Services
	Select Big Brother
	Click on Startup on the right-hand side
	In the "Log On As:" window specify "This Account"
		and put in an administrative account with password

	Make sure that the file is only readable/writable by
	an administrative account

2) To upgrade BBNT:

IT DOES NOT CHECK IF AN INSTANCE IS ALREADY RUNNING. IF YOU DON'T STOP IT,
THE SERVICE WILL USE THE NEW EXECUTABLE ONLY AT NEXT SERVICE RESTART
(MANUALLY OR REBOOT)

As an administrative user
Stop the current instance of BBNT: Control Panel -> Services
Backup the previous version !
Unzip the bbnt.zip file into any directory (you can use the 
	previous installation directory).
Start a console window
CD to that directory

and the execute BBNT with the following arguments:

bbnt -upgrade

It will automatically remove registry variables that are not
required for the new version.  It will also create new variables that
are required.

Note: After an upgrade make sure that the SvcErrList registry variables
	constains all services that you want paged on.  Upgrades do not
	update this value.

Restart BBNT: Control Panel -> Services


3) To run BBNT: in Control Panel -> Services, select BB and start

4) To remove BBNT just type at the prompt

bbnt -remove

This removes all keys in the registry and removes the BBNT service


Registry Variables: (A GUI utility is provided to edit these fields: bbntcfg)

Activatelog: (Y or N) - Sends some debug output to C:\TEMP\BB.LOG

BBDISPLAY: IP Address of BB display server

BBPAGE: IP Address of BB pager server

CPUalwaysGreen: (Y or N) - CPU test always returns GREEN

Defaults: Default thresholds for CPU & DISK
	By default CPU is 80:95 & DISK is 90:95
	format is "service:yellow:red"
	Values are in the 1-100 range, anything else will be reset to
		system default.
	i.e.    CPU:75:85
		CPU:75:95 DISK:80:90
	Also, drives with Yellow/Red status will be marked with
		* (yellow) or ** (red) identifiers

DISKalwaysGreen: (Y or N) - DISK test always returns GREEN

DiskList: List of drives with different yellow/red thresholds than
		defaults (90/95)
	  i.e. D:98:99 G:93:98 L Z:101:101
		drive:yellow:red
		Only FIXED drives are checked automatically
		Other drives are checked for values only if they are
		defined in this list !!! (You don't want 50 workstations
		turning to red because a server went red).
		In this case drive G,L,Z are checked with L
		 using defaults (Z will never go yellow or red)
		Syntax checking is very loose so be carefull

FQDN: (Y or N) - Return host name as Fully Qualified Domain Name

IgnoreMsgs: Ignore the event log messages that contain this text
		Message will be checked with the text squeezed and
		ignoring case.  If you make a type you are out of luck !
		Multiple messages can be defined: seperate each msg with a
		';'

		i.e. service "Remote Access"; Access to performance data

			If a message contains either strings then it will
		not be return in the status message.  Note, the comparison
		is case insensitive and spaces are ignored.

		A maximum of 2048 characters for all messages is allowed

IPport: Ip port for communication between client and server

MsgLevels: Type of message to look associated with a type level
		Message source: SEC - Security
				SYS - System
				APP - Applications
		Message Level:  ERR  - Error
				WARN - Warning
				INFO - Informational
				SUCCESS_AUDIT - Audit success
				FAIL_AUDIT - Audit fail

		Additional specifiers are
			Y/N     Y (red & page) / N (Yellow & don't page)
			Elapsed time: How many minutes before ignoring msg
					(default 30 mins)
		i.e. SYS:ERR:Y:30 SYS:WARN:N:15 APP:ERR:Y:30 APP:WARN:N:15 

		If a Source:Level pair is not specified then it is ignored

Procs: List of process names to check if they are running
	i.e snmp smtp
	space/tab is the delimiter between process names.  Process names are 
		typed without their extention.
	N.B. process with .com may require full name. Set ActivateLog to Y
		and check process list to see how the process name should
		be entered (or use task manager or pview).
	     This key cannot exceed 1024 characters in length.
	This does not check for correct behavior (the proc might be running
		but it might be totally screwed up)
	Extra qualifiers are possible for each process:
		smtpproc:Y:3
		This means that smtproc must be running at least 3 instances
			and that if it's not then send a page alert.
		Y will set to red / N will set to yellow
		   
SendPageAlerts: Enable paging (Y/N, Y is default)
		Overrides any other values.

SvcErrList: Codes to send when paging
	Default values are "DISK:100 CPU:200 PROCS:300 MSGS:400"
	
Timer:  Waiting period between checks in seconds
	Default is 300 seconds

NOTICE:

The hostname is given in the status message to aid admins with DHCP stations
BB does not have to be restarted when changing the registry variables
	with regedit.  Variables are reloaded everytime.
CPU service: The % is for the last 5 minutes
DISK service: Local drives are alerted on. Remote drives are only
		alerted if they are specified in DiskList registry variable
It only returns CPU, DISK, PROCS and MSGS information (there a lot more on the Unix side)
Empty Procs registry variable will not return anything
	(If Procs were previously checked, then you will get a purple
	 condition after 30 minutes, so you better remove the host.procs
	 file in the $BBHOME/www/logs directory)
If your NT workstation is DHCP enabled you will have to change
	$BBHOME/web/mkbb.sh on your BB display server to gather the list of hosts
	from the $BBLOGS directory instead of using bb-hosts.
	Something along the lines of:
	$LS -1 $BBLOGS/*.* | $SED 's/\..*$//g' | $SORT -u
In the CPU test it always returns 1 user (i think, never really tested this)...


WISH LIST:

At install, accept config file (either registry format or proprietary).
Add Memory checking
Implement a plug-in like mechanism such that external programs could be
called and enhanced BBNT client without having to change this program.
