Tag: 2019

UNIX Logical Disk classes

Time to talk about SCOM2019 UNIX classes!

 

 

Just came across an example where the UNIX Logical disk class was targeted.

 

Did you know: This class in the UNIX library is not like the Windows library, where Logical Disk has a matched discovery.

Logical Disk is broke out to the various UNIX flavors, where the version of UNIX has it’s own class and discovery, but the class refers to the base class of UNIX Library.

 

Let’s go through an example from the SCOM Console

Monitoring Tab > Discovered Inventory > Change Target Type

 

This lab example is for an Ubuntu (Universal Linux Library)

The Logical Disk target for the UNIX/Linux Core Library has the same output in SCOM for the flavor (i.e. Logical Disk for the Universal Linux Operating System)

 

 

How’s that possible… ?

Let’s look at the examples for the various Logical Disk Classes.

Example

AIX 7 pack – AIX Logical disk discovery/class

<ClassType ID=”Microsoft.AIX.LogicalDisk” Abstract=”true” Accessibility=”Public” Hosted=”true” Singleton=”false” Base=”Unix!Microsoft.Unix.LogicalDisk” />

Universal Linux Monitoring Library

<ClassType ID=”Microsoft.Linux.Universal.LogicalDisk” Accessibility=”Public” Abstract=”false” Base=”Linux!Microsoft.Linux.LogicalDisk” Hosted=”true” Singleton=”false” Extension=”false” />

Linux Operating System Library

<ClassType ID=”Microsoft.Linux.LogicalDisk” Accessibility=”Public” Abstract=”true” Base=”Unix!Microsoft.Unix.LogicalDisk” Hosted=”true” Singleton=”false” Extension=”false” />

 

This makes sense, as Linux operating systems are SUSE, RHEL, Universal Debian and RPM.  Solaris and AIX are their own operating systems.  This helps describe the class hierarchy.

UNIX

Flavor of Unix (Linux, Solaris, or AIX)

Version or flavor of Linux, Solaris, or AIX

 

 

How did I get to this conclusion?

MPViewer will help view the classes and discoveries.

What does this mean to me:    Create a single view to view ALL  UNIX ‘Logical Disk’ entries discovered.  As the UNIX flavors all use UNIX Logical Disk class for their base class,  ALL the inherited classes are displayed.

 

 

AIX Logical Disk Discovery

 

Univeral Linux Discovery

Universal Linux Classes

 

Windows Server packs are very similar

Windows Logical Disk class

 

 

SYSTEM CENTER 2016/2019 Operations Manager – Anti-Virus Exclusions

Updated 30 June, 7 July 2020 and includes docs.microsoft.com article updates

 

 

 

NOTE: Process name exclusion wildcards could potentially prevent some dangerous programs from being detected.

 

Hopefully this table is helpful (my thanks to Matt Goedtel for the docs site updates, and Matt’s efforts to keep docs the ‘go-to’ site)

 

Previously the blog left the SCOM Admin and Security teams with questions where blogs did NOT match vendor site documentation.  The blog merged the PFE UK team blog & Kevin Holman blog  into an easier tabular view per component)

 

Original Blog introduction

As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.

 

Best practice is to implement specific exclusions.

 

Exclusions\RoleMSDBGWRSWebAgent
Folder
Management Server installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\”		*
Agent installation folder
 Default: “C:\Program Files\Microsoft Monitoring Agent”		**
Gateway installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Gateway\”		*
Reporting installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Reporting”		*
WebConsole installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole”		*
SQL Data installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Data”		*
SQL Log installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Log”		*
SQL Reporting installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSRS.1x<INSTANCENAME>		*
File Types
EDB*****
CHK*****
LOG*****
LDF**
MDF**
NDF**
Processes
CShost.exe*
HealthService.exe******
Microsoft.Mom.Sdk.ServiceHost.exe*
MonitoringHost.exe******
SQL Server
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL1x.<Instance Name>\MSSQL\Binn\SQLServr.exe”		*
SQL Reporting Services
 Default: “C:\Program Files\Microsoft SQL Server\MSRS1x.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe”		**

 

Useful information for decoding the matrix

Docs site https://docs.microsoft.com/en-us/system-center/scom/plan-security-antivirus?view=sc-om-2019

Platform https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-running-currently-supported-versions-of-windows

SCOM 2012/2012R2 KB975931 https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-manager

PFE UK team blog https://blogs.technet.microsoft.com/manageabilityguys/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions/

SQL

https://support.microsoft.com/en-us/help/309422/choosing-antivirus-software-for-computers-that-run-sql-server

https://blogs.technet.microsoft.com/raymond_ris/2014/01/16/windows-antivirus-exclusion-recommendations-servers-clients-and-role-specific/

Version mapping by folder (my thanks to StackOverFlow https://stackoverflow.com/questions/18753886/sql-server-file-names-vs-versions )
100 = SQL Server 2008    = 10.00.xxxx
105 = SQL Server 2008 R2 = 10.50.xxxx
110 = SQL Server 2012    = 11.00.xxxx
120 = SQL Server 2014    = 12.00.xxxx
130 = SQL Server 2016    = 13.00.xxxx