BES Monitoring

Many companies consider BigFix components to be part of their critical IT infrastructure and wish to monitor the different components using third-party monitoring tools to ensure proper functionality. Below is information on how to monitor each BES component.

BES Server

The BES Server is the most important component to monitor. Here are a number of options for monitoring the BES Server.
  1. Network Accessibility -- Ping the BES Server periodically to make sure it is up and accessible from the network. It should be reachable by all top level BES Relays.
  2. Services -- The following services should be running. If they are not running, the BES Server will not function properly.
    • BES Root Server - Handles all incoming connections to the server.
    • BES FillDB - Puts information from the BES Clients into the database.
    • BES GatherDB - Puts new Fixlet information into the database.
    • BES Gather - Contacts the Internet to download files and to download new Fixlet messages.
    • BES Client (optional) - The BES Client will check for known issues on the BES Server. Note: without a BES Client on the BES Server, the BES Server will not become relevant for BES Server upgrade Fixlet messages.
    • BES Web Reports (optional) - Many times the BES Web Reports runs on the same computer as the other BES Server components.
  3. BufferDir -- The bufferdir temporarily stores reports from the BES Clients before being put into the database. By default, the bufferdir directory resides at C:\Program Files\BigFix Enterprise\BES Server\FillDBData\BufferDir\.
    • The bufferdir will be "full" if it has 3MB of files or if it has more than 10,000 files (by default).
    • It is a good idea to monitor the bufferdir folder and issue an alert if the folder has more than 2.5 MB of files or has more than 9000 files.
    • Be careful to not monitor this folder too often because it might cause performance problems (checking once every 10 minutes is OK, but don't check every 10 seconds).
    • The bufferdir is one of the most important monitoring activities because if the bufferdir fills up, it indicates a information is not getting to the BES Server quickly, and can be a severe problem.
  4. Database -- The database is at the central core of the information going into and out of BigFix, and there are a few basic components which can be monitored.
    • Make sure the MSSQLServer service is running.
    • Make sure the SQL Server Agent is running.
    • Any additional standard SQL Server checks will be useful as well.
  5. Ensure the BES Server is getting up-to-date Fixlet information -- The BES Server will periodically gather from the main BigFix Fixlet servers to get the latest data.
    • Each Fixlet message site that your BES Server subscribes to has a "GatherURL" (the GatherURL is stored in the masthead file for each site). For instance, the "Patches for Windows (Enterprise Security)" site has a GatherURL of http://sync.bigfix.com/cgi-bin/bfgather/bessecurity. If you enter the URL into a browser such as Internet Explorer and retrieve the data at that location, you will receive some information about the site. Within this returned data approximately 13 lines from the top, the line "Version: XXX" will indicate the current version of the site provided.
    • Each Fixlet message site is "mirrored" on the BES Server. The mirrored GatherUrl should give the same information as the GatherURL of the BigFix Fixlet servers. Here is an example of how to access the mirrored GatherURL: http://yourservername:52311/cgi-bin/bfenterprise/besgathermirror.exe?url=http://sync.bigfix.com/cgi-bin/bfgather/bessecurity.
    • Note that by default the BES Server will look for new Fixlet message sites every 60 minutes from the main Fixlet servers so there is a potential lag of 60 minutes when the two URLs will not match.

BES Relay Server

The BES Relays are important to monitor as well because if a BES Client doesn't have a nearby BES Relay, then it might need to travel over slow WAN links to download large files. Many of the monitoring steps that apply to the main BES Server also apply to the BES Relays.
  1. Network Accessibility -- Ping each BES Relay periodically to make sure it is up and accessible from the network. It should be reachable by all of the BES Clients that should select this BES Relay.
  2. Services -- The following services should be running. If they are not running, the BES Server will not function properly.
    • BES Relay - Handles all incoming connections to the BES Relay.
    • BES Gather - Contacts the main BES Server to download files and to download new Fixlet messages. (BES Gather is removed in BES 6.0).
    • BES Client - The BES Client is important to the normal operations of the BES Relay.
  3. BufferDir -- The bufferdir temporarily stores reports from the BES Clients before being put into the database. By default, the bufferdir directory resides at C:\Program Files\BigFix Enterprise\BES Server\FillDBData\BufferDir\.
    • The bufferdir will be "full" if it has 3MB of files or if it has more than 10,000 files (by default).
    • It is a good idea to monitor the bufferdir folder and issue an alert if the folder has more than 2.5 MB of files or has more than 9000 files.
    • Be careful to not monitor this folder too often because it might cause performance problems (checking once every 10 minutes is OK, but don't check every 10 seconds).
    • The bufferdir is one of the most important monitoring activities because if the bufferdir fills up, it indicates a information is not getting to the BES Server quickly, and can be a severe problem.
  4. Ensure the BES Relay is getting up-to-date Fixlet information -- The BES Relay will gather new Fixlet messages from the main BES Servers whenever the new Fixlet message site versions are available.
    • The BES Relay mirrors data in the same way as the main BES Server.
    • In almost all cases, the BES Relays should have the same information as the BES Server within a few seconds/minutes of the BES Server being updated.
    • You can check to see if the BES Relay is mirroring the same information as the BES Server by hitting the URL http://yourrelayname:52311/cgi-bin/bfenterprise/besgathermirror.exe?url=http://sync.bigfix.com/cgi-bin/bfgather/bessecurity and comparing that information mirrored by the main BES Server.
    • Note that you will likely want to check to make sure the actionsite and opsites are being mirrored properly as well.