Checks

Checks are provided with the base system, and their commands execute scripts which provide monitoring data for your operating systems and applications. A check's default name indicates what is being monitored and measured, the entity, and the monitoring data. For example, a check named os.linux.check-system-cpu checks the CPU data on a Linux system. The identified command in the check runs on the monitored device, providing an output and status. Each individual check is referred to as a check definition. After being associated with policies, check definitions are then referred to as check instances.

You can customize check instances to meet your needs. For example, customize the running interval or the parameters specific to the policy, such as the login credentials to access a MySQL database. Customization of a check instance takes effect only on the check instance associated with the policy, which does not affect the original check definition or already created check instances in other policies.

The following check types are provided with the Event Management base system:

• Event: The check's result is transformed into an Event Management event.
• Metric: The values from the check result are transformed to metrics.

For details on the Agent Client Collector Framework default checks, see Agent Client Collector Framework default checks.

For details on the Agent Client Collector Monitoring default checks and policies, see Agent Client Collector Monitoring default checks and policies.

For details on the Agent Client Collector for Visibility - Content default checks and policies, see Agent Client Collector for Visibility - Content default checks and policies.

If checks are not running on the agent's devices, your agent may be in CPU protection mode. CPU protection mode is activated when a device's CPU consumption is too high. To view a list of all disabled checks related to the agent, navigate to the agent record on the Agent Client Collectors page (All > Agent Client Collector > Agents), select an agent and select the Disabled Checks tab at the bottom of the page.

In the acc.yml configuration file, you can modify the CPU protection mode thresholds which determine when a check is disabled. To re-enable a check, select the check and select Re-enable disabled check in the Actions on selected rows... drop-down. For details on the CPU protection mode thresholds, see Agent Client Collector CPU protection thresholds. For details on manually turning off data collection, see Pause Agent Client Collector data collection.

Configure the cpu_protection_behavior property to determine whether all checks enter CPU protection mode, or only the check that crosses the configured cpu_percentage_limit value with the highest CPU usage within the monitoring interval. For details, see Agent Client Collector CPU protection thresholds.

A check is marked as Stale if it is no longer associated with a policy. To remove a stale check, renable it by selecting the box next to the check and selecting Re-enable disabled checks from the Actions on selected rows... cell.

Privileges for running check commands

If the servicenow base system user does not have privileges to run specific check commands, do the following for the relevant operating systems:

• In a Linux system: Enable the servicenow user to run the command with sudo permissions. Ensure that the following sudo configuration requirements are met:
  • Disable tty and password requirements
  • Preserve all environment variables
  • Support dynamic PATH for executing commands
  Example configuration in the /etc/sudoers file:

  Cmnd_Alias ACC_F = /usr/sbin/dmidecode -s baseboard-serial-number, /usr/sbin/dmidecode -s chassis-serial-number, /usr/sbin/dmidecode -s system-serial-number, /usr/sbin/dmidecode -s system-uuid, /usr/sbin/ss -tanp 
  servicenow ALL=(root) SETENV: /var/cache/servicenow/agent-client-collector/osquery/bin/osqueryi *, ACC_F
  Defaults:servicenow !requiretty
  Defaults exempt_group += servicenow
  

  注:

  Command paths may vary. Consult the sudoers manual for special considerations.

  • The SETENV: string enables the servicenow user to preserve environment variables.
  • The !requiretty string disables tty.
  • Adding the servicenow user to the exempt_group bypasses password requirements and enables dynamic PATH for executing sudo commands.

  Ensure that you configure the must_sudo check parameter with a value of true in the check command parameters section of the check definition.

• In a macOS system: Ensure that the user running the agent service belongs to a user group with privileges to query all tcp connections on the host.
• In a Windows system: Using Windows User Management, add the servicenow user to the groups with the relevant privileges, enabling the user to execute the required commands.

Policies

A policy is a combination of the CIs being monitored by the Agent Client Collector and the check definitions that run on those CIs.

To enable a single policy to support multiple credentials, assign a credential alias to the policy. For example, if you have MySQL servers for both Linux and Windows with different credentials, you must create separate policies for each credential type. However, if you use a credential alias, you can assign a single policy to the alias. The agent then matches the relevant credential to the application being monitored. For details on credential aliases, see Create a Connection and Credential alias.