Registry key monitoring in UIM
search cancel

Registry key monitoring in UIM

book

Article ID: 198197

calendar_today

Updated On: 10-27-2023

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Need to know ways in which we can monitor registry keys on a Windows server.

Environment

  • Release: Any
  • Component: UIM LOGMON

Cause

  • Guidance

Resolution

There are no out-of-box probes for this purpose. Generally, you can deploy the logmon probe to most Windows platforms. You can achieve the purpose for monitoring registry key values against a known current value and raise alarms if the result is not as expected. 

Follow these steps

1) Create a new logmon profile

2) In the general tab, change mode to 'command' and enter command like C:\Windows\System32\REG QUERY HKLM\Software\Microsoft\DirectX /v Version
 this is for retrieving the value for key Version from local registry

Ex:

3) Specify appropriate check interval for example 5 mins, de-select 'Generate Qos' and select 'Generate Alarms

4) Select Watcher rule tabs, and create a new watcher rule

5) In watcher rules -> Standard tab, use regular expression as such : /Version.*$/ and specify error message and alarm severity

6) In watcher -> Variables tab, create a new variable

7) In variable window, under section 'Source FROM Position' select 'Column' to '3' , which means the third columns from the matching row,
 the matching row should be something like this as from the command output Version REG_SZ XXXX.XXXX.XXX and the value of third column 'xxxxx.xxx.xxx.xx' is assigned to your variable e.g. var

8) In variable window specify a variable threshold, in 'Expected Value' section , select operator '=' 'current_value', which is the value you expect it to be.

9) Modify in standard tab, the alarm message to include ${var}.

10) Apply and Restart the probe this profile will make sure to alarm when the directx version value is not your expected/current value by retrieving the value from registry and monitor the value against the specified threshold after applying a regular expression to match the row.

Note: A point need to mention here is that the user used by the probe must have the right to make a call using 'reg' command. If not so, assign the local user and its password with the rights in logmon probe configuration->setup

Since there is no out of the box probes monitoring registry, you have to create such a profile for each of your requirement specification. Let me know if this helps

Here is an example alert: