.png)
Key monitoring scenarios
Topic Last Modified: 2010-05-13
The Microsoft Forefront Server Protection Management Pack for Microsoft System Center Operations Manager 2007 (Operations Manager 2007) proactively monitors the "health" of your Forefront agent-managed systems by looking at events. Events are logged when transitions occur from one state to another. Health is indicated by a color code:
-
Green (healthy) – everything is functioning properly and performing well. Green events do not trigger alerts. The symbol is a green check mark within a circle.
-
Yellow (warning) – performance is poor or a problem is impairing non-critical functionality. Yellow events trigger warning alerts. The symbol is a "!" within a yellow triangle.
-
Red (unhealthy) – critical functionality has been lost. Red events trigger error alerts. The symbol is a white "x" within a red circle.
These are the various types of problems that the Microsoft Forefront Server Protection Management Pack keeps track of.
Engines
These are the monitored engine conditions.
|
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
|
Antimalware Engines Update Enabled |
The engines selected to be used for the scan jobs are enabled for updating. |
The engines selected to be used for the scan jobs are not all enabled for updating. |
Not applicable. |
|
Antimalware Engines Update Success Rate |
All engines enabled for updating were successfully updated. |
At least half of the engines enabled for updating were successfully updated. |
Less than half of the engines enabled for updating were successfully updated. |
|
Antimalware Engines Last Update Time |
All engines enabled for updating were successfully updated within the last five days. |
Some of the engines enabled for updating were not updated within the last five days. |
None of the engines enabled for updating were updated within the last five days. |
|
Last antispam definition update |
Content filter definitions have been updated in the last hour. |
Content filter definitions were last updated in the past 1-12 hours. |
The last content filter definition update was over 12 hours ago. |
Workload Integration
These are the monitored workload integration conditions.
|
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
|
Exchange Transport Hook State |
The Microsoft Exchange Transport service is running and the Forefront agent is registered. |
Not applicable. |
The agent failed to register or is not enabled. This prevents the Microsoft Exchange Transport service from starting. |
|
Forefront Agent State |
The Microsoft Exchange Transport service is running and the Forefront agent is registered. |
Not applicable. |
The Microsoft Exchange Transport service is running, but the Forefront Agent is not registered. |
|
VSAPI registration |
The Microsoft Exchange Information Store is running and the Forefront VSAPI library is registered. |
Not applicable. |
The Microsoft Exchange Information Store is running, but the Forefront VSAPI library is not registered. |
Scan Jobs
These are the monitored scan job conditions. There are separate events for realtime and scheduled scans.
|
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
|
Scan job enabled (for transport and realtime scans) |
The scan job is enabled properly. |
|
The scan job was disabled or bypassed. |
|
Scan engines have been initialized (for transport, realtime, and scheduled scans) |
The engines selected for the scan job have been initialized. |
Not applicable. |
The selected scanning engines were not initialized with the scan job. |
|
Scan filter engine loaded (for transport, realtime, and scheduled scans) |
The engine that handles filtering loaded correctly. |
Not applicable. |
The engine that handles filtering did not load correctly. |
|
Scan process state (for transport and realtime scans) |
The scanning processes are running. |
Some processes did not restart after a timeout or exception. |
No scanning processes restarted after a timeout or exception. |
|
Scheduled scan termination |
The scheduled scan executed within the allowed time. |
Not applicable. |
The scheduled scan exceeded the allowed time limit. |
|
Transport Scanning Deliverable State |
All messages have been scanned and delivered. |
Not applicable. |
A message scan could not be completed. The message was placed in the Undeliverable Archive folder for further review. |
Services
These are the monitored services conditions.
|
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
|
FSCController service |
The FSCController service is running. |
Not applicable. |
The FSCController service has stopped. |
|
Eventing service |
The Eventing service is running. |
Not applicable. |
The Eventing service has stopped. |
|
FSEMailPickup service |
The FSEMailPickup service is running. |
Not applicable. |
The FSEMailPickup service has stopped. |
|
FSCMonitor service |
The FSCMonitor service is running. |
Not applicable. |
The FSCMonitor service is inactive. |
Cluster servers
These are the monitored cluster server conditions.
|
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
|
CCR cluster engine replication |
Engine replication across the CCR cluster succeeded. |
Not applicable |
Engine replication across the CCR cluster failed. |
|
CCR cluster file synchronization |
File synchronization succeeded. |
Not applicable |
File synchronization failed. |
|
Active node lookup |
FPE successfully found the active node. |
Not applicable |
FPE could not find the active node |
|
Passive node transition |
The transition to the passive state succeeded. |
Not applicable |
An error occurred while transitioning to the passive state |
|
CCR cluster change notifications |
The CCR replication service cluster state monitoring is able to receive cluster change notifications. |
Cluster change notifications cannot be received. |
Not applicable. |
License
These are the monitored license conditions.
|
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
|
License state |
The Forefront Protection 2010 for Exchange Server is licensed. |
The Forefront Protection 2010 for Exchange Server license will expire soon. |
The Forefront Protection 2010 for Exchange Server license has expired. |
