How to Configure the Bastion Monitoring Agent?
The Bastion Agent is a service that checks the Bastion's and LAC's responsiveness and takes a remedial action.
It works by sending a health check request to the Bastion and LAC. If the Bastion and/or LAC Filter does not respond as expected, the script will try to restart the Bastion service.
Processing
The agent runs the monitoring process each predefined number of seconds (default is 10) and does the following:
• Check if Bastion service is running
• If not - start the Bastion service
• Call Bastion health check requesting https://[BastionIp]/skypeshieldhealth with host header BastionHealthcheck Host, for example https://127.0.0.1/skypeshieldhealth with host header lyncdiscover.skypeshield.com
• If received HTTP 200 status code - Bastion and LAC are OK - no restart is done
• If received other HTTP status or error/exception - except status 404/403/401
Will try to restart Bastion service after 3 consecutive failures every 10 seconds - only if already in production mode.
• No restart is done if still not in production mode - not received 5 sequences OK results.
Configuration
The default location of the configuration file is located at:
C:\Agat\Tools\BastionAgent\AgatBastionAgent.config
1. LogFileFullName - The path of the Bastion Agent event logs.
2.LogFileMaxSize - Defines the maximum size of the log file before the agent will clear out and create a new log.
3.LogFileLevel - The severity level of the logs generated by the agent.
4.EventLogLevel - The severity of the logs sent to the event viewer.
5.MonitorFrequencySeconds - The frequency in which the Bastion agent performs the health check (in seconds).
6.Bastion Ip address and port. If the Agent is installed on the Bastion use localhost address. Make sure to use a port which the Bastion listens to (and is used by the required channel).
7.BastionHealthcheckHost - The host to whom the health check request will be sent to.
8.BastionServiceName - the service which we will want to monitor (in most cases we will leave it as it is).
9.BastionRestartTimeoutSeconds - How long should the agent wait for a restart to complete. If the service is not able to start, the agent will create an event for manual operation to be done.
10.MaxHealthcheckLatencyMilliseconds - maximum latency for the health check response. Set 0 to disable latency check.
11.EmailIssues - for which type of issues should an email be sent. You can set the following values: all, dbConnectionFailure, restartFailure, restartSuccess.
Multiple values should be separated by a comma. All values except blank need SMTP configuration.
12.SMTP_* - SMTP configuration for emails:
- SMTP Hostname: SMTP server Address.
- SMTP Port: the port the SMTP server is listening on.
- SMTP Account Name: Sender Address for the Bastion Agent.
- SMTP Account Password: If SMTP requires authentication, this is the password for the sender account.
- SMTP Requires SSL: Change to True if the SMTP server requires TLS/SSL.
- SMTP Requires Authentication: Change to True if the SMTP server requires authentication
- SMTP Mail Recipient: Administrator e-mail to receive notifications from the Bastion Agent.
13.SMTP_Sending_Frequency - The frequency in which a mail notification will be sent.
This value is dependent on MonitorFrquencySeconds. If MonitorFrquencySeconds is set to 30 and SMTP_Sending_Frequency to 10,
an email will be sent once an issue was detected and an additional one every 30X10 = 5 min.