Configuring the collation.properties file entries
This topic lists the collation.properties file entries that the Windows computer system sensor uses.
The sensor uses the following entry in the collation.properties file:
- com.ibm.cdb.skipWindowsSoftware=false
- Note: This property affects only script-based mode of the discovery.This property specifies whether the installed software on the Windows operating system is discovered.
- com.collation.discover.agent.sys.ComputerSystem.serialNumberSanityChecks=
- "ˆ(?!null);ˆ(?!not );ˆ(?!n/a);ˆ(?!permission);ˆ(?!to be );ˆ(?!undef); ˆ[ -:\.\w]{4,80}$; ^(?!.{8}(\-.{4}){3}\-.{12}_.{2}(:.{2}){5});^(?!none);^(?!x{7});^(?!\.{9});^(?!0123456789);^(?!0+$)";
This property is used to validate the serialNumber property that is discovered by the operating system sensors, except Solaris, to avoid storing generic values, such as Not Defined, To be set by OEM, or Permission Denied.
The main default rule is that a serial number must contain from 4 to 80 characters and not begin with one of the following strings:- null : regular expression ^(?!null)
- not : regular expression ^(?!not)
- n/a : regular expression ^(?!n/a)
- permission : regular expression ^(?!permission)
- to be : regular expression ^(?!to be)
- undef : regular expression ^(?!undef)
- string in form : 098D8710-E623-3C3B-9F9B-FCBAFF1BF3B6_5C:F3:FC:E8:89:FC : regular expression ^(?!.{8}(\-.{4}){3}\-.{12}_.{2}(:.{2}){5})
- none : regular expression ^(?!none)
- xxxxxxx : regular expression ^(?!x{7})
- ......... : regular expression ^(?!\.{9})
- 0123456789 : regular expression ^(?!0123456789)
- 0000 : regular expression ^(?!0+$)
If a serial number does not follow this rule, it is not set. The regular expression syntax is defined in the Java™ SDK for class
java.util.regex.Pattern
. Regular expressions must be separated by semicolons. Candidate serial numbers are always converted to all lowercase before they are matched against the regular expressions. Therefore, when you customize the property, use lowercase characters only.
Gateway-based or SSH-based discovery properties
- com.collation.AllowPrivateGateways=true
- The default value is true.
This property specifies whether a Windows computer system can be discovered using SSH or IBM® Tivoli® Monitoring connections without requiring an intermediate gateway. The default is to allow SSH or IBM Tivoli Monitoring connections to Windows systems. If the value is set to false, Windows targets are only discovered if they are listed in the TADDM gateway list. If they are not included in the gateway list, the Windows session sensor fails with the CTJTP1100E error.
- com.collation.PreferWindowsSshOverGateway=false
- The default value is false.
This property specifies whether to use SSH rather than gateway-based discovery if a Windows computer system supports SSH. Even if a Windows computer system supports SSH, the default value for this property indicates that gateway-based discovery is used. This property is ignored if
com.collation.AllowPrivateGateways=false
.
WMI-related properties
TADDM relies on Windows Management Instrumentation (WMI) to discover Windows computer systems. TADDM can be configured to restart the WMI service if a problem occurs with WMI. If the WMI service is restarted, all WMI-dependent services that were running before the restart are also restarted.
- com.collation.discover.agent.windows.useIpAsDomain=false
- The default value is false.
- com.collation.WmiAccessEnabled=true
- The default value is true, which indicates that TADDM attempts to establish the WMI session.
- com.collation.platform.os.WindowsOs.AutoDeploy=true
- The default value is true, which indicates that TADDM can automatically install the WMI provider.
- com.collation.RestartWmiOnAutoDeploy=false
- Restart WMI if a WMI error occurs during automatic deployment of the TADDM WMI Provider.
- com.collation.RestartWmiOnAutoDeploy.1.2.3.4=false
- Restart WMI if a WMI error occurs during automatic deployment of the TADDM WMI Provider.
- com.collation.RestartWmiOnFailure=false
-
Restart WMI if a WMI error occurs, except during automatic deployment.
- com.collation.RestartWmiOnFailure.1.2.3.4=false
-
Restart WMI if a WMI error occurs, except during automatic deployment.
PowerShell-related properties
- com.ibm.cdb.session.ps.urlPrefix=wsman
- The default value is wsman.
- com.collation.PowerShellAccessEnabled=false
- The default value is false.
- com.collation.PreferPowerShellOverWMI=true
- The default value is true.
- com.collation.PowerShellPorts=5985,5986
- The default value is 5985,5986.
- com.ibm.cdb.session.ps.useSSL=false
- The default value is false.
- com.ibm.cdb.session.ps.allowDNS=true
-
Note: You can use this property only when the
com.ibm.cdb.session.ps.useSSL
property is set to true.
- com.ibm.cdb.session.ps.fallbackToIP=true
-
Note: You can use this property only when the
com.ibm.cdb.session.ps.useSSL
andcom.ibm.cdb.session.ps.allowDNS
properties are set to true.
- com.collation.PowerShellTimeoutFudge=10000
- The default value is 10000 (milliseconds).
- com.ibm.cdb.session.ps.SkipCACheck / com.ibm.cdb.session.ps.SkipCACheck.Gateway.<Gateway IP Address>
-
Note:
- You can use this property only when the
com.ibm.cdb.session.ps.useSSL
property is set to true. - You should use these properties cautiously as it prevents security checks, for example, you can use them in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated. These properties are not recommended for production environment.
This property can be used to specify whether the PowerShell skips the validation that the server certificate of the discovery target is signed by a trusted certificate authority (CA). By default, these properties are not present in the collation.properties file and are not considered.
If you set this property to true, then the server certificate of the discovery target is not validated. You must use this property cautiously as it prevents security check, for example, you can use it in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated.
To configure this property, refer below section Configuring SkipCACheck, SkipCNCheck and SkipRevocationCheck.
- You can use this property only when the
- com.ibm.cdb.session.ps.SkipCNCheck / com.ibm.cdb.session.ps.SkipCNCheck.Gateway.<Gateway IP Address>
-
Note:
- You can use this property only when the
com.ibm.cdb.session.ps.useSSL
property is set to true. - You should use these properties cautiously as it prevents security checks, for example, you can use them in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated. These properties are not recommended for production environment. .
This property can be used to specify to the PowerShell during session creation that the certificate common name (CN) of the server need not match the hostname of the server. This property must only be used for trusted machines. By default, these properties are not present in collation.properties file and are not considered.
- You can use this property only when the
- com.ibm.cdb.session.ps.SkipRevocationCheck / com.ibm.cdb.session.ps.SkipRevocationCheck.Gateway.<Gateway IP Address>
-
Note:
- You can use this property only when the
com.ibm.cdb.session.ps.useSSL
property is set to true. - You should use these properties cautiously as it prevents security checks, for example, you can use them in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated. These properties are not recommended for production environment.
This property can be used to specify to the PowerShell during session creation to skip the validation of the revocation status of the server certificate. This property should only be used for trusted machines. By default, these properties are not present in collation.properties file and are not considered.
- You can use this property only when the
Configuring SkipCACheck, SkipCNCheck and SkipRevocationCheck
com.ibm.cdb.session.ps.SkipCACheck, com.ibm.cdb.session.ps.SkipCNCheck, and com.ibm.cdb.session.ps.SkipRevocationCheck properties can be configured for a specific gateway IP or as a scope-based property.
For example, to configure com.ibm.cdb.session.ps.SkipCACheck for a specific gateway IP, use the pattern com.ibm.cdb.session.ps.SkipCACheck.Gateway.<Gateway IP Address> with value as true or false. This can also be configured as a global property or as a scope-based property with pattern com.ibm.cdb.session.ps.SkipCACheck with value as true or false. You can override the global value for a specific scope set or IP in the collation.properties file.
Similarly, you can configure other properties SkipCNCheck and SkipRevocationCheck as mention above.
When both variants of the property i.e., Gateway level property and global/scope-based property are configured explicitly in collation.properties file as true or false, then Gateway level property will take precedence.