Configuring the collation.properties file entries

This topic lists the collation.properties file entries that the Windows computer system sensor uses.

The sensor uses the following entry in the collation.properties file:

com.ibm.cdb.skipWindowsSoftware=false: Note: This property affects only script-based mode of the discovery.
This property specifies whether the installed software on the Windows operating system is discovered.; The default value is false, which means that the software is discovered.; If the amount of the discovered data is very large and it slows down the discovery process, set this property to true to disable the discovery of this type of data.

com.collation.discover.agent.sys.ComputerSystem.serialNumberSanityChecks=

"ˆ(?!null);ˆ(?!not );ˆ(?!n/a);ˆ(?!permission);ˆ(?!to be );ˆ(?!undef); ˆ[ -:\.\w]{4,80}$; ^(?!.{8}(\-.{4}){3}\-.{12}_.{2}(:.{2}){5});^(?!none);^(?!x{7});^(?!\.{9});^(?!0123456789);^(?!0+$)";

This property is used to validate the serialNumber property that is discovered by the operating system sensors, except Solaris, to avoid storing generic values, such as Not Defined, To be set by OEM, or Permission Denied.

The main default rule is that a serial number must contain from 4 to 80 characters and not begin with one of the following strings:

null : regular expression ^(?!null)
not : regular expression ^(?!not)
n/a : regular expression ^(?!n/a)
permission : regular expression ^(?!permission)
to be : regular expression ^(?!to be)
undef : regular expression ^(?!undef)
string in form : 098D8710-E623-3C3B-9F9B-FCBAFF1BF3B6_5C:F3:FC:E8:89:FC : regular expression ^(?!.{8}(\-.{4}){3}\-.{12}_.{2}(:.{2}){5})
none : regular expression ^(?!none)
xxxxxxx : regular expression ^(?!x{7})
......... : regular expression ^(?!\.{9})
0123456789 : regular expression ^(?!0123456789)
0000 : regular expression ^(?!0+$)

If a serial number does not follow this rule, it is not set. The regular expression syntax is defined in the Java™ SDK for class java.util.regex.Pattern. Regular expressions must be separated by semicolons. Candidate serial numbers are always converted to all lowercase before they are matched against the regular expressions. Therefore, when you customize the property, use lowercase characters only.

Gateway-based or SSH-based discovery properties

com.collation.AllowPrivateGateways=true: The default value is true.
This property specifies whether a Windows computer system can be discovered using SSH or IBM® Tivoli® Monitoring connections without requiring an intermediate gateway. The default is to allow SSH or IBM Tivoli Monitoring connections to Windows systems. If the value is set to false, Windows targets are only discovered if they are listed in the TADDM gateway list. If they are not included in the gateway list, the Windows session sensor fails with the CTJTP1100E error.

com.collation.PreferWindowsSshOverGateway=false: The default value is false.
This property specifies whether to use SSH rather than gateway-based discovery if a Windows computer system supports SSH. Even if a Windows computer system supports SSH, the default value for this property indicates that gateway-based discovery is used. This property is ignored if com.collation.AllowPrivateGateways=false.

WMI-related properties

TADDM relies on Windows Management Instrumentation (WMI) to discover Windows computer systems. TADDM can be configured to restart the WMI service if a problem occurs with WMI. If the WMI service is restarted, all WMI-dependent services that were running before the restart are also restarted.

com.collation.discover.agent.windows.useIpAsDomain=false

The default value is false.

This property specifies the format of credentials that is used to establish WMI session. By default, credentials in the user format are used.

If you set this property to true, credentials in the IP/user format are used in addition to the default format.

This property is a scoped property, you can append the IP address or name of the scope to this property. For example:

com.collation.discover.agent.windows.useIpAsDomain.9.100.100.200=false
com.collation.discover.agent.windows.useIpAsDomain.scope_name1=false

com.collation.WmiAccessEnabled=true: The default value is true, which indicates that TADDM attempts to establish the WMI session.; This is a discovery profile property. You can configure it with the highest priority on the Platform Properties tab of the Discovery Profiles pane in Discovery Management Console. You can also define it for a specific scope set, or IP, in the collation.properties file.

com.collation.platform.os.WindowsOs.AutoDeploy=true: The default value is true, which indicates that TADDM can automatically install the WMI provider.; Setting the value to false indicates that you can manually deploy the WMI provider. Manual deployment is not supported but can be used for troubleshooting.

The following TADDM server properties control the restarting of WMI.

Note: The default value for WMI restart is false. Setting the values of the following properties to true might provide more reliable Windows discovery, but you must also consider the potential negative impact of the WMI service being temporarily stopped and restarted.

com.collation.RestartWmiOnAutoDeploy=false: Restart WMI if a WMI error occurs during automatic deployment of the TADDM WMI Provider.

com.collation.RestartWmiOnAutoDeploy.1.2.3.4=false: Restart WMI if a WMI error occurs during automatic deployment of the TADDM WMI Provider.

com.collation.RestartWmiOnFailure=false: Restart WMI if a WMI error occurs, except during automatic deployment.

com.collation.RestartWmiOnFailure.1.2.3.4=false: Restart WMI if a WMI error occurs, except during automatic deployment.

PowerShell-related properties

com.ibm.cdb.session.ps.urlPrefix=wsman: The default value is wsman.; This property specifies the value of the URLPrefix property of a WinRM listener on the discovered Windows system. The value of this property and the URLPrefix property on the Windows targets must be the same.; This is a scope-based property. You can override the global value for a specific scope set or IP in the collation.properties file.

com.collation.PowerShellAccessEnabled=false: The default value is false.; This property specifies whether TADDM attempts to establish the PowerShell session. By default, the PowerShell access is disabled. If you want to enable the PowerShell session, set this property to true.; This is a discovery profile property. You can configure it with the highest priority on the Platform Properties tab of the Discovery Profiles pane in Discovery Management Console. You can also define it for a specific scope set, or IP, in the collation.properties file.

com.collation.PreferPowerShellOverWMI=true

The default value is true.

This property specifies whether to use the PowerShell or the WMI session, if both of them are enabled. By default, the PowerShell session is preferred.

This is a scope-based property. You can override the global value for a specific scope set or IP in the collation.properties file. For example:

com.collation.PreferPowerShellOverWMI.myScopeABC=false
com.collation.PreferPowerShellOverWMI.10.100.27.8=true

com.collation.PowerShellPorts=5985,5986: The default value is 5985,5986.; This property specifies the PowerShell ports. By default, ports 5985 and 5986 are specified. The PortSensor checks whether these ports are active. If the ports are active, the PowerShell session can be established. If the ports are not active, the WMI session is used instead, unless you disabled it. In such case, error messages are displayed.; This is a discovery profile property. You can configure it with the highest priority on the Platform Properties tab of the Discovery Profiles pane in Discovery Management Console. You can also define it for a specific scope set, or IP, in the collation.properties file.

com.ibm.cdb.session.ps.useSSL=false: The default value is false.; This property specifies whether the PowerShell script uses the SSL protocol to connect to the remote host. By default, the SSL protocol is not used.; This is a scope-based property. You can override the global value for a specific scope set or IP in the collation.properties file.

com.ibm.cdb.session.ps.allowDNS=true: Note: You can use this property only when the com.ibm.cdb.session.ps.useSSL property is set to true.; The default value is true.; This property specifies whether the PowerShell script uses DNS on the gateway to resolve the IP of the remote host. By default, the usage of DNS is allowed.; This is a scope-based property. You can override the global value for a specific scope set or IP in the collation.properties file.

com.ibm.cdb.session.ps.fallbackToIP=true: Note: You can use this property only when the com.ibm.cdb.session.ps.useSSL and com.ibm.cdb.session.ps.allowDNS properties are set to true.; The default value is true.; This property specifies whether the PowerShell script falls back to IP when a secure session cannot be established by using FQDN. By default, the PowerShell script falls back to IP.; This is a scope-based property. You can override the global value for a specific scope set or IP in the collation.properties file.

com.collation.PowerShellTimeoutFudge=10000: The default value is 10000 (milliseconds).; This property specifies the time after which SSH protocol times out, starting with the timeout of the PowerShell script. By default, when the PowerShell script times out, the SSH protocol times out 10000 milliseconds later.

com.ibm.cdb.session.ps.SkipCACheck / com.ibm.cdb.session.ps.SkipCACheck.Gateway.<Gateway IP Address>

Note:

You can use this property only when the com.ibm.cdb.session.ps.useSSL property is set to true.
You should use these properties cautiously as it prevents security checks, for example, you can use them in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated. These properties are not recommended for production environment.

This property can be used to specify whether the PowerShell skips the validation that the server certificate of the discovery target is signed by a trusted certificate authority (CA). By default, these properties are not present in the collation.properties file and are not considered.

If you set this property to true, then the server certificate of the discovery target is not validated. You must use this property cautiously as it prevents security check, for example, you can use it in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated.

To configure this property, refer below section Configuring SkipCACheck, SkipCNCheck and SkipRevocationCheck.

com.ibm.cdb.session.ps.SkipCNCheck / com.ibm.cdb.session.ps.SkipCNCheck.Gateway.<Gateway IP Address>

Note:

You can use this property only when the com.ibm.cdb.session.ps.useSSL property is set to true.
You should use these properties cautiously as it prevents security checks, for example, you can use them in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated. These properties are not recommended for production environment. .

This property can be used to specify to the PowerShell during session creation that the certificate common name (CN) of the server need not match the hostname of the server. This property must only be used for trusted machines. By default, these properties are not present in collation.properties file and are not considered.

If you set this property to true, then the common name (CN) certificate of the server need not match the hostname of the server.

To configure this property, refer below section Configuring SkipCACheck, SkipCNCheck and SkipRevocationCheck.

com.ibm.cdb.session.ps.SkipRevocationCheck / com.ibm.cdb.session.ps.SkipRevocationCheck.Gateway.<Gateway IP Address>

Note:

You can use this property only when the com.ibm.cdb.session.ps.useSSL property is set to true.
You should use these properties cautiously as it prevents security checks, for example, you can use them in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated. These properties are not recommended for production environment.

This property can be used to specify to the PowerShell during session creation to skip the validation of the revocation status of the server certificate. This property should only be used for trusted machines. By default, these properties are not present in collation.properties file and are not considered.

If you set this property to true, then validation of the revocation status of the server certificate is skipped.

To configure this property, refer below section Configuring SkipCACheck, SkipCNCheck and SkipRevocationCheck.

Configuring SkipCACheck, SkipCNCheck and SkipRevocationCheck

com.ibm.cdb.session.ps.SkipCACheck, com.ibm.cdb.session.ps.SkipCNCheck, and com.ibm.cdb.session.ps.SkipRevocationCheck properties can be configured for a specific gateway IP or as a scope-based property.

For example, to configure com.ibm.cdb.session.ps.SkipCACheck for a specific gateway IP, use the pattern com.ibm.cdb.session.ps.SkipCACheck.Gateway.<Gateway IP Address> with value as true or false. This can also be configured as a global property or as a scope-based property with pattern com.ibm.cdb.session.ps.SkipCACheck with value as true or false. You can override the global value for a specific scope set or IP in the collation.properties file.

Similarly, you can configure other properties SkipCNCheck and SkipRevocationCheck as mention above.

When both variants of the property i.e., Gateway level property and global/scope-based property are configured explicitly in collation.properties file as true or false, then Gateway level property will take precedence.

Note: You should use these properties cautiously as it prevents security checks, for example, you can use them in a condition where the remote computer is trusted by other means like the remote computer and the discovery server are part of a network that is physically secure and isolated. These properties are not recommended for production environment.