uberAgent https://uberagent.com Windows, macOS, Citrix & VMware monitoring on Splunk Tue, 15 Oct 2019 14:10:06 +0000 en-US hourly 1 Announcing uberAgent Endpoint Security Analytics https://uberagent.com/blog/announcing-uberagent-endpoint-security-analytics/ https://uberagent.com/blog/announcing-uberagent-endpoint-security-analytics/#respond Mon, 14 Oct 2019 14:07:38 +0000 https://uberagent.com/?p=10665 The post Announcing uberAgent Endpoint Security Analytics appeared first on uberAgent.

]]>

In this article

We have come a long way with uberAgent. What started out as a tool for optimizing Citrix XenApp environments evolved into a full-fledged monitoring product that covers all aspects of user experience and application performance on any Windows endpoint – and soon on macOS, too. uberAgent collects detailed inventory information, shows which applications are used when and how often, determines application reliability KPIs, finds issues with network connectivity, and much more. Such a rich data set can only be collected by closely monitoring system activity: process creation, network transmissions, and many other types of events – all of which are highly relevant in a security context, too. In fact, several of our customers are using uberAgent at least in part for security scenarios. To better support that, we are officially announcing a new product: uberAgent Endpoint Security Analytics (ESA).

The Foundation: uberAgent UXM

uberAgent ESA is built on top of our existing product, which we are renaming to uberAgent User Experience Monitoring (UXM). The reason for logically placing ESA on top of UXM becomes clear when we take a closer look at the metrics that UXM already provides:

Applications

  • Automatic application identification: maps processes to applications (e.g., iexplore.exe to Internet Explorer)
  • Application inventory: tells you which apps are installed on disk
  • Application usage: tells you which apps are running (typically a small subset of those installed)
  • Foreground application: tells you which application the user is interacting with (just one app per session at any given point in time)
  • Application startup: records process creation and app startup duration
  • Application performance: resource utilization for the entire app or individual processes

All of the above works for any kind of native applications, of course, including Win32, UWP, Java, and App-V. But there is more. After all, the browser has become an OS for web apps. Where other monitoring tools only show a browser as a gigantic consumer of system resources uberAgent UXM goes several steps further by providing detailed usage and performance metrics for SaaS apps, too.

Users

  • Logon and logoff activity
  • Session start and end
  • User account for all process or application events
  • User metadata can be read from any AD attribute, registry value or environment variable

Operating system process IDs and session IDs are not useful for tracking individual instances because the IDs are reused (quickly). uberAgent solves this by generating unique IDs (GUIDs) for every process or session.

Networking

  • Network connections both on the OS level and in the browser
  • Network activity per application, process, and user

In addition to monitoring successful network activity, uberAgent also identifies connection attempts that fail. This greatly helps find misconfigurations or incorrect firewall rules.

UXM Summary

We are quite aware that the above metrics might make a nice security product already and we are more than happy to support such a use case with uberAgent UXM. However, until now, security was a by-product. This changes with ESA. Now we are getting serious with security.

uberAgent ESA in a Nutshell

uberAgent UXM provides rich context and metadata, while uberAgent ESA adds deep security visibility.

With the combination of ESA and UXM, you need only one agent for user experience, performance, and security. This guarantees the smallest possible footprint on the endpoint. Our technology is based on the famously efficient and reliable uberAgent UXM which has been deployed to enterprises worldwide with up to 300,000 users per organization.

Our endpoint agent supports any version of Windows, be it physical or virtual, client or server, mobile or not (and soon macOS, too).

uberAgent ESA Process Tree dashboard filtered to include only splunk-netmon child processes of Splunk Universal Forwarder

uberAgent ESA Features

Process Tagging

We want to enable businesses to identify risky processes. Matching processes get a tag and a risk score, both of which can be freely chosen. As can be the way risky processes are detected, thanks to our powerful and flexible rule definition language. Process tagging rules can be organized in reusable blocks; all detection elements support regular expressions and some even a combination of regexes and environment variables.

uberAgent ESA comes with predefined rules for many common threats, including Microsoft Office child process identification, or the ability to flag processes that are started from directories standard users, or, even worse, low-integrity processes can write to. Advanced directory permission SDDL analytics are available out of the box, too.

Scheduled Tasks

Scheduled Tasks are a fantastic way to hide malware. There are multiple reasons for this. One, the Task Scheduler UI does not display important properties like COM actions or custom triggers. Two, there is a huge number of tasks on any system, all of which are completely undocumented by Microsoft or the respective third-party software vendor. Three, there is no built-in authentication method for “good” tasks.

Those challenges require careful monitoring with a tool that detects any change and collects all properties. uberAgent ESA shows new, changed or deleted scheduled tasks with all their properties, triggers, and actions. In the case of COM actions, for example, uberAgent determines the CLSID and the executable of the COM component that is targeted by the task.

Process Tree Dashboard

We mentioned earlier that uberAgent logs process creation events along with rich metadata about what exactly is being launched where and by whom. Such information can be invaluable, but it also needs to be navigatable. All of the metrics collected by uberAgent are accessible through preconfigured dashboards, of course, but one of them demands some special attention. The uberAgent ESA process tree dashboard allows for comfortable navigation through complex hierarchies of even millions of parent-child process relationships, giving analysts a powerful tool that helps them understand process activities through interactive visualization.

And More…

The features described here are just a teaser of the powerful capabilities that come with uberAgent ESA. Development is still ongoing, so please bear with us. We will share more news as soon as possible.

uberAgent at Splunk .conf

Make sure to attend our Splunk .conf session SECS2534 to learn more about uberAgent Endpoint Security Analytics. And come to our booth #108, of course. Do not miss your chance to talk to uberAgent’s developers and engineers!

The post Announcing uberAgent Endpoint Security Analytics appeared first on uberAgent.

]]>
https://uberagent.com/blog/announcing-uberagent-endpoint-security-analytics/feed/ 0
New Free Add-On: uberAgent Helpdesk Splunk App https://uberagent.com/blog/free-addon-uberagent-helpdesk-splunk-app/ https://uberagent.com/blog/free-addon-uberagent-helpdesk-splunk-app/#respond Tue, 08 Oct 2019 16:17:39 +0000 https://uberagent.com/?p=10499 The post New Free Add-On: uberAgent Helpdesk Splunk App appeared first on uberAgent.

]]>

We are thrilled to introduce our newest Splunk app, the uberAgent helpdesk app. Do you have a team of support heroes demanding a tool that provides all the data they need to troubleshoot users and machines easily? We created right that!

What is uberAgent?

Let us recap what uberAgent is all about:

  • Tells you everything relevant to user experience
  • Helps you identify trends that otherwise would have gone unnoticed
  • Supports IT pros with the information they need for deep troubleshooting

uberAgent is famous for the latter. There are few other tools that offer such a rich set of valuable information about endpoints.

But what about the helpdesk? If you are on the phone with an end-user, you don’t always have the time to browse through several different dashboards looking for the root cause of an issue. With the new uberAgent helpdesk Splunk app that is not necessary. It is your place to go to spot a problem, provide a solution, solve the ticket and make your users happier.

For Whom Is the App Designed?

The app is designed for helpdesk heroes who support virtual or physical desktops and who need quick answers to typical questions like the following:

  • Why is my login so slow? It was fast yesterday.
  • Why is my app constantly crashing?
  • Citrix is slow!
  • The website is not loading fast enough!

What Are the Benefits?

Why would you want to use the uberAgent helpdesk app? We have many good reasons. The top three would be:

  1. Spot issues in user sessions right away
  2. Less time to solve a ticket
  3. Happier users

What Does the App Look Like?

The app has just one dashboard, nice and easy. You start by searching either for a user or a machine. After selecting a session of interest detailed information will be provided.

The dashboard gives you an overview of the user’s session with helpful content like user and machine information, connection state over time as well as logon time compared to the previous week.

Now dive into the session’s performance and compare it to the entire machine or even to other sessions in the organization.

The user is reporting issues with a specific native application or SaaS app? Click on an item in the list and you will get details to solve the user’s problem immediately!

Download

The app is available for free and can be downloaded from Splunkbase.

Requirements

The helpdesk app provides a different view of the regular dataset collected by uberAgent. As such it requires a working uberAgent infrastructure on Splunk.

The post New Free Add-On: uberAgent Helpdesk Splunk App appeared first on uberAgent.

]]>
https://uberagent.com/blog/free-addon-uberagent-helpdesk-splunk-app/feed/ 0
uberAgent 5.3: Introducing User & Host Tagging https://uberagent.com/blog/uberagent-5-3-introducing-user-host-tagging/ https://uberagent.com/blog/uberagent-5-3-introducing-user-host-tagging/#respond Thu, 03 Oct 2019 16:47:48 +0000 https://uberagent.com/?p=10501 We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.3 introduces a powerful tagging engine and brings many other improvements. For a full list of changes, please consult the release notes. As always, upgrading is highly recommended (instructions). User and Host Tags uberAgent collects deep and...

The post uberAgent 5.3: Introducing User & Host Tagging appeared first on uberAgent.

]]>
We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.3 introduces a powerful tagging engine and brings many other improvements.

For a full list of changes, please consult the release notes. As always, upgrading is highly recommended (instructions).

User and Host Tags

uberAgent collects deep and rich information about applications, users and machines. Splunk dashboards provide easy access to the data set, along with powerful filtering options for important properties like machine name, hardware manufacturer, IP address, or user ID, to name a few. However, sometimes a fixed set of attributes to search or filter for is not enough.

Many organizations store asset tags for machines and users in proprietary fields, either in Active Directory or on each computer. A common mechanism to identify a user’s department, for example, is to place the relevant information in AD attributes. Several of our customers expressed their interest in being able to filter the information collected by uberAgent based on such data points. As always, we listened.

uberAgent’s brand-new user & host tagging feature allows you to integrate custom identifiers natively in all dashboards. Supported sources for tags are:

  • Active Directory attributes
  • Environment variables
  • Registry values

To filter for a tag in a dashboard, simply select user tags or host tags as filter field and enter the filter string as a key-value pair. If, for example, you have a tag Department you might filter the data displayed on a dashboard as follows to only include information from HR users:

For a full description of the feature please consult the documentation.

Other Improvements

Backend Server Load Balancing

An improved load balancing algorithm chooses the next receiver server randomly. Previously, all endpoints switched to the same new server, unnecessarily increasing the load on that server.

Update Inventory

uberAgent now shows the distinct count of machines where an update is not installed. The Single Update Inventory data table now includes hosts where a specific update is not installed.

About uberAgent

uberAgent is a Windows user experience analytics and application performance monitoring product. Its highlights include detailed information about boot and logon duration (showing why and when boots/logons are slow), application unresponsiveness detection, network reliability drilldowns, process startup duration, application usage metering, browser performance per website and remoting protocol insights.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative user experience, and application performance monitoring product. Our customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Our founder, Helge Klein, is an experienced consultant and developer who architected the user profile management product whose successor is now available as Citrix Profile Management. In 2009 Helge received the Citrix Technology Professional (CTP) award, in 2011 he was nominated a Microsoft Most Valuable Professional (MVP), in 2014 he was a Splunk Revolution Award Winner, in 2015 he became a VMware vExpert. Helge frequently presents at conferences and user group events.

vast limits recognizes its obligation to society and humanity. We are committed to providing the best possible workplace for our employees and we regularly donate for causes like children, education, or the fight against climate change.

The post uberAgent 5.3: Introducing User & Host Tagging appeared first on uberAgent.

]]>
https://uberagent.com/blog/uberagent-5-3-introducing-user-host-tagging/feed/ 0
Charity Donations 2019 https://uberagent.com/blog/charity-donations-2019/ https://uberagent.com/blog/charity-donations-2019/#respond Wed, 25 Sep 2019 16:08:42 +0000 https://uberagent.com/?p=10353 As in the previous year, we are donating significant amounts to charity organizations that help make our world better to live in. While the 2018 donations focused on education (true to our company motto coined by Mark Twain), this year’s themes are children and climate change. How We Choose Organizations Our charity organization selection process...

The post Charity Donations 2019 appeared first on uberAgent.

]]>
As in the previous year, we are donating significant amounts to charity organizations that help make our world better to live in. While the 2018 donations focused on education (true to our company motto coined by Mark Twain), this year’s themes are children and climate change.

How We Choose Organizations

Our charity organization selection process is mostly about employee choice. While management sets the year’s theme, the amount to be donated is split evenly amongst all employees (including management). Each employee has the freedom, but also the responsibility to choose their own preferred organization.

Why Children and Climate Change?

Today’s children are tomorrow’s leaders. Helping them become the best possible humans is in their best interest, but also in everybody else’s.

Climate change is similar: an investment in climate protection is an investment in humanity’s future. It is also about our generation’s legacy and, of course, the future of our children.

Image: Plant for the planet

How vast limits Helps

In 2019 we are donating to the following charity organizations:

Plant for the Planet

It all started with a nine-year old’s school presentation. Today Plant for the Planet is a global movement with an ambitious goal: to fight the climate crisis by planting trees around the world.

Plant for the Planet encourages as many children as possible to fight for their future. More than 70,000 of them are ambassadors for climate justice. These are children between the age of 9-12, who pass on their knowledge at academies to other children, who train to become ambassadors as well.

Die Arche

The German word arche means ark in English. The name reflects the organization’s purpose well. Die Arche provides lunch, homework tutoring, and organizes activities and camps for children and teenagers from all social backgrounds.

Ärztliche Kinderschutzambulanz Bergisch Land e.V.

The medical child protection outpatient clinic, based at the Sana-Klinikum in Remscheid, is a specialist center for children and adolescents affected by physical abuse, neglect and/or sexual violence. It was founded in 1989 and is ran by a multi-professional team consisting of pediatricians and therapists from different disciplines. The clinic provides advice, first aid, and a range of diagnostic and therapeutic measures for affected persons.

Aufbruch am Arrenberg e.V.

Stadtquartier Arrenberg is a residential district in the west of Wuppertal, which was founded in 2008 by only 10 local residents, entrepreneurs and project developers, with the goal to counteract the ongoing downward spiral in the neighborhood. Today, the organization has almost 200 members and focuses on projects in the fields of energy, mobility, and nutrition.

Another important initiative is programming workshops for children. The courses are aimed at third and fourth-grade children from low-income families. In the workshops, boys and girls are given the opportunity to develop an understanding of the processes that surround them every day in tablets, mobile phones or notebooks.

Scouts in Lichtenberg – Morsbach, Germany

It all began in 2009 when the children and teenagers in Lichtenberg thought about how they would like to be meaningfully engaged in their free time. The idea was to join a large organization that had high standards in terms of each other. It was essential to learn how to get along in politics, society, and daily life. Life classified without factors such as skin color, nationality, and governmentality, sex, and age matters.

The decision to join the BDP Landesverband NRW (scout organization) and start up a local scout stem came quickly. It started with ten children and three volunteering carers. Meanwhile, the tribe consists of 40 members with children from the age of 6, and the trend is rising under the motto “participate – help – talk – travel and contribute your ideas.”

Life is not virtual but real, and the goal is to teach the children a respectful way to live together. Essential elements are youth leads youth, learning by doing and closeness to nature.

To learn this and to pass it on, the tribe takes part in numerous events and offers many possibilities of further training for youth work, e.g., youth training certificate, hiking, camping, and orientation are essential points here.

nestwärme

nestwärme is committed to help families that carry the weight of having to care for seriously ill or handicapped children at home. The independent charity offers active help through counseling and support to give families the strength to come up with the vital nest warmth it needs.

Swift and unbureaucratic help is the priority since parents oftentimes have to fight on all fronts for their child and their own balance. Therefore nestwärme developed a structure that is oriented towards the special needs of those families and comprises a unique relief network. Part of that network are volunteers that donate their competence or talents and that support regional nests in Germany, Switzerland, and Austria. Among other facilities, there is also the child’s competence center in the Trier area that houses an ambulant child and intensive care service as well as a children hospice.

The post Charity Donations 2019 appeared first on uberAgent.

]]>
https://uberagent.com/blog/charity-donations-2019/feed/ 0
uberAgent Surpasses 115,000 Installs on the Chrome Web Store https://uberagent.com/blog/uberagent-surpasses-115000-installs-on-the-chrome-web-store/ https://uberagent.com/blog/uberagent-surpasses-115000-installs-on-the-chrome-web-store/#respond Wed, 18 Sep 2019 14:43:27 +0000 https://uberagent.com/?p=10281 We are thrilled to announce that the uberAgent browser extension for Google Chrome surpassed the threshold of 115,000 active users. This is all the more exciting as the extension is an optional component of our monitoring and analytics product. What is the uberAgent Chrome Extension? uberAgent is all about the many aspects of applications. It...

The post uberAgent Surpasses 115,000 Installs on the Chrome Web Store appeared first on uberAgent.

]]>
We are thrilled to announce that the uberAgent browser extension for Google Chrome surpassed the threshold of 115,000 active users. This is all the more exciting as the extension is an optional component of our monitoring and analytics product.

What is the uberAgent Chrome Extension?

uberAgent is all about the many aspects of applications. It records app crashes or hangs, determines application performance, performs inventories of all installed apps – and figures out where users spend how much time. In other words: uberAgent tells you which applications are used when, how often, and for how long.

These days, of course, browser-based web apps comprise an important part of any organization’s application set. That poses a problem for monitoring tools. For the typical monitoring product, the browser is the application, not the many separate web apps running in parallel, each in its own tab.

We set out to change that. uberAgent was the first product to record web app usage – for any web app, without requiring changes to a web site’s code. uberAgent monitors in-house line of business applications just as well as it works with YouTube, Facebook or any other public site.

If you are still uncertain as to why you should monitor web apps, read how the browser has become an OS for web apps.

How to Install the uberAgent Chrome Extension?

uberAgent is famous for its quick and simple installation. The only thing you need in addition to the endpoint agent is the browser extension, which can be found on the Chrome Web Store or deployed via Group Policy.

Once installed, the browser extension updates automatically. And there is no need to worry which to deploy first, the agent or the extension: once both are up and running they will talk to each other automatically.

The post uberAgent Surpasses 115,000 Installs on the Chrome Web Store appeared first on uberAgent.

]]>
https://uberagent.com/blog/uberagent-surpasses-115000-installs-on-the-chrome-web-store/feed/ 0
Practice Guides on CPU Temperature & Application CPU Usage https://uberagent.com/blog/practice-guides-on-cpu-temperature-application-cpu-usage/ https://uberagent.com/blog/practice-guides-on-cpu-temperature-application-cpu-usage/#respond Mon, 09 Sep 2019 18:37:50 +0000 https://uberagent.com/?p=10270 Our growing collection of practice guides has new articles that explain how to identify applications that use 100% of a CPU core, how to collect the processor temperature and how to query performance counters. What Are Practice Guides? Practice guides demonstrate how to use uberAgent in real-world scenarios. Each practice guide tries to answer a...

The post Practice Guides on CPU Temperature & Application CPU Usage appeared first on uberAgent.

]]>
Our growing collection of practice guides has new articles that explain how to identify applications that use 100% of a CPU core, how to collect the processor temperature and how to query performance counters.

What Are Practice Guides?

Practice guides demonstrate how to use uberAgent in real-world scenarios. Each practice guide tries to answer a specific question. Customers are encouraged to look at the solutions presented in our practice guides and use them as a basis for their own implementations. Practice guides are part of uberAgent’s documentation.

Guide by Jesper Sehested under CC

Identifying Applications That Use 100% of a CPU Core

This practice guide shows how to identify applications that fully utilize one or even multiple CPU cores. The required data is already part of uberAgent’s data set, all that is required is a Splunk search to unearth it.

Collecting the Processor Temperature

This practice guide explains how to determine the CPU temperature from PowerShell and add the result as a custom metric to uberAgent. Incidentally, this guide demonstrates how to use uberAgent’s custom script functionality, which is a powerful way of extending the product’s feature set.

Querying Windows Performance Counters

uberAgent can query any Windows performance counter and send the resulting metrics to the backend. This practice guide demonstrates how to do that.

The post Practice Guides on CPU Temperature & Application CPU Usage appeared first on uberAgent.

]]>
https://uberagent.com/blog/practice-guides-on-cpu-temperature-application-cpu-usage/feed/ 0
Announcing uberAgent for Apple macOS https://uberagent.com/blog/announcing-uberagent-for-apple-macos/ https://uberagent.com/blog/announcing-uberagent-for-apple-macos/#comments Sat, 08 Jun 2019 11:04:42 +0000 https://uberagent.com/?p=9718 We are proud of what we have achieved. In the six years of its existence, uberAgent has been deployed to more than half a million endpoints. Some of the world’s most successful enterprises are using uberAgent’s metrics to improve their users’ experience. Our customers typically start out with uberAgent at one type of endpoint, e.g....

The post Announcing uberAgent for Apple macOS appeared first on uberAgent.

]]>
We are proud of what we have achieved. In the six years of its existence, uberAgent has been deployed to more than half a million endpoints. Some of the world’s most successful enterprises are using uberAgent’s metrics to improve their users’ experience. Our customers typically start out with uberAgent at one type of endpoint, e.g. Citrix Virtual Apps. Once they see the product’s enormous practical value in their own environment, they often expand and deploy uberAgent to their other types of Windows devices, too: physical, virtual, RDSH, PCs, and laptops.

But why stop there?

Many organizations have a certain percentage of Macs. This number could be as low as 5% or as high as 20%, but it is there. As soon as you have fantastic Windows monitoring, you want it for your Macs, too. A single product that spans all relevant platforms in end-user computing, collecting the same high-quality metrics for macOS as it does for Windows. That is what we are announcing today.

Licensing

uberAgent on macOS is not a separate product. It is covered by the existing licenses. Customers just need to ensure they have enough licenses to cover their Mac users, too.

Timeline

We are working hard to port all the good qualities from the Windows version of uberAgent while making sure that uberAgent feels just right on the macOS platform. We hope to be able to release a beta version later this year.

The post Announcing uberAgent for Apple macOS appeared first on uberAgent.

]]>
https://uberagent.com/blog/announcing-uberagent-for-apple-macos/feed/ 4
uberAgent Masterclass at E2EVC Berlin https://uberagent.com/blog/uberagent-masterclass-at-e2evc-berlin/ https://uberagent.com/blog/uberagent-masterclass-at-e2evc-berlin/#respond Tue, 04 Jun 2019 14:36:19 +0000 https://uberagent.com/?p=9685 As in the previous year, we will be hosting an uberAgent masterclass at the E2EVC community conference, which takes place in Berlin this week. E2EVC is the perfect place to learn from and network with your fellow end-user computing geek. The amount of brainpower that comes together for E2EVC several times a year is staggering....

The post uberAgent Masterclass at E2EVC Berlin appeared first on uberAgent.

]]>
As in the previous year, we will be hosting an uberAgent masterclass at the E2EVC community conference, which takes place in Berlin this week. E2EVC is the perfect place to learn from and network with your fellow end-user computing geek. The amount of brainpower that comes together for E2EVC several times a year is staggering. What better place for a deep-dive technical uberAgent training?

Masterclass Agenda

We have content for anybody with a solid background in end-user computing. If you are new to uberAgent you will get a thorough technical architecture overview. If you are already experienced in the product you should enjoy the deep-dives. Along the way, we want to hear about your monitoring requirements. And, as always, we are very open to feature requests.

The specific topics to be covered are subject to change depending on the attendees’ interests. Following are some of the areas we hope to cover:

  • Architecture overview
  • Architecture deep-dive
    • How we collect user data
    • How we collect browser performance data
    • How we collect Citrix site data
    • How we collect Citrix ADC data
    • Multi-tenancy
    • Username encryption
  • Installation
  • Configuration
  • Splunk data volume optimization
  • Adding custom metrics
    • Performance counters
    • Custom scripts
  • Logging
  • Dashboards
    • uberAgent’s Splunk data model
    • Custom dashboards
    • Custom lookups

Registration

Please register at the desk where you pick up your badge. The masterclass starts at 14:30 on Saturday.

See you soon!

The post uberAgent Masterclass at E2EVC Berlin appeared first on uberAgent.

]]>
https://uberagent.com/blog/uberagent-masterclass-at-e2evc-berlin/feed/ 0
uberAgent 5.2.1: Elasticsearch 7, GPU Usage, IE Enhanced Protected Mode https://uberagent.com/blog/uberagent-5-2-1-elasticsearch-7-gpu-usage-ie-enhanced-protected-mode/ https://uberagent.com/blog/uberagent-5-2-1-elasticsearch-7-gpu-usage-ie-enhanced-protected-mode/#respond Mon, 06 May 2019 17:23:36 +0000 https://uberagent.com/?p=9438 We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.2.1 adds support for Elasticsearch 7 and brings many other improvements. For a full list of changes, please consult the release notes. As always, upgrading is highly recommended (instructions). Elasticsearch 7 uberAgent now fully supports the latest Elasticsearch...

The post uberAgent 5.2.1: Elasticsearch 7, GPU Usage, IE Enhanced Protected Mode appeared first on uberAgent.

]]>
We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.2.1 adds support for Elasticsearch 7 and brings many other improvements.

For a full list of changes, please consult the release notes. As always, upgrading is highly recommended (instructions).

Elasticsearch 7

uberAgent now fully supports the latest Elasticsearch version. Instructions on how to prepare Elasticsearch for uberAgent are available here.

GPU Usage

Even Better Robustness

uberAgent has long supported GPUs, and with version 5.2.1 the GPU detection is even more robust. Per-machine and per-process GPU compute usage now switch to an alternative algorithm if the original algorithm fails (observed with Nvidia Grid). This requires Windows 10 1709 or later.

GPU Engine per Process

uberAgent now determines per process which GPU engine is used most heavily (requires Windows 10 1709). This makes GPU monitoring on a process level much more accurate. Different uses like video decoding, or 3D acceleration can be clearly distinguished.

Internet Explorer Enhanced Protected Mode

uberAgent collects metrics about web app performance from all major browsers through add-ons, including Internet Explorer. The add-on now works in Internet Explorer’s Enhanced Protected Mode, too.

About uberAgent

uberAgent is a Windows user experience analytics and application performance monitoring product. Its highlights include detailed information about boot and logon duration (showing why and when boots/logons are slow), application unresponsiveness detection, network reliability drilldowns, process startup duration, application usage metering, browser performance per website and remoting protocol insights.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative user experience and application performance monitoring product. Our customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Our founder, Helge Klein, is an experienced consultant and developer who architected the user profile management product whose successor is now available as Citrix Profile Management. In 2009 Helge received the Citrix Technology Professional (CTP) award, in 2011 he was nominated a Microsoft Most Valuable Professional (MVP), in 2014 he was a Splunk Revolution Award Winner, in 2015 he became a VMware vExpert. Helge frequently presents at conferences and user group events.

The post uberAgent 5.2.1: Elasticsearch 7, GPU Usage, IE Enhanced Protected Mode appeared first on uberAgent.

]]>
https://uberagent.com/blog/uberagent-5-2-1-elasticsearch-7-gpu-usage-ie-enhanced-protected-mode/feed/ 0
Monitoring User Session Activity With uberAgent https://uberagent.com/blog/monitoring-user-session-activity-with-uberagent/ https://uberagent.com/blog/monitoring-user-session-activity-with-uberagent/#respond Thu, 11 Apr 2019 14:53:29 +0000 https://uberagent.com/?p=9272 The other day I got a question from a customer if it is possible to monitor session activity with uberAgent. Of course, I thought! One has to just look at the session connection state which can be active, disconnected, etc. That is monitored by uberAgent very well. But when I thought about it further, I...

The post Monitoring User Session Activity With uberAgent appeared first on uberAgent.

]]>
The other day I got a question from a customer if it is possible to monitor session activity with uberAgent. Of course, I thought! One has to just look at the session connection state which can be active, disconnected, etc. That is monitored by uberAgent very well. But when I thought about it further, I noticed that the situation is not so trivial. Read below how I solved it with a custom search.

Customer’s Requirements

Our customer is a service provider and wants to know if users are actively working in their sessions and to what percentage. “Actively working” means users are logged in and are doing something in the session. Non-active time means the users are logged in but not working. The latter is the case when:

  1. the session is disconnected
  2. the session is locked
  3. the screensaver is active

How to Solve That With uberAgent

Disconnected and Idle Sessions

The first point was easy to solve, you just have to search for sessions which are in the state active so all others are sorted out.

| pivot `uA_DM_Session_SessionDetail_Users` Session_SessionDetail_Users
   latest(SessionUserLower) as User
   splitrow
      SessionGUID
   filter host in (*)
   filter SessionConnectionState is "active"

Locked Sessions

Points two and three took me a while to figure out. uberAgent’s capability to collect the foreground application brought me to my goal. Let us start with locked sessions.

Want to know more about uberAgent’s capability to collect the foreground application? Read more here.

If the desktop is locked, the foreground process is LockApp.exe. That is the screen which appears before you have to enter your credentials. Mine looks like this:

uberAgent’s application identification groups LockApp.exe into the application Microsoft Windows OS. To identify the process uniquely, I have overwritten the identification in uberAgent’s configuration file:

[ProcessToApplicationMapping]
# Lock App
^C:\\Windows\\SystemApps\\Microsoft.LockApp_cw5n1h2txyewy\\LockApp\.exe$ = Lock App

While this upstream lock screen looks nice on physical PCs, it makes no sense in virtual environments and is typically disabled. In virtual environments, users are taken directly to the “real” login screen where they have to put in their credentials. That is a secure shell and cannot be accessed by uberAgent, hence the foreground application field is empty – which is good for us as it is empty only in this case!

By the way, if a user is just looking at the desktop with all applications closed the foreground application identified by uberAgent is Microsoft Windows OS (foreground process is explorer.exe).

As a conclusion uberAgent is able to identify if a desktop is locked either with Microsoft’s Lock App or without.

Active Screensaver

After I found out how to recognize the lock screen with uberAgent, the screensaver was a breeze. The foreground application is empty when the screensaver is active, too.

The Final Search

So the logic to see if a session is not active is as follows. One statement has to be true.

  • the session connection state is not active
  • the session is active and the foreground app is Lock App
  • the session is active and there is no foreground app

That translates into this easy-peasy Splunk eval command: | eval Active = case(SessionConnectionState != "active",0, (SessionConnectionState = "active" and SessionFgAppName = "Lock App"),0,(SessionConnectionState = "active" and isnull(SessionFgAppName)),0,1=1,1)

Here is the final search I ended up with:

| pivot `uA_DM_Session_SessionDetail_Users` Session_SessionDetail_Users
   count(Session_SessionDetail_Users) as EventCount
   latest(SessionConnectionState) as SessionConnectionState
   latest(SessionFgAppName) as SessionFgAppName
   latest(SessionUserLower) as User
   splitrow
      _time
      period second
   splitrow
      SessionGUID
   filter host in (*)
| eval Active = case(SessionConnectionState != "active",0, (SessionConnectionState = "active" and SessionFgAppName = "Lock App"),0,(SessionConnectionState = "active" and isnull(SessionFgAppName)),0,1=1,1)
| stats
   sum(Active) as Active
   sum(EventCount) as EventCount
   latest(User) as User
   by
      SessionGUID
| eval "Active time (%)" = round(Active / EventCount * 100,1)
| eval sortfield='Active time (%)'
| sort limit=0 -sortfield 'Active time (%)'
| table
   User
   "Active time (%)"

And the result:

Alternative Method

While the above works per session, uberAgent also collects idleness in percent per machine. 100% means the system is completely idle. This metric is used by Windows to determine whether to start the screen saver or turn off the display. Details are available in our documentation.

Test Setup

  • Microsoft Windows 10 Enterprise 1809 x64
  • uberAgent 5.2
  • Splunk 7.2.5

The post Monitoring User Session Activity With uberAgent appeared first on uberAgent.

]]>
https://uberagent.com/blog/monitoring-user-session-activity-with-uberagent/feed/ 0