This section describes how to set aggregation conditions.

Only the system administrator can set aggregation conditions.

When modifying the aggregation conditions in use, the modified condition will be updated at next aggregation. Therefore, the number of PC number of sets detected according to the old conditions and detailed graph will be displayed in the window before the next aggregation.

In a 3-level system structure, to know the overall system state, please set aggregation conditions in the Master Management Server. To know the state of the subordinate Management Server, please set aggregation conditions in each Management Server.

1. Start Web Console with any of the following methods.

   In a 2-level system structure, please connect to the Management Server.

   • Select [All Programs]-[Systemwalker Desktop Keeper]-[Server]-[Desktop Keeper Main Menu] from the [Start] menu on Management Server.

   • Specify “http://host name of Management Server or IP address/DTK/index.html” in the address bar of browser.
     When the port number of IIS is modified, specify as follows.
     http://IP address: port number/DTK/index.html

   In a 3-level system structure, please connect to (Master) Management Server respectively.

   • Select [All Programs]-[Systemwalker Desktop Keeper]-[Server]-[Desktop Keeper Main Menu]] from the [Start] menu on (Master) Management Server.

   • Specify “http://host name of (Master) Management Server or IP address/DTK/index.html” in the address bar of browser.
     When the port number of IIS is modified, specify as follows.
     http://IP address: port number/DTK/index.html

     
     

   → The [Login] window is displayed.

   

2. Enter the following information and click the [Login] button.

   • [User ID]: The [User ID] set in the [Administrator Information Settings] window of Server Settings Tool.

   • [Password]: The [Password] set in the [Administrator Information Settings] window of Server Settings Tool.
     It is recommended to Modify password regularly. For how to Modify password, please refer to “Change password”.

   → The status window is displayed.

   

3. Click [Log Management] of Global Navigation.
   →Log Viewer is started and the [CT Operation Log] window is displayed.

   

4. Click [Environment Setup] of Global Navigation.
   → The [Options] window is displayed.

   

5. Enter the following information and click the [Apply] button.

   About the processing time required for aggregation
   The processing time required for aggregation is affected by the following factors:

   • Hardware specification (CPU, memory, disk performance, etc.)

   • Operating environment (network status, operation conditions of other applications, etc.)

   • Number of Management Servers (Master Management Server in a 3-level structure)

   • Aggregation conditions (number of audited items and auditing period (*))

   • CT number of sets

   • Amount of logs saved in the database

   Even if the above operating environments are the same, the aggregation result will still be affected by the following factors, which will result in a different processing time:

   • CT number of sets satisfying the aggregation conditions (*)

   • Number of logs satisfying the aggregation conditions (*)

   Items marked by (*) are the main reasons and have significant influence.

   The following is an example of processing time. (As a reference value, it is greatly affected by hardware and data.)
   In fact, the processing time affected by environment and data conditions is from several minutes to hours.
   When both of the hardware are CPU:Core2Duo 2.4GHz with 3GB memory.

   • Number of CTs is 100 (all meeting the aggregation conditions), number of logs is 630,000 (among which 210,000 satisfies the aggregation conditions), the auditing period is 31 days, and the processing time is about 150 seconds.

   • Number of CTs is 500 (all meeting the aggregation conditions), number of logs is 630,000 (among which 210,000 satisfies the aggregation conditions), the auditing period is 31 days, and the processing time is about 430 seconds.

     Item Name		Description
     [Aggregation Schedule]		Set the time to start aggregation. Hour: Select by hour within the range of 0-23 Minute: Select by minute within the range of 0-59 Initial value: 1 hour 0 minute Note Please take the following points into consideration in the settings of an aggregation schedule: The aggregation process will cause a heavy load. Please perform in the time frame with lower business load (at midnight, etc.). Please do not modify configuration information and environment setup during aggregation. The aggregation result may be displayed incorrectly. Level Control Service must be started during the aggregation process. Please do not overlap with the operation of stopping Level Control Service (backup, restoration, data transmission, etc.).
     [Proportion of Graph Color(%)]		Set and modify the threshold value of histogram colors in the status window. Select and modify the proportion of yellow and red through the button. Modify it by 10%. Initial value: the threshold value of the yellow histogram is within 20% the threshold value of the red histogram is above 80%
     [URL of Desktop Patrol]		Set it when assets management information of Systemwalker Desktop Patrol is displayed. Single-byte alphanumeric characters, “.” and “:” can be specified. Initial value: not displayed
     Settings of Notification E-mail
     	E-mail Notification	Set to notify the department administrator about the aggregation result by E-mail. Do not notify: Do not notify by E-mail. Daily: notify by E-mail every day. Weekly: Specify the day to notify by E-mail once a week. Please set which day and whether to notify the aggregation result by E-mail on that day weekly. Monthly: Specify which day to notify by E-mail once a month. Select one day from the first day to the 28th day in a month to notify the aggregation result by E-mail. Initial value: [Do Not notify] The following aggregation items are not notified by E-mail. [PC having blocked the use of prohibited USB memory] [PC having blocked the use of prohibited account group] [PC having blocked the use of prohibited application] [PC having blocked prohibited printin] [PC having blocked the sending of E-mail with prohibited attachment] E-mail notification will be sent to the department administrator of the group to which the error PC belongs (when no department administrator is set in the group, notification will be sent to department administrator of the upper level group). E-mail is not sent in following cases: When there is no department administrator in the upper level group When the recipient address of the department administrator is not set though department administrator has been set When there is no error PC in the department managed by the department administrator When [Manage on each Management Server] has been set in [System Information Settings]-[Manage User Information] of server settings tool At this time, the result aggregated in the Master Management Server will not be sent to the department administrator set in the Management Server. Please set an E-mail notification on each Management Server. When aggregation process stops abnormally When Level Control Service stops At this time, if aggregation process ends normally, E-mail notification will be performed after Level Control Service starts. Also, please set the recipient address of the E-mail server and department administrator in [Server Settings Tool].
     	E-mail Title	Set the subject of E-mail. Please specify characters to be no greater than 128 bytes. The E-mail will be sent without any subject if the subject is omitted. Initial value: (blank)
     	E-mail Text	Set the body text of E-mail. Please specify characters no greater than 512 bytes in size. Initial value: (blank) The body text of notification is shown as follows. The specified content in [E-mail Body Text] [Overview] Aggregation target department: [Counting information] (*1) PC having exported files: PC pattern 1 that is is used out of working time PC pattern 2 that is is used out of working time PC having performed suspicious access: PC not connected for a long time: [Attachment information] (*2) ----------------------------------- PC having exported files 1: terminal name : : ----------------------------------- PC pattern 1 that is used out of working time: 1: terminal name : : ----------------------------------- : : (omitted) -- http://IP address DTK/index.html *1: if over one correspondent terminal exists in items to be aggregated, they will be recorded. *2: when [Attach] is selected in [List of Problem PCs], the correspondent terminal name will be displayed in each aggregation target item. Note About content recorded in E-mail body text The content notified by using the E-mail notification function is the aggregation result during the E-mail notification. After the next aggregation (once a day), the result may be inconsistent with that in the status window.
     	List of Fault PCs	Set whether to record the list of aggregated PCs in the E-mail body text. Not attach: Not to record the list of problem PCs. Attach: Record the list of problem PCs. (Up to 1000 error PCs can be recorded.) Initial value: not attach
     [PC Having Exported Files] (all conditions are aggregated as AND conditions)
     	[Item Description]	Description of the aggregated items.
     	[Aggregation of Items]	Set whether to display the aggregation result in the status window or not. Initial value: [Yes]
     	[Settings of Aggregation Period]	Set the aggregation time for error PCs (from the day before X to the day of aggregation). Select by 1 day within 1-31 days. Initial value: 7 days
     	[Type of Operation]	Select from file export, file operation (move, copy and rename) as the type of operation log of counting target. Multiple selection can be made. At least one must be selected. Initial value: [File export]
     	[Settings of External Memory Media Type]	Select from Removable, CD/DVD and Network as the drive type of external memory media. Multiple can be selected. At least one must be selected. Initial value: [Removable]
     	[Filtering Settings]	Set keyword contained in the file path of export source. By specifying the path of the shared folder as a keyword, aggregation can be performed when exporting files of specific shared server only. To specify multiple keywords, enter a single-byte space between each of them. Up to 10 keywords can be specified. As single-byte space is used as a separator, it cannot be used as a keyword. Up to 128 byte including the separator can be set. The alphabets are case-insensitive. When specifying shared folder, please specify as follows. \\server name\folder name \\IP address\folder name Initial value: (blank)
     [PC Used out of Working Time] (all conditions are aggregated as AND conditions)
     	[Item Descriptions]	Description of the aggregated items.
     	[Aggregation of Items]	Set whether to aggregate or not. When selecting not to count, the status window will not be displayed. Initial value: [Yes]
     	[Settings of Aggregation Period]	Set the aggregation time for error PCs (from the day before X to the day of counting). Select by 1 day within 1-31 days. Initial value: 7 days
     	[Settings of Non-working Time]	Define the time frame as “Non-working Time”. Day of a week: select which day to be set as non-working time. At least one must be selected. Time: select the time to be set as non-working time. Specify by 1 hour within 0-23. When n the time is not specified, set to “-”. Initial value: Pattern 1 (supposed from Monday to Friday) Day of the week: Monday, Tuesday, Wednesday, Thursday, Friday Time: from 00:00 to 08:59 and 17:00 to 23:59 Pattern 2 (supposed on weekend supposed) Day of the week: Saturday, Sunday TIme: Not specified Example Specification Example 1 When aggregating PCs used at weekends ・Time: not specified ・Day of the week: Saturday and Sunday are selected Specification Example 2 When aggregating PCs used during non-working time from Monday to Friday ・Time: 00:00 to 08:59 or 17:00 to 23:59 ・Day of the week: Monday, Tuesday, Wednesday, Thursday, Friday selected When the same period is set, it will not be aggregated repeatedly. [Example] Set to from 00:00 to 06:59 or 00:00 to 06:59 and only one PC is used in the above period, there will be only one aggregation result.
     [PC Having Performed Suspicious Access] (all conditions are aggregated as AND conditions)
     	[Item Descriptions]	Description of the aggregated items.
     	[Aggregation of Items]	Set whether to aggregate or not. When selecting not to count, the status window will not be displayed. Initial value: [Yes]
     	[Settings of Aggregation Period]	Set the aggregation time for error PCs (from the day before X to the day of aggregation). Select by 1 day within 1-31 days. Initial value: 7 days
     	[Settings of Access Type]	Set access type. Start in safe mode: it is aggregated when the PC is started in safety mode. Login with local user: in the environment where the domain is used, it is aggregated when logging in as local user. Login with administrator authority: it is aggregated when logging in with administrator authority. Initial value: [Start in safe mode]
     [PC Not Connected for a Long Time] (all conditions are aggregated as AND conditions)
     	[Item Descriptions]	Description of the aggregated items.
     	[Aggregation of Items]	Set whether to aggregated or not. When selecting not to count, the status window will not be displayed. Initial value: [Yes]
     	[Settings of Disconnection Period]	Set the disconnection period. Select by 1 day within 1-366. Initial value: 30 days
     [PC Having Blocked the Use of Prohibited USB Memory] [PC Having Blocked the Use of Prohibited Account Group] [PC Having Blocked the Use of Prohibited Application] [PC Having Blocked Prohibited Printing] [PC Having Blocked the Sending of E-mail with Prohibited Attachment] (All conditions are aggregated as AND conditions)
     	[Item Descriptions]	Description of the aggregated items.
     	[Aggregation of Items]	Set whether to display the aggregation result in the status window or not. Initial value: [No]
     	[Settings of Aggregation Period]	Set the aggregation time for error PCs (from the day before X to the day of aggregation). Select by 1 day within 1-31 days. Initial value: 7 days