Licence Auditor - User Guide

Intended Audience

This document is intended for general use. It is expected that users are familiar with the Geneos product and concepts prior to reading this document. ITRS Support staff may find this document more helpful than other readers, since this component allows them to automate a previously manual task.


The Licensing Auditor assists users in gathering auditing data in an automated manner, rather than the time-consuming manual method used currently. This data will then be used to determine licensing requirements for the target system.

The Auditor operates by connecting to a set of configured gateways sequentially and receiving select monitoring information. This information is stored internally by the Auditor, and is used to generate reports of the current licensing state of the system. Reports can be generated by users connecting to the Auditor via a web browser and requesting the relevant page.

Note: If gateways are running with security settings, the auditor will require a user to login and receive data. Since auditor only needs to examine data VIEWONLY permissions for this user are sufficient.

Sequential Connections

The Auditor connects to the gateways in the order that they are listed in the setup file. Once audit data for a particular gateway is received, the auditor will disconnect from that gateway and connect to the next. Once all the gateways listed in the setup file have been attempted, the Auditor will show a message that it is now ready to report.

Gateways that the auditor failed to connect to will be ignored and connection will not be re-attempted. A list the gateways that it failed to connect to will be shown at the end.

If a gateway connection goes down while auditor is gathering audit data from that gateway, the Auditor will retain any information it had obtained so far. Similarly if a probe connected to the gateway being currently processed goes down, the Auditor will skip that probe and continue on. In this case it will still attempt to gather auditor data pertaining to the remaining probes.

Note: Auditor will attempt to connect to each gateway only once. Regardless of whether or not it successfully obtains all the required audit data, connection will not be attempted again. Hence it is necessary to ensure that all the relevant gateways and probes are up before running the auditor.

CSV Reports

Once the Auditor has attempted to connect to all the configured gateways, it will output a number of CSV reports.


File format

Configuration for the auditor is specified in a flat-format text file. By default auditor looks for a file named auditor.setup in the working directory, but a different file may be specified using the -setup command-line option. The setup file is read by the auditor at the beginning of the audit run. Any updates to the setup file after auditor has been started would be ignored.

Configuration settings are specified in the format SETTING=VALUE (with optional white-space around the equals sign). A hash (#) character at the start of a line symbolises that the line is a comment and should be ignored.


The following settings are available for use in the setup file.



The auditor listen port can be specified in the setup file, if it has not already been specified using the ‑port command-line option. This port will be the port users connect to with their web browsers to request a report. The default listen port is 7048. If possible it is recommended that the listen port be set to 80 (the default HTTP port) however this typically requires the auditor to run with root privileges.


REPORT_TITLE = Test Report

The report title appears at the top of every report. Users can use this setting to alter this title to their preferences. This setting defaults to an empty string.



The CPU default count specifies how many CPU units the auditor should estimate, for a server for which there is no CPU data. This value will apply for servers where a Netprobe is configured in a gateway setup, but is not currently running, or for servers where a Netprobe is running but there is no CPU plug-in data. The default value is 4.



The CPU cores-per-unit setting specifies how many logical CPU cores will be attributed to a single CPU license unit. For example, with this setting set to 2, an 8-core machine will consume 4 CPU license units. With this setting set to 4, the same 8-core machine will only consume 2 CPU license units.



The plug-in report mode specifies how plug-ins are counted by the auditor, either per‑instance or per‑server. These are configured by specifying INSTANCE (the default) or SERVER respectively.

In per-instance mode, two instances of the same plug-in running on the same server (either in the same Netprobe or separate Netprobes) will consume 2 licenses for that plug-in. In per-server mode, they will only consume a single license.



This optional setting specifies (in minutes) the maximum time the auditor will wait for a particular gateway to return audit data before moving on to the next. The default value for this setting is 5 minutes.

When the Auditor processes a gateway it attempts to obtain information from Hardware and CPU samplers on each probe if these are configured. However, if these samplers have not yet had a chance to sample since the particular gateway and probe was stated, the Auditor will wait until they do. However, based on, for example the active times setting of those samplers, it may be the case that they will not sample again for an unacceptably long time. In these cases based on the PENDING_TIMEOUT specified the Auditor will eventually give up and move on the next gateway.

If any gateways were skipped in this manner the Auditor will give a warning at the end of the Audit run. This warning will list the number of gateways that had to be skipped.

This setting can also be passed to auditor using the command line parameter -ptimeout which will override the setting if present in the set-up file.



This optional setting specifies whether CSV reports will be written to disk for each gateway that the Auditor successfully connected to or just generate reports for each section and the overall summary.


LOGIN = myUser myPassword

The login setting specifies the login credentials to use for all GATEWAY settings declared under this setting. The username should be the same as that defined on the gateway and have at least VIEWONLY permissions.

In order to use a system logon without a password, ##system## should be used.

LOGIN = myUser ##system##


GATEWAY = testhost:4400 myUser myPassword
GATEWAY = testhost:4400
GATEWAY = testhost myUser myPassword
GATEWAY = testhost

The GATEWAY setting specifies a gateway for the auditor to connect to. The format of this setting is the same as that for a legacy ActiveConsole (ActiveConsole 1), and specifies the hostname and the listen port of the gateway. Therefore, gateway definitions can be copied and pasted from the ActiveConsole set-up.

Following the gateway host, there are fields to specify a username and password. If using the LOGIN setting described above, these fields are then optional and will override the LOGIN credentials if specified. Otherwise the fields are mandatory and are used when connecting to that gateway.

Finally, the gateway port can be omitted when specifying the gateway. In this case, auditor will attempt to connect to the gateway host on the default gateway port of 7039.


SECURE_GATEWAY = testhost:4400 myUser myPassword
SECURE_GATEWAY = testhost:4400
SECURE_GATEWAY = testhost myUser myPassword

The SECURE_GATEWAY setting specifies is similar to the GATEWAY setting. It also specifies a gateway for the auditor to connect to. The difference is that if the GATEWAY setting is used, the auditor will connect using an insecure TCP connection. However, if the SECURE_GATEWAY setting is used, the auditor will connect using a secure SSL connection.

The SECURE_GATEWAY setting is otherwise identical to the GATEWAY setting. The gateway port is optional as are the username and password.


GATEWAY = testhost:4400 myUser myPassword
GATEWAY = testhost:4400
GATEWAY = testhost:4401 myUser myPassword
GATEWAY = testhost:4401

Users can use this setting if they have a large number of gateways connected to the license daemon and want to organise the audit report into logical groupings.


# Auditor Configuration File

# Specify the Auditor listen port below
# The report title is placed as the title of each report page

# Gateway login (in the form of <username> <password>)
LOGIN = jtiu ##system##

# Specify individual gateways below.  Specification takes the form of
# GATEWAY=<gateway> <user> <password>
# or if the LOGIN is specified above
# GATEWAY=<gateway>



Obtaining a report

Once the Auditor has attempted to connect to all the gateways, reports can be generated. Two types of report are available: HTML and CSV.

HTML Reports

The auditor will start listening on the configured port for HTTP connections. To obtain a report, the user must connect to the auditor using a web browser. The URL would then be: http://audithost:auditport/

For example if the auditor were running on "myhost" with a listen port of 8080 the URL would be:


If the auditor is configured to use the HTTP listen port of 80, then there is no need to include the port in the URL. In this case, users could just type:


Example HTML report

The following image shows an example of the report generated by the license auditor.



Understanding the Audit HTML Reports


The audit report is split up into several sections, which display the audit data at a different level of granularity. The basic structure of a report consists of an overview, followed by a section breakdown for each section configured in the auditor configuration. This structure can be seen below:

  • Overview
    • Summary
      • Cpu
      • Plug-Ins
    • Details
      • Cpu
      • Plugins
  • SectionOne
    • Summary
      • Framework (CPU)
      • Plug-Ins
    • Details
      • Framework (CPU)
      • Plug-Ins
  • SectionTwo
  • SectionX…

The overview summary section displays the overall totals for all audited components. In this section, the CPU and Plug-In details are given broken-down by section and a total figure.

The overview details section displays additional details of the summary data. In the case of both CPU and Plug-Ins, these details explain the duplicate adjustments that were made to the totals. These adjustments are to avoid counting CPUs or plug-ins multiple times, for hosts which are shared between different audit sections.

Each section (a set of gateways, as configured in the auditor setup file) is then described in its own section of the report. A section summary contains details of CPUs and plug-ins, showing the usage for each gateway in the section and the section total.

The section details region of the report explains how the figures in the section summary were derived. For both CPU and plug-ins, a table is displayed for each gateway showing the hosts (or plug-in instances) which are contributing to the total counts for that gateway. An additional table is also shown for the duplicate adjustments, to eliminate any duplicate counts for hosts that are common to gateways in that section.

Duplicate adjustments

Duplicate adjustments are performed for CPU Unit counts, and for plug-in counts if auditor is running in per‑server plug-in licensing mode. The purpose of these adjustments is to disregard duplicate counts, which arise when the same server is monitored by multiple gateways, and potentially across different sections (e.g. departments).

Auditor uses two metrics to identify servers; the resolved IP address of the Netprobe host, and the hostid data (if available). On Windows, the MAC address of the first network interface is used as the hostid, since Windows does not natively support this feature unlike Unix OSes.

Connected status

The connected status field appears both in the section summary, and the section detail tables. The section summary table shows whether the auditor is connected to this gateway or not. The section details table (see example below) shows whether the auditor is connected to a particular host, for a given gateway.

Possible status values for gateways are:

Value Description
Connected The gateway is currently connected auditor.
Disconnected The gateway is not currently connected auditor.

Possible status values for hosts are:
Value Description
Connected The host is currently connected to this gateway.
Disconnected (local) The host is currently not connected to this gateway, but the audit data is current since the host is connected to another audited gateway.
Disconnected The host is not currently connected to any audited gateways.

In the following example, we are looking at the hosts configured for the gateway "Audit Example". You may notice that the values for CPU units in this example have two tags after them, "(dis)" and "(est)", which stand for "disconnected" and "estimated" respectively.

The disconnected flag will appear, if a host that was previously seen and audited, is then disconnected from auditor. In this case auditor will display the last known data for this host (in this case, 1 CPU unit), but will flag this since the data is not current.

The estimated flag will appear if a host has never been seen by auditor. In this case, auditor will estimate the number of CPU units for this host. To produce accurate figures, users are recommended to ensure the Netprobes on these hosts are running and that the CPU sampler is present.


CSV Reports

Once the Auditor has attempted to connect to all the configured gateways, it will write out CSV reports of the infrastructure it has inspected. There will be three types of reports written:

Gateway Reports

These reports show information about the utilisation of a single gateway.

Each row of the report corresponds to a "host" on which netprobes are run. The probe instances column allows you determine how many netprobes were on that host connected to the gateway. There are also additional rows for Duplicate Count Adjustment when plugins are licensed per server and an overall totals row.

If the Gateway has Gateway plug-ins configured, an additional row for all the Virtual Probes on the Gateway will also be present, with the totals for the instances of the Gateway plug-ins.

The report has the following columns:

  • Section Name
    Name of the section this gateway falls under in the Auditor configuration
  • Gateway
    Name of the gateway
  • Date
    The date the audit was run
  • Netprobe Hostname
    The hostname of this host
  • IP Address
    The IP address of this host
  • HostID
    The unix host id of this host. On Windows this will be the MAC address of the machine
  • Connection Status
    Whether the gateway has connected to at least one of the probes configured on this host
  • Managed Entities
    The number of Managed Entities running on this host
  • Physical CPUs/Sockets
    The number of Physical CPUs on this host
  • Logical CPUs/Cores
    The number of logical processors on this host
  • CPU Units
    The number of chargeable CPU Units on this host See the CPU_CORES_PER_UNIT setting
  • Probe Instances
    The number of netprobes connected to this gateway running on this host

Additional columns then follow for the total number of instances of each plugin across all the netprobes running on this host. The Duplicate Count Adjustment row then lists the adjustment for these plugin totals if licensing per server.

The CSV reports are generated in the auditor working directory and follow the naming convention:


Section Reports

These reports show information about utilisation across all the gateways defined in a section in the Auditor configuration file. The columns are the same as the gateway reports.

Each report consists of all the individual gateway reports for all the gateways in the section listed one after the other with additional rows. The section Duplicate Count Adjustment shows the adjustment for the CPU and Plugin information where probes are run on the same host but are connected to different gateways in the same section.

There is an additional row for the Grand Total across the entire section.

The CSV reports are again generated in the auditor working directory and follow the naming convention:


Summary Reports

The final report shows a summary of usage across all the gateways and sections in the Auditor configuration. There is a row for each section as well as rows for Duplicate Count Adjustment and the overall total.

The report has the following columns:

  • Section Name — Name of this section in the Auditor configuration
  • Date — The date this audit was run
  • Netprobes — The total number of netprobes configured across all the gateways in the section. This column is the same as the total of the Probe Instances column in the section report
  • Managed Entities — The total number of Managed Entities configured across all the gateways in the section This column is the same as the total of the Managed Entities column in the section report
  • Physical CPUs/Sockets — The total number of Physical CPUs across all the hosts running probes that are connected to gateways in this section
  • Logical CPUs/Cores — The total number of logical processors across all the hosts running probes that are connected to gateways in this section
  • CPU Unit — The total number of chargeable CPU Units across all the hosts running probes that are connected to gateways in this section

Additional columns then follow for the totals for each plugin configured on probes that are connected to gateways in the section.

The Duplicate Count Adjustment shows the correction taken into account for hosts that run netprobes that are connected to gateways in different sections of the auditor configuration.

The CSV reports are again generated in the auditor working directory and follow the naming convention:



Certain debugging flags can be passed to auditor to get verbose information output the log file. Pass the flag -debug as a command line argument or set the environment variable DEBUG =Auditor:debug to achieve the same. This will help to get extra information about the Auditor's activities when it connects to and gathers audit data from gateways.