| Title: | POLYCENTER Console Manager |
| Notice: | Kits, Scans, Docs on CSC32:: as PCM$KITS:,PCM$DOCS:, PCM$SCANS: |
| Moderator: | CSC32::BUTTERWORTH |
| Created: | Thu Aug 06 1992 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1541 |
| Total number of notes: | 6564 |
Hi,
I have included an export file. I am trying very simple events, filters
and actions. I want to capture login failures (remote and local) and send
mail to me (on a remote node). I also want to capture messages from the
Purveyor Internet software and have a broadcast message sent to me (on the PCM
node). Either of these seem to be happened. Can someone discern what I'm
doing wrong? And does every event and filter action require a scan? Is that
my problem?
Also, since I have included this file. Can someone let me know if this
is as tight as I can get on privileges for an OPERATOR account? I want them to
be able to use PCM but with as few privileges as possible.
I looked in the CONSOLE$EXAMPLES and don't see anything. Did I miss
something when I did the install of 1.6 and them ECO 2? Do we have a repository
of already created events, scans, filters and actions? I
Appreciating any responses.
Lynne
################################################################################
# Generated by Console Manager Export Utility
# Date: Fri Sep 6 15:18:22 1996
# By: GLICKMAN
# System: AXP54
################################################################################
SET_ARCHIVE:
ARCHIVE_HOURS: 12
ARCHIVE_DIRECTORY: CONSOLE$ARCHIVE
END:
SET_FILESPACE:
DISK_CAPACITY_INTERVAL: 600
WARNING PERCENT: 800
CRITICAL PERCENT: 950
END:
SET_FAILOVER:
KEEPALIVE_TIMER: 30
END:
SET_TIMEOUT:
ACTION_ROUTINE: 60
END:
DELETE_ACTION:
NAME: Archive Clean-up
END:
ADD_ACTION:
NAME: Archive Clean-up
INFO: Clean up the Archive area
COMMAND: console$archive_cleanup
ACTIVATE_EACH_EVENT_AND_EACH_USER_DATA: Y
ACTIVATE_ALL_EVENTS_AND_EACH_USER_DATA: N
ACTIVATE_ALL_EVENTS_AND_ALL_USER_DATA: N
PASS_NAME: N
PASS_CLASS: N
PASS_INFO: N
PASS_TEXT: Y
PASS_PRIORITY: N
PASS_TIME: N
PASS_SYSTEM: N
PASS_SUBSYSTEM: N
PASS_SOURCE: N
PASS_USER_DATA: N
END:
DELETE_ACTION:
NAME: Broadcast
END:
ADD_ACTION:
NAME: Broadcast
INFO: Broadcast an event to a User or Terminal
COMMAND: console$broadcast
ACTIVATE_EACH_EVENT_AND_EACH_USER_DATA: N
ACTIVATE_ALL_EVENTS_AND_EACH_USER_DATA: Y
ACTIVATE_ALL_EVENTS_AND_ALL_USER_DATA: N
PASS_NAME: N
PASS_CLASS: N
PASS_INFO: N
PASS_TEXT: N
PASS_PRIORITY: N
PASS_TIME: N
PASS_SYSTEM: N
PASS_SUBSYSTEM: N
PASS_SOURCE: N
PASS_USER_DATA: Y
END:
DELETE_ACTION:
NAME: Mail
END:
ADD_ACTION:
NAME: Mail
INFO: Mail an event to a User
COMMAND: console$mail
ACTIVATE_EACH_EVENT_AND_EACH_USER_DATA: Y
ACTIVATE_ALL_EVENTS_AND_EACH_USER_DATA: N
ACTIVATE_ALL_EVENTS_AND_ALL_USER_DATA: N
PASS_NAME: Y
PASS_CLASS: Y
PASS_INFO: Y
PASS_TEXT: Y
PASS_PRIORITY: Y
PASS_TIME: Y
PASS_SYSTEM: Y
PASS_SUBSYSTEM: N
PASS_SOURCE: N
PASS_USER_DATA: Y
END:
DELETE_ACTION:
NAME: Multi-Line Window
END:
ADD_ACTION:
NAME: Multi-Line Window
INFO: One Event per line in a window
COMMAND: console$eventlist
ACTIVATE_EACH_EVENT_AND_EACH_USER_DATA: N
ACTIVATE_ALL_EVENTS_AND_EACH_USER_DATA: Y
ACTIVATE_ALL_EVENTS_AND_ALL_USER_DATA: N
PASS_NAME: N
PASS_CLASS: N
PASS_INFO: N
PASS_TEXT: N
PASS_PRIORITY: N
PASS_TIME: N
PASS_SYSTEM: N
PASS_SUBSYSTEM: N
PASS_SOURCE: N
PASS_USER_DATA: Y
END:
DELETE_ACTION:
NAME: Single-Shot Window
END:
ADD_ACTION:
NAME: Single-Shot Window
INFO: One event in one window
COMMAND: console$eventsingle
ACTIVATE_EACH_EVENT_AND_EACH_USER_DATA: Y
ACTIVATE_ALL_EVENTS_AND_EACH_USER_DATA: N
ACTIVATE_ALL_EVENTS_AND_ALL_USER_DATA: N
PASS_NAME: N
PASS_CLASS: Y
PASS_INFO: Y
PASS_TEXT: N
PASS_PRIORITY: Y
PASS_TIME: N
PASS_SYSTEM: Y
PASS_SUBSYSTEM: N
PASS_SOURCE: N
PASS_USER_DATA: Y
END:
DELETE_EVENT:
NAME: CMgr Archive Aborted
END:
ADD_EVENT:
NAME: CMgr Archive Aborted
INFO: Archive of system log data was Aborted
TEXT: Archive of system log data was Aborted
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: WARNING
END:
DELETE_EVENT:
NAME: CMgr Archive Area Full
END:
ADD_EVENT:
NAME: CMgr Archive Area Full
INFO: CONSOLEmanager Archive Area is FULL
TEXT: CONSOLEmanager Archive Area is FULL
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CRITICAL
END:
DELETE_EVENT:
NAME: CMgr Archive Completed
END:
ADD_EVENT:
NAME: CMgr Archive Completed
INFO: CONSOLEmanager has completed an Archive
TEXT: CONSOLEmanager has completed an Archive
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CLEAR
END:
DELETE_EVENT:
NAME: CMgr Archive Started
END:
ADD_EVENT:
NAME: CMgr Archive Started
INFO: CONSOLEmanager has started an Archive
TEXT: CONSOLEmanager has Started an Archive
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CLEAR
END:
DELETE_EVENT:
NAME: CMgr Connect
END:
ADD_EVENT:
NAME: CMgr Connect
INFO: User has connected to CONSOLEmanager
TEXT: User has connected to CONSOLEmanager
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CLEAR
END:
DELETE_EVENT:
NAME: CMgr Console Lost
END:
ADD_EVENT:
NAME: CMgr Console Lost
INFO: Connection lost to managed system
TEXT: Connection lost to managed system
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CRITICAL
END:
DELETE_EVENT:
NAME: CMgr Console Lost Disabled
END:
ADD_EVENT:
NAME: CMgr Console Lost Disabled
INFO: Console Lost Detection Disabled, remote system does not support TELNET getstatus
TEXT: Console Lost Detection Disabled, remote system does not support TELNET getstatus
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: WARNING
END:
DELETE_EVENT:
NAME: CMgr Console NOT Found
END:
ADD_EVENT:
NAME: CMgr Console NOT Found
INFO: Managed Console line not available
TEXT: Managed Console line not available
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: MAJOR
END:
DELETE_EVENT:
NAME: CMgr Console OK
END:
ADD_EVENT:
NAME: CMgr Console OK
INFO: Connection re-established to managed system
TEXT: Connection re-established to managed system
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CLEAR
END:
DELETE_EVENT:
NAME: CMgr Disconnect
END:
ADD_EVENT:
NAME: CMgr Disconnect
INFO: User has disconnected from CONSOLEmanager
TEXT: User has disconnected from CONSOLEmanager
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CLEAR
END:
DELETE_EVENT:
NAME: CMgr Disk Critical
END:
ADD_EVENT:
NAME: CMgr Disk Critical
INFO: Logging Filespace is Critically low
TEXT: Logging Filespace is Critically low
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: CRITICAL
END:
DELETE_EVENT:
NAME: CMgr Disk Warning
END:
ADD_EVENT:
NAME: CMgr Disk Warning
INFO: Logging Filespace is running low
TEXT: Logging Filespace is running low
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: WARNING
END:
DELETE_EVENT:
NAME: CMgr Reconfigure Completed
END:
ADD_EVENT:
NAME: CMgr Reconfigure Completed
INFO: CONSOLEmanager reconfiguration completed
TEXT: CONSOLEmanager reconfiguration completed
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: MAJOR
END:
DELETE_EVENT:
NAME: CMgr Reconfigure Failed
END:
ADD_EVENT:
NAME: CMgr Reconfigure Failed
INFO: CONSOLEmanager reconfiguration failed
TEXT: CONSOLEmanager reconfiguration failed
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: MAJOR
END:
DELETE_EVENT:
NAME: CMgr Reconfigure Started
END:
ADD_EVENT:
NAME: CMgr Reconfigure Started
INFO: CONSOLEmanager reconfiguration has started
TEXT: CONSOLEmanager reconfiguration has started
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: MAJOR
END:
DELETE_EVENT:
NAME: CMgr Shutdown
END:
ADD_EVENT:
NAME: CMgr Shutdown
INFO: CONSOLEmanager is shutting down
TEXT: CONSOLEmanager is shutting down
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 0
PRIORITY: MAJOR
END:
DELETE_EVENT:
NAME: CMgr Unlock
END:
ADD_EVENT:
NAME: CMgr Unlock
INFO: User unlock of system console.
TEXT: CONSOLE MANAGER UNLOCK OF CONSOLE
CLASS: CONSOLEmanager
SUB_SYSTEM: CM Internal
REGULAR_EXPRESSION: N
START: 0
COUNT: 1
PRIORITY: MINOR
END:
DELETE_EVENT:
NAME: Local Login Warnings
END:
ADD_EVENT:
NAME: Local Login Warnings
INFO: Login attempt failed
TEXT: Local interactive login failure
CLASS: Security
SUB_SYSTEM: Logins
REGULAR_EXPRESSION: N
START: 3
COUNT: 14
PRIORITY: WARNING
END:
DELETE_EVENT:
NAME: Purveyor
END:
ADD_EVENT:
NAME: Purveyor
INFO: Purveyor workers
TEXT: PURVEYOR-I-DBSTATUS
CLASS: Web Stuff
SUB_SYSTEM: Dbstatus
REGULAR_EXPRESSION: N
START: 3
COUNT: 14
PRIORITY: WARNING
END:
DELETE_EVENT:
NAME: Remote Login Warnings
END:
ADD_EVENT:
NAME: Remote Login Warnings
INFO: Login attempt failed
TEXT: Remote interactive login failure
CLASS: Security
SUB_SYSTEM: Logins
REGULAR_EXPRESSION: N
START: 7
COUNT: 16
PRIORITY: WARNING
END:
DELETE_SCAN:
NAME: CONSOLEmanager Internal Events
END:
ADD_SCAN:
NAME: CONSOLEmanager Internal Events
INFO: Internal events for CONSOLEmanager use, Reserved to Digital
EVENT: CMgr Archive Aborted
EVENT: CMgr Archive Area Full
EVENT: CMgr Archive Completed
EVENT: CMgr Archive Started
EVENT: CMgr Connect
EVENT: CMgr Console Lost
EVENT: CMgr Console Lost Disabled
EVENT: CMgr Console NOT Found
EVENT: CMgr Console OK
EVENT: CMgr Disconnect
EVENT: CMgr Disk Critical
EVENT: CMgr Disk Warning
EVENT: CMgr Reconfigure Completed
EVENT: CMgr Reconfigure Failed
EVENT: CMgr Reconfigure Started
EVENT: CMgr Shutdown
EVENT: CMgr Unlock
END:
DELETE_SCAN:
NAME: OpenVMS Security
END:
ADD_SCAN:
NAME: OpenVMS Security
INFO: OpenVMS Security events
EVENT: Local Login Warnings
EVENT: Remote Login Warnings
END:
DELETE_SYSTEM:
NAME: axp70
END:
ADD_SYSTEM:
NAME: axp70
INFO: DEC 3000
PRIMARY_HOST:
FAILOVER_HOST:
CONNECTION_TYPE: LAT
TERMINAL_DEVICE: LTA0:
TERMINAL_SERVER: DSCONS
SERVER_PORT: PORT_1
SCAN_NAME: OpenVMS Security
ICON_FILE: DEC_3000.XBM
LOG_DATA: Y
LOG_DIRECTORY: CONSOLE$LOGFILES
ENABLED: Y
END:
DELETE_SYSTEM:
NAME: V70F
END:
ADD_SYSTEM:
NAME: V70F
INFO: Part of VAXNPT
PRIMARY_HOST:
FAILOVER_HOST:
CONNECTION_TYPE: LAT
TERMINAL_DEVICE: LTA0:
TERMINAL_SERVER: DSCONS
SERVER_PORT: PORT_2
SCAN_NAME: OpenVMS Security
ICON_FILE: VAX_8600.XBM
LOG_DATA: Y
LOG_DIRECTORY: CONSOLE$LOGFILES
ENABLED: Y
END:
DELETE_USER:
NAME: GLICKMAN
END:
ADD_USER:
NAME: GLICKMAN
INFO: User added by Console Manager Installation
MAY_STARTUP: Y
MAY_RECONFIGURE: Y
MAY_UNLOCK: Y
MAY_BREAK: Y
MAY_SHUTDOWN: Y
MAY_ARCHIVE: Y
MAY_EXITC3: Y
MAY_EDIT_C3: Y
MAY_EDIT_CFG: Y
MAY_ACCESS_ALL_SYSTEMS: Y
MAY_ACCESS_ALL_GROUPS: Y
END:
DELETE_USER:
NAME: GRABBIN
END:
ADD_USER:
NAME: GRABBIN
INFO: User added by Console Manager Installation
MAY_STARTUP: Y
MAY_RECONFIGURE: Y
MAY_UNLOCK: Y
MAY_BREAK: Y
MAY_SHUTDOWN: Y
MAY_ARCHIVE: Y
MAY_EXITC3: Y
MAY_EDIT_C3: Y
MAY_EDIT_CFG: Y
MAY_ACCESS_ALL_SYSTEMS: Y
MAY_ACCESS_ALL_GROUPS: Y
END:
DELETE_USER:
NAME: HIDGES
END:
ADD_USER:
NAME: HIDGES
INFO: User added by Console Manager Installation
MAY_STARTUP: Y
MAY_RECONFIGURE: Y
MAY_UNLOCK: Y
MAY_BREAK: Y
MAY_SHUTDOWN: Y
MAY_ARCHIVE: Y
MAY_EXITC3: Y
MAY_EDIT_C3: Y
MAY_EDIT_CFG: Y
MAY_ACCESS_ALL_SYSTEMS: Y
MAY_ACCESS_ALL_GROUPS: Y
END:
DELETE_USER:
NAME: OPERATOR
END:
ADD_USER:
NAME: OPERATOR
INFO: Operator Privileges
MAY_STARTUP: N
MAY_RECONFIGURE: N
MAY_UNLOCK: N
MAY_BREAK: N
MAY_SHUTDOWN: N
MAY_ARCHIVE: Y
MAY_EXITC3: N
MAY_EDIT_C3: N
MAY_EDIT_CFG: N
MAY_ACCESS_ALL_SYSTEMS: Y
MAY_ACCESS_ALL_GROUPS: Y
END:
DELETE_FILTER:
NAME: Archive directory cleanup
END:
ADD_FILTER:
NAME: Archive directory cleanup
INFO: Clear out the Archive directory when it is full
INTERVAL: 0
EVENT_INTERVAL: 0
FILTER_EVENT: CMgr Archive Area Full
FILTER_ALL_SYSTEMS: Y
FILTER_ALL_SUBSYSTEMS: Y
FILTER_ALL_PRIORITIES: Y
ASSIGN_ACTION: Archive Clean-up
INFO:
ANY_HOUR_ANY_DAY: Y
ASSIGN_ACTION_END:
END:
DELETE_FILTER:
NAME: FSecurity
END:
ADD_FILTER:
NAME: FSecurity
INFO: Security events on VAXNPT
INTERVAL: 0
EVENT_INTERVAL: 0
FILTER_EVENT: Local Login Warnings
FILTER_EVENT: Remote Login Warnings
FILTER_CLASS: Security
FILTER_ALL_SYSTEMS: Y
FILTER_SUBSYSTEM: Logins
FILTER_GROUP: VAXNPT
FILTER_ALL_PRIORITIES: N
FILTER_CRITICAL: N
FILTER_MAJOR: N
FILTER_MINOR: N
FILTER_WARNING: Y
FILTER_CLEAR: N
FILTER_INDETERMINATE: N
ASSIGN_ACTION: Mail
INFO: Security events sent to me
ANY_HOUR_ANY_DAY: Y
USER_DATA: VAXNPT::GLICKMAN
ASSIGN_ACTION_END:
END:
DELETE_FILTER:
NAME: web
END:
ADD_FILTER:
NAME: web
INFO: check for purveyor db messages
INTERVAL: 0
EVENT_INTERVAL: 0
FILTER_CLASS: Web Stuff
FILTER_ALL_SYSTEMS: Y
FILTER_SUBSYSTEM: Dbstatus
FILTER_ALL_PRIORITIES: N
FILTER_CRITICAL: N
FILTER_MAJOR: N
FILTER_MINOR: N
FILTER_WARNING: Y
FILTER_CLEAR: Y
FILTER_INDETERMINATE: Y
ASSIGN_ACTION: Broadcast
INFO: Puveyor messages to me
ANY_HOUR_ANY_DAY: Y
USER_DATA: U GLICKMAN
ASSIGN_ACTION_END:
END:
DELETE_GROUP:
NAME: VAXNPT
END:
ADD_GROUP:
NAME: VAXNPT
INFO: Bldg 11 Computer Room
ALL_MEMBERS: Y
END:
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1376.1 | CSC32::BUTTERWORTH | Gun Control is a steady hand. | Fri Sep 06 1996 15:03 | 28 | |
> I have included an export file. I am trying very simple events, filters
>and actions. I want to capture login failures (remote and local) and send
>mail to me (on a remote node). I also want to capture messages from the
>Purveyor Internet software and have a broadcast message sent to me (on the PCM
>node). Either of these seem to be happened. Can someone discern what I'm
>doing wrong? And does every event and filter action require a scan? Is that
>my problem?
Did you do a CONSOLE RECONFIGURE or restart of PCM before testing?
If not then you must do one of these.
Your setup looks fine. The only questions are the "text to scan for"
fields in the event definitions themselves. Since your using stirng
literals, the console messages thats supposed to trigger the event
*must* match the "text to scan for" in the event definition.
To answer your question about filters and scans, filters never have a
scan profile associated with them. Only systems have scan profiles. The
filter simply checks the various fields in the "event packet" against
the items you have selected for the filter. If everything matches then
we'll dispatch the action routine(s).
And your privs look fine. You don;t even have to let the oerators do an
Archive.
Regs,
Dan
| |||||