################################################################# # # S y s g e m A p p l i c a t i o n M o d u l e # ------------------------------------------------- # # Title .........: SSyM VMS Monitor Package # Licensed to ...: Sysgem AG,Zurich,8008,Switzerland # Created .......: 18-Oct-2006 12:03:42 PM # By ............: Sysgem AG,Zurich,8008,Switzerland # # # # To load this module just select "Import" from the # "File" menu, then select this file. # # # For support: support@sysgem.com # # # # 000 ################################################ 000 # # 000 # SYSGEM Enterprise Manager 2.1 build 3180 # 000 # Copyright (C) 2005 SYSGEM AG # 000 # # 000 # Contents : Alarms # 000 # # 000 # Created by : SAcM # 000 # Timestamp : 2006-10-18 12:03:42 # 000 # # 000 ################################################ 000 # 000 100 Login Failures: Any Account, >= 20 000 101 Design for use with the VMS Account probes display, this alarm detects accounts with 20 or more Login Failures. The alarm only fires once. 000 101 000 101 The list of email recipients is defined in the include file 'MP_Alarm_EMail_Address_Data'. To edit this file: 000 101 000 101 Menu: Managers> Include Files>, select: VMS Monitor Packages, double-click on the entry 'MP_Alarm_EMail_Address_Data'. 000 103 This error must be fixed immediately! 000 102 VMS Account Probe 000 185 1 000 120 0 000 121 0 000 122 0 000 127 1 000 123 0 000 124 0 000 125 1 000 126 0 000 128 1 000 129 0 000 140 0 000 180 60 000 181 2 000 160 000 161 High Login Failures 000 163 1 1111111 0000 2359 none 000 164 0 000 162 This account has 20 or more login failures 000 165 0 000 182 10 000 184 0 000 183 60 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 { 000 200 print "# Alarm already sent, cancelling...\n"; 000 200 print "{{IGNORE_ALARM}}\n"; 000 200 exit; 000 200 } 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 201 #++++++++++++++++++++++++++++++++++ 000 201 # | 000 201 # Windows NT script (PERL). | 000 201 # | 000 201 #++++++++++++++++++++++++++++++++++ 000 201 # 000 201 # 000 201 # This script runs on the agent. 000 201 # 000 201 # 000 201 # To stop the alarm being issued output the text 000 201 # {{IGNORE_ALARM}} from this script. Example: 000 201 # 000 201 # print "{{IGNORE_ALARM}}\n"; 000 201 # 000 202 #!/bin/ksh -ph 000 202 # 000 202 #{{SHELL_LINUX #!/bin/sh 000 202 # 000 202 #+++++++++++++++++++++++++++ 000 202 # | 000 202 # UNIX Shell script. | 000 202 # | 000 202 #+++++++++++++++++++++++++++ 000 202 # 000 202 # 000 202 # This script runs on the agent. 000 202 # 000 202 # 000 202 # To stop the alarm being issued output the text 000 202 # {{IGNORE_ALARM}} from this script. Example: 000 202 # 000 202 # echo {{IGNORE_ALARM}} 000 202 # 000 203 $ set noverify 000 203 $! 000 203 $!+++++++++++++++++++++++++++++ 000 203 $! | 000 203 $! VMS command file (DCL). | 000 203 $! | 000 203 $!+++++++++++++++++++++++++++++ 000 203 $! 000 203 $! 000 203 $! This script runs on the agent. 000 203 $! 000 203 $! 000 203 $! To stop the alarm being issued output the text 000 203 $! {{IGNORE_ALARM}} from this script. Example: 000 203 $! 000 203 $! write sys$output "{{IGNORE_ALARM}}" 000 203 $! 000 203 #include MP_Alarm_Server_VMS 000 # 000 220 6 000 221 2 000 222 1 000 223 2 000 227 0 000 224 20 000 226 1 000 225 Login Fails 000 # 000 @L@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 Login Failures: Privileged Account, >= 5 000 101 Design for use with the VMS Account probes display, this alarm detects privileged accounts with 5 or more Login Failures. The alarm only fires once. 000 103 Privileged account with 5 or more login failures 000 105 VMS Account Probe 000 102 VMS Account Probe 000 185 1 000 120 0 000 121 0 000 122 1 000 127 0 000 123 0 000 124 0 000 125 1 000 126 0 000 128 1 000 129 0 000 140 0 000 180 2147483708 000 181 2 000 160 000 161 High Login Failures 000 163 1 1111111 0000 2359 none 000 164 0 000 162 This privileged account has 5 or more login failures 000 165 0 000 182 18 000 184 0 000 183 2147483708 000 170 000 190 000 # 000 220 1 000 221 2 000 222 1 000 223 1 000 227 0 000 224 All - All privileges 000 226 1 000 225 Def Priv Level 000 # 000 @L@ 000 # 000 220 6 000 221 2 000 222 1 000 223 2 000 227 0 000 224 5 000 226 1 000 225 Login Fails 000 # 000 @L@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 Queue Manager Stopped 000 101 This alarm detects whether a process is running, in this case the Queue Manager. 000 101 000 101 Please restart the queue manager. 000 103 The queue manager is not running. 000 105 VMS Current Processes 000 102 VMS Current Processes 000 185 1 000 120 0 000 121 0 000 122 0 000 127 0 000 123 0 000 124 0 000 125 1 000 126 0 000 128 1 000 129 0 000 140 0 000 180 2147483708 000 181 2 000 160 000 161 Queue Manager Stopped 000 163 1 1111111 0000 2359 none 000 164 0 000 162 the queue manager has stopped, it must be restarted. 000 165 0 000 182 18 000 184 1 000 183 2147483708 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 # if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 # { 000 200 # print "# Alarm already sent, cancelling...\n"; 000 200 # print "{{IGNORE_ALARM}}\n"; 000 200 # exit; 000 200 # } 000 200 # 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 # 000 220 2 000 221 2 000 222 1 000 223 1 000 227 0 000 224 qman$queue_manager 000 226 1 000 225 Image 000 # 000 @L@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 Intrusion: Intruders 000 101 This alarm detects VMS Intruders, designed for use with the 'VMS Intrusion records' display. 000 101 000 101 The list of email recipients is defined in the include file 'MP_Alarm_EMail_Address_Data'. To edit this file: 000 101 000 101 Menu: Managers> Include Files>, select: VMS Monitor Packages, double-click on the entry 'MP_Alarm_EMail_Address_Data'. 000 103 VMS Intruder 000 105 VMS Intrusion Records 000 102 VMS Intrusion Records 000 185 1 000 120 0 000 121 0 000 122 0 000 127 1 000 123 0 000 124 0 000 125 1 000 126 0 000 128 1 000 129 0 000 140 0 000 180 2147483708 000 181 2 000 160 000 161 VMS Intruder 000 163 1 1111111 0000 2359 none 000 164 0 000 162 The enclosed log in a VMS intrusion record. 000 165 0 000 182 18 000 184 0 000 183 2147483708 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 # if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 # { 000 200 # print "# Alarm already sent, cancelling...\n"; 000 200 # print "{{IGNORE_ALARM}}\n"; 000 200 # exit; 000 200 # } 000 200 # 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 # 000 220 1 000 221 2 000 222 1 000 223 1 000 227 0 000 224 INTRUDER 000 226 1 000 225 Type 000 # 000 @L@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 Intrusion: Suspect 000 101 This alarm detects suspected VMS Intruders, designed for use with the 'VMS Intrusion records' display. Suspected intruder records are created when an incorrect password is entered. 000 101 000 101 The list of email recipients is defined in the include file 'MP_Alarm_EMail_Address_Data'. To edit this file: 000 101 000 101 Menu: Managers> Include Files>, select: VMS Monitor Packages, double-click on the entry 'MP_Alarm_EMail_Address_Data'. 000 103 Suspected VMS Intruder 000 105 VMS Intrusion Records 000 102 VMS Intrusion Records 000 185 1 000 120 0 000 121 0 000 122 0 000 127 1 000 123 0 000 124 0 000 125 1 000 126 0 000 128 1 000 129 0 000 140 0 000 180 2147483708 000 181 2 000 160 000 161 Suspected VMS Intruder 000 163 1 1111111 0000 2359 none 000 164 0 000 162 The enclosed log is a suspected VMS intruder. 000 165 0 000 182 18 000 184 0 000 183 2147483708 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 # if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 # { 000 200 # print "# Alarm already sent, cancelling...\n"; 000 200 # print "{{IGNORE_ALARM}}\n"; 000 200 # exit; 000 200 # } 000 200 # 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 # 000 220 1 000 221 2 000 222 1 000 223 1 000 227 0 000 224 SUSPECT 000 226 1 000 225 Type 000 # 000 @L@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 Devices: Errors >= 5 000 101 This alarm detects devices with an error count of 5 or more. 000 101 000 101 The list of email recipients is defined in the include file 'MP_Alarm_EMail_Address_Data'. To edit this file: 000 101 000 101 Menu: Managers> Include Files>, select: VMS Monitor Packages, double-click on the entry 'MP_Alarm_EMail_Address_Data'. 000 103 000 105 VMS Show Devices 000 102 VMS Show Devices 000 185 1 000 120 0 000 121 0 000 122 0 000 127 1 000 123 0 000 124 0 000 125 1 000 126 0 000 128 1 000 129 0 000 140 0 000 180 2147483708 000 181 2 000 160 000 161 High Device Errors 000 163 1 1111111 0000 2359 none 000 164 0 000 162 This device has a high error count (5 or more). 000 165 0 000 182 18 000 184 0 000 183 2147483708 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 # if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 # { 000 200 # print "# Alarm already sent, cancelling...\n"; 000 200 # print "{{IGNORE_ALARM}}\n"; 000 200 # exit; 000 200 # } 000 200 # 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 # 000 220 6 000 221 2 000 222 1 000 223 2 000 227 0 000 224 5 000 226 1 000 225 Error Count 000 # 000 @L@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 SYSUAF: Access 000 101 SYSUAF is being accessed, a potential security threat. 000 101 000 101 Please contact Sysgem AG using support@sysgem.com if you need a new alarm definition. 000 101 000 101 This alarm created 2004-01-14 11:10:09 by System 000 103 SYSUAF.DAT is being accessed 000 105 VMS File Monitor 000 102 VMS Audit Trail 000 185 1 000 120 0 000 121 0 000 122 0 000 127 1 000 123 0 000 124 0 000 125 0 000 126 0 000 128 0 000 129 0 000 140 0 000 180 2147483708 000 181 2 000 160 000 161 SYSUAF Access 000 163 1 1111111 0000 2359 none 000 164 0 000 162 SYSUAF is being accessed 000 165 0 000 182 10 000 184 2 000 183 2147483708 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 { 000 200 print "# Alarm already sent, cancelling...\n"; 000 200 print "{{IGNORE_ALARM}}\n"; 000 200 exit; 000 200 } 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 # 000 220 1 000 221 2 000 222 1 000 223 1 000 227 0 000 224 sysuaf.dat; 000 226 1 000 225 Filename 000 # 000 @L@ 000 # 000 220 2 000 221 2 000 222 1 000 223 1 000 227 1 000 224 system 000 226 1 000 225 Username 000 # 000 @L@ 000 247 10 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 Software Installation 000 101 Detecting new software installation 000 101 000 101 Please contact Sysgem AG using support@sysgem.com if you need a new alarm definition. 000 101 000 101 This alarm created 2004-01-14 11:23:47 by System 000 103 Warning: new software installation 000 105 VMS Audit Trail Summary 000 102 VMS Audit Trail 000 185 1 000 120 0 000 121 0 000 122 0 000 127 1 000 123 0 000 124 0 000 125 0 000 126 0 000 128 0 000 129 0 000 140 0 000 180 2147483708 000 181 2 000 160 000 161 VMS Software Installation 000 163 1 1111111 0000 2359 none 000 163 1 1111111 0000 2359 support@sysgem.com 000 164 0 000 162 Software being installed 000 165 0 000 182 10 000 184 0 000 183 2147484248 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 { 000 200 print "# Alarm already sent, cancelling...\n"; 000 200 print "{{IGNORE_ALARM}}\n"; 000 200 exit; 000 200 } 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 # 000 220 1 000 221 2 000 222 1 000 223 1 000 227 0 000 224 INSTALL 000 226 1 000 225 Type 000 # 000 @L@ 000 # 000 220 0 000 221 2 000 222 1 000 223 1 000 227 0 000 224 INSTALL_ADD 000 226 1 000 225 Subtype 000 # 000 @L@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 247 0 000 # 000 @X@ 000 # 000 @A@ 000 # 000 100 SYSUAF: Update 000 101 SYSUAF is being updated, a potential security threat. 000 101 000 101 Please contact Sysgem AG using support@sysgem.com if you need a new alarm definition. 000 101 000 101 This alarm created 2004-01-14 11:10:09 by System 000 103 SYSUAF.DAT is being updated 000 102 VMS Audit Trail 000 185 1 000 120 0 000 121 0 000 122 0 000 127 1 000 123 0 000 124 0 000 125 0 000 126 0 000 128 1 000 129 0 000 140 1 000 180 2147483708 000 181 2 000 160 000 161 SYSUAF Modification 000 163 1 1111111 0000 2359 none 000 164 0 000 162 SYSUAF was modified 000 165 0 000 182 10 000 184 0 000 183 2147483708 000 170 000 190 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # | 000 200 # Windows NT script (PERL). | 000 200 # | 000 200 #++++++++++++++++++++++++++++++++++ 000 200 # 000 200 # 000 200 # This script runs on the Management Console (client). 000 200 # 000 200 #include MP_Alarm_EMail_Address_Data 000 200 #include MP_Alarm_Client 000 200 000 200 # 000 200 # Compute the MD5 of the entry text. 000 200 # If found then ignore and exit. 000 200 # 000 200 if (ChecksumExists("VMS Monitoring Checksums.txt", \@entry_text)) 000 200 { 000 200 print "# Alarm already sent, cancelling...\n"; 000 200 print "{{IGNORE_ALARM}}\n"; 000 200 exit; 000 200 } 000 200 000 200 # 000 200 # A banner. 000 200 # 000 200 print "Client Script\n"; 000 200 print "=============\n"; 000 200 000 200 # 000 200 # Send mail using SMTP. 000 200 # 000 200 sub SendMailViaSMTP 000 200 { 000 200 my $from = $_[0]; 000 200 my $host = $_[1]; 000 200 my $to = $_[2]; 000 200 my $cc = $_[3]; 000 200 my $bcc = $_[4]; 000 200 my $subject = $_[5]; 000 200 my $message = $_[6]; 000 200 000 200 # 000 200 # The Sysgem module is required to send SMTP mail. 000 200 # 000 200 use Sysgem; 000 200 000 200 # 000 200 # Must supply to, cc and bcc as arrays. The addresses 000 200 # are separated by ;. 000 200 # 000 200 my @to_list = split(";", $to); 000 200 my @cc_list = split(";", $cc); 000 200 my @bcc_list = split(";", $bcc); 000 200 000 200 # 000 200 # Due the complexity of sending mail, an array of error text 000 200 # may be returned. 000 200 # 000 200 my @errors = (); 000 200 my $status = 0; 000 200 000 200 print "Sending mail to $to...\n"; 000 200 000 200 $status = Sysgem::SMTPSendMail($subject, 000 200 $from, 000 200 $host, 000 200 \@to_list, 000 200 \@cc_list, 000 200 \@bcc_list, 000 200 $message, 000 200 \@errors); 000 200 000 200 # 000 200 # Show any errors. 000 200 # 000 200 foreach $error (@errors) 000 200 { 000 200 print "Status: $error\n"; 000 200 } 000 200 } 000 200 000 200 # 000 200 # Send mail if enabled in the Actions page of the alarm definition. 000 200 # 000 200 if ($send_snmp_mail) 000 200 { 000 200 # 000 200 # Check key fields. 000 200 # 000 200 if ($mail_to eq "") { die "Mail To: not defined for the alarm."; } 000 200 if ($smtp_address eq "") { die "SMTP server address not defined."; } 000 200 if ($sender_address eq "") { die "SMTP sender address not defined."; } 000 200 000 200 # 000 200 # Send mail if the to: and host: fields have been supplied. 000 200 # 000 200 if (($mail_to ne "") && 000 200 ($smtp_address ne "") && 000 200 ($sender_address ne "")) 000 200 { 000 200 my @text = (); 000 200 my $subject = ""; 000 200 000 200 # 000 200 # Subject is alarm title + mail subject. 000 200 # 000 200 $subject = "$alarm_title ($mail_subject)"; 000 200 000 200 # 000 200 # Add Alarm. 000 200 # 000 200 push(@text, "Alarm"); 000 200 foreach $line (@alarm_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Entry. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Entry"); 000 200 foreach $line (@entry_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # Add Mail message. 000 200 # 000 200 push(@text, ""); 000 200 push(@text, "Mail Message"); 000 200 foreach $line (@mail_text) { 000 200 push(@text," $line"); 000 200 } 000 200 000 200 # 000 200 # And send. 000 200 # 000 200 SendMailViaSMTP($sender_address, # From: 000 200 $smtp_address, # SMTP server 000 200 $mail_to, # To: 000 200 "", # Cc: 000 200 "", # Bcc: 000 200 $subject, # Subject: 000 200 \@text); # Message. 000 200 } 000 200 } 000 201 #++++++++++++++++++++++++++++++++++ 000 201 # | 000 201 # Windows NT script (PERL). | 000 201 # | 000 201 #++++++++++++++++++++++++++++++++++ 000 201 # 000 201 # 000 201 # This script runs on the agent. 000 201 # 000 201 # 000 201 # To stop the alarm being issued output the text 000 201 # {{IGNORE_ALARM}} from this script. Example: 000 201 # 000 201 # print "{{IGNORE_ALARM}}\n"; 000 201 # 000 202 #!/bin/ksh -ph 000 202 # 000 202 #{{SHELL_LINUX #!/bin/sh 000 202 # 000 202 #+++++++++++++++++++++++++++ 000 202 # | 000 202 # UNIX Shell script. | 000 202 # | 000 202 #+++++++++++++++++++++++++++ 000 202 # 000 202 # 000 202 # This script runs on the agent. 000 202 # 000 202 # 000 202 # To stop the alarm being issued output the text 000 202 # {{IGNORE_ALARM}} from this script. Example: 000 202 # 000 202 # echo {{IGNORE_ALARM}} 000 202 # 000 203 $ set noverify 000 203 $! 000 203 $!+++++++++++++++++++++++++++++ 000 203 $! | 000 203 $! VMS command file (DCL). | 000 203 $! | 000 203 $!+++++++++++++++++++++++++++++ 000 203 $! 000 203 $! 000 203 $! This script runs on the agent. 000 203 $! 000 203 $! 000 203 $! To stop the alarm being issued output the text 000 203 $! {{IGNORE_ALARM}} from this script. Example: 000 203 $! 000 203 $! write sys$output "{{IGNORE_ALARM}}" 000 203 $! 000 203 #include MP_Alarm_Server_VMS 000 203 $! 000 203 $! Send mail, up to five lines of text. 000 203 $! 000 203 $ call SendMail "SYSUAF Change" - 000 203 "''INPUT_US'" - 000 203 "This is not allowed, has been reported to security" 000 203 $! 000 203 $! Warn user via REPLY. 000 203 $! 000 203 $ call ReplyUsername "''INPUT_US'" - 000 203 "SYSUAF Change reported to security" - 000 203 "/BELL" 000 203 $! 000 203 $! Tell operator. 000 203 $! 000 203 $ call RequestOperator "SYSUAF Change by ''INPUT_US'" - 000 203 "/BELL" 000 203 $! 000 203 $! Finished. 000 203 $! 000 203 $ exit 1 000 # 000 220 1 000 221 2 000 222 1 000 223 1 000 227 1 000 224 SYSUAF;RIGHTSDB 000 226 1 000 225 Type 000 # 000 @L@ 000 # 000 220 2 000 221 2 000 222 1 000 223 1 000 227 0 000 224 SYSTEM 000 226 1 000 225 Username 000 # 000 @L@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 247 10 000 # 000 @X@ 000 # 000 @A@ 000 # 000 # 000 # Checksum. 000 # 000 #{{CHECKSUM:DDFF-CE47-2EBB-5DFF-A2BA-FA5D-28B2-EBD8 # 019 ################################################ 019 # # 019 # SYSGEM Enterprise Manager 2.1 build 3180 # 019 # Copyright (C) 2005 SYSGEM AG # 019 # # 019 # Contents : Changes # 019 # # 019 # Created by : SAcM # 019 # Timestamp : 2006-10-18 12:03:42 # 019 # # 019 ################################################ 019 # 019 # 019 # License Information. 019 # 019 #{{PRODUCT:Changes 019 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 019 # 019 # Checksum. 019 # 019 #{{CHECKSUM:3931-B2BA-64FF-4164-125F-7858-E4AE-1F87 # 001 ################################################ 001 # # 001 # SYSGEM Enterprise Manager 2.1 build 3180 # 001 # Copyright (C) 2005 SYSGEM AG # 001 # # 001 # Contents : Sessions # 001 # # 001 # Created by : SAcM # 001 # Timestamp : 2006-10-18 12:03:42 # 001 # # 001 ################################################ 001 # 001 # 001 # License Information. 001 # 001 #{{PRODUCT:Sessions 001 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 001 # 001 # Checksum. 001 # 001 #{{CHECKSUM:F3F0-5983-5442-4327-6457-8F65-36DD-09E6 # 002 ################################################ 002 # # 002 # SYSGEM Enterprise Manager 2.1 build 3180 # 002 # Copyright (C) 2005 SYSGEM AG # 002 # # 002 # Contents : Custom Displays # 002 # # 002 # Created by : SAcM # 002 # Timestamp : 2006-10-18 12:03:42 # 002 # # 002 ################################################ 002 # 002 101 VMS Audit Trail Detail 002 106 002 113 002 129 1 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 New Page 1 002 102 002 102 002 102 002 102 002 102

This display uses the Audit Analysis utility (ANALYZE/AUDIT) to processes event messages in security audit log files and produce reports of  security-related events on the system.

002 102 002 102 002 102 002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 # 002 107 use Sysgem; 002 107 002 107 # 002 107 # Replace current output. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # Between @{{AUDIT_ON + Valid header and @{{AUDIT_OFF 002 107 # 002 107 my $copy = 0; 002 107 my $load = 0; 002 107 my $error = 0; 002 107 my @errors = (); 002 107 my @audit = (); 002 107 002 107 LoadInputArray(); 002 107 002 107 foreach $line (@input_array) 002 107 { 002 107 # 002 107 # Errors off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{ERROR_OFF") { 002 107 $error = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Errors on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{ERROR_ON") { 002 107 $error = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # An error. 002 107 # 002 107 if ($error) 002 107 { 002 107 push(@errors, $line); 002 107 } 002 107 002 107 # 002 107 # Output off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{AUDIT_OFF") { 002 107 $copy = 0; 002 107 $load = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Output on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{AUDIT_ON") { 002 107 $copy = 1; 002 107 $load = 1; 002 107 next; 002 107 } 002 107 002 107 if ($load) 002 107 { 002 107 push(@audit, $line); 002 107 } 002 107 } 002 107 002 107 # 002 107 # Process. 002 107 # 002 107 my %data = (); 002 107 my $idx = 0; 002 107 002 107 foreach my $line (@audit) 002 107 { 002 107 $line = Sysgem::TrimLeftRight($line); 002 107 002 107 if ($line eq "") { 002 107 $idx++; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Something like: 002 107 # 002 107 # Security audit (SECURITY) on WOMBAT, system id: 65535 002 107 # 002 107 if (substr($line,0,14) eq "Security audit" || 002 107 substr($line,0,14) eq "Security alarm" ) 002 107 { 002 107 (my $field, my $value) = split(" on ", $line); 002 107 002 107 my @parts = split(",", $value); 002 107 002 107 $data{$idx}{"NO"} = $parts[0]; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Normal fields. 002 107 # 002 107 (my $field, my $value) = split(": ", $line); 002 107 002 107 $field = Sysgem::TrimLeftRight($field); 002 107 $value = Sysgem::TrimLeftRight($value); 002 107 002 107 if ($field eq "Event time") { 002 107 $data{$idx}{"DA"} = $value; 002 107 } elsif ($field eq "Auditable event") { 002 107 $data{$idx}{"EV"} = $value; 002 107 } elsif ($field eq "Username") { 002 107 my @parts = split(" ",$value); 002 107 $data{$idx}{"US"} = $parts[0]; 002 107 } elsif ($field eq "Image name") { 002 107 $data{$idx}{"IM"} = $value; 002 107 } elsif ($field eq "Status") { 002 107 $data{$idx}{"ST"} = $value; 002 107 } elsif ($field eq "Installed file") { 002 107 $data{$idx}{"DE"} = "File = " . $value; 002 107 } elsif ($field eq "Terminal name") { 002 107 $data{$idx}{"DE"} = "Terminal = " . $value; 002 107 } elsif ($field eq "User record") { 002 107 $data{$idx}{"DE"} = "Record = " . $value; 002 107 } 002 107 } 002 107 002 107 foreach my $key (keys %data) 002 107 { 002 107 foreach my $fld (keys %{$data{$key}}) { 002 107 print "$fld : " . $data{$key}{$fld} . "\n"; 002 107 } 002 107 002 107 print "@\n"; 002 107 } 002 107 002 107 # 002 107 # Title. 002 107 # 002 107 my $title = ""; 002 107 002 107 if (@errors) 002 107 { 002 107 $title = "Errors - see logfile\n"; 002 107 002 107 print "\@{{ON Analyze /Audit\n"; 002 107 print "\@{{ERROR\n"; 002 107 002 107 foreach $error (@errors) 002 107 { 002 107 print "$error\n"; 002 107 } 002 107 002 107 print "\@{{OFF\n"; 002 107 } 002 107 002 107 print "\@{{ADD_WINDOW_TITLE $title\n"; 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 121 60 002 151 0 0 0 0 0 0 0 0 0 0 0 0 0 002 152 16777215 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT pre-processing, post-processing, 002 109 # menu and server scripts. 002 109 # 002 109 #use Sysgem; 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $!++ 002 111 $! 002 111 $! A command. 002 111 $! 002 111 $! Input: DCL Command. 002 111 $! 002 111 $ dcl_command: 002 111 $ subroutine 002 111 $! 002 111 $ set default sys$system 002 111 $ type_mode == "''P1'" 002 111 $! 002 111 $ write sys$output "@{{SI $ ''P1'" 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ define /nolog /user sys$error sysgem_error.tmp 002 111 $ define /nolog /user sys$output sysgem_output.tmp 002 111 $! 002 111 $ 'P1 002 111 $! 002 111 $ if type_mode .eqs. "SILENT" 002 111 $ then 002 111 $ call type_file sysgem_error.tmp 002 111 $ call type_file sysgem_output.tmp 002 111 $ else 002 111 $ call show_file sysgem_error.tmp 002 111 $ call show_file sysgem_output.tmp 002 111 $ endif 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Remove a file. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ remove_file: 002 111 $ subroutine 002 111 $! 002 111 $ if f$search("''P1'") .nes. "" 002 111 $ then 002 111 $ delete /nolog /noconfirm 'P1 002 111 $ endif 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents without adding any print formatting. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ type_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=err tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=eof /error=err tmp line 002 111 $! 002 111 $! type the file 002 111 $! 002 111 $ write sys$output "# ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ err: 002 111 $ eof: 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ show_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=on_error tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=on_eof /error=on_error tmp line 002 111 $! 002 111 $! Fatal. 002 111 $! 002 111 $ if f$locate("UAF-F-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Error. 002 111 $! 002 111 $ if f$locate("UAF-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("CLI-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Warning. 002 111 $! 002 111 $ if f$locate("UAF-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("DCL-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Default - information. 002 111 $! 002 111 $ write sys$output "@{{SI ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ on_error: 002 111 $ on_eof: 002 111 $! 002 111 $ if is_open .eq. 1 then close tmp 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!++ 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #!/bin/ksh -ph 002 104 # 002 104 #{{SHELL_LINUX #!/bin/sh 002 104 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # (Main) UNIX Shell script. | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! VMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $! 002 105 $ before = "" 002 105 $ since = "" 002 105 $ filespec = "SYS$MANAGER:SECURITY.AUDIT$JOURNAL" 002 105 $! 002 105 $ if INPUT_FA .nes. "" then filespec = INPUT_FA 002 105 $ if INPUT_BE .nes. "" then before = "/before=''INPUT_BE'" 002 105 $ if INPUT_SI .nes. "" then since = "/since=''INPUT_SI'" 002 105 $! 002 105 $ set noon 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 105 $! 002 105 $! Show file size. 002 105 $! 002 105 $ dir /size=all 'filespec 002 105 $! 002 105 $ show time 002 105 $! 002 105 $! Show the command. 002 105 $! 002 105 $ set verify 002 105 $ define /user sys$error sysgem_audit.err 002 105 $ analyze /audit - 002 105 /full - 002 105 /event='INPUT_EV - 002 105 'since - 002 105 'before - 002 105 /output=sysgem_audit.lis - 002 105 'filespec 002 105 $ set noverify 002 105 $! 002 105 $ show time 002 105 $! 002 105 $ write sys$output "@{{AUDIT_ON" 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then type /nopage sysgem_audit.lis; 002 105 $ write sys$output "@{{AUDIT_OFF" 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" 002 105 $ then 002 105 $ write sys$output "@{{ERROR_ON" 002 105 $ type /nopage sysgem_audit.err 002 105 $ write sys$output "@{{ERROR_OFF" 002 105 $ endif 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 105 $! 002 105 $ exit 1 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 Date / Time 002 205 DA 002 208 002 202 2 002 203 1 002 207 1 002 204 0 002 206 3 002 @C@ 002 # 002 201 Event 002 205 EV 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Node 002 205 NO 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Username 002 205 US 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Details 002 205 DE 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Image 002 205 IM 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Status 002 205 ST 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 301 0 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 # 002 311 DCL Command 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 1 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 330 use strict; 002 330 002 330 my @op = (); 002 330 my @types = (); 002 330 002 330 push(@types, "access=failure/class=file"); 002 330 push(@types, "acl"); 002 330 push(@types, "authorization"); 002 330 push(@types, "breakin=all"); 002 330 push(@types, "install"); 002 330 push(@types, "logfailure=all"); 002 330 push(@types, "login=all"); 002 330 push(@types, "mount"); 002 330 push(@types, "ncp"); 002 330 push(@types, "sysgen"); 002 330 push(@types, "time"); 002 330 002 330 foreach my $type (@types) 002 330 { 002 330 push(@op, "enable=$type"); 002 330 push(@op, "disable=$type"); 002 330 } 002 330 002 330 print "OP @ " . join("\\", @op) . "\n"; 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "set audit /audit /''INPUT_OP'" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 317 OP 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 1 002 357 002 318 Option: 002 320 3 002 319 002 @F@ 002 # 002 @M@ 002 # 002 311 - 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 2 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Audit Settings 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 3 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "show audit" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 @M@ 002 420 0 002 421 002 421 002 421 002 421 002 421 002 421 002 421 002 421 New Page 1 002 421 002 421 002 421 002 421 002 421

If the File spec field is not checked then the default database file 002 421 SYS$MANAGER:SECURITY.AUDIT$JOURNAL is analyzed. You can 002 421 specify one or more alternate security audit log files as input to ANALYZE/AUDIT. 002 421 If you specify more than one file name, separate the names with commas.

002 421 002 421

Enter the Before and Since dates in VMS format, for example:

002 421
    002 421
  • 02-OCT-1999
    • 002 421
  • 31-DEC-2000
    • 002 421
002 421 002 421

In addition, you can use:

002 421
    002 421
  • BOOT,
    • 002 421
  • TODAY,
    • 002 421
  • TOMORROW,
    • 002 421
  • YESTERDAY.
    • 002 421
002 421 002 421

Select at least one Event Type such as Logfail or Breakin, then Press Apply.

002 421 002 421 002 421 002 421 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # | 002 122 # Windows NT script (PERL). | 002 122 # | 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # 002 122 # 002 122 # Use this script to set the values displayed in the above 002 122 # fields. This script runs on the Sysgem client (GUI). 002 122 # 002 122 # 002 122 002 122 print "\@{{HEADER_OFF\n"; 002 122 002 122 # 002 122 # Load default spec if none returned from the registry. 002 122 # 002 122 if ($VALUE_FA eq "") 002 122 { 002 122 print "FA : SYS\$MANAGER\:SECURITY\.AUDIT\$JOURNAL\n"; 002 122 } 002 122 002 122 # 002 122 # All event types. 002 122 # 002 122 my @events = (); 002 122 002 122 push(@events, qw(ACCESS AUDIT AUTHORIZATION BREAKIN CONNECTION CREATE DEACCESS)); 002 122 push(@events, qw(DELETE INSTALL LOGFAIL LOGIN LOGOUT MOUNT NCP NETPROXY PRIVILEGE)); 002 122 push(@events, qw(PROCESS RIGHTSDB SYSGEN SYSUAF TIME)); 002 122 002 122 print "EV @ ", join("\\", @events), "\n"; 002 401 ZA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~f~oSelect the autit trail file, the date range, and the events to be displayed. 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZB 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 FA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 33 002 432 002 422 0 002 407 002 402 File spec 002 404 0 002 403 002 429 3 002 430 1 002 @P@ 002 # 002 401 BE 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 002 422 0 002 407 002 402 Before 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 SI 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 002 422 0 002 407 002 402 Since 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 EV 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 1 002 432 002 422 0 002 407 002 402 Event type: 002 404 3 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS Show Devices 002 106 002 113 002 129 1 002 112 User=[System] Access=[Edit + Execute] 002 112 Token=[SSyM Privileged :: Platform Specific] Access=[Execute] 002 112 Token=[SSyM Full :: Platform Specific] Access=[Execute] 002 112 Token=[SSyM Restricted :: Platform Specific] Access=[Execute] 002 102 002 102 002 102 002 102 002 102 002 102 002 102 New Page 1 002 102 002 102 002 102 002 102 002 102

This display shows the devices on one or more VMS systems.

002 102

Class

002 102

The device class, one of: 

002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102
ClassDescription
DISK Disk device
TAPE Tape device
SCOM Synchronous communications device
CARD Card reader
TERM Terminal
LP Line printer
REALTIME Real-time
MAILBOX Mailbox
MISC Miscellaneous device
002 102

Device Name

002 102

The host and device name.

002 102

Type

002 102

The type of device about which information was requested.

002 102

Host

002 102

The name of the host serving the primary path.

002 102

Status

002 102

The device unit status, any combination of:

002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102
StatusDescription
TIM Timeout is enabled.
INT Interrupt is expected.
ERLOGIP Error log is in progress on unit.
CANCEL I/O on unit is canceled.
ONLINE Unit is on line.
POWER Power failed while unit busy.
TIMOUT  Unit timed out.
INTTYPE Receiver interrupt.
BSY Unit is busy.
MOUNTING Device is being mounted.
DEADMO Deallocate at dismount.
VALID Volume is software valid.
UNLOAD Unload volume at dismount.
TEMPLATE Template UCB from which other UCBs for this device type are made.
MNTVERIP Mount verification is in progress.
WRONGVOL Wrong volume detected during mount verification.
DELETEUCB Delete this UCB when reference count equals 0.
002 102

Error Count

002 102

The device's error count.

002 102

Volume Name

002 102

The volume name.

002 102

Transactions

002 102

The transaction count for the volume.

002 102

Mount Count

002 102

The mount count for the volume.

002 102 002 102 002 102 002 102 002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 # 002 107 002 107 # 002 107 # Load input. 002 107 # 002 107 LoadInputArray(); 002 107 002 107 # 002 107 # Replace. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # Each line returned... 002 107 # 002 107 my $um = 0; 002 107 my $sm = 0; 002 107 my $fm = 0; 002 107 002 107 # 002 107 # Load into a data hash. 002 107 # 002 107 my %data = (); 002 107 my %mount = (); 002 107 my $idx = 0; 002 107 my $sysman = 0; 002 107 my $node = ""; 002 107 002 107 foreach $line (@input_array) 002 107 { 002 107 # 002 107 # Sysman on / off. 002 107 # 002 107 if ($line =~ "{{SYSMAN_ON") { 002 107 $sysman = 1; 002 107 next; 002 107 } 002 107 002 107 if ($line =~ "{{SYSMAN_OFF") { 002 107 $sysman = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Sysman ??? 002 107 # 002 107 if ($sysman == 1) 002 107 { 002 107 # 002 107 # New node (last word in string). 002 107 # 002 107 if ($line =~ "command execution on node") 002 107 { 002 107 my @words = reverse split(" ", $line); 002 107 $node = $words[0]; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Something mounted (first word in string). 002 107 # 002 107 if ($line =~ " Mounted ") 002 107 { 002 107 my @words = split(" ", $line); 002 107 my $disk = $words[0]; 002 107 002 107 push(@{$mount{$disk}{"where"}}, $node); 002 107 } 002 107 002 107 # 002 107 # A device - if so add errors, Trans # and Mount #. 002 107 # Assume a device if the first word ends :. 002 107 # 002 107 # If it's not a device then we just get some data that 002 107 # never gets used. 002 107 # 002 107 my @words = split(" ", $line); 002 107 002 107 if ($words[0] =~ "\:") 002 107 { 002 107 # 002 107 # Errors are last word in first 46 characters. 002 107 # 002 107 my $disk = $words[0]; 002 107 my $part = substr($line,0,46); 002 107 my @words = reverse split(" ", $part); 002 107 my $errors = $words[0]; 002 107 002 107 $mount{$disk}{"errors"} += $errors; 002 107 002 107 # 002 107 # Trans count (sometimes) and Mount count (always) come in 002 107 # last ten chars. 002 107 # 002 107 $part = substr($line,70,10); 002 107 @words = reverse split(" ", $part); 002 107 002 107 my $mnt = $words[0]; 002 107 my $trn = $words[1]; 002 107 002 107 $mount{$disk}{"mount"} += $mnt; 002 107 $mount{$disk}{"trans"} += $trn; 002 107 002 107 next; 002 107 } 002 107 } 002 107 002 107 # 002 107 # If not looking at sysman output... 002 107 # 002 107 if ($sysman == 0) 002 107 { 002 107 if (substr($line,2,3) eq " : ") 002 107 { 002 107 $data{$idx}{substr($line,0,2)} = substr($line,5); 002 107 next; 002 107 } 002 107 002 107 if ($line eq "@") 002 107 { 002 107 $idx++; 002 107 next; 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Run down the hash, apply filter. 002 107 # 002 107 my @status = split(", ", $INPUT_ST); 002 107 002 107 foreach $idx (sort { $a <=> $b } keys %data) 002 107 { 002 107 # 002 107 # Device type name - if 0 then remove. 002 107 # 002 107 if ($data{$idx}{"TY"} eq "0") { 002 107 $data{$idx}{"TY"} = ""; 002 107 } 002 107 002 107 # 002 107 # Class - convert from number to string. 002 107 # 002 107 if (exists($devclass{$data{$idx}{"CL"}})) { 002 107 $data{$idx}{"CL"} = $devclass{$data{$idx}{"CL"}}; 002 107 } else { 002 107 $data{$idx}{"CL"} = "Unknown"; 002 107 } 002 107 002 107 # 002 107 # Status. 002 107 # 002 107 my $display = 1; 002 107 my %strings = (); 002 107 my $value = $data{$idx}{"SA"}; 002 107 002 107 foreach $fld (sort { $a <=> $b } keys %sts) 002 107 { 002 107 if (scalar($value) & scalar($fld)) 002 107 { 002 107 $strings{$sts{$fld}} = 1; 002 107 } 002 107 002 107 $data{$idx}{"SA"} = join(", ", sort keys %strings); 002 107 } 002 107 002 107 # 002 107 # If there is a filter then count the number of strings and matches. 002 107 # 002 107 if ($INPUT_ST ne "") 002 107 { 002 107 my $matches = 0; 002 107 my $count = 0; 002 107 002 107 foreach $stg (@status) 002 107 { 002 107 $count++; 002 107 002 107 if (exists($strings{$stg})) 002 107 { 002 107 $matches++; 002 107 } 002 107 } 002 107 002 107 # 002 107 # If any input filter strings then apply the match. 002 107 # 002 107 if ($count) 002 107 { 002 107 if (($INPUT_MA eq "All") && ($matches < $count)) { 002 107 $display = 0; 002 107 } elsif (($INPUT_MA eq "Any") && ($matches == 0)) { 002 107 $display = 0; 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Display. 002 107 # 002 107 if ($display) 002 107 { 002 107 my $dn = $data{$idx}{"DN"}; 002 107 002 107 # 002 107 # Update with cluster-wide data if available. 002 107 # 002 107 if (exists($mount{$dn}{"errors"})) { 002 107 $data{$idx}{"EC"} = $mount{$dn}{"errors"}; 002 107 } 002 107 002 107 if (exists($mount{$dn}{"trans"})) { 002 107 $data{$idx}{"TR"} = $mount{$dn}{"trans"}; 002 107 } 002 107 002 107 if (exists($mount{$dn}{"mount"})) { 002 107 $data{$idx}{"MN"} = $mount{$dn}{"mount"}; 002 107 } 002 107 002 107 # 002 107 # Where in the cluster it is mounted. 002 107 # 002 107 if (exists($mount{$dn}{"where"})) { 002 107 $data{$idx}{"MO"} = join(", ", sort @{$mount{$dn}{"where"}}); 002 107 } 002 107 002 107 foreach $fld (sort keys %{$data{$idx}}) 002 107 { 002 107 print "$fld : $data{$idx}{$fld}\n"; 002 107 } 002 107 002 107 print "@\n"; 002 107 } 002 107 } 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 121 60 002 151 0 0 0 0 0 0 0 0 0 0 0 0 0 002 152 14024661 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT pre-processing, post-processing, 002 109 # menu and server scripts. 002 109 # 002 109 002 109 # 002 109 # Class to string. 002 109 # 002 109 my %devclass = (); 002 109 002 109 $devclass{1} = "Disk"; 002 109 $devclass{2} = "Tape"; 002 109 $devclass{32} = "SCom"; 002 109 $devclass{65} = "Card reader"; 002 109 $devclass{66} = "Terminal"; 002 109 $devclass{67} = "Line printer"; 002 109 $devclass{70} = "Workstation"; 002 109 $devclass{96} = "Real time"; 002 109 $devclass{97} = "DEC voice"; 002 109 $devclass{98} = "Audio"; 002 109 $devclass{128} = "Bus"; 002 109 $devclass{160} = "Mailbox"; 002 109 $devclass{170} = "Remote console storage"; 002 109 $devclass{200} = "Miscellaneous"; 002 109 002 109 # 002 109 # Status (STS) to string. 002 109 # 002 109 my %sts = (); 002 109 002 109 $sts{1} = "Timeout enabled"; 002 109 $sts{2} = "Interrupt expected"; 002 109 $sts{4} = "Error log in progress"; 002 109 $sts{8} = "I/O canceled"; 002 109 $sts{16} = "Online"; 002 109 $sts{32} = "Power failed"; 002 109 $sts{64} = "Timeout"; 002 109 $sts{128} = "Receiver interrupt"; 002 109 $sts{256} = "Busy"; 002 109 $sts{512} = "Mounting"; 002 109 $sts{1024} = "Deallocate at dismount"; 002 109 $sts{2048} = "Software valid"; 002 109 $sts{4096} = "Unload at dismount"; 002 109 $sts{8192} = "Template device"; 002 109 $sts{16384} = "Mount verification"; 002 109 $sts{32768} = "Wrong volume"; 002 109 $sts{65536} = "Delete UCB"; 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $! 002 111 $! Routines common to all VMS menu and server scripts. 002 111 $! 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # UNIX Shell script (Korn). | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! VMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $! 002 105 $ set noon 002 105 $ set noverify 002 105 $ set proc/priv=all 002 105 $! 002 105 $ SS_NORMAL = 1 002 105 $ SS_ABORT = 44 002 105 $! 002 105 $! Sysman, use a temp file 002 105 $! 002 105 $ if INPUT_CW .eqs. "1" 002 105 $ then 002 105 $ write sys$output "{{SYSMAN_ON" 002 105 $! 002 105 $ filename = "sysgem_sysman_tmp.com;1" 002 105 $! 002 105 $ open /write tmp 'filename 002 105 $ write tmp "set environment /cluster" 002 105 $ write tmp "do show device /mounted" 002 105 $ write tmp "exit" 002 105 $ close tmp 002 105 $! 002 105 $ type 'filename 002 105 $! 002 105 $ define /user sys$input 'filename 002 105 $ mcr sysman 002 105 $! 002 105 $ write sys$output "{{SYSMAN_OFF" 002 105 $! 002 105 $ delete /nolog /noconfirm 'filename 002 105 $! 002 105 $ endif 002 105 $! 002 105 $! Use f$device to run through the list of devices. 002 105 $! 002 105 $ device = "*" 002 105 $! 002 105 $ if INPUT_DE .nes. "" then device = INPUT_DE 002 105 $! 002 105 $ next_device: 002 105 $ device_name = f$device(device) 002 105 $ if device_name .eqs. "" then exit 002 105 $! 002 105 $! Now use f$getdvi to get more information. 002 105 $! 002 105 $ devclass = f$getdvi(device_name, "devclass") 002 105 $ errcnt = f$getdvi(device_name, "errcnt") 002 105 $ devsts = f$getdvi(device_name, "devsts") 002 105 $ host_name = f$getdvi(device_name, "host_name") 002 105 $! devtype = f$getdvi(device_name, "devtype") 002 105 $ device_type_name = f$getdvi(device_name, "device_type_name") 002 105 $ volnam = f$getdvi(device_name, "volnam") 002 105 $ mountcnt = f$getdvi(device_name, "mountcnt") 002 105 $ media_name = f$getdvi(device_name, "media_name") 002 105 $ sts = f$getdvi(device_name, "sts") 002 105 $ transcnt = f$getdvi(device_name, "transcnt") 002 105 $! tt_phydevnam = f$getdvi(device_name, "tt_phydevnam") 002 105 $! 002 105 $! Error threshold. 002 105 $! 002 105 $ if INPUT_ER .eqs. "" .or. errcnt .ge. INPUT_ER 002 105 $ then 002 105 $! 002 105 $! Remove _ from start of device name. 002 105 $! 002 105 $ if f$extract(0,1,device_name) .eqs. "_" 002 105 $ then 002 105 $ device_name = f$extract(1,999,device_name) 002 105 $ endif 002 105 $! 002 105 $ write sys$output "DN : ''device_name'" 002 105 $! write sys$output "TY : ''media_name'" 002 105 $ write sys$output "TY : ''device_type_name'" 002 105 $ write sys$output "HO : ''host_name'" 002 105 $ write sys$output "CL : ''devclass'" 002 105 $ write sys$output "EC : ''errcnt'" 002 105 $ write sys$output "SA : ''sts'" 002 105 $! write sys$output "SB : ''devsts'" 002 105 $ write sys$output "VN : ''volnam'" 002 105 $ write sys$output "MN : ''mountcnt'" 002 105 $ write sys$output "TR : ''transcnt'" 002 105 $ write sys$output "@" 002 105 $! 002 105 $ endif 002 105 $! 002 105 $ goto next_device 002 105 $ 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 Class 002 205 CL 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 1 002 @C@ 002 # 002 201 Device Name 002 205 DN 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 1 002 @C@ 002 # 002 201 Type 002 205 TY 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 1 002 @C@ 002 # 002 201 Error Count 002 205 EC 002 208 002 202 2 002 203 1 002 207 0 002 204 2 002 206 4 002 @C@ 002 # 002 201 Host 002 205 HO 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 1 002 @C@ 002 # 002 201 Status 002 205 SA 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 1 002 @C@ 002 # 002 201 Volume Name 002 205 VN 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 1 002 @C@ 002 # 002 201 Transactions 002 205 TR 002 208 002 202 2 002 203 1 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 Mount Cnt 002 205 MN 002 208 002 202 2 002 203 1 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 Mounted On 002 205 MO 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 1 002 @C@ 002 # 002 301 0 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 420 0 002 421 002 421 002 421 002 421 002 421 002 421 002 421 002 421 New Page 1 002 421 002 421 002 421 002 421 002 421

Enter values to control the display:

002 421

Device

002 421

Specifies the name of a device for which information is to be displayed. 002 421 The device name displayed by the system uses the 002 421 format ddcu where dd is the device code, c is the controller 002 421 designation, and u is the unit number. If the system is part of a 002 421 VMScluster that is running with hierarchical storage controllers 002 421 (HSCs), the device name must include the node name using the 002 421 format node$ddcu (where node is the node name). 

002 421

You can specify a complete device name or only a portion of 002 421 a device name with the * and % wildcards.

002 421

For example, *DSA* or *DK* or *MKA*. 

002 421

Errors

002 421

When the error count is greater than or equal to the error threshold value 002 421 then the field is highlighted.

002 421 002 421

Status

002 421

Use this field to filter the returned values by the status string. For 002 421 example, to display only the devices which are write locked, enter wrtlck.

002 421

Match

002 421

If more than one status string is selected, you select whether all or any 002 421 must match the device's status.

002 421 002 421

Cluster-Wide

002 421 002 421

If checked then SYSMAN is used in the VMS script to show:

002 421 002 421
002 421
    002 421
  1. The nodes in the cluster where the device is mounted,
    2. 002 421
  2. The transaction count for the whole cluster,
    3. 002 421
  3. The mount count for the whole cluster, and
    4. 002 421
  4. The total error count for the whole cluster.
    5. 002 421
002 421
002 421

Using the cluster-wide option makes the VMS script slower.

002 421 002 421 002 421 002 421 002 421 002 122 print "\@{{HEADER_OFF\n"; 002 122 002 122 # 002 122 # All status. 002 122 # 002 122 my @status = (); 002 122 002 122 foreach $fld (keys %sts) 002 122 { 002 122 push(@status, $sts{$fld}); 002 122 } 002 122 002 122 print "ST @ ", join("\\", sort @status), "\n"; 002 401 ZA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~f~oSelect the devices to be displayed, then press "OK". 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZB 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 DE 002 427 16777215 002 405 Specifies the name of the device. 002 428 002 425 002 431 000 002 423 002 424 0 002 406 40 002 432 002 422 0 002 407 002 402 Device: 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ER 002 427 16777215 002 405 002 428 0 002 425 002 431 000 002 423 002 424 0 002 406 57 002 432 002 422 0 002 407 002 402 Error threshold: 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ST 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 002 422 0 002 407 002 402 Status: 002 404 11 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 MA 002 427 16777215 002 405 Match all strings or any 002 428 Any 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Match: 002 404 3 002 403 Any\All 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZC 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 CW 002 427 16777215 002 405 002 428 0 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Cluster-wide: 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS Account Probe 002 106 002 113 002 129 1 002 102 002 102

This display lists key security fields for accounts on OpenVMS systems.

002 102

Of interest are:

002 102
    002 102
  • Login Fails - the number of login failures since the last successful 002 102 login.
    • 002 102
  • Last login time.
    • 002 102
  • Minimum password length.
    • 002 102
  • Privilege level.
    • 002 102
002 102

Created 2003-12-15 13:03:54 by Sysgem AG

002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the agent. 002 107 # 002 107 # 002 107 use Sysgem; 002 107 use strict; 002 107 002 107 # 002 107 # Load input array. 002 107 # 002 107 LoadInputArray(); 002 107 002 107 # 002 107 # Replace. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # Run through the data, load into a hash. 002 107 # 002 107 my %data = (); 002 107 my $key = 0; 002 107 002 107 foreach my $line (@input_array) 002 107 { 002 107 if (substr($line,2,3) eq " : ") 002 107 { 002 107 my $code = substr($line,0,2); 002 107 my $value = substr($line,5); 002 107 002 107 if ($code eq "US") { 002 107 $key = $value; 002 107 } 002 107 002 107 $data{$key}{$code} = $value; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Now display, apply the startup filter. 002 107 # 002 107 foreach my $key (keys %data) 002 107 { 002 107 if (($INPUT_DI ne "1") && ($data{$key}{"ST"} ne "1")) { 002 107 next; 002 107 } 002 107 002 107 if ($data{$key}{"LF"} < $INPUT_LF) { 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Convert enabled status from 1,0 to tick,cross. 002 107 # 002 107 $data{$key}{"ST"} = ($data{$key}{"ST"} eq "1") ? "#icon tick" : "#icon cross"; 002 107 002 107 foreach my $fld (keys %{$data{$key}}) { 002 107 print "$fld : " . $data{$key}{$fld} . "\n"; 002 107 } 002 107 002 107 print "@\n"; 002 107 } 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the agent. 002 108 # 002 108 # 002 121 0 002 151 4294967279 0 0 0 400 0 0 0 0 1 2 1 49 Courier 002 152 12615808 002 154 0 002 153 0 002 159 1 002 157 1 002 150 1 002 156 0 002 158 3 002 260 3 002 109 # 002 109 # Routines common to all NT pre-processing, post-processing, 002 109 # menu and agent scripts. 002 109 # 002 109 #use Sysgem; 002 110 # 002 110 # Routines common to all UNIX menu and agent scripts. 002 110 # 002 111 $! 002 111 $! Routines common to all VMS menu and agent scripts. 002 111 $! 002 126 /***********************************************************/ 002 126 /* */ 002 126 /* Routines common to all AS/400 menu and agent scripts. */ 002 126 /* */ 002 126 /***********************************************************/ 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the agent. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #!/bin/ksh -ph 002 104 # 002 104 #{{SHELL_LINUX #!/bin/sh 002 104 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # (Main) UNIX Shell script. | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the agent. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! VMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the agent. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $! 002 105 $! 002 105 $! Start accounts executable via a foreign command. 002 105 $! 002 105 $ is_alpha = F$GETSYI("NODE_HWTYPE") .eqs. "ALPH" 002 105 $ if is_alpha 002 105 $ then 002 105 $ accounts == "$''P1'ssm-accounts-axp.exe" 002 105 $ else 002 105 $ accounts == "$''P1'ssm-accounts-vax.exe" 002 105 $ endif 002 105 $! 002 105 $ FLD_ACCOUNT = "AC : " 002 105 $ FLD_USERNAME = "US : " 002 105 $ FLD_OWNER = "OW : " 002 105 $ FLD_EXPIRATION = "EX : " 002 105 $ FLD_FLAG_CLR_DISACNT = "ST : 1" 002 105 $ FLD_FLAG_SET_DISACNT = "ST : 0" 002 105 $ FLD_LASTLOGIN_I = "LI : " 002 105 $ FLD_LASTLOGIN_N = "LN : " 002 105 $ FLD_LOGFAILS = "LF : " 002 105 $ FLD_PRIV_CAT = "PC : " 002 105 $ FLD_PRIV = "PV : " 002 105 $ FLD_DEF_PRIV = "DP : " 002 105 $ FLD_DEF_PRIV_CAT = "DC : " 002 105 $ FLD_PWD_LENGTH = "PL : " 002 105 $ FLD_EOR = "@" 002 105 $! 002 105 $ accounts -a 002 123 /**************************************************/ 002 123 /* */ 002 123 /* (Main) AS/400 Agent script */ 002 123 /* */ 002 123 /* This script runs on the Sysgem AS/400 agent. */ 002 123 /* It returns the values shown in the display. */ 002 123 /* */ 002 123 /**************************************************/ 002 123 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 1 002 141 10 002 142 DI,LF 002 130 0 002 131 0 002 # 002 201 Username 002 205 US 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Account 002 205 AC 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Owner 002 205 OW 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Enabled 002 205 ST 002 208 002 202 1 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Login Fails 002 205 LF 002 208 002 202 1 002 203 1 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 Last Interactive Login 002 205 LI 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 3 002 @C@ 002 # 002 201 Last Network Login 002 205 LN 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 3 002 @C@ 002 # 002 201 Expiration 002 205 EX 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 3 002 @C@ 002 # 002 201 Min Pwd Len 002 205 PL 002 208 002 202 1 002 203 1 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 Privileges 002 205 PV 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Default Privs 002 205 VP 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Privilege Level 002 205 PC 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Def Priv Level 002 205 DC 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 301 0 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 420 0 002 421 002 421

Options:

002 421
    002 421
  • Include disabled [X] - if checked then disabled accounts are included in 002 421 the listing.
    • 002 421
  • Min login fails [__] - only accounts with at least this number of 002 421 login failures are included in the listing.
    • 002 421
002 421

For example to display only the enabled accounts with 5 or more login 002 421 failures leave Include disabled unchecked and enter 5 in the Min login 002 421 fails field.

002 421 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # | 002 122 # Windows NT script (PERL). | 002 122 # | 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # 002 122 # 002 122 # Use this script to set the values displayed in the above 002 122 # fields. This script runs on the Sysgem client (GUI). 002 122 # 002 122 print "\@{{HEADER_OFF\n"; 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~f~oSelect input filtering options, then press 'OK' 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 DI 002 427 16777215 002 405 002 428 0 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Include disabled: 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 LF 002 427 16777215 002 405 002 428 1 002 425 002 431 000 002 423 ## 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Min log fails: 002 404 20 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS Audit File Access Summary 002 106 002 113 002 129 1 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 New Page 1 002 102 002 102 002 102 002 102 002 102

This display uses the Audit Analysis utility (ANALYZE/AUDIT) to create a 002 102 summary of file access entries.

002 102 002 102

The format of the VMS DCL Command to list the failure entries between October 002 102 1st 2003 and October 10th 2003 is:

002 102 
$ analyze /audit              -
002 102           /full               -
002 102           /event=access       -
002 102           /select=(status=failure,object=class=file) -
002 102           /since=01-OCT-2003  -
002 102           /before=10-OCT-2003 -
002 102           SYS$MANAGER:SECURITY.AUDIT$JOURNAL
002 102 002 102

The output is processed in the post-processing script to provide a summary on 002 102 a per-user, per-file basis.

002 102 002 102 002 102 002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 # 002 107 use Sysgem; 002 107 002 107 # 002 107 # Replace current output. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # Between @{{AUDIT_ON + Valid header and @{{AUDIT_OFF 002 107 # 002 107 my $copy = 0; 002 107 my $load = 0; 002 107 my $error = 0; 002 107 my @errors = (); 002 107 my %data = (); 002 107 my $user = ""; 002 107 my $file = ""; 002 107 my $access = ""; 002 107 002 107 LoadInputArray(); 002 107 002 107 foreach $line (@input_array) 002 107 { 002 107 # 002 107 # Errors off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{ERROR_OFF") { 002 107 $error = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Errors on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{ERROR_ON") { 002 107 $error = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # An error. 002 107 # 002 107 if ($error) 002 107 { 002 107 push(@errors, $line); 002 107 } 002 107 002 107 if ($copy && substr($line,0,20) eq "--------------------") { 002 107 $load = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Output off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{AUDIT_OFF") { 002 107 $copy = 0; 002 107 $load = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Output on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{AUDIT_ON") { 002 107 $copy = 1; 002 107 next; 002 107 } 002 107 002 107 if ($copy && substr($line,0,9) eq "Username:") { 002 107 $load = 1; 002 107 } 002 107 002 107 # 002 107 # Loading... 002 107 # 002 107 if ($load) 002 107 { 002 107 # 002 107 # Required data. 002 107 # 002 107 if (substr($line,0,9) eq "Username:") 002 107 { 002 107 my @parts = split(": ", $line); 002 107 my @users = split(" ", Sysgem::TrimLeftRight($parts[1])); 002 107 002 107 $user = $users[0]; 002 107 } 002 107 002 107 elsif (substr($line,0,10) eq "File name:" || 002 107 substr($line,0,15) eq "Directory name:" || 002 107 substr($line,0,12) eq "Object name:") 002 107 { 002 107 my @parts = split(": ", $line); 002 107 $file = Sysgem::TrimLeftRight($parts[1]); 002 107 } 002 107 002 107 elsif (substr($line,0,17) eq "Access requested:") 002 107 { 002 107 my @parts = split(": ", $line); 002 107 $access = Sysgem::TrimLeftRight($parts[1]); 002 107 002 107 $data{$user}{$file}{$access}++; 002 107 002 107 $user = ""; 002 107 $file = ""; 002 107 $access = ""; 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Dump the data. 002 107 # 002 107 foreach my $user (keys %data) 002 107 { 002 107 foreach my $file (keys %{$data{$user}}) 002 107 { 002 107 my @details = (); 002 107 my $total = 0; 002 107 002 107 foreach my $type (keys %{$data{$user}{$file}}) 002 107 { 002 107 my $count = $data{$user}{$file}{$type}; 002 107 002 107 push(@details, "$type = $count"); 002 107 002 107 $total += $count; 002 107 } 002 107 002 107 print "US : $user\n"; 002 107 print "FN : $file\n"; 002 107 print "AC : $total\n"; 002 107 print "DE : " . join(", ", sort @details) . "\n"; 002 107 print "@\n"; 002 107 } 002 107 } 002 107 002 107 # 002 107 # The window title. 002 107 # 002 107 my $title = ""; 002 107 002 107 if (@errors) 002 107 { 002 107 $title = "$INPUT_ST - Errors - see logfile\n"; 002 107 002 107 print "\@{{ON Analyze /Audit\n"; 002 107 print "\@{{ERROR\n"; 002 107 002 107 foreach $error (@errors) 002 107 { 002 107 print "$error\n"; 002 107 } 002 107 002 107 print "\@{{OFF\n"; 002 107 } 002 107 else 002 107 { 002 107 $title = $INPUT_ST; 002 107 } 002 107 002 107 print "\@{{ADD_WINDOW_TITLE $title\n"; 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 121 0 002 151 0 0 0 0 0 0 0 0 0 0 0 0 0 002 152 16777215 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT pre-processing, post-processing, 002 109 # menu and server scripts. 002 109 # 002 109 #use Sysgem; 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $!++ 002 111 $! 002 111 $! A command. 002 111 $! 002 111 $! Input: DCL Command. 002 111 $! 002 111 $ dcl_command: 002 111 $ subroutine 002 111 $! 002 111 $ set default sys$system 002 111 $ type_mode == "''P1'" 002 111 $! 002 111 $ write sys$output "@{{SI $ ''INPUT_OP'" 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ define /nolog /user sys$error sysgem_error.tmp 002 111 $ define /nolog /user sys$output sysgem_output.tmp 002 111 $! 002 111 $ 'P1 002 111 $! 002 111 $ if type_mode .eqs. "SILENT" 002 111 $ then 002 111 $ call type_file sysgem_error.tmp 002 111 $ call type_file sysgem_output.tmp 002 111 $ else 002 111 $ call show_file sysgem_error.tmp 002 111 $ call show_file sysgem_output.tmp 002 111 $ endif 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Remove a file. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ remove_file: 002 111 $ subroutine 002 111 $! 002 111 $ if f$search("''P1'") .nes. "" 002 111 $ then 002 111 $ delete /nolog /noconfirm 'P1 002 111 $ endif 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents without adding any print formatting. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ type_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=err tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=eof /error=err tmp line 002 111 $! 002 111 $! type the file 002 111 $! 002 111 $ write sys$output "# ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ err: 002 111 $ eof: 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ show_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=on_error tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=on_eof /error=on_error tmp line 002 111 $! 002 111 $! Fatal. 002 111 $! 002 111 $ if f$locate("UAF-F-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Error. 002 111 $! 002 111 $ if f$locate("UAF-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("CLI-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Warning. 002 111 $! 002 111 $ if f$locate("UAF-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("DCL-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Default - information. 002 111 $! 002 111 $ write sys$output "@{{SI ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ on_error: 002 111 $ on_eof: 002 111 $! 002 111 $ if is_open .eq. 1 then close tmp 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!++ 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #!/bin/ksh -ph 002 104 # 002 104 #{{SHELL_LINUX #!/bin/sh 002 104 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # (Main) UNIX Shell script. | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! VMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $! 002 105 $ before = "" 002 105 $ since = "" 002 105 $ filespec = "SYS$MANAGER:SECURITY.AUDIT$JOURNAL" 002 105 $ ip_status = INPUT_ST 002 105 $! 002 105 $ if INPUT_FA .nes. "" then filespec = INPUT_FA 002 105 $ if INPUT_BE .nes. "" then before = "/before=''INPUT_BE'" 002 105 $ if INPUT_SI .nes. "" then since = "/since=''INPUT_SI'" 002 105 $! 002 105 $ set noon 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 105 $! 002 105 $! Show file size. 002 105 $! 002 105 $ dir /size=all 'filespec 002 105 $! 002 105 $ show time 002 105 $! 002 105 $! Show the command. 002 105 $! 002 105 $ set verify 002 105 $ define /user sys$error sysgem_audit.err 002 105 $ analyze /audit - 002 105 /full - 002 105 /event=access - 002 105 /select=(status='ip_status,object=class=file) - 002 105 'since - 002 105 'before - 002 105 /output=sysgem_audit.lis - 002 105 'filespec 002 105 $ set noverify 002 105 $! 002 105 $ show time 002 105 $! 002 105 $! Reduce the output size by using search to extract interesting 002 105 $! entries. Note that the Status could be returned if an indication 002 105 $! of the failure reason is required. 002 105 $! 002 105 $ search sysgem_audit.lis - 002 105 /output=sysgem_audit.sea - 002 105 /key=position=1 - 002 105 "Username:","File name:","Directory name:","Object name:","Access requested:" 002 105 $! 002 105 $ write sys$output "@{{AUDIT_ON" 002 105 $ if f$search("sysgem_audit.sea") .nes. "" then type /nopage sysgem_audit.sea 002 105 $ write sys$output "@{{AUDIT_OFF" 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" 002 105 $ then 002 105 $ write sys$output "@{{ERROR_ON" 002 105 $ type /nopage sysgem_audit.err 002 105 $ write sys$output "@{{ERROR_OFF" 002 105 $ endif 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 105 $ if f$search("sysgem_audit.sea") .nes. "" then delete /nolog /noconfirm sysgem_audit.sea;* 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 Username 002 205 US 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 File Name 002 205 FN 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Accesses 002 205 AC 002 208 002 202 2 002 203 1 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 Details 002 205 DE 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 301 0 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 # 002 311 DCL Command 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 1 002 # 002 312 002 312

Select a preset SET AUDIT option to enable or disable a specific auditing 002 312 option.

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 330 my @op = (); 002 330 002 330 push(@op, "set audit /audit /enable=access=failure/class=file"); 002 330 push(@op, "set audit /audit /disable=access=failure/class=file"); 002 330 002 330 push(@op, "set audit /audit /enable=login=all"); 002 330 push(@op, "set audit /audit /disable=login=all"); 002 330 002 330 push(@op, "set audit /audit /enable=authorization"); 002 330 push(@op, "set audit /audit /disable=authorization"); 002 330 002 330 push(@op, "set audit /audit /enable=breakin=all"); 002 330 push(@op, "set audit /audit /disable=breakin=all"); 002 330 002 330 print "OP @ " . join("\\", @op) . "\n"; 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "''INPUT_OP'" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 317 OP 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 1 002 357 002 318 Option: 002 320 3 002 319 002 @F@ 002 # 002 @M@ 002 # 002 311 - 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 2 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Audit Settings 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 3 002 # 002 312 002 312

Show the current audit settings.

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "show audit" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 @M@ 002 420 0 002 421 002 421 002 421 002 421 002 421 002 421 002 421 002 421 New Page 1 002 421 002 421 002 421 002 421 002 421

If the File spec field is not checked then the default database file 002 421 SYS$MANAGER:SECURITY.AUDIT$JOURNAL is analyzed. You can 002 421 specify one or more alternate security audit log files as input to ANALYZE/AUDIT. 002 421 If you specify more than one file name, separate the names with commas.

002 421 002 421

Enter the Before and Since dates in VMS format, for example:

002 421
    002 421
  • 02-OCT-1999
    • 002 421
  • 31-DEC-2000
    • 002 421
002 421 002 421

In addition, you can use:

002 421
    002 421
  • BOOT,
    • 002 421
  • TODAY,
    • 002 421
  • TOMORROW,
    • 002 421
  • YESTERDAY.
    • 002 421
002 421 002 421

Select with Success or Failure for the Status field, then Press Apply.

002 421 002 421 002 421 002 421 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # | 002 122 # Windows NT script (PERL). | 002 122 # | 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # 002 122 # 002 122 # Use this script to set the values displayed in the above 002 122 # fields. This script runs on the Sysgem client (GUI). 002 122 # 002 122 # 002 122 002 122 print "\@{{HEADER_OFF\n"; 002 122 002 122 # 002 122 # Load default spec if none returned from the registry. 002 122 # 002 122 if ($VALUE_FA eq "") 002 122 { 002 122 print "FA : SYS\$MANAGER\:SECURITY\.AUDIT\$JOURNAL\n"; 002 122 } 002 122 002 122 # 002 122 # All event types. 002 122 # 002 122 my @events = (); 002 122 002 122 push(@events, qw(ACCESS AUDIT AUTHORIZATION BREAKIN CONNECTION CREATE DEACCESS)); 002 122 push(@events, qw(DELETE INSTALL LOGFAIL LOGIN LOGOUT MOUNT NCP NETPROXY PRIVILEGE)); 002 122 push(@events, qw(PROCESS RIGHTSDB SYSGEN SYSUAF TIME)); 002 122 002 122 print "EV @ ", join("\\", @events), "\n"; 002 401 ZA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~f~oSelect the autit trail file, the date range, and the events to be displayed. 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZB 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 FA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 33 002 432 002 422 0 002 407 002 402 File spec: 002 404 0 002 403 002 429 3 002 430 1 002 @P@ 002 # 002 401 BE 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 002 422 0 002 407 002 402 Before: 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 SI 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 002 422 0 002 407 002 402 Since: 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ST 002 427 16777215 002 405 002 428 Failure 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Status: 002 404 3 002 403 Failure\Success 002 429 1 002 430 1 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS File Monitor 002 106 002 113 002 129 1 002 112 User=[System] Access=[Edit + Execute] 002 112 Token=[SSyM Privileged :: Processes] Access=[Execute] 002 112 Token=[SSyM Full :: Processes] Access=[Execute] 002 112 Token=[SSyM Restricted :: Processes] Access=[Execute] 002 102 002 102

002 102 This is an OpenVMS Open Files display, based on the VMS Processes display 002 102 combined with lists of open files.

002 102

002 102 002 102 The process information is obtained via $GETJPI, the open files from the DCL command SHOW DEVICE /FILE /NOSYSTEM.

002 102

002 102 The two are then merged to generated the output shown here. 002 102 002 102 There is no dangerous kernel-mode programmig.

002 102

002 102 Originally created 02/02/2001 13:01:21 by Sysgem AG.

002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 # 002 107 002 107 my $cpu = ""; 002 107 my $pid = ""; 002 107 my @old_data = (); 002 107 my @new_data = (); 002 107 my %old = (); 002 107 my %data = (); 002 107 my %file = (); 002 107 my $filename = "sysgem_vms_process_data_" . $WINDOW_INDEX . "_" . $server_name . ".txt"; 002 107 002 107 # 002 107 # Replace. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # If not the first pass then get the old data. 002 107 # 002 107 if ($LOOP_COUNTER > 0) 002 107 { 002 107 open(OLD_DATA, "< $filename"); 002 107 002 107 my $line = ""; 002 107 002 107 while(defined ($line =)) 002 107 { 002 107 chomp $line; 002 107 push(@old_data, $line); 002 107 } 002 107 002 107 close(OLD_DATA); 002 107 002 107 $old{"time"} = $old_data[0]; 002 107 002 107 for (my $idx = 1; $idx <= @old_data; $idx++) 002 107 { 002 107 my $pid = ""; 002 107 my $cpu = ""; 002 107 my $ms = ""; 002 107 002 107 ($pid, $cpu, $ms) = split(" ", $old_data[$idx]); 002 107 002 107 $old{$pid} = "$cpu $ms"; 002 107 } 002 107 } 002 107 002 107 # 002 107 # The first line of the new data is the time here in seconds. 002 107 # 002 107 use Win32; 002 107 002 107 my $now = Win32::GetTickCount(); 002 107 002 107 push(@new_data,$now); 002 107 002 107 # 002 107 # From the returned data build a list of pids and CPU so far. 002 107 # This is stored for the next time around. 002 107 # 002 107 LoadInputArray(); 002 107 002 107 # 002 107 # Run through the data, load into a hash. 002 107 # 002 107 my $key = 0; 002 107 my $process = 0; 002 107 my $devices = 0; 002 107 my $devnam = ""; 002 107 002 107 foreach $line (@input_array) 002 107 { 002 107 if ($line =~ "{{PROCESSES_ON") { 002 107 $process = 1; 002 107 next; 002 107 } 002 107 002 107 if ($line =~ "{{PROCESSES_OFF") { 002 107 $process = 0; 002 107 next; 002 107 } 002 107 002 107 if ($line =~ "{{DEVICES_ON") { 002 107 $devices = 1; 002 107 002 107 # 002 107 # Get device name without _. 002 107 # 002 107 $devnam = substr($line,13); 002 107 002 107 if (substr($devnam,0,1) eq "_") { 002 107 $devnam = substr($devnam,1); 002 107 } 002 107 002 107 next; 002 107 } 002 107 002 107 if ($line =~ "{{DEVICES_OFF") { 002 107 $devices = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Process ? 002 107 # 002 107 if ($process) 002 107 { 002 107 if (substr($line,2,3) eq " : ") 002 107 { 002 107 my $code = substr($line,0,2); 002 107 my $value = substr($line,5); 002 107 002 107 $data{$key}{$code} = $value; 002 107 } 002 107 elsif ($line eq "@") 002 107 { 002 107 $key++; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Device - look for the banner. 002 107 # 002 107 elsif (($devices == 1) && 002 107 ($line =~ "Process name") && 002 107 ($line =~ "PID") && 002 107 ($line =~ "File name")) 002 107 { 002 107 $devices = 2; 002 107 } 002 107 002 107 # 002 107 # Device - look for an entry. 002 107 # 002 107 # Process name PID File name 002 107 # SMISERVER 2D800090 [SYSCOMMON.SYSLIB]SMI$OBJSHR.EXE;1 002 107 # CONFIGURE 2D800085 [SYSCOMMON.SYSLIB]IOGEN$SHARE.EXE;1 002 107 # SMISERVER 2D800090 [SYSCOMMON.SYSLIB]IOGEN$SHARE.EXE;1 002 107 # 002 107 elsif ($devices == 2) 002 107 { 002 107 # 002 107 # Extract the fields. 002 107 # 002 107 my $prn = substr($line,0,16); 002 107 my $pid = substr($line,16,8); 002 107 my $fil = substr($line,26); 002 107 002 107 if ($fil ne "") 002 107 { 002 107 push(@{$file{$pid}},$devnam . $fil); 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Now add the filenames into processes. 002 107 # 002 107 foreach $key (keys %data) 002 107 { 002 107 my $pid = $data{$key}{"PI"}; 002 107 002 107 if (exists($file{$pid})) 002 107 { 002 107 push(@{$data{$key}{"FI"}}, @{$file{$pid}}); 002 107 } 002 107 } 002 107 002 107 # 002 107 # If there is a match specified other than 'File name' then apply it. 002 107 # 002 107 if ($INPUT_MA =~ "name") 002 107 { 002 107 my $value1 = lc($INPUT_VA); 002 107 my $value2 = ""; 002 107 002 107 # 002 107 # For each process. 002 107 # 002 107 foreach $key (keys %data) 002 107 { 002 107 my $remove = 1; 002 107 002 107 # 002 107 # Get match field. 002 107 # 002 107 if ($INPUT_MA =~ "Image") { 002 107 $value2 = lc($data{$key}{"IM"}); 002 107 } 002 107 elsif ($INPUT_MA =~ "Process") { 002 107 $value2 = lc($data{$key}{"PN"}); 002 107 } 002 107 elsif ($INPUT_MA =~ "User") { 002 107 $value2 = lc($data{$key}{"UN"}); 002 107 $value2 =~s/^\s+//; 002 107 $value2 =~s/\s+$//; 002 107 } 002 107 else { 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Match - exact or partial. 002 107 # 002 107 if ($INPUT_EX eq "1") 002 107 { 002 107 # 002 107 # Exact. 002 107 # 002 107 if ($value2 eq $value1) { 002 107 $remove = 0; 002 107 } 002 107 } 002 107 else 002 107 { 002 107 # 002 107 # Partial. 002 107 # 002 107 if ($value2 =~ "$value1") { 002 107 $remove = 0; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Remove? 002 107 # 002 107 if ($remove) { 002 107 delete($data{$key}); 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Run through the (remaining) data. 002 107 # 002 107 foreach $key (keys %data) 002 107 { 002 107 # 002 107 # Convert dddd hh:mm:ss.cc to dddd hh mm ss cc 002 107 # 002 107 $cpu =~ s/:/ /g; 002 107 $cpu =~ s/\./ /g; 002 107 002 107 my @parts = split(" ", $cpu); 002 107 my $secs = 0; 002 107 my $milli = 0; 002 107 002 107 $secs = ($parts[0] * 24 * 60 * 60) + 002 107 ($parts[1] * 60 * 60) + 002 107 ($parts[2] * 60) + 002 107 ($parts[3]); 002 107 002 107 $milli = $parts[4] * 10; 002 107 002 107 push(@new_data, "$pid $secs $milli"); 002 107 002 107 # 002 107 # If there is old data then compute interval and CPU. 002 107 # 002 107 if ($LOOP_COUNTER) 002 107 { 002 107 my $interval = 0; 002 107 002 107 # 002 107 # This will wrap around every 49.7 days (!) 002 107 # 002 107 if ($now > $old{"time"}) 002 107 { 002 107 # 002 107 # Interval in ticks = milliseconds. 002 107 # 002 107 $interval = $now - $old{"time"}; 002 107 002 107 $data{$key}{"IZ"} = $interval; 002 107 002 107 # 002 107 # If there is a previous value for this PID then compute 002 107 # percentage. 002 107 # 002 107 002 107 if (exists($old{$pid})) 002 107 { 002 107 # 002 107 # Interval is in ticks = milliseconds. 002 107 # 002 107 my $old_cpu = $old{$pid}; 002 107 my $old_sec = ""; 002 107 my $old_ms = ""; 002 107 my $new_sec = $secs; 002 107 my $new_ms = $milli; 002 107 my $percent = 0; 002 107 002 107 ($old_sec, $old_ms) = split(" ", $old_cpu); 002 107 002 107 # 002 107 # Must have used more CPU. 002 107 # 002 107 if (($new_sec > $old_sec) || ($new_sec == $old_sec && $new_ms > $old_ms)) 002 107 { 002 107 # 002 107 # Compute the difference in milliseconds. 002 107 # 002 107 my $diff_sec = $new_sec - $old_sec; 002 107 my $diff_ms = 0; 002 107 002 107 if ($new_ms > $old_ms) 002 107 { 002 107 $diff_ms = $new_ms - $old_ms; 002 107 } 002 107 elsif ($old_ms > $new_ms) 002 107 { 002 107 $diff_sec--; 002 107 $diff_ms = $old_ms - $new_ms; 002 107 } 002 107 002 107 $diff_ms = $diff_ms + ($diff_sec * 1000); 002 107 002 107 $percent = ($diff_ms * 100) / $interval; 002 107 002 107 # my $cpu = sprint("%.1f", $percent); 002 107 002 107 $data{$key}{"CZ"} = sprintf("%.1f", $percent); 002 107 $data{$key}{"CH"} = sprintf("%d", $percent); 002 107 } 002 107 elsif ($new_sec == $old_sec && $new_ms == $old_ms) 002 107 { 002 107 $data{$key}{"CZ"} = "0.0"; 002 107 $data{$key}{"CH"} = "0.0"; 002 107 } 002 107 } 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Display. 002 107 # 002 107 foreach $key (keys %data) 002 107 { 002 107 my $value = lc($INPUT_VA); 002 107 002 107 foreach $file (@{$data{$key}{"FI"}}) 002 107 { 002 107 # 002 107 # Match filename. 002 107 # 002 107 if ($INPUT_MA =~ "File name") 002 107 { 002 107 # 002 107 # Partial. 002 107 # 002 107 if (lc($file) =~ $value) { 002 107 } else { 002 107 next; 002 107 } 002 107 } 002 107 002 107 foreach $fld (keys %{$data{$key}}) 002 107 { 002 107 if ($fld ne "FI") 002 107 { 002 107 my $value = $data{$key}{$fld}; 002 107 002 107 if ($INPUT_LC eq "1") { 002 107 $value = lc($value); 002 107 } 002 107 002 107 print "$fld : $value\n"; 002 107 } 002 107 } 002 107 002 107 if ($INPUT_LC eq "1") { 002 107 $file = lc($file); 002 107 } 002 107 002 107 print "FI : $file\n"; 002 107 print "@\n"; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Store the new data. 002 107 # 002 107 open(NEW_DATA, "> $filename") or die "Can't write to $filename: $!"; 002 107 002 107 foreach $line (@new_data) 002 107 { 002 107 print NEW_DATA "$line\n"; 002 107 } 002 107 002 107 close(NEW_DATA); 002 107 002 107 # 002 107 # Title. 002 107 # 002 107 my $title = ""; 002 107 002 107 if ($INPUT_MA =~ "name") 002 107 { 002 107 my $value = lc($INPUT_VA); 002 107 002 107 if ($INPUT_EX ne "1") 002 107 { 002 107 $value = "*" . $value . "*"; 002 107 } 002 107 002 107 $title = "Match = $INPUT_MA, Value = $value"; 002 107 } 002 107 002 107 print "\@{{ADD_WINDOW_TITLE $title\n"; 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 121 60 002 151 0 0 0 0 0 0 0 0 0 0 0 0 0 002 152 16777215 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT menu and server scripts. 002 109 # 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $! 002 111 $! Routines common to all VMS menu and server scripts. 002 111 $! 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # UNIX Shell script (Korn). | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! OpenVMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $ set noverify 002 105 $ set noon 002 105 $! 002 105 $! 002 105 $! Start performance monitor via a foreign command. 002 105 $! 002 105 $ is_alpha = F$GETSYI("NODE_HWTYPE") .eqs. "ALPH" 002 105 $ if is_alpha 002 105 $ then 002 105 $ processes == "$''P1'ssm-processes-axp.exe" 002 105 $ else 002 105 $ processes == "$''P1'ssm-processes-vax.exe" 002 105 $ endif 002 105 $! 002 105 $! Define symbols. 002 105 $! 002 105 $ if INPUT_IN .eqs. "1" then FLD_MATCH_MODE_I = "" 002 105 $ if INPUT_NE .eqs. "1" then FLD_MATCH_MODE_N = "" 002 105 $ if INPUT_BA .eqs. "1" then FLD_MATCH_MODE_B = "" 002 105 $ if INPUT_OT .eqs. "1" then FLD_MATCH_MODE_O = "" 002 105 $! 002 105 $ FLD_MATCH_USERNAME = "" ! INPUT_UN 002 105 $! 002 105 $ FLD_PID = "PI : " 002 105 $ FLD_USERNAME = "UN : " 002 105 $ FLD_IMAGNAME = "IM : " 002 105 $ FLD_PRCNAM = "PN : " 002 105 $ FLD_CPUTIM = "CP : " 002 105 $ FLD_PRI = "PR : " 002 105 $ FLD_STATE = "ST : " 002 105 $ FLD_MODE = "MO : " 002 105 $ FLD_JOBTYPE = "JO : " 002 105 $ FLD_TERMINAL = "TE : " 002 105 $ FLD_LOGINTIM = "LO : " 002 105 $ FLD_EOR = "@" 002 105 $! 002 105 $ write sys$output "{{PROCESSES_ON" 002 105 $ processes -p 002 105 $ write sys$output "{{PROCESSES_OFF" 002 105 $! 002 105 $ next_disk: 002 105 $ device_name = f$device("*","disk") 002 105 $ if device_name .nes. "" 002 105 $ then 002 105 $ write sys$output "{{DEVICES_ON ''device_name'" 002 105 $ show device 'device_name /files /nosystem 002 105 $ write sys$output "{{DEVICES_OFF" 002 105 $ goto next_disk 002 105 $ endif 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 PID 002 205 PI 002 208 002 202 0 002 203 0 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Process name 002 205 PN 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Username 002 205 UN 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Login time 002 205 LO 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 CPU Percent 002 205 CZ 002 208 002 202 1 002 203 0 002 207 0 002 204 2 002 206 2 002 @C@ 002 # 002 201 CPU History (%) 002 205 CH 002 208 002 202 0 002 203 0 002 207 0 002 204 8 002 206 2 002 @C@ 002 # 002 201 CPU Time 002 205 CP 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Jobtype 002 205 JO 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Mode 002 205 MO 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Priority 002 205 PR 002 208 002 202 1 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 State 002 205 ST 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Image 002 205 IM 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Terminal 002 205 TE 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Interval 002 205 IZ 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 Filename 002 205 FI 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 301 0 Modify 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 # 002 311 Priority 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 1 002 # 002 312 Set a new base priority 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set verify 002 352 $! 002 352 $! Set new priority. 002 352 $! 002 352 $ set process /identification='ENTRY_PI /priority='INPUT_PR 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set verify 002 353 $! 002 353 $! Set new priority. 002 353 $! 002 353 $ set process /identification='ENTRY_PI /priority='INPUT_PR 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Set new priority. 002 316 $! 002 316 $ set process /identification='ENTRY_PI /priority='INPUT_PR 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 PR 002 343 16777215 002 323 New priority 002 344 002 332 002 347 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 Priority 002 320 3 002 319 0\1\2\3\4\5\6\7 002 @F@ 002 # 002 @M@ 002 # 002 311 Stop 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 2 002 # 002 312 Force the selected process to exit 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set verify 002 352 $! 002 352 $! Stop (kill) a process. 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 352 $! 002 352 $ stop /identification='ENTRY_PI 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set verify 002 353 $! 002 353 $! Stop (kill) a process. 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 353 $! 002 353 $ stop /identification='ENTRY_PI 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Stop (kill) a process. 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 316 $! 002 316 $ stop /identification='ENTRY_PI 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 - 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 3 002 # 002 312 Help text... 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 314 use Sysgem; 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 315 #!/bin/ksh -ph 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Suspend 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 4 002 # 002 312 Suspend the selected processes 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set verify 002 352 $! 002 352 $! Suspend a process. 002 352 $! 002 352 $ set process /identification='ENTRY_PI /suspend 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set verify 002 353 $! 002 353 $! Suspend a process. 002 353 $! 002 353 $ set process /identification='ENTRY_PI /suspend 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Suspend a process. 002 316 $! 002 316 $ set process /identification='ENTRY_PI /suspend 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Resume 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 5 002 # 002 312 Resume a suspend process 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set verify 002 352 $! 002 352 $! Resume a process. 002 352 $! 002 352 $ set process /identification='ENTRY_PI /resume 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set verify 002 353 $! 002 353 $! Resume a process. 002 353 $! 002 353 $ set process /identification='ENTRY_PI /resume 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Resume a process. 002 316 $! 002 316 $ set process /identification='ENTRY_PI /resume 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 420 0 002 421 002 421 002 421 002 421 002 421 002 421 002 421 New Page 1 002 421 002 421 002 421 002 421 002 421

To filter the processes / files which are displayed:

002 421
    002 421
  • Use the Match Field, and / or
    • 002 421
  • The Batch, Interactive, Network, Other checkboxes.
    • 002 421
002 421 002 421 002 421 002 421 002 122 print "\@{{HEADER_OFF\n"; 002 401 ZA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~f~oEnter optional selection criteria, then press "OK". 002 404 4 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 ZB 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~bMatch 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 MA 002 427 16777215 002 405 Field to match 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Field 002 404 3 002 403 \File name\Image name\Process name\Username 002 429 1 002 430 1 002 @P@ 002 # 002 401 VA 002 427 16777215 002 405 Value to match 002 428 002 425 002 431 000 002 423 002 424 0 002 406 10 002 432 002 422 0 002 407 002 402 Value 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 EX 002 427 16777215 002 405 Match whole string 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Exact 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~bDisplay 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 LC 002 427 16777215 002 405 Display all output in lowercase 002 428 1 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Lowercase 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 ~bProcess Types 002 404 4 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 BA 002 427 16777215 002 405 Batch mode processes 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Batch 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 IN 002 427 16777215 002 405 Interactive mode processes 002 428 1 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Interactive 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 NE 002 427 16777215 002 405 Network mode processes 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Network 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 OT 002 427 16777215 002 405 All other mode processes 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Other 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS Intrusion Records 002 106 002 113 002 129 1 002 112 User=[System] Access=[Edit + Execute] 002 112 Token=[SAcM Full] Access=[Execute] 002 112 Token=[SAcM Helpdesk] Access=[Execute] 002 112 Token=[SAcM Restricted] Access=[Execute] 002 112 Token=[SAcM Supervisor] Access=[Execute] 002 102 002 102

002 102 Displays the contents of the OpenVMS intrusion database, requires SECURITY 002 102 privilege.

002 102

002 102 Originally created 07/02/2000 18:32:50 by Sysgem AG.

002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 002 107 LoadInputArray(); 002 107 002 107 # 002 107 # Replace the output. 002 107 # 002 107 print "{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # Run through the input. 002 107 # 002 107 my $count = 0; 002 107 002 107 foreach $input (@input_array) 002 107 { 002 107 # 002 107 # Record ? 002 107 # 002 107 if (substr($input,0,3) eq ">> ") 002 107 { 002 107 # 002 107 # If it starts ---- then ignore. 002 107 # 002 107 if (substr($input,3,4) eq "----") { 002 107 next; 002 107 } 002 107 002 107 # 002 107 # The source is the last part, extract. 002 107 # 002 107 my $record = substr($input,3); 002 107 my @array = split(" ", $record); 002 107 my $size = $#array; 002 107 002 107 # 002 107 # Bug in VMS 7.2-1H. 002 107 # 002 107 if ($array[0] eq "Information:") { 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Intrusion, type and count come at the start. 002 107 # 002 107 print "IN : $array[0]\n"; 002 107 print "TY : $array[1]\n"; 002 107 print "CO : $array[2]\n"; 002 107 002 107 # 002 107 # Source - at end. 002 107 # 002 107 print "SO : $array[$size]\n"; 002 107 002 107 # 002 107 # Remove. 002 107 # 002 107 splice(@array,0,3); 002 107 splice(@array,-1); 002 107 002 107 # 002 107 # Date. 002 107 # 002 107 my $date = join(" ", @array); 002 107 print "EX : $date\n"; 002 107 print "\@\n"; 002 107 002 107 $count++; 002 107 } 002 107 } 002 107 002 107 # 002 107 # If none then say None. 002 107 # 002 107 if ($count == 0) 002 107 { 002 107 print "IN : - None - \n"; 002 107 print "@\n"; 002 107 } 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 121 10 002 151 4294967281 0 0 0 400 0 0 0 0 3 2 1 49 Courier 002 152 16777215 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT pre-processing, post-processing, 002 109 # menu and server scripts. 002 109 # 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $! 002 111 $! Routines common to all VMS menu and server scripts. 002 111 $! 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # UNIX Shell script (Korn). | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! VMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $ ss_normal = 1 002 105 $ ss_abort = 44 002 105 $! 002 105 $ set noon 002 105 $! 002 105 $! First get the data into a temporary file. 002 105 $! 002 105 $ show intrusion /output=sysgem_intrusion.tmp 002 105 $! 002 105 $! Open for read access. 002 105 $! 002 105 $ open/read/error=file_error tmp sysgem_intrusion.tmp 002 105 $! 002 105 $! First line is just title. 002 105 $! 002 105 $ read/error=file_error/end_of_file=close_file tmp header 002 105 $! 002 105 $! Now the intrusion records. 002 105 $! 002 105 $ next_record: 002 105 $ read/error=file_error/end_of_file=close_file tmp record 002 105 $! 002 105 $! Trim trailing white space. 002 105 $! 002 105 $ record = f$edit(record, "TRIM") 002 105 $! 002 105 $! Just return the record, let the post-processing (and Perl) 002 105 $! extract fields from the record. 002 105 $! 002 105 $ write sys$output ">> ''record'" 002 105 $ goto next_record 002 105 $! 002 105 $! Close, delete this temporary file. 002 105 $! 002 105 $ close_file: 002 105 $ close tmp 002 105 $ delete sysgem_intrusion.tmp;* /nolog /noconfirm 002 105 $ exit SS_NORMAL 002 105 $! 002 105 $! Error. 002 105 $! 002 105 $ file_error: 002 105 $ exit SS_ABORT 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 Intrusion 002 205 IN 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 1 002 @C@ 002 # 002 201 Type 002 205 TY 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 1 002 @C@ 002 # 002 201 Count 002 205 CO 002 208 002 202 2 002 203 1 002 207 1 002 204 0 002 206 2 002 @C@ 002 # 002 201 Expiration 002 205 EX 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 1 002 @C@ 002 # 002 201 Source 002 205 SO 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 1 002 @C@ 002 # 002 301 0 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 # 002 311 Delete 002 313 2 002 336 002 325 1 002 345 0 002 346 0 002 # 002 321 10 002 322 1 002 # 002 312 002 312 002 312 002 312 002 312 002 312 002 312 002 312 New Page 1 002 312 002 312 002 312 002 312 002 312

Delete Intrusion Records

002 312

Removes the selected entries from the break-in database.

002 312

This uses the CMKRNL (change mode to kernel) and SECURITY privileges.

002 312

The DCL command is DELETE/INTRUSION_RECORD source

002 312 002 312 002 312 002 312 002 312 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set noon 002 352 $! 002 352 $ delete /intrusion_record 'ENTRY_SO 002 352 $! 002 352 $ show intrusion 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set noon 002 353 $! 002 353 $ delete /intrusion_record 'ENTRY_SO 002 353 $! 002 353 $ show intrusion 002 315 #!/bin/ksh -ph 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set noon 002 316 $! 002 316 $ delete /intrusion_record 'ENTRY_SO 002 316 $! 002 316 $ show intrusion 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 420 0 002 122 print "\@{{HEADER_OFF\n"; 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~f~oSelect one or more VMS agents, then press 'OK'. 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS Audit Trail Summary 002 106 002 113 002 129 1 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 New Page 1 002 102 002 102 002 102 002 102 002 102

This display uses the Audit Analysis utility (ANALYZE/AUDIT) to processes event messages in security audit log files and produce reports of  security-related events on the system.

002 102

A trending graph can be created from the displayed data.

002 102 002 102 002 102 002 102 002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 # 002 107 002 107 # 002 107 # Usernames to include and exclude. 002 107 # 002 107 $INPUT_IN =~ s/,/ /g; 002 107 $INPUT_EX =~ s/,/ /g; 002 107 002 107 my @include = split(" ", lc($INPUT_IN)); 002 107 my @exclude = split(" ", lc($INPUT_EX)); 002 107 002 107 my $do_include = ($#include >= 0) ? 1 : 0; 002 107 my $do_exclude = ($#exclude >= 0) ? 1 : 0; 002 107 002 107 # 002 107 # Take hours of access and put into a $times. 002 107 # 002 107 # %times contains valid ranges in seconds, $ho is 1 if 002 107 # checking hours. 002 107 # 002 107 my @parts = split(", ", $INPUT_HO); 002 107 my %times = (); 002 107 my $ho = ($INPUT_HO ne "") ? 1 : 0; 002 107 002 107 foreach my $part (@parts) 002 107 { 002 107 my $hour = substr($part,0,2); 002 107 my $min = substr($part,3,2); 002 107 002 107 my $sec_min = $hour * 3600 + $min * 60; 002 107 my $sec_max = $sec_min + 3599; 002 107 002 107 $times{$part}{"min"} = $sec_min; 002 107 $times{$part}{"max"} = $sec_max; 002 107 002 107 print "min = $sec_min max = $sec_max\n"; 002 107 } 002 107 002 107 # 002 107 # Replace current output. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111111111111111111 002 107 # 000000000011111111112222222222333333333344444444445555555555666666666677777777778888888888999999999900000000001111111111222222222233 002 107 # 012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901 002 107 # 002 107 # Date / Time Type Subtype Node Username ID Term 002 107 # ------------------------------------------------------------------------------------------------------------------------------------ 002 107 # 13-JUL-2000 10:48:08.19 LOGFAIL REMOTE ELIAS 0000A04F gw.softlink.ch 002 107 # 002 107 002 107 # 002 107 # Between @{{AUDIT_ON + Valid header and @{{AUDIT_OFF 002 107 # 002 107 my $copy = 0; 002 107 my $load = 0; 002 107 my $error = 0; 002 107 my @errors = (); 002 107 002 107 LoadInputArray(); 002 107 002 107 foreach $line (@input_array) 002 107 { 002 107 # 002 107 # Errors off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{ERROR_OFF") { 002 107 $error = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Errors on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{ERROR_ON") { 002 107 $error = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # An error. 002 107 # 002 107 if ($error) 002 107 { 002 107 push(@errors, $line); 002 107 } 002 107 002 107 if ($copy && substr($line,0,20) eq "--------------------") { 002 107 $load = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Output off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{AUDIT_OFF") { 002 107 $copy = 0; 002 107 $load = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Output on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{AUDIT_ON") { 002 107 $copy = 1; 002 107 next; 002 107 } 002 107 002 107 if ($copy && substr($line,0,20) eq "--------------------") { 002 107 $load = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111111111111111111 002 107 # 000000000011111111112222222222333333333344444444445555555555666666666677777777778888888888999999999900000000001111111111222222222233 002 107 # 012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901 002 107 # 002 107 # Date / Time Type Subtype Node Username ID Term 002 107 # ------------------------------------------------------------------------------------------------------------------------------------ 002 107 # 13-JUL-2000 10:48:08.19 LOGFAIL REMOTE ELIAS 0000A04F gw.softlink.ch 002 107 # 002 107 if ($load) 002 107 { 002 107 my $time = substr($line,0,23); 002 107 my $type = substr($line,24,11); 002 107 my $subtype = substr($line,35,17); 002 107 my $node = substr($line,52,7); 002 107 my $username = substr($line,59,12); 002 107 my $id = substr($line,72,8); 002 107 my $term = substr($line,80); 002 107 002 107 # 002 107 # Compare with hours hash (ranges in seconds). 002 107 # 002 107 if ($ho) 002 107 { 002 107 my $hh = substr($time,12,2); 002 107 my $mm = substr($time,15,2); 002 107 my $ss = substr($time,18,2); 002 107 002 107 my $add = 0; 002 107 my $sec = $hh * 3600 + $mm * 60 + $ss; 002 107 002 107 print "# time = $time, secs = $sec\n"; 002 107 002 107 foreach my $key (keys %times) 002 107 { 002 107 my $min = $times{$key}{"min"}; 002 107 my $max = $times{$key}{"max"}; 002 107 002 107 print "# min = $min, max = $max\n"; 002 107 002 107 if ($sec >= $min && $sec <= $max) { 002 107 $add = 1; 002 107 last; 002 107 } 002 107 } 002 107 002 107 if (! $add) { 002 107 next; 002 107 } 002 107 } 002 107 002 107 if (($INPUT_FI eq "") || 002 107 ($INPUT_VA eq "") || 002 107 ($INPUT_FI eq "Subtype" && $subtype =~ "$INPUT_VA") || 002 107 ($INPUT_FI eq "Node" && $node =~ "$INPUT_VA") || 002 107 ($INPUT_FI eq "Username" && $username =~ "$INPUT_VA") || 002 107 ($INPUT_FI eq "Id" && $id =~ "$INPUT_VA") || 002 107 ($INPUT_FI eq "Term" && $term =~ "$INPUT_VA")) 002 107 { 002 107 $type =~ s/\s+$//; 002 107 $subtype =~ s/\s+$//; 002 107 $node =~ s/\s+$//; 002 107 $username =~ s/\s+$//; 002 107 $term =~ s/^\s+//; 002 107 002 107 print "DA : $time\n"; 002 107 print "TY : $type\n"; 002 107 print "ST : $subtype\n"; 002 107 print "NO : $node\n"; 002 107 print "US : $username\n"; 002 107 print "ID : $id\n"; 002 107 print "TE : $term\n"; 002 107 print "@\n"; 002 107 } 002 107 } 002 107 } 002 107 002 107 my $title = ""; 002 107 002 107 if (@errors) 002 107 { 002 107 $title = "Errors - see logfile\n"; 002 107 002 107 print "\@{{ON Analyze /Audit\n"; 002 107 print "\@{{ERROR\n"; 002 107 002 107 foreach $error (@errors) 002 107 { 002 107 print "$error\n"; 002 107 } 002 107 002 107 print "\@{{OFF\n"; 002 107 } 002 107 002 107 print "\@{{ADD_WINDOW_TITLE $title\n"; 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 121 0 002 151 0 0 0 0 0 0 0 0 0 0 0 0 0 002 152 16777215 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT pre-processing, post-processing, 002 109 # menu and server scripts. 002 109 # 002 109 #use Sysgem; 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $!++ 002 111 $! 002 111 $! A command. 002 111 $! 002 111 $! Input: DCL Command. 002 111 $! 002 111 $ dcl_command: 002 111 $ subroutine 002 111 $! 002 111 $ set default sys$system 002 111 $ type_mode == "''P1'" 002 111 $! 002 111 $ write sys$output "@{{SI $ ''INPUT_OP'" 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ define /nolog /user sys$error sysgem_error.tmp 002 111 $ define /nolog /user sys$output sysgem_output.tmp 002 111 $! 002 111 $ 'P1 002 111 $! 002 111 $ if type_mode .eqs. "SILENT" 002 111 $ then 002 111 $ call type_file sysgem_error.tmp 002 111 $ call type_file sysgem_output.tmp 002 111 $ else 002 111 $ call show_file sysgem_error.tmp 002 111 $ call show_file sysgem_output.tmp 002 111 $ endif 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Remove a file. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ remove_file: 002 111 $ subroutine 002 111 $! 002 111 $ if f$search("''P1'") .nes. "" 002 111 $ then 002 111 $ delete /nolog /noconfirm 'P1 002 111 $ endif 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents without adding any print formatting. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ type_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=err tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=eof /error=err tmp line 002 111 $! 002 111 $! type the file 002 111 $! 002 111 $ write sys$output "# ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ err: 002 111 $ eof: 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ show_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=on_error tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=on_eof /error=on_error tmp line 002 111 $! 002 111 $! Fatal. 002 111 $! 002 111 $ if f$locate("UAF-F-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Error. 002 111 $! 002 111 $ if f$locate("UAF-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("CLI-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Warning. 002 111 $! 002 111 $ if f$locate("UAF-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("DCL-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Default - information. 002 111 $! 002 111 $ write sys$output "@{{SI ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ on_error: 002 111 $ on_eof: 002 111 $! 002 111 $ if is_open .eq. 1 then close tmp 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!++ 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #!/bin/ksh -ph 002 104 # 002 104 #{{SHELL_LINUX #!/bin/sh 002 104 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # (Main) UNIX Shell script. | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! VMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $! 002 105 $ events = INPUT_EV 002 105 $ before = "" 002 105 $ since = "" 002 105 $ filespec = "SYS$MANAGER:SECURITY.AUDIT$JOURNAL" 002 105 $! 002 105 $ if INPUT_FA .nes. "" then filespec = INPUT_FA 002 105 $ if INPUT_BE .nes. "" then before = "/before=''INPUT_BE'" 002 105 $ if INPUT_SI .nes. "" then since = "/since=''INPUT_SI'" 002 105 $! 002 105 $ set noon 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 105 $! 002 105 $ define /user sys$error sysgem_audit.err 002 105 $ analyze /audit - 002 105 /brief - 002 105 'since - 002 105 'before - 002 105 /event=('events) - 002 105 /output=sysgem_audit.lis - 002 105 'filespec 002 105 $! 002 105 $ write sys$output "@{{AUDIT_ON" 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then type /nopage sysgem_audit.lis 002 105 $ write sys$output "@{{AUDIT_OFF" 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" 002 105 $ then 002 105 $ write sys$output "@{{ERROR_ON" 002 105 $ type /nopage sysgem_audit.err 002 105 $ write sys$output "@{{ERROR_OFF" 002 105 $ endif 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 Date / Time 002 205 DA 002 208 002 202 2 002 203 1 002 207 1 002 204 0 002 206 3 002 @C@ 002 # 002 201 Type 002 205 TY 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Subtype 002 205 ST 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Node 002 205 NO 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Username 002 205 US 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 ID 002 205 ID 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Term 002 205 TE 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 301 0 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 # 002 311 DCL Command 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 1 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 330 use strict; 002 330 002 330 my @op = (); 002 330 my @types = (); 002 330 002 330 push(@types, "access=failure/class=file"); 002 330 push(@types, "acl"); 002 330 push(@types, "authorization"); 002 330 push(@types, "breakin=all"); 002 330 push(@types, "logfailure=all"); 002 330 push(@types, "login=all"); 002 330 push(@types, "mount"); 002 330 push(@types, "ncp"); 002 330 push(@types, "sysgen"); 002 330 push(@types, "time"); 002 330 002 330 foreach my $type (@types) 002 330 { 002 330 push(@op, "enable=$type"); 002 330 push(@op, "disable=$type"); 002 330 } 002 330 002 330 print "OP @ " . join("\\", @op) . "\n"; 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "set audit /audit /''INPUT_OP'" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 317 OP 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 1 002 357 002 318 Option: 002 320 3 002 319 002 @F@ 002 # 002 @M@ 002 # 002 311 - 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 2 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Audit Settings 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 3 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "show audit" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 @M@ 002 420 0 002 421 002 421 002 421 002 421 002 421 002 421 002 421 002 421 New Page 1 002 421 002 421 002 421 002 421 002 421

If the File spec field is not checked then the default database file 002 421 SYS$MANAGER:SECURITY.AUDIT$JOURNAL is analyzed. You can 002 421 specify one or more alternate security audit log files as input to ANALYZE/AUDIT. 002 421 If you specify more than one file name, separate the names with commas.

002 421 002 421

Enter the Before and Since dates in VMS format, for example:

002 421
    002 421
  • 02-OCT-1999
    • 002 421
  • 31-DEC-2000
    • 002 421
002 421 002 421

In addition, you can use:

002 421
    002 421
  • BOOT,
    • 002 421
  • TODAY,
    • 002 421
  • TOMORROW,
    • 002 421
  • YESTERDAY.
    • 002 421
002 421 002 421

Select at least one Event Type such as Logfail or Breakin, then Press Apply.

002 421 002 421 002 421 002 421 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # | 002 122 # Windows NT script (PERL). | 002 122 # | 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # 002 122 # 002 122 # Use this script to set the values displayed in the above 002 122 # fields. This script runs on the Sysgem client (GUI). 002 122 # 002 122 # 002 122 002 122 print "\@{{HEADER_OFF\n"; 002 122 002 122 # 002 122 # Load default spec if none returned from the registry. 002 122 # 002 122 if ($VALUE_FA eq "") 002 122 { 002 122 print "FA : SYS\$MANAGER\:SECURITY\.AUDIT\$JOURNAL\n"; 002 122 } 002 122 002 122 # 002 122 # All event types. 002 122 # 002 122 my @events = (); 002 122 002 122 push(@events, qw(ACCESS AUDIT AUTHORIZATION BREAKIN CONNECTION CREATE DEACCESS)); 002 122 push(@events, qw(DELETE INSTALL LOGFAIL LOGIN LOGOUT MOUNT NCP NETPROXY PRIVILEGE)); 002 122 push(@events, qw(PROCESS RIGHTSDB SYSGEN SYSUAF TIME)); 002 122 002 122 print "EV @ ", join("\\", @events), "\n"; 002 401 ZA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 File 002 422 0 002 407 002 402 ~f~oSelect the audit trail file, the date range. and the usernames 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZB 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 File 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 FA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 33 002 432 File 002 422 0 002 407 002 402 File spec 002 404 0 002 403 002 429 3 002 430 1 002 @P@ 002 # 002 401 BE 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 File 002 422 0 002 407 002 402 Before 002 404 0 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 SI 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 File 002 422 0 002 407 002 402 Since 002 404 0 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 IN 002 427 16777215 002 405 Usernames to include, seperate names with spaces or commas 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 File 002 422 0 002 407 002 402 Include users: 002 404 0 002 403 002 429 2 002 430 2 002 @P@ 002 # 002 401 EX 002 427 16777215 002 405 Usernames to exclude, seperate names with commas or spaces. 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 File 002 422 0 002 407 002 402 Exclude users: 002 404 0 002 403 002 429 2 002 430 2 002 @P@ 002 # 002 401 ZC 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 Time 002 422 0 002 407 002 402 ~f~oSelect the times 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZD 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 Time 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 HO 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 33 002 432 Time 002 422 0 002 407 002 402 Time: 002 404 11 002 403 00:00\01:00\02:00\03:00\04:00\05:00\06:00\07:00\08:00\09:00\10:00\11:00\12:00\13:00\14:00\15:00\16:00\17:00\18:00\19:00\20:00\21:00\22:00\23:00 002 429 2 002 430 5 002 @P@ 002 # 002 401 ZE 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 Events 002 422 0 002 407 002 402 ~f~oSelect the event types to be displayed. 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 Events 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 EV 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 1 002 432 Events 002 422 0 002 407 002 402 Event types 002 404 11 002 403 002 429 2 002 430 5 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS Current Processes 002 106 002 113 002 129 1 002 112 User=[System] Access=[Edit + Execute] 002 112 Token=[SSyM Privileged :: Processes] Access=[Execute] 002 112 Token=[SSyM Full :: Processes] Access=[Execute] 002 112 Token=[SSyM Restricted :: Processes] Access=[Execute] 002 102 002 102

002 102 This is the VMS Processes display. 002 102

002 102

002 102 The process information is obtained via $GETJPI. 002 102 There is no dangerous kernel-mode programming. 002 102

002 102

002 102 This display uses the PID as the unique reference for each entry. If the values 002 102 are being displayed with the chart option and the processes will be regularly 002 102 stopped and restarted then use the Alternate version in the Alternate 002 102 subfolder. 002 102

002 102

002 102 Created 02/02/2001 13:01:21 by Sysgem AG. 002 102

002 102

002 102 Modified 13/12/2001 09:40:00 by Sysgem AG, adding support for Buffered I/O 002 102 count, Direct I/O count and Page Fault count. The values displayed are in units 002 102 per second. 002 102

002 102

Modified 16/12/2003 10:00:00 by Sysgem AG to show the process group, this is 002 102 taken from the process effective UIC and cross referenced with the list of group 002 102 identifiers.

002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 # 002 107 use Sysgem; 002 107 use strict; 002 107 002 107 my $cpu = ""; 002 107 my $pid = ""; 002 107 my @old_data = (); 002 107 my @new_data = (); 002 107 my %old = (); 002 107 my %data = (); 002 107 my $filename = "sysgem_vms_process_data_" . $WINDOW_INDEX . "_" . $server_name . ".txt"; 002 107 my %groups = (); 002 107 002 107 # 002 107 # Replace. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # If not the first pass then get the old data. 002 107 # 002 107 if ($LOOP_COUNTER > 0) 002 107 { 002 107 open(OLD_DATA, "< $filename"); 002 107 002 107 my $line = ""; 002 107 002 107 while(defined ($line = )) 002 107 { 002 107 chomp $line; 002 107 push(@old_data, $line); 002 107 } 002 107 002 107 close(OLD_DATA); 002 107 002 107 $old{"time"} = $old_data[0]; 002 107 002 107 for (my $idx = 1; $idx <= @old_data; $idx++) 002 107 { 002 107 my $pid = ""; 002 107 my $cpu = ""; 002 107 my $ms = ""; 002 107 my $bi = ""; 002 107 my $di = ""; 002 107 my $pf = ""; 002 107 002 107 ($pid, $cpu, $ms, $bi, $di, $pf) = split(" ", $old_data[$idx]); 002 107 002 107 $old{$pid} = "$cpu $ms $bi $di $pf"; 002 107 } 002 107 } 002 107 002 107 # 002 107 # The first line of the new data is the time here in seconds. 002 107 # 002 107 use Win32; 002 107 002 107 my $now = Win32::GetTickCount(); 002 107 002 107 push(@new_data,$now); 002 107 002 107 # 002 107 # From the returned data build a list of pids and CPU so far. 002 107 # This is stored for the next time around. 002 107 # 002 107 LoadInputArray(); 002 107 002 107 # 002 107 # Run through the data, load into a hash. 002 107 # 002 107 my $key = 0; 002 107 my $load_p = 0; 002 107 my $load_i = 0; 002 107 002 107 foreach my $line (@input_array) 002 107 { 002 107 # 002 107 # Catch data. 002 107 # 002 107 if ($load_p == 0) { 002 107 if (substr($line,0,5) eq ">>p++") { 002 107 $load_p = 1; 002 107 } 002 107 } else { 002 107 if (substr($line,0,5) eq ">>p--") { 002 107 $load_p = 0; 002 107 } 002 107 } 002 107 002 107 if ($load_i == 0) { 002 107 if (substr($line,0,5) eq ">>i++") { 002 107 $load_i = 1; 002 107 } 002 107 } else { 002 107 if (substr($line,0,5) eq ">>i--") { 002 107 $load_i = 0; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Not loading. 002 107 # 002 107 if ($load_i == 0 && $load_p == 0) { 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Identifiers. 002 107 # 002 107 if ($load_i) 002 107 { 002 107 my @parts = split(" ", $line); 002 107 002 107 if ($parts[1] =~ ",177777]") 002 107 { 002 107 my $name = $parts[0]; 002 107 my $uic = $parts[1]; 002 107 002 107 $uic =~ s/\[//; 002 107 $uic =~ s/\]//; 002 107 002 107 (my $grp, my $mem) = split(",", $uic); 002 107 002 107 # 002 107 # Remove leading 0 from group. 002 107 # 002 107 $grp =~ s/^0+//; 002 107 002 107 $groups{$grp} = $name; 002 107 002 107 # print "# $name = $uic = $grp\n"; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Processes. 002 107 # 002 107 if ($load_p) 002 107 { 002 107 if (substr($line,2,3) eq " : ") 002 107 { 002 107 my $code = substr($line,0,2); 002 107 my $value = substr($line,5); 002 107 002 107 if ($code eq "WS" || $code eq "WE") { 002 107 $value = Sysgem::Commify($value); 002 107 } 002 107 elsif ($code eq "BI") { 002 107 $data{$key}{"BT"} = Sysgem::Commify($value); # show total Buffered I/O 002 107 } 002 107 elsif ($code eq "DI") { 002 107 $data{$key}{"DT"} = Sysgem::Commify($value); # show total Direct I/O 002 107 } 002 107 elsif ($code eq "UI") { 002 107 my $grp = sprintf("%o", (0 + $value) >> 16); 002 107 002 107 if (exists($groups{$grp})) { 002 107 $data{$key}{"GR"} = $groups{$grp}; 002 107 } else { 002 107 $data{$key}{"GR"} = sprintf("UIC: %06o", (0 + $value) >> 16); 002 107 } 002 107 002 107 $value = sprintf("[%o,%o]", (0 + $value) >> 16, (0 + $value) & 0xffff); 002 107 } 002 107 002 107 $data{$key}{$code} = $value; 002 107 } 002 107 elsif ($line eq "@") 002 107 { 002 107 $key++; 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # If there is a match specified then apply it. 002 107 # 002 107 if ($INPUT_MA =~ "name") 002 107 { 002 107 my $value1 = lc($INPUT_VA); 002 107 my $value2 = ""; 002 107 002 107 # 002 107 # For each process. 002 107 # 002 107 foreach my $key (keys %data) 002 107 { 002 107 my $remove = 1; 002 107 002 107 # 002 107 # Get match field. 002 107 # 002 107 if ($INPUT_MA =~ "Image") { 002 107 $value2 = lc($data{$key}{"IM"}); 002 107 } 002 107 elsif ($INPUT_MA =~ "Process") { 002 107 $value2 = lc($data{$key}{"PN"}); 002 107 } 002 107 elsif ($INPUT_MA =~ "User") { 002 107 $value2 = lc($data{$key}{"UN"}); 002 107 $value2 =~s/^\s+//; 002 107 $value2 =~s/\s+$//; 002 107 } 002 107 002 107 # 002 107 # Match - exact or partial. 002 107 # 002 107 if ($INPUT_EX eq "1") 002 107 { 002 107 # 002 107 # Exact. 002 107 # 002 107 if ($value2 eq $value1) { 002 107 $remove = 0; 002 107 } 002 107 } 002 107 else 002 107 { 002 107 # 002 107 # Partial. 002 107 # 002 107 if ($value2 =~ "$value1") { 002 107 $remove = 0; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Remove? 002 107 # 002 107 if ($remove) { 002 107 delete($data{$key}); 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Run through the (remaining) data. 002 107 # 002 107 foreach my $key (keys %data) 002 107 { 002 107 my $cpu = $data{$key}{"CP"}; 002 107 my $pid = $data{$key}{"PI"}; 002 107 my $bi = $data{$key}{"BI"}; 002 107 my $di = $data{$key}{"DI"}; 002 107 my $pf = $data{$key}{"PF"}; 002 107 002 107 # 002 107 # Reset Buffered I/O, Direct I/O and Pagefaults in case new values are 002 107 # not computed. 002 107 # 002 107 $data{$key}{"BI"} = "0"; 002 107 $data{$key}{"BH"} = "0"; 002 107 $data{$key}{"DI"} = "0"; 002 107 $data{$key}{"DH"} = "0"; 002 107 $data{$key}{"PF"} = "0"; 002 107 $data{$key}{"PH"} = "0"; 002 107 002 107 # 002 107 # Convert dddd hh:mm:ss.cc to dddd hh mm ss cc 002 107 # 002 107 $cpu =~ s/:/ /g; 002 107 $cpu =~ s/\./ /g; 002 107 002 107 my @parts = split(" ", $cpu); 002 107 my $secs = 0; 002 107 my $milli = 0; 002 107 002 107 $secs = ($parts[0] * 24 * 60 * 60) + 002 107 ($parts[1] * 60 * 60) + 002 107 ($parts[2] * 60) + 002 107 ($parts[3]); 002 107 002 107 $milli = $parts[4] * 10; 002 107 002 107 push(@new_data, "$pid $secs $milli $bi $di $pf"); 002 107 002 107 # 002 107 # If there is old data then compute interval and CPU and deltas. 002 107 # 002 107 if ($LOOP_COUNTER) 002 107 { 002 107 my $interval = 0; 002 107 002 107 # 002 107 # This will wrap around every 49.7 days (!) 002 107 # 002 107 if ($now > $old{"time"}) 002 107 { 002 107 # 002 107 # Interval in ticks = milliseconds. 002 107 # 002 107 $interval = $now - $old{"time"}; 002 107 002 107 $data{$key}{"IZ"} = $interval; 002 107 002 107 # 002 107 # If there is a previous value for this PID then compute 002 107 # percentage. 002 107 # 002 107 002 107 if (exists($old{$pid})) 002 107 { 002 107 # 002 107 # Interval is in ticks = milliseconds. 002 107 # 002 107 my $old_data = $old{$pid}; 002 107 my $old_sec = ""; 002 107 my $old_ms = ""; 002 107 my $old_bi = ""; 002 107 my $old_di = ""; 002 107 my $old_pf = ""; 002 107 my $new_sec = $secs; 002 107 my $new_ms = $milli; 002 107 my $percent = 0; 002 107 my $int_secs = $interval / 1000; 002 107 002 107 ($old_sec, $old_ms, $old_bi, $old_di, $old_pf) = split(" ", $old_data); 002 107 002 107 # 002 107 # Buffered I/O, Direct I/O, Page faults. 002 107 # 002 107 if (($bi > $old_bi) && ($interval > 0)) { 002 107 my $val = sprintf("%.1f", ($bi - $old_bi) / $int_secs); 002 107 002 107 $data{$key}{"BI"} = $val; 002 107 $data{$key}{"BH"} = $val; 002 107 } 002 107 002 107 if (($di > $old_di) && ($interval > 0)) { 002 107 my $val = sprintf("%.1f", ($di - $old_di) / $int_secs); 002 107 002 107 $data{$key}{"DI"} = $val; 002 107 $data{$key}{"DH"} = $val; 002 107 } 002 107 002 107 if (($pf > $old_pf) && ($interval > 0)) { 002 107 my $val = sprintf("%.1f", ($pf - $old_pf) / $int_secs); 002 107 002 107 $data{$key}{"PF"} = $val; 002 107 $data{$key}{"PH"} = $val; 002 107 } 002 107 002 107 # 002 107 # Must have used more CPU. 002 107 # 002 107 if (($new_sec > $old_sec) || ($new_sec == $old_sec && $new_ms > $old_ms)) 002 107 { 002 107 # 002 107 # Compute the difference in milliseconds. 002 107 # 002 107 my $diff_sec = $new_sec - $old_sec; 002 107 my $diff_ms = 0; 002 107 002 107 if ($new_ms > $old_ms) 002 107 { 002 107 $diff_ms = $new_ms - $old_ms; 002 107 } 002 107 elsif ($old_ms > $new_ms) 002 107 { 002 107 $diff_sec--; 002 107 $diff_ms = $old_ms - $new_ms; 002 107 } 002 107 002 107 $diff_ms = $diff_ms + ($diff_sec * 1000); 002 107 002 107 $percent = ($diff_ms * 100) / $interval; 002 107 002 107 # my $cpu = sprint("%.1f", $percent); 002 107 002 107 $data{$key}{"CZ"} = sprintf("%.1f", $percent); 002 107 $data{$key}{"CH"} = sprintf("%d", $percent); 002 107 } 002 107 elsif ($new_sec == $old_sec && $new_ms == $old_ms) 002 107 { 002 107 $data{$key}{"CZ"} = "0.0"; 002 107 $data{$key}{"CH"} = "0.0"; 002 107 } 002 107 } 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Display. 002 107 # 002 107 foreach my $key (keys %data) 002 107 { 002 107 foreach my $fld (keys %{$data{$key}}) 002 107 { 002 107 my $value = $data{$key}{$fld}; 002 107 002 107 print "$fld : ", ($INPUT_LC eq "1") ? lc($value) : $value, "\n"; 002 107 } 002 107 002 107 print "@\n"; 002 107 } 002 107 002 107 # 002 107 # Store the new data. 002 107 # 002 107 open(NEW_DATA, "> $filename") or die "Can't write to $filename: $!"; 002 107 002 107 foreach my $line (@new_data) 002 107 { 002 107 print NEW_DATA "$line\n"; 002 107 } 002 107 002 107 close(NEW_DATA); 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 121 60 002 151 0 0 0 0 0 0 0 0 0 0 0 0 0 002 152 16777215 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT menu and server scripts. 002 109 # 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $! 002 111 $! Routines common to all VMS menu and server scripts. 002 111 $! 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # UNIX Shell script (Korn). | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! OpenVMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $ set noverify 002 105 $ set noon 002 105 $! 002 105 $! 002 105 $! Group identifiers. 002 105 $! 002 105 $ set default sys$system 002 105 $! 002 105 $ define /user sys$output sys$login:sysgem_ids.lis 002 105 $! 002 105 $ mcr authorize show * /identifier 002 105 $! 002 105 $ set default sys$login 002 105 $ sea sysgem_ids.lis ",177777]" /output = sysgem_ids.sea 002 105 $! 002 105 $ write sys$output ">>i++" 002 105 $! 002 105 $ type sysgem_ids.sea 002 105 $! 002 105 $ write sys$output ">>i--" 002 105 $! 002 105 $ if f$search("sysgem_ids.lis") .nes. "" then delete /nolog /noconfirm sysgem_ids.lis;* 002 105 $ if f$search("sysgem_ids.sea") .nes. "" then delete /nolog /noconfirm sysgem_ids.sea;* 002 105 $! 002 105 $! 002 105 $! Start processes via a foreign command. 002 105 $! 002 105 $ is_alpha = F$GETSYI("NODE_HWTYPE") .eqs. "ALPH" 002 105 $ if is_alpha 002 105 $ then 002 105 $ processes == "$''P1'ssm-processes-axp.exe" 002 105 $ else 002 105 $ processes == "$''P1'ssm-processes-vax.exe" 002 105 $ endif 002 105 $! 002 105 $! Define symbols. 002 105 $! 002 105 $ if INPUT_IN .eqs. "1" then FLD_MATCH_MODE_I = "" 002 105 $ if INPUT_NE .eqs. "1" then FLD_MATCH_MODE_N = "" 002 105 $ if INPUT_BA .eqs. "1" then FLD_MATCH_MODE_B = "" 002 105 $ if INPUT_OT .eqs. "1" then FLD_MATCH_MODE_O = "" 002 105 $! 002 105 $ FLD_MATCH_USERNAME = "" ! INPUT_UN 002 105 $! 002 105 $ FLD_PID = "PI : " 002 105 $ FLD_USERNAME = "UN : " 002 105 $ FLD_IMAGNAME = "IM : " 002 105 $ FLD_BUFIO = "BI : " 002 105 $ FLD_DIRIO = "DI : " 002 105 $ FLD_PAGEFLTS = "PF : " 002 105 $ FLD_PRCNAM = "PN : " 002 105 $ FLD_CPUTIM = "CP : " 002 105 $ FLD_PRI = "PR : " 002 105 $ FLD_STATE = "ST : " 002 105 $ FLD_MODE = "MO : " 002 105 $ FLD_JOBTYPE = "JO : " 002 105 $ FLD_TERMINAL = "TE : " 002 105 $ FLD_LOGINTIM = "LO : " 002 105 $ FLD_WSEXTENT = "WE : " 002 105 $ FLD_WSSIZE = "WS : " 002 105 $ FLD_UIC = "UI : " 002 105 $ FLD_EOR = "@" 002 105 $! 002 105 $! Processes. 002 105 $! 002 105 $ write sys$output ">>p++" 002 105 $! 002 105 $ processes -p 002 105 $! 002 105 $ write sys$output ">>p--" 002 105 $! 002 105 $ exit 1 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 PID 002 205 PI 002 208 002 202 0 002 203 0 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Process name 002 205 PN 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Username 002 205 UN 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Group 002 205 GR 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 UIC 002 205 UI 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Mode 002 205 MO 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Jobtype 002 205 JO 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 State 002 205 ST 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Priority 002 205 PR 002 208 002 202 1 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Login time 002 205 LO 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 CPU Percent 002 205 CZ 002 208 002 202 1 002 203 1 002 207 0 002 204 2 002 206 2 002 @C@ 002 # 002 201 CPU History (%) 002 205 CH 002 208 002 202 0 002 203 0 002 207 0 002 204 8 002 206 2 002 @C@ 002 # 002 201 CPU Time 002 205 CP 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Buffered I/O Count 002 205 BI 002 208 002 202 1 002 203 0 002 207 0 002 204 3 002 206 2 002 @C@ 002 # 002 201 Buff I/O Total 002 205 BT 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Buff I/O History 002 205 BH 002 208 002 202 0 002 203 0 002 207 0 002 204 9 002 206 2 002 @C@ 002 # 002 201 Direct I/O Count 002 205 DI 002 208 002 202 1 002 203 0 002 207 0 002 204 3 002 206 2 002 @C@ 002 # 002 201 Direct I/O Total 002 205 DT 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Direct I/O History 002 205 DH 002 208 002 202 0 002 203 0 002 207 0 002 204 9 002 206 2 002 @C@ 002 # 002 201 Page Fault Count 002 205 PF 002 208 002 202 1 002 203 0 002 207 0 002 204 3 002 206 2 002 @C@ 002 # 002 201 Page Faults History 002 205 PH 002 208 002 202 0 002 203 0 002 207 0 002 204 9 002 206 2 002 @C@ 002 # 002 201 Image 002 205 IM 002 208 002 202 0 002 203 1 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 WS Extent 002 205 WE 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 WS Size 002 205 WS 002 208 002 202 2 002 203 0 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 201 Terminal 002 205 TE 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 0 002 @C@ 002 # 002 201 Interval 002 205 IZ 002 208 002 202 0 002 203 0 002 207 0 002 204 0 002 206 2 002 @C@ 002 # 002 301 0 Modify 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 # 002 311 Priority 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 1 002 # 002 312 Set a new base priority 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Set new priority. 002 316 $! 002 316 $ set process /identification='ENTRY_PI /priority='INPUT_PR 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oEnter the new priority, then press "Apply". 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 PR 002 343 16777215 002 323 New priority 002 344 002 332 002 347 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 Priority 002 320 3 002 319 0\1\2\3\4\5\6\7 002 @F@ 002 # 002 @M@ 002 # 002 311 Stop 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 2 002 # 002 312 Force the selected process to exit 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set verify 002 352 $! 002 352 $! Stop (kill) a process. 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 352 $! 002 352 $ stop /identification='ENTRY_PI 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set verify 002 353 $! 002 353 $! Stop (kill) a process. 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 353 $! 002 353 $ stop /identification='ENTRY_PI 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Stop (kill) a process. 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 316 $! 002 316 $ stop /identification='ENTRY_PI 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 - 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 3 002 # 002 312 Help text... 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 314 use Sysgem; 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 315 #!/bin/ksh -ph 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Suspend 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 4 002 # 002 312 Suspend the selected processes 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set verify 002 352 $! 002 352 $! Suspend a process. 002 352 $! 002 352 $ set process /identification='ENTRY_PI /suspend 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set verify 002 353 $! 002 353 $! Suspend a process. 002 353 $! 002 353 $ set process /identification='ENTRY_PI /suspend 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Suspend a process. 002 316 $! 002 316 $ set process /identification='ENTRY_PI /suspend 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Resume 002 313 2 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 1 002 322 5 002 # 002 312 Resume a suspend process 002 351 /******************************** 002 351 ** ** 002 351 ** (Main) AS/400 Agent script ** 002 351 ** ** 002 351 ********************************* 002 351 ** 002 351 ** 002 351 ** This script runs on the Sysgem AS/400 agent. 002 351 */ 002 330 # 002 330 # Fields script. 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 $! 002 352 $! VMS Server script 002 352 $! 002 352 $! This script runs on the Sysgem VMS server. 002 352 $! 002 352 $ set verify 002 352 $! 002 352 $! Resume a process. 002 352 $! 002 352 $ set process /identification='ENTRY_PI /resume 002 352 $! 002 352 $ show process /identification='ENTRY_PI 002 314 # 002 314 # Windows NT Server script 002 314 # 002 314 # This script runs on the Sysgem NT server. 002 314 # 002 326 # 002 326 # Windows NT post-processing script. 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the server. 002 326 # 002 327 # 002 327 # Windows NT pre-processing script. 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the server. 002 327 # 002 353 $! 002 353 $! VMS Server script 002 353 $! 002 353 $! This script runs on the Sysgem VMS server. 002 353 $! 002 353 $ set verify 002 353 $! 002 353 $! Resume a process. 002 353 $! 002 353 $ set process /identification='ENTRY_PI /resume 002 353 $! 002 353 $ show process /identification='ENTRY_PI 002 315 # 002 315 # UNIX Server script. 002 315 # 002 315 # This script runs on the Sysgem UNIX server. 002 315 # 002 316 $! 002 316 $! VMS Server script 002 316 $! 002 316 $! This script runs on the Sysgem VMS server. 002 316 $! 002 316 $ set verify 002 316 $! 002 316 $! Resume a process. 002 316 $! 002 316 $ set process /identification='ENTRY_PI /resume 002 316 $! 002 316 $ show process /identification='ENTRY_PI 002 354 /****************************************** 002 354 ** ** 002 354 ** (Initialization) AS/400 Agent script ** 002 354 ** ** 002 354 ******************************************* 002 354 ** 002 354 ** 002 354 ** This script runs on the Sysgem AS/400 agent before the 002 354 ** display window values are loaded. 002 354 */ 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Server script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT server before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the server. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX server before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Server script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS server before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 420 0 002 421 002 421 002 421 002 421 002 421 002 421 002 421 New Page 1 002 421 002 421 002 421 002 421 002 421

To filter the processes which are displayed:

002 421
    002 421
  • Use the Match Field, and / or
    • 002 421
  • The Batch, Interactive, Network, Other checkboxes.
    • 002 421
002 421 002 421 002 421 002 421 002 421 002 122 print "\@{{HEADER_OFF\n"; 002 401 ZA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 ~f~oEnter optional selection criteria, then press "OK". 002 404 4 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 ZB 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 002 404 4 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 MA 002 427 16777215 002 405 Field to match 002 428 002 425 002 431 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Match field 002 404 3 002 403 \Image name\Process name\Username 002 429 1 002 430 1 002 @P@ 002 # 002 401 VA 002 427 16777215 002 405 Value to match 002 428 002 425 002 431 002 423 002 424 0 002 406 10 002 432 002 422 0 002 407 002 402 Value 002 404 0 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 EX 002 427 16777215 002 405 Match whole string 002 428 002 425 002 431 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Exact 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 LC 002 427 16777215 002 405 Display all fields in lowercase 002 428 1 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 0 002 407 002 402 Lowercase 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 BA 002 427 16777215 002 405 Batch mode processes 002 428 002 425 002 431 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Batch 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 IN 002 427 16777215 002 405 Interactive mode processes 002 428 1 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Interactive 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 NE 002 427 16777215 002 405 Network mode processes 002 428 002 425 002 431 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Network 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 OT 002 427 16777215 002 405 All other mode processes 002 428 002 425 002 431 002 423 002 424 0 002 406 0 002 432 002 422 1 002 407 002 402 Other 002 404 1 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 @D@ 002 # 002 101 VMS Audit Trail Totals 002 106 002 113 002 129 1 002 102 002 102 002 102 002 102 002 102 002 102 002 102 002 102 New Page 1 002 102 002 102 002 102 002 102 002 102

This display uses the Audit Analysis utility (ANALYZE/AUDIT) to processes event messages in security audit log files and produce reports of  security-related events on the system.

002 102

A trending graph can be created from the displayed data.

002 102 002 102 002 102 002 102 002 102 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # | 002 107 # Windows NT script (PERL). | 002 107 # | 002 107 #++++++++++++++++++++++++++++++++++ 002 107 # 002 107 # 002 107 # This script runs on the client after the 002 107 # scripts have run on the server. 002 107 # 002 107 # 002 107 use strict; 002 107 002 107 # 002 107 # Break down the key. 002 107 # 002 107 $INPUT_GR = uc($INPUT_GR); 002 107 002 107 my $TY = ($INPUT_GR =~ "TYPE") ? 1 : 0; 002 107 my $SU = ($INPUT_GR =~ "SUBTYPE") ? 1 : 0; 002 107 my $NO = ($INPUT_GR =~ "NODE") ? 1 : 0; 002 107 my $US = ($INPUT_GR =~ "USERNAME") ? 1 : 0; 002 107 my $TE = ($INPUT_GR =~ "TERM") ? 1 : 0; 002 107 002 107 print "# Filter Type ......: $TY\n"; 002 107 print "# Filter Subtype ...: $SU\n"; 002 107 print "# Filter Node ......: $NO\n"; 002 107 print "# Filter Username ..: $US\n"; 002 107 print "# Filter Term ......: $TE\n"; 002 107 002 107 # 002 107 # Take hours of access and put into a $times. 002 107 # 002 107 # %times contains valid ranges in seconds, $ho is 1 if 002 107 # checking hours. 002 107 # 002 107 my @parts = split(", ", $INPUT_HO); 002 107 my %times = (); 002 107 my $ho = ($INPUT_HO ne "") ? 1 : 0; 002 107 002 107 foreach my $part (@parts) 002 107 { 002 107 my $hour = substr($part,0,2); 002 107 my $min = substr($part,3,2); 002 107 002 107 my $sec_min = $hour * 3600 + $min * 60; 002 107 my $sec_max = $sec_min + 3599; 002 107 002 107 $times{$part}{"min"} = $sec_min; 002 107 $times{$part}{"max"} = $sec_max; 002 107 002 107 print "min = $sec_min max = $sec_max\n"; 002 107 } 002 107 002 107 # 002 107 # Replace current output. 002 107 # 002 107 print "\@{{REPLACE_VALUES=YES\n"; 002 107 002 107 # 002 107 # 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111111111111111111 002 107 # 000000000011111111112222222222333333333344444444445555555555666666666677777777778888888888999999999900000000001111111111222222222233 002 107 # 012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901 002 107 # 002 107 # Date / Time Type Subtype Node Username ID Term 002 107 # ------------------------------------------------------------------------------------------------------------------------------------ 002 107 # 13-JUL-2000 10:48:08.19 LOGFAIL REMOTE ELIAS 0000A04F gw.softlink.ch 002 107 # 002 107 002 107 # 002 107 # Between @{{AUDIT_ON + Valid header and @{{AUDIT_OFF 002 107 # 002 107 my $copy = 0; 002 107 my $load = 0; 002 107 my $error = 0; 002 107 my @errors = (); 002 107 my %data = (); 002 107 my $count = 0; 002 107 002 107 LoadInputArray(); 002 107 002 107 foreach my $line (@input_array) 002 107 { 002 107 # 002 107 # Errors off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{ERROR_OFF") { 002 107 $error = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Errors on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{ERROR_ON") { 002 107 $error = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # An error. 002 107 # 002 107 if ($error) 002 107 { 002 107 push(@errors, $line); 002 107 } 002 107 002 107 if ($copy && substr($line,0,20) eq "--------------------") { 002 107 $load = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Output off. 002 107 # 002 107 if (substr($line,0,12) eq "\@{{AUDIT_OFF") { 002 107 $copy = 0; 002 107 $load = 0; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # Output on. 002 107 # 002 107 if (substr($line,0,11) eq "\@{{AUDIT_ON") { 002 107 $copy = 1; 002 107 next; 002 107 } 002 107 002 107 if ($copy && substr($line,0,20) eq "--------------------") { 002 107 $load = 1; 002 107 next; 002 107 } 002 107 002 107 # 002 107 # 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111111111111111111 002 107 # 000000000011111111112222222222333333333344444444445555555555666666666677777777778888888888999999999900000000001111111111222222222233 002 107 # 012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901 002 107 # 002 107 # Date / Time Type Subtype Node Username ID Term 002 107 # ------------------------------------------------------------------------------------------------------------------------------------ 002 107 # 13-JUL-2000 10:48:08.19 LOGFAIL REMOTE ELIAS 0000A04F gw.softlink.ch 002 107 # 002 107 if ($load) 002 107 { 002 107 my $time = substr($line,0,23); 002 107 my $type = substr($line,24,11); 002 107 my $subtype = substr($line,35,17); 002 107 my $node = substr($line,52,7); 002 107 my $username = substr($line,59,12); 002 107 my $term = substr($line,80); 002 107 002 107 # 002 107 # Compare with hours hash (ranges in seconds). 002 107 # 002 107 if ($ho) 002 107 { 002 107 my $hh = substr($time,12,2); 002 107 my $mm = substr($time,15,2); 002 107 my $ss = substr($time,18,2); 002 107 002 107 my $add = 0; 002 107 my $sec = $hh * 3600 + $mm * 60 + $ss; 002 107 002 107 print "# time = $time, secs = $sec\n"; 002 107 002 107 foreach my $key (keys %times) 002 107 { 002 107 my $min = $times{$key}{"min"}; 002 107 my $max = $times{$key}{"max"}; 002 107 002 107 print "# min = $min, max = $max\n"; 002 107 002 107 if ($sec >= $min && $sec <= $max) { 002 107 $add = 1; 002 107 last; 002 107 } 002 107 } 002 107 002 107 if (! $add) { 002 107 next; 002 107 } 002 107 } 002 107 002 107 # 002 107 # Process. 002 107 # 002 107 { 002 107 $type =~ s/\s+$//; 002 107 $subtype =~ s/\s+$//; 002 107 $node =~ s/\s+$//; 002 107 $username =~ s/\s+$//; 002 107 $term =~ s/^\s+//; 002 107 002 107 $count++; 002 107 002 107 # print "DA : $time\n"; 002 107 # print "TY : $type\n"; 002 107 # print "ST : $subtype\n"; 002 107 # print "NO : $node\n"; 002 107 # print "US : $username\n"; 002 107 # print "TE : $term\n"; 002 107 # print "@\n"; 002 107 002 107 # 002 107 # Build the key. 002 107 # 002 107 my @keys = (); 002 107 my $key = ""; 002 107 002 107 if ($TY) { push(@keys, $type); } 002 107 if ($SU) { push(@keys, $subtype); } 002 107 if ($NO) { push(@keys, $node); } 002 107 if ($US) { push(@keys, $username); } 002 107 if ($TE) { push(@keys, $term); } 002 107 002 107 $key = join("-", @keys); 002 107 002 107 # 002 107 # Either add new or update existing. 002 107 # 002 107 if (!exists($data{$key})) 002 107 { 002 107 $data{$key}{"CO"} = 1; 002 107 $data{$key}{"FI"} = $time; 002 107 $data{$key}{"LA"} = $time; 002 107 002 107 $data{$key}{"TY"} = $type; 002 107 $data{$key}{"ST"} = $subtype; 002 107 $data{$key}{"NO"} = $node; 002 107 $data{$key}{"US"} = $username; 002 107 $data{$key}{"TE"} = $term; 002 107 next; 002 107 } 002 107 002 107 $data{$key}{"CO"}++; 002 107 $data{$key}{"LA"} = $time; 002 107 002 107 # 002 107 # Replace any values not the same with a *, so show either 002 107 # a unique value or * to indicate more than one value. 002 107 # 002 107 if ($data{$key}{"TY"} ne $type) { $data{$key}{"TY"} = "*"; } 002 107 if ($data{$key}{"ST"} ne $subtype) { $data{$key}{"ST"} = "*"; } 002 107 if ($data{$key}{"NO"} ne $node) { $data{$key}{"NO"} = "*"; } 002 107 if ($data{$key}{"US"} ne $username) { $data{$key}{"US"} = "*"; } 002 107 if ($data{$key}{"TE"} ne $term) { $data{$key}{"TE"} = "*"; } 002 107 } 002 107 } 002 107 } 002 107 002 107 # 002 107 # Display. 002 107 # 002 107 foreach my $key (keys %data) 002 107 { 002 107 print "CO : " . $data{$key}{"CO"} . "\n"; 002 107 print "FI : " . $data{$key}{"FI"} . "\n"; 002 107 print "LA : " . $data{$key}{"LA"} . "\n"; 002 107 002 107 print "TY : " . $data{$key}{"TY"} . "\n"; 002 107 print "ST : " . $data{$key}{"ST"} . "\n"; 002 107 print "NO : " . $data{$key}{"NO"} . "\n"; 002 107 print "US : " . $data{$key}{"US"} . "\n"; 002 107 print "ID : " . $data{$key}{"ID"} . "\n"; 002 107 print "TE : " . $data{$key}{"TE"} . "\n"; 002 107 print "@\n"; 002 107 } 002 107 002 107 my $title = ""; 002 107 002 107 if (@errors) 002 107 { 002 107 $title = "Errors - see logfile\n"; 002 107 002 107 print "\@{{ON Analyze /Audit\n"; 002 107 print "\@{{ERROR\n"; 002 107 002 107 foreach $error (@errors) 002 107 { 002 107 print "$error\n"; 002 107 } 002 107 002 107 print "\@{{OFF\n"; 002 107 } 002 107 002 107 if ($title ne "") { 002 107 print "\@{{ADD_WINDOW_TITLE $title\n"; 002 107 } 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # | 002 108 # Windows NT script (PERL). | 002 108 # | 002 108 #++++++++++++++++++++++++++++++++++ 002 108 # 002 108 # 002 108 # This script runs on the client before any 002 108 # scripts run on the server. 002 108 # 002 108 # 002 108 002 108 # 002 108 # Grouping. 002 108 # 002 108 my $before = ""; 002 108 my $since = ""; 002 108 002 108 if ($INPUT_BE ne "") { 002 108 $before = "Before: " . uc($INPUT_BE) . ", "; 002 108 } 002 108 002 108 if ($INPUT_SI ne "") { 002 108 $since = "Since: " . uc($INPUT_SI) . ", "; 002 108 } 002 108 002 108 print "\@{{ADD_WINDOW_TITLE " . $since . $before . "Grouped by: $INPUT_GR\n"; 002 121 0 002 151 0 0 0 0 0 0 0 0 0 0 0 0 0 002 152 16777215 002 154 0 002 153 0 002 159 1 002 157 0 002 150 0 002 156 1 002 158 0 002 260 2 002 109 # 002 109 # Routines common to all NT pre-processing, post-processing, 002 109 # menu and server scripts. 002 109 # 002 109 #use Sysgem; 002 110 # 002 110 # Routines common to all UNIX menu and server scripts. 002 110 # 002 111 $!++ 002 111 $! 002 111 $! A command. 002 111 $! 002 111 $! Input: DCL Command. 002 111 $! 002 111 $ dcl_command: 002 111 $ subroutine 002 111 $! 002 111 $ set default sys$system 002 111 $ type_mode == "''P1'" 002 111 $! 002 111 $ write sys$output "@{{SI $ ''INPUT_OP'" 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ define /nolog /user sys$error sysgem_error.tmp 002 111 $ define /nolog /user sys$output sysgem_output.tmp 002 111 $! 002 111 $ 'P1 002 111 $! 002 111 $ if type_mode .eqs. "SILENT" 002 111 $ then 002 111 $ call type_file sysgem_error.tmp 002 111 $ call type_file sysgem_output.tmp 002 111 $ else 002 111 $ call show_file sysgem_error.tmp 002 111 $ call show_file sysgem_output.tmp 002 111 $ endif 002 111 $! 002 111 $ call remove_file sysgem_error.tmp;* 002 111 $ call remove_file sysgem_output.tmp;* 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Remove a file. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ remove_file: 002 111 $ subroutine 002 111 $! 002 111 $ if f$search("''P1'") .nes. "" 002 111 $ then 002 111 $ delete /nolog /noconfirm 'P1 002 111 $ endif 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents without adding any print formatting. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ type_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=err tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=eof /error=err tmp line 002 111 $! 002 111 $! type the file 002 111 $! 002 111 $ write sys$output "# ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ err: 002 111 $ eof: 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!-- 002 111 $! 002 111 $!++ 002 111 $! 002 111 $! Show a file's contents. 002 111 $! 002 111 $! Input: Filename 002 111 $! 002 111 $ show_file: 002 111 $ subroutine 002 111 $! 002 111 $ is_open = 0 002 111 $ open /read /error=on_error tmp 'P1 002 111 $ is_open = 1 002 111 $! 002 111 $ next_line: 002 111 $ read /end_of_file=on_eof /error=on_error tmp line 002 111 $! 002 111 $! Fatal. 002 111 $! 002 111 $ if f$locate("UAF-F-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Error. 002 111 $! 002 111 $ if f$locate("UAF-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("CLI-E-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SE ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Warning. 002 111 $! 002 111 $ if f$locate("UAF-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $ if f$locate("DCL-W-",line) .lt. f$length(line) 002 111 $ then 002 111 $ write sys$output "@{{SW ''line'" 002 111 $ goto next_line 002 111 $ endif 002 111 $! 002 111 $! Default - information. 002 111 $! 002 111 $ write sys$output "@{{SI ''line'" 002 111 $ goto next_line 002 111 $! 002 111 $ on_error: 002 111 $ on_eof: 002 111 $! 002 111 $ if is_open .eq. 1 then close tmp 002 111 $! 002 111 $ endsubroutine 002 111 $! 002 111 $!++ 002 127 /* 002 127 ** Routines common to all MVS menu and agent scripts. 002 127 */ 002 128 # 002 128 # Routines common to all Tandem menu and agent scripts. 002 128 # 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # | 002 103 # Windows NT script (PERL). | 002 103 # | 002 103 #++++++++++++++++++++++++++++++++++ 002 103 # 002 103 # 002 103 # This script runs on the server. It returns 002 103 # the values shown in the display window. 002 103 # 002 103 # 002 104 #!/bin/ksh -ph 002 104 # 002 104 #{{SHELL_LINUX #!/bin/sh 002 104 # 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # | 002 104 # (Main) UNIX Shell script. | 002 104 # | 002 104 #++++++++++++++++++++++++++++++++++ 002 104 # 002 104 # 002 104 # This script runs on the server. It returns 002 104 # the values shown in the display window. 002 104 # 002 104 # 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! | 002 105 $! VMS command file (DCL). | 002 105 $! | 002 105 $!+++++++++++++++++++++++++++++ 002 105 $! 002 105 $! 002 105 $! This script runs on the server. It returns 002 105 $! the values shown in the display window. 002 105 $! 002 105 $! 002 105 $ events = INPUT_EV 002 105 $ before = "" 002 105 $ since = "" 002 105 $ filespec = "SYS$MANAGER:SECURITY.AUDIT$JOURNAL" 002 105 $! 002 105 $ if INPUT_FA .nes. "" then filespec = INPUT_FA 002 105 $ if INPUT_BE .nes. "" then before = "/before=''INPUT_BE'" 002 105 $ if INPUT_SI .nes. "" then since = "/since=''INPUT_SI'" 002 105 $! 002 105 $ set noon 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 105 $! 002 105 $ define /user sys$error sysgem_audit.err 002 105 $ analyze /audit - 002 105 /brief - 002 105 'since - 002 105 'before - 002 105 /event=('events) - 002 105 /output=sysgem_audit.lis - 002 105 'filespec 002 105 $! 002 105 $ write sys$output "@{{AUDIT_ON" 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then type /nopage sysgem_audit.lis 002 105 $ write sys$output "@{{AUDIT_OFF" 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" 002 105 $ then 002 105 $ write sys$output "@{{ERROR_ON" 002 105 $ type /nopage sysgem_audit.err 002 105 $ write sys$output "@{{ERROR_OFF" 002 105 $ endif 002 105 $! 002 105 $ if f$search("sysgem_audit.err") .nes. "" then delete /nolog /noconfirm sysgem_audit.err;* 002 105 $ if f$search("sysgem_audit.lis") .nes. "" then delete /nolog /noconfirm sysgem_audit.lis;* 002 124 /***************************** 002 124 ** ** 002 124 ** (Main) MVS Agent script ** 002 124 ** ** 002 124 ****************************** 002 124 ** 002 124 ** 002 124 ** This script runs on the agent. It returns 002 124 ** the values shown in the display window. 002 124 */ 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # | 002 125 # (Main) Tandem Agent script. | 002 125 # | 002 125 #++++++++++++++++++++++++++++++++++ 002 125 # 002 125 # 002 125 # This script runs on the agent. It returns 002 125 # the values shown in the display window. 002 125 # 002 125 # 002 140 0 002 141 10 002 142 002 130 0 002 131 0 002 # 002 201 First 002 205 FI 002 208 002 202 2 002 203 0 002 207 1 002 204 0 002 206 3 002 @C@ 002 # 002 201 Last 002 205 LA 002 208 002 202 2 002 203 0 002 207 1 002 204 0 002 206 3 002 @C@ 002 # 002 201 Count 002 205 CO 002 208 002 202 2 002 203 1 002 207 1 002 204 0 002 206 2 002 @C@ 002 # 002 201 Type 002 205 TY 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Subtype 002 205 ST 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Node 002 205 NO 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Username 002 205 US 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 201 Term 002 205 TE 002 208 002 202 0 002 203 1 002 207 1 002 204 0 002 206 0 002 @C@ 002 # 002 301 0 002 301 1 002 301 2 002 301 3 002 301 4 002 301 5 002 301 6 002 301 7 002 301 8 002 301 9 002 # 002 311 DCL Command 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 1 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 330 use strict; 002 330 002 330 my @op = (); 002 330 my @types = (); 002 330 002 330 push(@types, "access=failure/class=file"); 002 330 push(@types, "acl"); 002 330 push(@types, "authorization"); 002 330 push(@types, "breakin=all"); 002 330 push(@types, "logfailure=all"); 002 330 push(@types, "login=all"); 002 330 push(@types, "mount"); 002 330 push(@types, "ncp"); 002 330 push(@types, "sysgen"); 002 330 push(@types, "time"); 002 330 002 330 foreach my $type (@types) 002 330 { 002 330 push(@op, "enable=$type"); 002 330 push(@op, "disable=$type"); 002 330 } 002 330 002 330 print "OP @ " . join("\\", @op) . "\n"; 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "set audit /audit /''INPUT_OP'" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 317 OP 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 1 002 357 002 318 Option: 002 320 3 002 319 002 @F@ 002 # 002 @M@ 002 # 002 311 - 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 2 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 @M@ 002 # 002 311 Audit Settings 002 313 0 002 336 002 325 0 002 345 0 002 346 0 002 # 002 321 10 002 322 3 002 # 002 312 002 312

Help text goes here...

002 312 002 351 /**************************************************/ 002 351 /* */ 002 351 /* (Main) AS/400 Agent script */ 002 351 /* */ 002 351 /* This script runs on the Sysgem AS/400 agent. */ 002 351 /* */ 002 351 /**************************************************/ 002 351 002 330 #+++++++++++++++++++++++++++ 002 330 # | 002 330 # (Main) Fields script | 002 330 # | 002 330 #+++++++++++++++++++++++++++ 002 330 # 002 330 # 002 330 # Use this script to set the values displayed in the fields. 002 330 # This script runs on the Sysgem client (GUI) before the 002 330 # fields window for this menu option is displayed. 002 330 # 002 352 /******************************** 002 352 ** ** 002 352 ** (Main) MVS Agent script ** 002 352 ** ** 002 352 ********************************* 002 352 ** 002 352 ** 002 352 ** This script runs on the Sysgem MVS agent. 002 352 */ 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # | 002 314 # (Main) Windows NT Agent script | 002 314 # | 002 314 #++++++++++++++++++++++++++++++++++++++ 002 314 # 002 314 # 002 314 # This script runs on the Sysgem NT agent. 002 314 # 002 314 #use Sysgem; 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # | 002 326 # (Main) Windows NT post-processing script | 002 326 # | 002 326 #+++++++++++++++++++++++++++++++++++++++++++++++ 002 326 # 002 326 # 002 326 # This script runs on the Sysgem client (GUI) 002 326 # after all scripts have run on the agent. 002 326 # 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # | 002 327 # (Main) Windows NT pre-processing script | 002 327 # | 002 327 #++++++++++++++++++++++++++++++++++++++++++++++ 002 327 # 002 327 # 002 327 # This script runs on the Sysgem client (GUI) 002 327 # before any scripts run on the agent. 002 327 # 002 353 #++++++++++++++++++++++++++++++++ 002 353 # | 002 353 # (Main) Tandem Agent script | 002 353 # | 002 353 #++++++++++++++++++++++++++++++++ 002 353 # 002 353 # 002 353 # This script runs on the Sysgem Tandem agent. 002 353 # 002 315 #!/bin/ksh -ph 002 315 # 002 315 #{{SHELL_LINUX #!/bin/sh 002 315 # 002 315 #++++++++++++++++++++++++++++++++ 002 315 # | 002 315 # (Main) UNIX Agent script | 002 315 # | 002 315 #++++++++++++++++++++++++++++++++ 002 315 # 002 315 # 002 315 # This script runs on the Sysgem UNIX agent. 002 315 # 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! | 002 316 $! (Main) VMS Agent script | 002 316 $! | 002 316 $!+++++++++++++++++++++++++++++| 002 316 $! 002 316 $! 002 316 $! This script runs on the Sysgem VMS agent. 002 316 $! 002 316 $ call dcl_command "show audit" 002 354 /**************************************************/ 002 354 /* */ 002 354 /* (Main) AS/400 Agent script */ 002 354 /* */ 002 354 /* This script runs on the Sysgem AS/400 agent */ 002 354 /* before the display window values are loaded. */ 002 354 /* */ 002 354 /**************************************************/ 002 354 002 355 /*************************************** 002 355 ** ** 002 355 ** (Initialization) MVS Agent script ** 002 355 ** ** 002 355 **************************************** 002 355 ** 002 355 ** 002 355 ** This script runs on the Sysgem MVS agent before the 002 355 ** display window values are loaded. 002 355 */ 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # | 002 337 # (Initialization) Windows NT Agent script | 002 337 # | 002 337 #++++++++++++++++++++++++++++++++++++++++++++++++ 002 337 # 002 337 # 002 337 # This script runs on the Sysgem NT agent before the 002 337 # display window values are loaded. 002 337 # 002 337 #use Sysgem; 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # | 002 338 # (Initialization) Windows NT post-processing script | 002 338 # | 002 338 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 002 338 # 002 338 # 002 338 # This script runs on the Sysgem client (GUI) 002 338 # after the initialization script has run on 002 338 # the agent. 002 338 # 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # | 002 356 # (Initialization) Tandem Agent script | 002 356 # | 002 356 #+++++++++++++++++++++++++++++++++++++++++++ 002 356 # 002 356 # 002 356 # This script runs on the Sysgem Tandem agent before the 002 356 # display window values are loaded. 002 356 # 002 356 # 002 340 #!/bin/ksh -ph 002 340 # 002 340 #{{SHELL_LINUX #!/bin/sh 002 340 # 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # | 002 340 # (Initialization) UNIX Shell script | 002 340 # | 002 340 #+++++++++++++++++++++++++++++++++++++++++ 002 340 # 002 340 # 002 340 # This script runs on the Sysgem UNIX agent before the 002 340 # display window values are loaded. 002 340 # 002 340 # 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! | 002 341 $! (Initialization) VMS Agent script | 002 341 $! | 002 341 $!++++++++++++++++++++++++++++++++++++++++ 002 341 $! 002 341 $! 002 341 $! This script runs on the Sysgem VMS agent before the 002 341 $! display window values are loaded. 002 341 $! 002 350 #++ 002 350 # 002 350 # Control Definitions 002 350 # 002 350 # This script adds controls to / removes controls from 002 350 # the menu definition. 002 350 # 002 350 # 002 350 # Each control definition starts FIELD++ and ends FIELD--. 002 350 # By default, the field is added at the end of the list. 002 350 # To add the field at the start of the list replace FIELD-- 002 350 # with START-- 002 350 # 002 350 # 002 350 # Additional options (must be at start of line): 002 350 # 002 350 # REMOVE_ALL - removes all controls 002 350 # REMOVE_CONTROL XX - removes control with code XX 002 350 # REMOVE_PAGE - removes all controls on page 002 350 # 002 350 #-- 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 ~f~oSelect an option from the list below, then press 'OK'. 002 320 4 002 319 002 @F@ 002 # 002 317 ** 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 1 002 349 1 002 357 002 318 002 320 4 002 319 002 @F@ 002 # 002 317 SV 002 343 16777215 002 323 002 344 002 332 002 347 000 002 333 002 334 0 002 324 0 002 329 002 335 0 002 348 2 002 349 2 002 357 002 318 Agent(s): 002 320 12 002 319 002 @F@ 002 # 002 @M@ 002 420 0 002 421 002 421 002 421 002 421 002 421 002 421 002 421 002 421 New Page 1 002 421 002 421 002 421 002 421 002 421

If the File spec field is not checked then the default database file 002 421 SYS$MANAGER:SECURITY.AUDIT$JOURNAL is analyzed. You can 002 421 specify one or more alternate security audit log files as input to ANALYZE/AUDIT. 002 421 If you specify more than one file name, separate the names with commas.

002 421 002 421

Enter the Before and Since dates in VMS format, for example:

002 421
    002 421
  • 02-OCT-1999
    • 002 421
  • 31-DEC-2000
    • 002 421
002 421 002 421

In addition, you can use:

002 421
    002 421
  • BOOT,
    • 002 421
  • TODAY,
    • 002 421
  • TOMORROW,
    • 002 421
  • YESTERDAY.
    • 002 421
002 421 002 421

Select at least one Event Type such as Logfail or Breakin, then Press Apply.

002 421 002 421 002 421 002 421 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # | 002 122 # Windows NT script (PERL). | 002 122 # | 002 122 #++++++++++++++++++++++++++++++++++ 002 122 # 002 122 # 002 122 # Use this script to set the values displayed in the above 002 122 # fields. This script runs on the Sysgem client (GUI). 002 122 # 002 122 # 002 122 002 122 print "\@{{HEADER_OFF\n"; 002 122 002 122 # 002 122 # Load default spec if none returned from the registry. 002 122 # 002 122 if ($VALUE_FA eq "") 002 122 { 002 122 print "FA : SYS\$MANAGER\:SECURITY\.AUDIT\$JOURNAL\n"; 002 122 } 002 122 002 122 # 002 122 # All event types. 002 122 # 002 122 my @events = (); 002 122 002 122 push(@events, qw(access audit authorization breakin connection create deaccess)); 002 122 push(@events, qw(delete install logfail login logout mount ncp netproxy privilege)); 002 122 push(@events, qw(process rightsdb sysgen sysuaf time)); 002 122 002 122 print "EV @ ", join("\\", @events), "\n"; 002 401 ZA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 File 002 422 0 002 407 002 402 ~f~oSelect the audit trail file, the date range. and the usernames 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZB 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 File 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 FA 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 33 002 432 File 002 422 0 002 407 002 402 File spec 002 404 0 002 403 002 429 3 002 430 1 002 @P@ 002 # 002 401 BE 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 File 002 422 0 002 407 002 402 Before 002 404 0 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 SI 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 32 002 432 File 002 422 0 002 407 002 402 Since 002 404 0 002 403 002 429 2 002 430 1 002 @P@ 002 # 002 401 ** 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 File 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 GR 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 1 002 432 File 002 422 0 002 407 002 402 Grouping 002 404 11 002 403 Type\Subtype\Node\Username\ID\Terminal 002 429 3 002 430 1 002 @P@ 002 # 002 401 ZC 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 Time 002 422 0 002 407 002 402 ~f~oSelect the times 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 ZD 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 0 002 432 Time 002 422 0 002 407 002 402 002 404 4 002 403 002 429 1 002 430 1 002 @P@ 002 # 002 401 HO 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 33 002 432 Time 002 422 0 002 407 002 402 Time: 002 404 11 002 403 00:00\01:00\02:00\03:00\04:00\05:00\06:00\07:00\08:00\09:00\10:00\11:00\12:00\13:00\14:00\15:00\16:00\17:00\18:00\19:00\20:00\21:00\22:00\23:00 002 429 2 002 430 5 002 @P@ 002 # 002 401 EV 002 427 16777215 002 405 002 428 002 425 002 431 000 002 423 002 424 0 002 406 1 002 432 File 002 422 0 002 407 002 402 Event types 002 404 11 002 403 002 429 3 002 430 3 002 @P@ 002 # 002 @D@ 002 # 002 # 002 # 002 # 002 # License Information. 002 # 002 #{{PRODUCT:Custom Displays 002 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 002 # 002 # Checksum. 002 # 002 #{{CHECKSUM:F154-B6A7-6346-B946-736E-3264-BD51-4F91 # 003 ################################################ 003 # # 003 # SYSGEM Enterprise Manager 2.1 build 3180 # 003 # Copyright (C) 2005 SYSGEM AG # 003 # # 003 # Contents : Filters # 003 # # 003 # Created by : SAcM # 003 # Timestamp : 2006-10-18 12:03:42 # 003 # # 003 ################################################ 003 # 003 101 Username = S_BROWN 003 104 003 102 Only show entries where the username = S_BROWN 003 102 003 102 Please contact Sysgem AG using support@sysgem.com if you need a new filter definition. 003 102 003 102 This filter created 2004-01-14 13:43:20 by System 003 103 0000004A 003 # 003 202 0 003 203 2 003 204 1 003 205 1 003 209 0 003 206 S_BROWN 003 208 1 003 207 Username 003 & 003 @ 003 101 Username = Not SYSTEM 003 104 003 102 Hide entries with Username = SYSTEM 003 102 003 102 Please contact Sysgem AG using support@sysgem.com if you need a new filter definition. 003 102 003 102 This filter created 2004-01-14 13:43:20 by System 003 103 0000004A 003 # 003 202 2 003 203 2 003 204 1 003 205 1 003 209 0 003 206 SYSTEM 003 208 1 003 207 Username 003 & 003 @ 003 # 003 # 003 # 003 # Checksum. 003 # 003 #{{CHECKSUM:15E5-E8B6-3161-7DFD-9E92-94FE-7147-8E4F # 004 ################################################ 004 # # 004 # SYSGEM Enterprise Manager 2.1 build 3180 # 004 # Copyright (C) 2005 SYSGEM AG # 004 # # 004 # Contents : Include Files # 004 # # 004 # Created by : SAcM # 004 # Timestamp : 2006-10-18 12:03:42 # 004 # # 004 ################################################ 004 # 004 101 MP_Alarm_Client 004 102 use Cwd; 004 102 use Digest::MD5; 004 102 use Time::localtime; 004 102 004 102 # 004 102 # Common code for Alarm client script 004 102 # 004 102 004 102 # 004 102 # To enable / disable mail set $send_snmp_mail to 1 or 0. 004 102 # This is really only for testing to stop unnecessary floods 004 102 # of mail. 004 102 # 004 102 #$send_snmp_mail = 0; 004 102 004 102 # 004 102 # If sending SNMP mail determine the mail address to use, 004 102 # override the default. 004 102 # 004 102 if ($send_snmp_mail) 004 102 { 004 102 my $mail_rule = ""; 004 102 my $mail_addr = GetMailToAddress(); 004 102 004 102 print "# Mail address is \"$mail_addr\"\n"; 004 102 004 102 # 004 102 # If no address or none returned then disable. 004 102 # 004 102 $mail_to = $mail_addr; 004 102 004 102 if ($mail_to eq "" || $mail_to eq "none") { 004 102 $send_snmp_mail = 0; 004 102 } 004 102 } 004 102 004 102 # 004 102 # Now send if enabled. 004 102 # 004 102 if ($send_snmp_mail) 004 102 { 004 102 print "Alarm client common code\n"; 004 102 print "------------------------\n"; 004 102 print "Mail to ....: $mail_to\n"; 004 102 print "Mail rule ..: $mail_rule\n"; 004 102 print "\n"; 004 102 004 102 # 004 102 # Show email fields. 004 102 # 004 102 ShowEmail(); 004 102 } 004 102 004 102 # 004 102 # Determine the mail address to use. 004 102 # 004 102 sub GetMailToAddress 004 102 { 004 102 my $debug = 0; 004 102 my $mail_addr = ""; 004 102 004 102 # 004 102 # Show current date so that varying email addresses can be selected. 004 102 # 004 102 my $year = localtime->year() + 1900; 004 102 my $mon = localtime->mon() + 1; 004 102 my $mday = localtime->mday(); 004 102 my $wday = localtime->wday(); 004 102 my $hour = localtime->hour(); 004 102 my $min = localtime->min(); 004 102 my $sec = localtime->sec(); 004 102 004 102 # 004 102 # Look for a match. 004 102 # 004 102 foreach my $tmp (@addr) 004 102 { 004 102 my @fields = split(" ", $tmp); 004 102 004 102 # 004 102 # A basic sanity check... 004 102 # 004 102 if ($#fields != 2) { 004 102 print "# Invalid mail record (-1): $tmp\n"; 004 102 next; 004 102 } 004 102 004 102 if (length($fields[0]) ne 7 || length($fields[1]) ne 9) { 004 102 print "# Invalid mail record (-2): $tmp\n"; 004 102 next; 004 102 } 004 102 004 102 my @times = split("-", $fields[1]); 004 102 004 102 if (length($times[0]) != 4 || length($times[1]) != 4) { 004 102 print "# Invalid mail record (-3): $tmp\n"; 004 102 next; 004 102 } 004 102 004 102 my $from = $times[0]; 004 102 my $to = $times[1]; 004 102 my $secs = $hour * 3600 + $min * 60 + $sec; 004 102 my $fr_hour = substr($from,0,2); 004 102 my $fr_min = substr($from,2,2); 004 102 my $fr_secs = $fr_hour * 3600 + $fr_min * 60 + 0; 004 102 my $to_hour = substr($to,0,2); 004 102 my $to_min = substr($to,2,2); 004 102 my $to_secs = $to_hour * 3600 + $to_min * 60 + 59; 004 102 my $day = substr($fields[0],$wday,1); 004 102 004 102 if ($debug) { 004 102 print "# $wday $day $secs, $fr_secs, $to_secs # $tmp\n"; 004 102 } 004 102 004 102 if (($day ne "*") && ($secs >= $fr_secs) && ($secs <= $to_secs)) { 004 102 004 102 if ($debug) { 004 102 print "# Matched mail rule: $tmp\n"; 004 102 } 004 102 004 102 $mail_rule = $tmp; 004 102 $mail_addr = $fields[2]; 004 102 last; 004 102 } 004 102 } 004 102 004 102 return $mail_addr; 004 102 } 004 102 004 102 # 004 102 # Show email fields. 004 102 # 004 102 # Multiple 'Mail to' addresses are seperated by ; 004 102 # Example: simon@company.com;mike@company.com 004 102 # 004 102 sub ShowEmail 004 102 { 004 102 print "Mail Options\n"; 004 102 print "------------\n"; 004 102 print "Mail to .......: $mail_to\n"; 004 102 print "Mail subject ..: $mail_subject\n"; 004 102 print "SMTP server ...: $smtp_address\n"; 004 102 print "Sender ........: $sender_address\n"; 004 102 print "Send mail .....: " . ($send_snmp_mail ? "YES" : "NO") . "\n"; 004 102 004 102 foreach my $text (@mail_text) { 004 102 print " Text ....: $text\n"; 004 102 } 004 102 004 102 print "\n"; 004 102 } 004 102 004 102 # 004 102 # Test whether a checksum for an array of text exists in a file. 004 102 # return TRUE (1) or FALSE (0); 004 102 # 004 102 sub ChecksumExists 004 102 { 004 102 my $name = $_[0]; 004 102 my $text = $_[1]; 004 102 004 102 # 004 102 # Compute the MD5 of the entry text. 004 102 # 004 102 my $md5 = Digest::MD5->new; 004 102 my $digest = ""; 004 102 my $found = 0; 004 102 004 102 $md5->add(join(",", @$text)); 004 102 $digest = $md5->hexdigest; 004 102 004 102 # 004 102 # The checksums file. 004 102 # 004 102 my $dir = getcwd; 004 102 my $file = $dir . "\\$name"; 004 102 004 102 # print "# Checksums file is ..: $file\n"; 004 102 # print "# Entry checksum is ..: $digest\n"; 004 102 004 102 # 004 102 # Test whether in file. 004 102 # 004 102 if (stat($file)) 004 102 { 004 102 open(IN, "< $file"); 004 102 while() 004 102 { 004 102 chomp; 004 102 004 102 if ($digest eq $_) { 004 102 $found = 1; 004 102 last; 004 102 } 004 102 } 004 102 } 004 102 004 102 close(IN); 004 102 004 102 # 004 102 # If not found then add. 004 102 # 004 102 if (! $found) 004 102 { 004 102 open(OUT, ">> $file") || die " Can't open $file for append: $!"; 004 102 print OUT "$digest\n"; 004 102 close(OUT); 004 102 } 004 102 004 102 # 004 102 # Just return found status. 004 102 # 004 102 return $found; 004 102 } 004 @ 004 101 MP_Alarm_Server_VMS 004 102 $! 004 102 $! Common code for Alarm VMS server scipt 004 102 $! 004 102 $ write sys$output ">> Alarms VMS server script" 004 102 $! 004 102 $! 004 102 $!++ 004 102 $! 004 102 $! Send a message to an operator vis request. 004 102 $! 004 102 $! P1 = Message 004 102 $! 004 102 $ RequestOperator: 004 102 $ subroutine 004 102 $! 004 102 $ message = "''P1'" 004 102 $! 004 102 $ request /to=oper1 "''message'" 004 102 $! 004 102 $ endsubroutine 004 102 $! 004 102 $!-- 004 102 $! 004 102 $!++ 004 102 $! 004 102 $! Send a message to a user via Reply. 004 102 $! 004 102 $! P1 = Username 004 102 $! P2 = Message 004 102 $! P3 = Options such as /bell 004 102 $! 004 102 $ ReplyUsername: 004 102 $ subroutine 004 102 $! 004 102 $ username = "''P1'" 004 102 $ message = "''P2'" 004 102 $ options = "''P3'" 004 102 $! 004 102 $ reply /username='username 'options "''message'" 004 102 $! 004 102 $ endsubroutine 004 102 $! 004 102 $!-- 004 102 $! 004 102 $!++ 004 102 $! 004 102 $! Send mail 004 102 $! 004 102 $! P1 = Subject 004 102 $! P2 = Username 004 102 $! P3 - P7 = 5 lines of text 004 102 $! 004 102 $ SendMail: 004 102 $ subroutine 004 102 $! 004 102 $! Create a text file. 004 102 $! 004 102 $ subject = "''P1'" 004 102 $ username = "''P2'" 004 102 $ message_1 = "''P3'" 004 102 $ message_2 = "''P4'" 004 102 $ message_3 = "''P5'" 004 102 $ message_4 = "''P6'" 004 102 $ message_5 = "''P7'" 004 102 $! 004 102 $ open mail_file /error=on_error /write sys$scratch:send_mail.txt 004 102 $ if message_1 .nes. "" then write /error=on_error mail_file "''message_1'" 004 102 $ if message_2 .nes. "" then write /error=on_error mail_file "''message_2'" 004 102 $ if message_3 .nes. "" then write /error=on_error mail_file "''message_3'" 004 102 $ if message_4 .nes. "" then write /error=on_error mail_file "''message_4'" 004 102 $ if message_5 .nes. "" then write /error=on_error mail_file "''message_5'" 004 102 $ close mail_file 004 102 $! 004 102 $ mail /subject="''subject'" sys$scratch:send_mail.txt 'username 004 102 $! 004 102 $ on_error: 004 102 $! 004 102 $ endsubroutine 004 102 $! 004 102 $!-- 004 @ 004 101 MP_Alarm_EMail_Address_Data 004 102 # 004 102 # Email address based on hour and minute. 004 102 # 004 102 # If the email address is 'none' or '' (without the quotes) 004 102 # then the email is not set. 004 102 # 004 102 # So the last rule is a catch-all which uses none as the address. 004 102 # If there is no match and '' is returned then the email address 004 102 # defined in the alarm is used. 004 102 # 004 102 004 102 # 004 102 # The example below defines the address as 004 102 # support@sysgem.com from 00:00 to 06:59 and 20:00 to 23:59 004 102 # and as daytime@sysgem.com for all other times. 004 102 # 004 102 # The format must be preserved, do not add spaces in fields 004 102 # especially in the address field. 004 102 # 004 102 # DDDDDDD HHMM-HHMM address[,...] 004 102 # 004 102 # where DDDDDDD is Sun,Mod,Tue,Wed,Thu,Fri,Sat for example: 004 102 # Sun and Sat is D*****D 004 102 # Mon to Fri is *DDDDD* 004 102 # 004 102 # You can use any character instead of D. 004 102 # 004 102 # and HHMM-HHMM is From-To, for example: 004 102 # 0000-0625 is 00:00 to 06:25 004 102 # 2000-2330 is 20:00 to 23:30 004 102 # 004 102 # if the address is none the email will not be sent. 004 102 # 004 102 my @addr = (); 004 102 004 102 if ($send_snmp_mail) 004 102 { 004 102 push(@addr, "*MTWTF* 0000-2359 daytime\@sysgem.com"); # Weekdays, 00:00 to 23:59 004 102 push(@addr, "SMTWTFS 0000-0659 emergency\@sysgem.com"); # All days, 00:00 to 06:59 004 102 push(@addr, "SMTWTFS 2000-2359 emergency\@sysgem.com"); # All days, 20:00 to 23:59 004 102 004 102 # 004 102 # Now the catch-all in case there is no match with any of the above 004 102 # rules. This returns 'none' and the SMTP mail is not sent. 004 102 # 004 102 # All days, 00:00 to 23:59 004 102 # 004 102 push(@addr, "SMTWTFS 0000-2359 none"); 004 102 } 004 @ 004 # 004 # 004 # 004 # License Information. 004 # 004 #{{PRODUCT:Include Files 004 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 004 # 004 # Checksum. 004 # 004 #{{CHECKSUM:9183-FD6A-699C-641D-C0B7-AFC5-07D8-28D3 # 005 ################################################ 005 # # 005 # SYSGEM Enterprise Manager 2.1 build 3180 # 005 # Copyright (C) 2005 SYSGEM AG # 005 # # 005 # Contents : Integration Classes # 005 # # 005 # Created by : SAcM # 005 # Timestamp : 2006-10-18 12:03:42 # 005 # # 005 ################################################ 005 # 005 # 005 # 005 # License Information. 005 # 005 #{{PRODUCT:Integration Classes 005 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 005 # 005 # Checksum. 005 # 005 #{{CHECKSUM:56CC-C9F6-C353-C1B1-5E4F-83FB-21D6-90D3 # 006 ################################################ 006 # # 006 # SYSGEM Enterprise Manager 2.1 build 3180 # 006 # Copyright (C) 2005 SYSGEM AG # 006 # # 006 # Contents : Reports # 006 # # 006 # Created by : SAcM # 006 # Timestamp : 2006-10-18 12:03:42 # 006 # # 006 ################################################ 006 # 006 # 006 # License Information. 006 # 006 #{{PRODUCT:Reports 006 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 006 # 006 # Checksum. 006 # 006 #{{CHECKSUM:AC6E-737E-BEE7-00BF-FA21-108A-6176-496E # 007 ################################################ 007 # # 007 # SYSGEM Enterprise Manager 2.1 build 3180 # 007 # Copyright (C) 2005 SYSGEM AG # 007 # # 007 # Contents : Saved Displays # 007 # # 007 # Created by : SAcM # 007 # Timestamp : 2006-10-18 12:03:42 # 007 # # 007 ################################################ 007 # 007 # 007 # License Information. 007 # 007 #{{PRODUCT:Saved Displays 007 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 007 # 007 # Checksum. 007 # 007 #{{CHECKSUM:0220-795A-DD23-5578-F1B9-F2EA-2F42-B91E # 008 ################################################ 008 # # 008 # SYSGEM Enterprise Manager 2.1 build 3180 # 008 # Copyright (C) 2005 SYSGEM AG # 008 # # 008 # Contents : Tasks # 008 # # 008 # Created by : SAcM # 008 # Timestamp : 2006-10-18 12:03:42 # 008 # # 008 ################################################ 008 # 008 # 008 # License Information. 008 # 008 #{{PRODUCT:Tasks 008 #{{CREATED_BY:Sysgem AG,Zurich,8008,Switzerland 008 # 008 # Checksum. 008 # 008 #{{CHECKSUM:5096-E9D1-0DB4-409A-A83A-333D-AE33-8876 # 018 ################################################ 018 # # 018 # SYSGEM Enterprise Manager 2.1 build 3180 # 018 # Copyright (C) 2005 SYSGEM AG # 018 # # 018 # Contents : DOS Commands # 018 # # 018 # Created by : SAcM # 018 # Timestamp : 2006-10-18 12:03:42 # 018 # # 018 ################################################ 018 # 018 # 018 # Checksum. 018 # 018 #{{CHECKSUM:8081-98F0-2F35-92DD-3145-1E18-8668-1276 # 009 ################################################ 009 # # 009 # SYSGEM Enterprise Manager 2.1 build 3180 # 009 # Copyright (C) 2005 SYSGEM AG # 009 # # 009 # Contents : Telnet Clients # 009 # # 009 # Created by : SAcM # 009 # Timestamp : 2006-10-18 12:03:42 # 009 # # 009 ################################################ 009 # 009 # 009 # Checksum. 009 # 009 #{{CHECKSUM:FF97-9EBD-5CC5-2018-04B9-CC7A-CCE9-0617 # 017 ################################################ 017 # # 017 # SYSGEM Enterprise Manager 2.1 build 3180 # 017 # Copyright (C) 2005 SYSGEM AG # 017 # # 017 # Contents : Remote Desktops # 017 # # 017 # Created by : SAcM # 017 # Timestamp : 2006-10-18 12:03:42 # 017 # # 017 ################################################ 017 # 017 # 017 # Checksum. 017 # 017 #{{CHECKSUM:D192-0E61-FA3D-7982-2AF5-9184-A9C3-6154 # 011 ################################################ 011 # # 011 # SYSGEM Enterprise Manager 2.1 build 3180 # 011 # Copyright (C) 2005 SYSGEM AG # 011 # # 011 # Contents : Account Tokens # 011 # # 011 # Created by : SAcM # 011 # Timestamp : 2006-10-18 12:03:42 # 011 # # 011 ################################################ 011 # 011 # 011 # 011 # Checksum. 011 # 011 #{{CHECKSUM:AA6C-A366-09F6-B5C5-9549-EB80-B80B-DE3E # # # # 015 015 015 015 015 015 015 015 Module User Guide 015 015 015 015 015

SSyM OpenVMS Monitor Package

015 015

This is the User Guide for the SSyM OpenVMS Monitor Package.

015

Introduction

015

This package is targeted directly at monitoring for OpenVMS systems. 015 Information is taken principally from the Audit Trail and the processes / open 015 files.

015

Originally developed to meet a specific customer requirement.

015

Configuration

015

The event types to be displayed from the Audit Trail must be enabled with the 015 DCL command:

015 015

$ SET AUDIT /AUDIT /ENABLE=....

015 015

Displays

015 015

The displays below can be configured:

015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015 015
MonitorDisplay
Account Probe: monitor users with high login failures.VMS Account Probe
015 VMS Intrusion Records
Logins After Hours: monitor logins outside normal working 015 hours except for operations staff.VMS Audit Trail Summary
015 VMS Current Processes
Authorize: monitor updates made using 015 sys$system:authorize.exe, ignore updates done by systems staff.VMS Audit Trail Summary
015 VMS Audit Trail Detail
Special Files: monitor use of special files, report abuse.VMS Audit Trail Summary
015 VMS File Monitor
Breakin: detect breakin alarms/VMS Audit Trail Summary
015 VMS Audit Trail Detail
Device Errors: detect devices with high error rates.VMS Show Devices
File Access Failures: detect accounts with high file access 015 failures.VMS Audit File Access Summary
Install: monitor use of the install utility.VMS Audit Trail Summary
015 VMS Audit Trail Detail
Modem: monitor use of a modem.VMS Audit Trail Summary
015 VMS Audit Trail Detail
Privileged Accounts: monitor logins and login failures for 015 privileged and default accounts (SYSTEM, FIELD, DEFAULT, GUEST).VMS Audit Trail Summary
015 VMS Audit Trail Detail
015 VMS Current Processes
015 VMS Intrusion Records
Audit: monitor changes to the system's AUDIT settings. 
Time: monitor changes to the system time.VMS Audit Trail Summary
Sysgen: monitor use of SYSGEN.VMS Audit Trail Summary
015 VMS Audit Trail Detail
Directory: monitor access to files in sensitive directories.VMS Audit Trail Detail
015 VMS File Monitor
015 015

Filters

015

There are two ways to display selected data:

015
    015
  1. Add startup parameters to the displays, or
    2. 015
  2. Apply a filter.
    3. 015
015

The approach taken is a combination of 1 and 2 above. The advantage of using 015 filters is that they can be applied dynamically without reloading data.

015 015

Alarms

015 015

The alarms use common include files which define a database of email accounts.

015 015

The database is an array of entries, each entry having the format:

015 015 
DDDDDDD HHMM-HHMM address[,...]
015

where DDDDDDD is Sun,Mod,Tue,Wed,Thu,Fri,Sat for example:

015
    015
  • Sun and Sat is D*****D
    • 015
  • Mon to Fri is *DDDDD*
    • 015
015

You can use any character instead of D.

015

HHMM-HHMM is From-To, for example:

015
    015
  • 0000-0625 is 00:00 to 06:25
    • 015
  • 2000-2330 is 20:00 to 23:30
    • 015
015 015

Each email address is based on hour and minute.

015 015

If the email address is 'none' or '' (without the quotes) then the email is 015 not set.

015 015

So the last rule is a catch-all which uses none as the address. If there is 015 no match and '' is returned then the email address defined in the alarm is used.
015
015 The example below defines the address as support@sysgem.com from 00:00 to 06:59 015 and 20:00 to 23:59 and as daytime@sysgem.com for all other times.

015 015

The format must be preserved, do not add spaces in fields especially in the 015 address field.

015 015
    015
  • Weekdays, 00:00 to 23:59
    • 015
015
015 
*MTWTF* 0000-2359 daytime\@sysgem.com
015
015
    015
  • All days, 00:00 to 06:59
    • 015
015
015 
SMTWTFS 0000-0659 emergency\@sysgem.com
015
015
    015
  • All days, 20:00 to 23:59
    • 015
015
015 
SMTWTFS 2000-2359 emergency\@sysgem.com
015
015
    015
  • All days, 00:00 to 23:59
    • 015
015
015

Now the catch-all in case there is no match with any of the above rules. 015 This returns 'none' and the SMTP mail is not sent.

015 
SMTWTFS 0000-2359 none
015
015 015 015 015 # 013 013 013 013 013 013 013 Sysgem 013 013 013 013 013 013 013 013 013 013 013 013
013

Certificate

013

This is a list of the components shipped 013 as part of the SSyM VMS Monitor Package module.

013 

013 
It also includes License PAK information and a copy of the release notes.

013 

013 
If you have any question, please contact support@sysgem.com
013 or visit http://www.sysgem.com for the latest release information.

013 

013 
This application module has been created by SAcM,
013 using computer THORIN,
013 licensed to Sysgem AG,Zurich,8008,Switzerland.

013 

013 
License

013 
The license contains these key fields:

013 
013   
013 
013 
013   
013   
013 
013 
013   
013   
013 
013 
013   
013 
FieldValue
ProductSSyM VMS Monitor Package
Created bySysgem AG,Zurich,8008,Switzerland

013 

013 
Files

013 
These are the definition files:

013 
013   
013 
013 
013   
013   
013 
013 
013   
013   
013 
013 
013   
013   
013 
013 
013   
013   
013 
013 
013   
013 
DefinitionEntries
Alarms9
Custom Displays9
Filters2
Include Files3

013 

013 
Tokens

013 
No tokens have been selected.

013 

013 
Release Notes

013 
There are no release notes for this module.

013 
013 

013 
013 
013 
#
#
#   Key fields.
#
#{{PRODUCT:         SSyM VMS Monitor Package
#{{CREATED_ON:      18-Oct-2006 12:03:42 PM
#{{CREATED_BY:      Sysgem AG,Zurich,8008,Switzerland
#{{LIBRARY_PATH:    SSyM VMS Monitor Package
#{{LICENSE_1:       SSyM VMS Monitor Package
#{{LICENSE_2:       
#{{LICENSE_3:       
#{{LICENSE_OPT:     Any
#{{LICENSED_TO:     Sysgem AG,Zurich,8008,Switzerland
#{{FORMAT:          000
#
#   Checksum.
#
#{{CHECKSUM:3473-AED4-ED16-79AB-FECE-FFE2-9E00-49E0