Problem:
A few months ago my colleague asked me. It possible to check availability packages on repo on Linux's servers (Centos, Redhat)?
My answer was: Hmmm, I'll write you an agent on IBM Agent Builder which could check result of command: "yum check-update" and then I can build a situation on ITM.
But I didn't have enough time to build this agent, and now I have simple solution...
Solution:
I had to install fix pack ITM 6.3.0.5 and then... I spotted the custom scripts - great idea.
1. You have to create properties file (yumcheck.properties) like this on Linux server (monitored agent):
ATTRIBUTE_NAME=YUM_CHECK
SCRIPT_PATH_WITH_PARMS=/opt/IBM/ITM/localconfig/lz/scripts_definitions/yumcheck.sh
EXECUTION_FREQUENCY=86400
OUTPUT_TYPE=STRING
TOKEN_TYPES=I
TOKEN_SEPARATOR=|
Next, create shell script (yumcheck.sh) in:
/opt/IBM/ITM/localconfig/lz/scripts_definitions/ like this:
#!/bin/ksh
# 20.11.2015
# Script check availability of packages to installation (yum-update).
#
var=$(yum check-update | wc -l)
printf "%s|%d\n" "Yum avail. package to install" ${var}
2. This script yumcheck.sh will be run once a day (EXECUTION_FREQUENCY set to 86400s = 24hours).
When script will run successful, it will return result of command: "yum check-update | wc -l"
3. In this picture you can see results:
4. At the end, I builded situation to check result of script.
My situation is fired when attribute "Custom attribute Integer #1" is greater than 10 available packages to install.
---
If you like this or not - please write any comments below, thanks:)
or if you have any questions please send me email. I'll try to explain more.
---
Links:
http://www-01.ibm.com/support/docview.wss?uid=swg21960062
Problem:
How to receive alerts intrusions which were detected by Enforcive Enterprise Security.
I would like to check any undesirable attempt login to database.
Solution:
1. Firstly, I prepared a suitable alert in EES Manager.
I builded an alert with conditions:
Application: Database
Event Type: Reject
And in "Alert action" I defined the action: "Send Message to Message Queue" where I use i5 agent queue.
This alert will be fired when EES reject login to database. Result we can see on i5 server.
2. I builded a situation in ITM which checks messages queue that I defined in EES: "KMSOMLOG" on "QAUTOMON" library (default library i5 agent). Of course you can use different queue.
This situation will be fired when it checks messages on i5.
---
If you like this or not - please write any comments below, thanks:)
or if you have any questions please send me email. I'll try to explain more.
---
Links:
http://www.enforcive.com/enforcive-enterprise-security
Problem:
How to check that tapes are availables in BRMS on i5 (iSeries) in ITM?
Solution:
I had to find out how to check available tapes on i5, by the command.
I have to use a command: CHKEXPBRM.
How to do it in ITM?
1. I build first situation "WOW_MS_RunCmd2_BCK_CHKEXPBRM" on Enterprise (TEMS) which run at exactly time a day and run an action
"CHKEXPBRM EXPMED(4) MEDCLS(CLS_ULTR6) LOC(TAPMLB01)" on agent (distribution - i5).
This situations expire after 24 minutes.
2. Next, I build second situation on i5 (distribution) which have a 4 conditions:
- Message Queue - it contains: "KMSOMLOG"
- Message Queue Library - it contains: "QAUTOMON"
- ID - it contains: "CNB7008"
- Data - it contains: "Action returned with status 4 for situation WOW_MS_RunCmd2_BCK_CHKEXPBRM"
This second situation check the result of command execution caused in first situation.
This situations expire after 25 minutes.
---
If you like this or not - please write any comments below, thanks:)
or if you have any questions please send me email. I'll try to explain more.
---
Links:
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_61/cl/chkexpbrm.htm
