Problem: A few months ago my colleague asked me. It possible to check availability packages on repo on Linux's servers (Centos, Redhat)? My answer was: Hmmm, I'll write you an agent on IBM Agent Builder which could check result of command: "yum check-update" and then I can build a situation on ITM. But I didn't have enough time to build this agent, and now I have simple solution...
Solution: I had to install fix pack ITM 6.3.0.5 and then... I spotted the custom scripts - great idea.
1. You have to create properties file (yumcheck.properties) like this on Linux server (monitored agent): ATTRIBUTE_NAME=YUM_CHECK SCRIPT_PATH_WITH_PARMS=/opt/IBM/ITM/localconfig/lz/scripts_definitions/yumcheck.sh EXECUTION_FREQUENCY=86400 OUTPUT_TYPE=STRING TOKEN_TYPES=I TOKEN_SEPARATOR=| Next, create shell script (yumcheck.sh) in: /opt/IBM/ITM/localconfig/lz/scripts_definitions/ like this: #!/bin/ksh # 20.11.2015 # Script check availability of packages to installation (yum-update). # var=$(yum check-update | wc -l) printf "%s|%d\n" "Yum avail. package to install" ${var} 2. This script yumcheck.sh will be run once a day (EXECUTION_FREQUENCY set to 86400s = 24hours). When script will run successful, it will return result of command: "yum check-update | wc -l"
3. In this picture you can see results:
4. At the end, I builded situation to check result of script.
My situation is fired when attribute "Custom attribute Integer #1" is greater than 10 available packages to install.
Problem: How to receive alerts intrusions which were detected by Enforcive Enterprise Security. I would like to check any undesirable attempt login to database. Solution: 1. Firstly, I prepared a suitable alert in EES Manager. I builded an alert with conditions: Application: Database Event Type: Reject And in "Alert action" I defined the action: "Send Message to Message Queue" where I use i5 agent queue.
This alert will be fired when EES reject login to database. Result we can see on i5 server.
2. I builded a situation in ITM which checks messages queue that I defined in EES: "KMSOMLOG" on "QAUTOMON" library (default library i5 agent). Of course you can use different queue.
This situation will be fired when it checks messages on i5.
--- If you like this or not - please write any comments below, thanks:) or if you have any questions pleasesend me email. I'll try to explain more.
Problem: How to checkthat tapes are availables in BRMS on i5 (iSeries) in ITM? Solution: I had to find out how to check available tapes on i5, by the command. I have to use a command: CHKEXPBRM. How to do it in ITM? 1. I build first situation "WOW_MS_RunCmd2_BCK_CHKEXPBRM" on Enterprise (TEMS) which run at exactly time a day and run an action "CHKEXPBRM EXPMED(4) MEDCLS(CLS_ULTR6) LOC(TAPMLB01)" on agent (distribution - i5).
This situations expire after 24 minutes.
2. Next, I build second situation on i5 (distribution) which have a 4 conditions: - Message Queue - it contains: "KMSOMLOG" - Message Queue Library - it contains: "QAUTOMON" - ID - it contains: "CNB7008" - Data - it contains: "Action returned with status 4 for situation WOW_MS_RunCmd2_BCK_CHKEXPBRM" This second situation check the result of command execution caused in first situation.
This situations expire after 25 minutes.
--- If you like this or not - please write any comments below, thanks:) or if you have any questions pleasesend me email. I'll try to explain more.
