<author>Brenno J.S.A.A.F. de Winter, De Winter Information Solutions</author>
<author>Arjen Baart, Andromeda Technology & Automation</author>
- <date>October 05, 2002.</date>
+ <date>November 07, 2002.</date>
<docinfo>
- <infoitem label="Version">0.20</infoitem>
+ <infoitem label="Version">0.21</infoitem>
</docinfo>
</titlepage>
Minor layout improvements
</col>
</row>
+ <row>
+ <col>0.21</col><col>Arjen Baart</col><col>Nov 07, 2002</col>
+ <col>
+ Installation instructions added.
+ Combined chapters 4 through 7 into one chapter (4).
+ </col>
+ </row>
</table>
</section>
</chapter>
<chapter>
- <heading>Overall system.</heading>
+ <heading>Overall system Architecture</heading>
<para>
The overall systems aims to make maintenance data better accessible and by
</itemize>
<section>
- <heading>Priority mechanism.</heading>
-<para>
-Each notification has a certain priority that requires a different handling
-of the issue. How each priority will be dealt with is something that can
-be set per server. The priority mechanism is a simple system of five
-categories (can be more or less).
-</para>
-<para/>
-</section>
-
-<section>
- <heading>The dataflow diagram.</heading>
-<para>The main dataflow will be as follows.</para>
-<para>
- <picture src="dataflow.png" eps="dataflow" scale="0.7"/>
-</para>
-<para/>
-</section>
-</chapter>
-
-<chapter>
<heading>Central Application: signal handler.</heading>
<para>
scripts make detection possible, that is too time consuming to do during
processing of the data.
</para>
+</section>
<section>
<heading>Data processing.</heading>
</itemize>
<para/>
</section>
-</chapter>
-<chapter>
+<section>
+ <heading>Priority mechanism.</heading>
+<para>
+Each notification has a certain priority that requires a different handling
+of the issue. How each priority will be dealt with is something that can
+be set per server. The priority mechanism is a simple system of five
+categories (can be more or less).
+</para>
+<para/>
+</section>
+
+<section>
+ <heading>The dataflow diagram.</heading>
+<para>The main dataflow will be as follows.</para>
+<para>
+ <picture src="dataflow.png" eps="dataflow" scale="0.7"/>
+</para>
+<para/>
+</section>
+
+<section>
<heading>Sending messages to the central gnucomo system.</heading>
<para>
</item>
</enumerate>
-<section>
+<subsection>
<heading>Ensuring data integrity.</heading>
<para><TO BE DESCRIBED></para>
-</section>
+</subsection>
-<section>
+<subsection>
<heading>Directories and filenames on the server.</heading>
<para>
</row>
</table>
-<subsection>
+<subsubsection>
<heading>Directory for incoming data.</heading>
<para>
The used directory is: <code>/home/gnucomo/archive/</code>
</item>
</enumerate>
-</subsection>
+</subsubsection>
-<subsection>
+<subsubsection>
<heading>Directory for outgoing data.</heading>
<para>
</item>
</enumerate>
-</subsection>
+</subsubsection>
-<subsection>
+<subsubsection>
<heading>Overview. </heading>
<para>The total directory-structure looks like this:</para>
/home/gnucomo/outgoing/processed
</verbatim>
+</subsubsection>
</subsection>
-</section>
-<section>
+<subsection>
<heading>Directories on the client-side.</heading>
<para>
For this purpose the user <strong>gcm_client</strong> will be created.
</para>
-<subsection>
+<subsubsection>
<heading>Directory for incoming data.</heading>
<para>
For incoming messages there will be separate directories
</item>
</enumerate>
-</subsection>
+</subsubsection>
-<subsection>
+<subsubsection>
<heading>Directory for outgoing data.</heading>
<para>
The directory is: <code>/home/gcm_client/outgoing/processed/</code>
</item>
</enumerate>
-</subsection>
+</subsubsection>
-<subsection>
+<subsubsection>
<heading>Overview. </heading>
<para>The total directory-structure looks like this:</para>
/home/gcm_client/outgoing/outbox
/home/gcm_client/outgoing/processed
</verbatim>
+</subsubsection>
</subsection>
</section>
-</chapter>
-<chapter>
+<section>
<heading>Getting data into the database.</heading>
<para>
There are no deletion, update or select-permissions.
</para>
+</section>
</chapter>
<chapter>
The database is the heart of the system.
It will contain all event-data of multiple computers.
The intelligence that can be performed on the database will be placed there.
-To do this as integrated as possible stored procedures and triggers will be used.
+To do this as integratedly as possible stored procedures and triggers will be used.
To begin with we have selected checks to be performed that will be
expanded throughout time.
</para>
<para>
Since the gnucomo database and files contain sensitive data
security measures have to be in place. Several database users
-will be exist that have limited rights to perform a certain task
+will exist that have limited rights to perform a certain task
ensuring some protection against unauthorized access.
However these mechanisms on it's own will work fine, bad maintenance may still
screw-up good security. Good database maintenance is needed.
One of the techniques to increase performance on display is to work with views.
So where it is feasible we will use them.
</para>
+
+<para>
+The following model pictures the database as described in the remainder
+of this chapter.
+</para>
+<para>
+ <picture src="erd.png" eps="erd" scale="0.7"/>
+</para>
+
<para>
In general the database must also be maintained well.
So daily maintenance scripts should keep the performance good<footnote>PostgreSQL seems
<table cpos='p{1cm}p{2cm}p{1.5cm}p{6cm}'>
<thead>
- <col> Actionid </col> <col> Actionname </col> <col> Statuscode </col>
+ <col>Actionid</col><col>Actionname</col><col>Statuscode</col>
<col>
Description
</col>
</thead>
<row>
- <col> 1 </col> <col> Entry in the system </col> <col> NEW </col>
+ <col>1</col><col>Entry in the system</col><col>NEW</col>
<col>
This indicates that a notification is entered into the system. The status is a <strong>NEW</strong>.
</col>
</row>
<row>
- <col> 2 </col> <col> Displayed to user </col> <col> OPN </col>
+ <col>2</col><col>Displayed to user</col><col>OPN</col>
<col>
- The notification has been displayed to the user. It is not guaranteed that the user has read the notification, but he/she should be aware of it. The status will now be changed to <strong>OPEN</strong> if the current status is <strong>NEW</strong>.
+ The notification has been displayed to the user.
+ It is not guaranteed that the user has read the notification,
+ but he/she should be aware of it.
+ The status will now be changed to <strong>OPEN</strong> if the current
+ status is <strong>NEW</strong>.
</col>
</row>
<row>
- <col> 3 </col> <col> Remarks added </col> <col> PEN </col>
+ <col>3</col><col>Remarks added</col><col>PEN</col>
<col>
- Remarks have been added to the notification. The status has now been changed to <strong>PENDING</strong>.
+ Remarks have been added to the notification. The status has now been
+ changed to <strong>PENDING</strong>.
</col>
</row>
<row>
- <col> 4 </col> <col> Priority changed manually </col> <col> PEN </col>
+ <col>4</col><col>Priority changed manually</col><col>PEN</col>
<col>
- The priority of the notification has been changed by the user. The new status is now <strong>PENDING</strong>.
+ The priority of the notification has been changed by the user.
+ The new status is now <strong>PENDING</strong>.
</col>
</row>
<row>
- <col> 5 </col> <col> Priority changed automatically </col> <col> PEN </col>
+ <col>5</col><col>Priority changed automatically</col><col>PEN</col>
<col>
- The priority of the notification has been changed by the system. If the status is not <strong>OPEN</strong> or <strong>NEW</strong> the new status is become <strong>PENDING</strong>.
+ The priority of the notification has been changed by the system.
+ If the status is not <strong>OPEN</strong> or <strong>NEW</strong> the new
+ status is become <strong>PENDING</strong>.
</col>
</row>
<row>
- <col> 6 </col> <col> Action taken </col> <col> PEN </col>
+ <col>6</col><col>Action taken</col><col>PEN</col>
<col>
A action has been taken. The status is now <strong>PENDING</strong>.
</col>
</row>
<row>
- <col> 7 </col> <col> Assignment to user </col> <col> PEN </col>
+ <col>7</col><col>Assignment to user</col><col>PEN</col>
<col>
- A notification has been explicitly assigned to another user. The status is now <strong>PENDING</strong>.
+ A notification has been explicitly assigned to another user.
+ The status is now <strong>PENDING</strong>.
</col>
</row>
<row>
- <col> 8 </col> <col> More information or research needed. </col> <col> INV </col>
+ <col>8</col><col>More information or research needed.</col><col>INV</col>
<col>
- The notification is relevant and will be handled, however more information or research will be needed. The status is <strong>UNDER INVESTIGATION</strong>.
+ The notification is relevant and will be handled, however more information
+ or research will be needed. The status is <strong>UNDER INVESTIGATION</strong>.
</col>
</row>
<row>
- <col> 9 </col> <col> Make output reference. </col> <col> REF </col>
+ <col>9</col><col>Make output reference.</col><col>REF</col>
<col>
- Automated output from an object has been sent to gnucomo. The input has been identified as a valid reference for future. Status is now <strong>REFERENCE</strong><footnote>A reference is used to find differences in output. This feature must reduce the number of wrongful alerts. Only if a change has taken place a notification is generated. First time reports will always generate a notification. By signing this off the system will be silent again.</footnote>.
+ Automated output from an object has been sent to gnucomo.
+ The input has been identified as a valid reference for future.
+ Status is now <strong>REFERENCE</strong><footnote>A reference is used to
+ find differences in output. This feature must reduce the number of wrongful alerts.
+ Only if a change has taken place a notification is generated.
+ First time reports will always generate a notification.
+ By signing this off the system will be silent again.</footnote>.
</col>
</row>
<row>
- <col> 10 </col> <col> Job output no longer reference. </col> <col> CLS </col>
+ <col>10</col><col>Job output no longer reference.</col><col>CLS</col>
<col>
- By making a newer job output reference this output has been obsoleted. Since once it was a reference the notification can be closed. The new status for the notification is now <strong>CLOSED</strong>.
+ By making a newer job output reference this output has been obsoleted.
+ Since once it was a reference the notification can be closed.
+ The new status for the notification is now <strong>CLOSED</strong>.
</col>
</row>
<row>
- <col> 11 </col> <col> Action taken please verify. </col> <col> VRF </col>
+ <col>11</col><col>Action taken please verify.</col><col>VRF</col>
<col>
- An action has been taken and things should have been resolved. Before the notification can be closed a verification has to be done. New status is now <strong>VERIFY</strong>.
+ An action has been taken and things should have been resolved.
+ Before the notification can be closed a verification has to be done.
+ New status is now <strong>VERIFY</strong>.
</col>
</row>
<row>
- <col> 12 </col> <col> Action not accepted. </col> <col> PEN </col>
+ <col>12</col><col>Action not accepted.</col><col>PEN</col>
<col>
- A check has been done and the results were not good. New verification is needed. New status is now <strong>PENDING</strong>.
+ A check has been done and the results were not good.
+ New verification is needed.
+ New status is now <strong>PENDING</strong>.
</col>
</row>
<row>
- <col> 13 </col> <col> Action verified </col> <col> CLS </col>
+ <col>13</col><col>Action verified</col><col>CLS</col>
<col>
- The verification for the action has been done and the action is approved. The new status is now <strong>CLOSED</strong>.
+ The verification for the action has been done and the action is approved.
+ The new status is now <strong>CLOSED</strong>.
</col>
</row>
<row>
- <col> 14 </col> <col> E-mail sent </col> <col> OPN<footnote>Only if the status is <strong>NEW</strong>.</footnote> </col>
+ <col>14</col><col>E-mail sent</col>
+ <col>OPN<footnote>Only if the status is <strong>NEW</strong>.</footnote></col>
<col>
An e-mail has been sent.
</col>
</row>
<row>
- <col> 15 </col> <col> SMS sent </col> <col> OPN<footnote>Only if the status is <strong>NEW</strong>.</footnote> </col>
+ <col>15</col><col> SMS sent </col>
+ <col>OPN<footnote>Only if the status is <strong>NEW</strong>.</footnote></col>
<col>
A SMS has been sent.
</col>
</row>
<row>
- <col> 16 </col> <col> Fax sent </col> <col> OPN<footnote>Only if the status is <strong>NEW</strong>.</footnote> </col>
+ <col>16</col><col>Fax sent</col>
+ <col>OPN<footnote>Only if the status is <strong>NEW</strong>.</footnote></col>
<col>
A fax has been sent.
</col>
</row>
<row>
- <col> 17 </col> <col> Log-entries shown </col> <col> XXXX </col>
+ <col>17</col><col>Log-entries shown</col><col>XXXX</col>
<col>
The log entries have been shown. No changes to the status made.
</col>
</row>
<row>
- <col> 18 </col> <col> Notification closed </col> <col> CLS </col>
+ <col>18</col><col>Notification closed</col><col>CLS</col>
<col>
Notification has been closed.
</col>
</row>
<row>
- <col> 19 </col> <col> Notification reopened </col> <col> OPN </col>
+ <col>19</col><col>Notification reopened</col><col>OPN</col>
<col>
Notification has been re-opened
</col>
<row>
<col> timestamp </col> <col> Timestamp </col> <col> <para/> </col>
<col>
- The time when the action has been entered into the system. This is the time without the timezone<footnote>The timestamp without time has been selected, since this is the system time. To have the system functioning without any physical borders one of the settings on the system is time in GMT (UTC). This ensures also the added value of the system log.</footnote>. This will be automatically added when the record is added into the database.
+ The time when the action has been entered into the system.
+ This is the time without the timezone<footnote>The timestamp without
+ time has been selected, since this is the system time.
+ To have the system functioning without any physical borders one
+ of the settings on the system is time in GMT (UTC).
+ This ensures also the added value of the system log.</footnote>.
+ This will be automatically added when the record is added into the database.
</col>
</row>
<row>
<row>
<col> remarks </col> <col> Text </col> <col> <para/> </col>
<col>
- Remarks entered by the user if it concerns a manual action or the text of automatically generated warnings.
+ Remarks entered by the user if it concerns a manual action
+ or the text of automatically generated warnings.
</col>
</row>
</table>
<row>
<col> notificationid </col> <col> notification </col>
<col>
- Each action that takes place is registered in this table. By using the notification the relevant notification. The relationship has to be enforced.
+ Each action that takes place is registered in this table.
+ By using the notification the relevant notification. The relationship has to be enforced.
</col>
</row>
<row>
<col> username </col> <col> user </col>
<col>
- Each step in the process has to be related to the user. If the system itself generates an action the user will be <strong>gnucomo</strong><footnote>This implies that the system automatically has an username gnucomo.</footnote>.
+ Each step in the process has to be related to the user.
+ If the system itself generates an action the user will be
+ <strong>gnucomo</strong><footnote>This implies that the system
+ automatically has an username gnucomo.</footnote>.
</col>
</row>
</table>
<col> 3 </col> <col> 5 </col> <col> 1 </col> <col> Gnucomo </col>
<col> 2002-07-14 16:14:09 </col> <col> OPN </col>
<col>
- <para>Automatic e-mail to user: <reference href="mailto:brenno@dewinter.com">brenno@dewinter.com</reference>:</para>
- <para>Gnucomo detected a portscan on system <reference href="http://gnucomo.dewinter.com/">gnucomo.dewinter.com</reference></para>
+ <para>Automatic e-mail to user:
+ <reference href="mailto:brenno@dewinter.com">brenno@dewinter.com</reference>:</para>
+ <para>Gnucomo detected a portscan on system
+ <reference href="http://gnucomo.dewinter.com/">gnucomo.dewinter.com</reference></para>
</col>
</row>
<row>
<col> 8 </col> <col> 3 </col> <col> 1 </col> <col> Brenno </col>
<col> 2002-07-14 16:24:59 </col> <col> PEN </col>
<col>
- Services tables learns me that all services are aimed at Windows-based services. Attempts for platform specific expoits.
+ Services tables learns me that all services are aimed at Windows-based services.
+ Attempts for platform specific expoits.
</col>
</row>
<row>
<heading>log & log_adv. </heading>
<para>
-To store the log-data there are two tables in use that have a one-on-one relationship. The logic behind this is the difference between raw-always needed data and the somewhat processed data to support basic retrieval. The last category isn't always used and when it's used it is redundant. Also the raw log is very important to the integrity of the system. For these reasons the processed data has been physically separated in a second table called <emph>log_adv</emph>. If needed a view will be available that combines the two tables. Despite the load indexing on <emph>log_adv</emph> will be done thoroughly.
+To store the log-data there are two tables in use that have a one-on-one relationship.
+The logic behind this is the difference between raw-always needed data and the somewhat
+processed data to support basic retrieval.
+The last category isn't always used and when it's used it is redundant.
+Also the raw log is very important to the integrity of the system.
+For these reasons the processed data has been physically separated in a
+second table called <emph>log_adv</emph>.
+If needed a view will be available that combines the two tables.
+Despite the load indexing on <emph>log_adv</emph> will be done thoroughly.
</para>
</subsection>
<heading>The fields of log.</heading>
<para>
-The fields in log are focussed around the raw data and the data needed to link this to other tables in the system.
+The fields in log are focussed around the raw data and the data needed
+to link this to other tables in the system.
</para>
<table cpos='lllp{6cm}'>
<row>
<col> original_filename </col> <col> Text </col> <col> <para/> </col>
<col>
- This field refers to the filename that contained this entry. The original entries as received by the gnucomo-server (flat files). The files are sent in batches, which makes it very hard to find where the original logline is. This will enable to see the files to detect bugs in gnucomo if any occur. It may well be that in a later stage this functionality becomes obsolete.
+ This field refers to the filename that contained this entry.
+ The original entries as received by the gnucomo-server (flat files).
+ The files are sent in batches, which makes it very hard to find where the
+ original logline is. This will enable to see the files to detect
+ bugs in gnucomo if any occur.
+ It may well be that in a later stage this functionality becomes obsolete.
</col>
</row>
<row>
<row>
<col> type_of_logid </col> <col> Bigint </col> <col> 8 </col>
<col>
- Reference to the table type_of_log that contains information on what type of log/report we have here (how gnucomo recognized it).
+ Reference to the table type_of_log that contains information on what
+ type of log/report we have here (how gnucomo recognized it).
</col>
</row>
<row>
<row>
<col> timestamp </col> <col> Timestamp </col> <col> <para/> </col>
<col>
- The time when the action has been entered into the system. This is the time without the timezone<footnote>The timestamp without time has been selected, since this is the system time. To have the system functioning without any physical borders one of the settings on the system is time in GMT (UTC). This ensures also the added value of the system log.</footnote>. This will be generated upon entry into the database.
+ The time when the action has been entered into the system.
+ This is the time without the timezone<footnote>The timestamp without time
+ has been selected, since this is the system time.
+ To have the system functioning without any physical borders one of
+ the settings on the system is time in GMT (UTC).
+ This ensures also the added value of the system log.</footnote>.
+ This will be generated upon entry into the database.
</col>
</row>
<row>
<row>
<col> type_of_logid </col> <col> type_of_log </col>
<col>
- Each logbook has a certain type of reporting. This explains what type of log was received (and thus which rules for detection was applied).
+ Each logbook has a certain type of reporting.
+ This explains what type of log was received (and thus which rules for detection was applied).
</col>
</row>
<row>
<col> systemuser </col> <col> user </col>
<col>
- Links a registered user of an object to this log entry<footnote>Upon entry of an object most of the times the passwd-file (UNIX-systems) or the userlist will serve as the entrypoint of users. Non existing users will be added and will have to be verified by an administrator before this entry become definite.</footnote>.
+ Links a registered user of an object to this log
+ entry<footnote>Upon entry of an object most of the times the
+ passwd-file (UNIX-systems) or the userlist will serve as the entrypoint of users.
+ Non existing users will be added and will have to be verified by an
+ administrator before this entry become definite.</footnote>.
</col>
</row>
</table>
<heading>Sample data combined from log and log_adv.</heading>
<para>
-The sample data derrived here has been gathered in logs. Since the tablestructure is very long the representation is somewhat different:
+The sample data derrived here has been gathered in logs.
+Since the tablestructure is very long the representation is somewhat different:
</para>
<table cpos='lp{8cm}'>
<heading>log_notification. </heading>
<para>
-In the log_notification the logbook entries that have caused an alert to occur are saved. When this table is used something has been detected. As this is clearly an intermediate table we anticipate to design checks where multiple entries in a log-file can lead to one notification. For forensics indexing will be focussed on retrieval speed.
+In the log_notification the logbook entries that have caused an alert to occur are saved.
+When this table is used something has been detected.
+As this is clearly an intermediate table we anticipate to design checks where
+multiple entries in a log-file can lead to one notification.
+For forensics indexing will be focussed on retrieval speed.
</para>
<subsubsection>
<heading>notification. </heading>
<para>
-In this table all detected issues per object will be written. Issues are entered based on immediate detection, periodical detection or manually. Since this table is mostly used to work from in the interface being in control is crucial. When systems function properly more retrieval than data entry will take place. Also data retrieval will be done in all sorts of ways. Indexing must be huge to facilitate that.
+In this table all detected issues per object will be written.
+Issues are entered based on immediate detection, periodical detection or manually.
+Since this table is mostly used to work from in the interface being in control is crucial.
+When systems function properly more retrieval than data entry will take place.
+Also data retrieval will be done in all sorts of ways. Indexing must be huge to facilitate that.
</para>
<subsubsection>
<row>
<col> type_of_notification_id </col> <col> Bigint </col> <col> 8 </col>
<col>
- Reference to the <emph>type_of_notification</emph> indicating what type of notification we have here and what basic rules apply.
+ Reference to the <emph>type_of_notification</emph> indicating what
+ type of notification we have here and what basic rules apply.
</col>
</row>
<row>
<row>
<col> priority </col> <col> Int </col> <col> 4 </col>
<col>
- The priority that is given to this issue<footnote>Basically there will be five priority levels. The rule is that the lower the number gets the more urgent the issue is. At the moment the priority level is set by the system pre-defined actions will take place.</footnote>.
+ The priority that is given to this issue<footnote>Basically there will be
+ five priority levels. The rule is that the lower the number gets the more
+ urgent the issue is. At the moment the priority level is set by the system
+ pre-defined actions will take place.</footnote>.
</col>
</row>
<row>
<col> escalation_count_timestamp </col> <col> Timestamp </col> <col> <para/> </col>
<col>
- Timestamp since the last escalation took place<footnote>The system offers the possibility to automatically escalate issue if no action has been taken within a certain amount of time. Based on the status and the type of notification escalation can take place.</footnote>.
+ Timestamp since the last escalation took place<footnote>The system offers
+ the possibility to automatically escalate issue if no action has been
+ taken within a certain amount of time.
+ Based on the status and the type of notification escalation can take place.</footnote>.
</col>
</row>
<row>
<col> repeat_notification_timestamp </col> <col> Timestamp </col> <col> <para/> </col>
<col>
- Timestamp at which moment in time a repeat notification should occur<footnote>After this time has passed a notification is being resent. After a resent automatically a new time is set for another resent. If any actions takes place (except automated entries of course) the time is emptied so that an administrator will no longer be bothered by the system.</footnote>.
+ Timestamp at which moment in time a repeat notification should occur<footnote>After
+ this time has passed a notification is being resent.
+ After a resent automatically a new time is set for another resent.
+ If any actions takes place (except automated entries of course)
+ the time is emptied so that an administrator will no longer be bothered by the system.</footnote>.
</col>
</row>
<row>
<heading>object</heading>
<para>
-The <emph>object</emph> table contains general information on the objects being monitored. The table object will more be used for retrieval, since adding objects will be an occasional process. Anything that for some reason can be indexed ought to be indexed.
+The <emph>object</emph> table contains general information on the objects being monitored.
+The table object will more be used for retrieval, since adding objects will be an
+occasional process. Anything that for some reason can be indexed ought to be indexed.
</para>
<subsubsection>
<row>
<col> objectcode </col> <col> Text </col> <col> <para/> </col>
<col>
- Unique identifier (if existent) on the system<footnote>In Linux this will typically be the <emph>hostid</emph>.</footnote>.
+ Unique identifier (if existent) on the system<footnote>In Linux this will
+ typically be the <emph>hostid</emph>.</footnote>.
</col>
</row>
<row>
<row>
<col> timezone </col> <col> Text </col> <col> <para/> </col>
<col>
- The timezone where this object is located<footnote>For objects that move around like PDA's and laptops the timezone can be the place where a person is stationed or better GMT.</footnote>.
+ The timezone where this object is located<footnote>For objects that
+ move around like PDA's and laptops the timezone can be the place where
+ a person is stationed or better GMT.</footnote>.
</col>
</row>
<row>
<row>
<col> <para/> </col> <col> Notification </col>
<col>
- Reference to the table <emph>notification</emph> that contains the notifications that have been created.
+ Reference to the table <emph>notification</emph> that contains the notifications
+ that have been created.
</col>
</row>
<row>
<row>
<col> <para/> </col> <col> Object_priority </col>
<col>
- Reference to the <emph>object_priority</emph> table that indicates how a certain level of priority has to be dealt with.
+ Reference to the <emph>object_priority</emph> table that indicates how a
+ certain level of priority has to be dealt with.
</col>
</row>
<row>
<subsubsection>
<heading>Sample data.</heading>
<para>
-There is no preset data and therefor it's an example has been created. The table has quite some fields so the example has the fieldname in the left column and the data in the right column.
+There is no preset data and therefor it's an example has been created.
+The table has quite some fields so the example has the fieldname in the
+left column and the data in the right column.
</para>
<table cpos='lp{6cm}'>
<thead>
<subsection>
<heading>object_issue. </heading>
<para>
-This table will store the policy on a certain issue like the priority being recognized and special actions to take. Since policies are utilized by the systems continuously all other process will rely on this index, while users will change the values occasionally.
+This table will store the policy on a certain issue like the priority being
+recognized and special actions to take.
+Since policies are utilized by the systems continuously all other process will rely on this index,
+while users will change the values occasionally.
</para>
<subsubsection>
<para>8</para>
</col>
<col>
- <para>Reference to the <emph>type_of_notification</emph> indicating what type of notification we have here and what basic rules apply.</para>
+ <para>Reference to the <emph>type_of_notification</emph> indicating
+ what type of notification we have here and what basic rules apply.</para>
</col>
</row>
<row>
<para>4</para>
</col>
<col>
- <para>The priority that will be set automatically when this type of notification is entered into the system.</para>
+ <para>The priority that will be set automatically when this type of
+ notification is entered into the system.</para>
</col>
</row>
<row>
<para/>
</col>
<col>
- <para>Some checks can have a special settings (for instance alert after 5 failed login attempts instead of 3).</para>
+ <para>Some checks can have a special settings (for instance alert
+ after 5 failed login attempts instead of 3).</para>
</col>
</row>
</table>
</subsection>
<subsection>
- <heading>object_priority. </heading>
+ <heading>object_priority.</heading>
<para>
-This table stores per object how a certain level of priority is being dealt with. What policies do apply. This table is mostly used for retrieval, so firm indexing is logic.
+This table stores per object how a certain level of priority is being dealt with.
+What policies do apply. This table is mostly used for retrieval, so firm indexing is logic.
</para>
<subsubsection>
<heading>object_service</heading>
<para>
-The object service table indicates which services can be expected on the system If input fails to show up a notification can be generated.
+The object service table indicates which services can be expected on the system.
+If input fails to show up a notification can be generated.
</para>
<subsubsection>
<para>8</para>
</col>
<col>
- <para>The expected interval in minutes between two log entries. If this gives a time-out a notification is generated<footnote>To avoid many false positives it may be wise to give the system always 1 or 2 minutes extra time. If for some reason a connection is slow or a mail-daemon restarted the effect would generate tuns of notifications.</footnote>. The following values can be considered the most common:</para>
+ <para>The expected interval in minutes between two log entries.
+ If this gives a time-out a notification is generated<footnote>To avoid many
+ false positives it may be wise to give the system always 1 or 2 minutes extra time.
+ If for some reason a connection is slow or a mail-daemon restarted
+ the effect would generate tuns of notifications.</footnote>.
+ The following values can be considered the most common:</para>
<para>* 60 hourly entries</para>
<para>* 120 two hourly entries</para>
<para>* 240 four hourly entries</para>
<para/>
</col>
<col>
- <para>The timestamp of the last entry (for detecting exceeded interval). This field could be derived from the log-table as well, but the redundance gives a performance on detection that is useful, since a check should run every minute.</para>
+ <para>The timestamp of the last entry (for detecting exceeded interval).
+ This field could be derived from the log-table as well, but the
+ redundance gives a performance on detection that is useful, since a
+ check should run every minute.</para>
</col>
</row>
<row>
<para/>
</col>
<col>
- <para>If a service hasn't been set, the application user should indicate that this is valid (logs shouldn't just appear). New entries will be added automatically but still have to be verified.</para>
+ <para>If a service hasn't been set, the application user should
+ indicate that this is valid (logs shouldn't just appear).
+ New entries will be added automatically but still have to be verified.</para>
</col>
</row>
</table>
<heading>object_system_user</heading>
<para>
-This table will derive a list of users that can be identified based on the log-files in the system. This table is filled during data entry. But the filling of the table is dependent on the fact if the user has been entered before. So during the processing the read will be done more than the data entry and that makes heavy indexing logic.
+This table will derive a list of users that can be identified based
+on the log-files in the system. This table is filled during data entry.
+But the filling of the table is dependent on the fact if the user has been entered before.
+So during the processing the read will be done more than the data entry and
+that makes heavy indexing logic.
</para>
<subsubsection>
<heading>The fields.</heading>
<heading>object_user</heading>
<para>
-This table will enable users to get access to the information belonging to an object. Also this table is mainly used for data retrieval and will rely on the indexes.
+This table will enable users to get access to the information belonging to an object.
+Also this table is mainly used for data retrieval and will rely on the indexes.
</para>
<subsubsection>
<heading>The fields.</heading>
<heading>priority</heading>
<para>
-The priority table contains information on the levels that are recognized by the system. Mainly data retrieval so depending on indexing. It needs to be said that most likely only a couple of states will exist<footnote>By default we will use five states, but many states can be given to enable all types of differentiation.</footnote>.
+The priority table contains information on the levels that are recognized by the system.
+Mainly data retrieval so depending on indexing.
+It needs to be said that most likely only a couple of states will exist<footnote>By default
+we will use five states, but many states can be given to enable all
+types of differentiation.</footnote>.
</para>
<subsubsection>
<heading>service</heading>
<para>
-The table <emph>service</emph> indicates the service that can be handled by the system. Out of the servicelist the administrator can indicate what services to expect.
+The table <emph>service</emph> indicates the service that can be handled by the system.
+Out of the servicelist the administrator can indicate what services to expect.
</para>
<subsubsection>
<heading>The fields.</heading>
<para>4</para>
</col>
<col>
- <para>The advised priority if these log-entries don't come in<footnote>Advised priorities can be changed in the object_service table per object. </footnote>.</para>
+ <para>The advised priority if these log-entries don't
+ come in<footnote>Advised priorities can be changed in the object_service
+ table per object. </footnote>.</para>
</col>
</row>
<row>
<para>4</para>
</col>
<col>
- <para>The maximum priority advised for this service<footnote>Advised priorities can be changed in the object_service table per object.</footnote>.</para>
+ <para>The maximum priority advised for this
+ service<footnote>Advised priorities can be changed in the
+ object_service table per object.</footnote>.</para>
</col>
</row>
</table>
<heading>status.</heading>
<para>
-The table <emph>status</emph> contains the possible states that a notification can have. As with the table <emph>priority</emph> these statuses are limited in number by default but can be expanded. Also here retrieval prevails above data entry and therefor indexing is important.
+The table <emph>status</emph> contains the possible states that a notification can have.
+As with the table <emph>priority</emph> these statuses are limited in number by
+default but can be expanded. Also here retrieval prevails above data entry and
+therefor indexing is important.
</para>
<subsubsection>
<para>T</para>
</col>
<col>
- <para>The notification has been worked on. After it has been verified the notification can be closed.</para>
+ <para>The notification has been worked on.
+ After it has been verified the notification can be closed.</para>
</col>
</row>
<row>
<subsection>
<heading>type_of_issue.</heading>
-<para>This table will contain a list of all available issues that can be detected. All issues have a suggested priority setting. This is typically data retrieval and good indexing is needed.</para>
+<para>
+This table will contain a list of all available issues that can be detected.
+All issues have a suggested priority setting.
+This is typically data retrieval and good indexing is needed.</para>
<subsubsection>
<heading>The fields.</heading>
<heading>Default values.</heading>
<para>
-All checks are entered as code into the system. This table only works for the application only. The user can set specifics in the application only.
+All checks are entered as code into the system.
+This table only works for the application only.
+The user can set specifics in the application only.
</para>
<table cpos='lllll'>
<thead>
<heading>unprocessed_log</heading>
<para>
-The <emph>user</emph> table contains the users that can login the monitoring application. It will also store if the users maintains the system. Mainly used for retrieval so properly indexed.
+The <emph>user</emph> table contains the users that can login the monitoring application.
+It will also store if the users maintains the system.
+Mainly used for retrieval so properly indexed.
</para>
<subsubsection>
<subsection>
<heading>user_gnucomo</heading>
-<para>The <emph>user</emph> table contains the users that can login the monitoring application. It will also store if the users maintains the system. Mainly used for retrieval so properly indexed.</para>
+<para>
+The <emph>user</emph> table contains the users that can login the monitoring application.
+It will also store if the users maintains the system.
+Mainly used for retrieval so properly indexed.
+</para>
+
<subsubsection>
<heading>The fields.</heading>
+
<para>
The fields are listed in the table below:
</para>
<para/>
</col>
<col>
- <para>Sessionnumber currently used by user. If this is set to 0 a user is not present on the system. Only one session can be open at a time.</para>
+ <para>Sessionnumber currently used by user.
+ If this is set to 0 a user is not present on the system.
+ Only one session can be open at a time.</para>
</col>
</row>
<row>
</subsection>
</section>
-<section>
- <heading>Model of table-relations.</heading>
-
-<para>The following model pictures the database as it has been described before.</para>
-<para>
- <picture src="erd.png" eps="erd" scale="0.7"/>
-</para>
-
-</section>
</chapter>
<chapter>
<heading>User Interface.</heading>
<para>To be determined in the near future.</para>
- </chapter>
+</chapter>
- <chapter>
- <heading>The installation process.</heading>
+<chapter>
+ <heading>The installation process.</heading>
- <para>Since the system must make maintenance and security easier to use, the burden of installation should as easy as possible. Where possible the installation script should take away as much work as possible. Where settings need to be done, this should be done through an interface. However at no point we take the user's right to understand and work with system. Configuration-files should be easy to understand and the choice must be there to do installation manually. </para>
+<para>
+Since the system must make maintenance and security easier to use,
+the burden of installation should as easy as possible.
+Where possible the installation script should take away as much work as possible.
+Where settings need to be done, this should be done through an interface.
+However at no point we take the user's right to understand and work with system.
+Configuration-files should be easy to understand and the choice must be there to do installation manually.
+For the time being, we will use the manual installation procedure outlined below:
+</para>
+
+<para>
+Since there is no binary package available for Gnucomo yet, you will need
+to compile and install Gnucomo from the source code.
+Before making the Gnucomo binaries, make sure you have the following
+packages installed:
+<itemize>
+<item>postgresql, postgresql-server, postgresql-develop</item>
+<item>AXE</item>
+<item>libxml2, libxml2-develop</item>
+</itemize>
+
+Make sure your PostgreSQL database server is up and running.
+If you also want to use the web interface, you will need Apache with PHP.
+The PHP module needs Postgresql and DOM-XML support.
+With all required packages installed, you should be able to go into
+the <emph>src</emph> directory and type <code>make</code> to create
+a binary <code>gcm_input</code>.
+</para>
+
+<para>
+To use gnucomo, you need to create a database and a configuration file.
+To make the database in your PostgreSQL server, log in as a DBA (DataBase
+Administrator, usually the user 'postgres') and create the database and a
+user who can use the database.
+Here is an example:
+<verbatim>
+
+ createdb gnucomo
+ createuser arjen
+
+</verbatim>
+
+If you also want to be able to use the test scripts, you will need to
+create the <code>gnucomo_test</code> database as well.
+The configuration file for Gnucomo is a rather simple XML file that
+states at least what database Gnucomo uses and the userid with which
+Gnucomo will log in to the database server.
+These parameters should be the same as the database and user you just
+created in your role of DBA.
+There is an example configuration file, <code>gnucomo.conf</code> in the
+<emph>src</emph> directory.
+You should copy this config file to one of the following places:
+<enumerate>
+<item><code>/etc/gnucomo.conf</code></item>
+<item><code>/usr/local/etc/gnucomo.conf</code></item>
+</enumerate>
+With the database and the configuration file in place, you should
+be able to run <code>gcm_input</code> to read log files and store
+log entries in the database.
+</para>
<section>
<heading>Supported platforms.</heading>
</section>
</chapter>
- <chapter>
- <heading>Settings on the server machine.</heading>
+<chapter>
+ <heading>Settings on the server machine.</heading>
- <section>
- <heading>Required.</heading>
+<section>
+ <heading>Required.</heading>
-
<para>The following settings are required to ensure that the functionality is as much as expected.</para>
+<para>The following settings are required to ensure that the functionality is as much as expected.</para>
- <subsection>
- <heading>Timezone in GMT (UTC).</heading>
+<subsection>
+ <heading>Timezone in GMT (UTC).</heading>
-
<para>Since all international traffic registers all entries in UTC (Universal Time Coordinate) this system will do so as well. Therefore the clock has to be adjusted to that as well as the system settings.</para>
-
<para>These settings can found on a RedHat computer in the <code>/etc/sysconfig/clock-file</code>. On Debian this stored in the file <code>/etc/timezone</code>.</para>
- </subsection>
- </section>
+<para>Since all international traffic registers all entries in UTC (Universal Time Coordinate) this system will do so as well. Therefore the clock has to be adjusted to that as well as the system settings.</para>
+<para>These settings can found on a RedHat computer in the <code>/etc/sysconfig/clock-file</code>. On Debian this stored in the file <code>/etc/timezone</code>.</para>
+</subsection>
+</section>
- <section>
- <heading>Suggested.</heading>
+<section>
+ <heading>Suggested.</heading>
- <subsection>
- <heading>Use NTP.</heading>
+<subsection>
+ <heading>Use NTP.</heading>
-
<para>If a computer is running for some time the clocks tend to be off the correct time. This makes it harder to detect what exactly happened exactly at what moment in time and reduce value of log-entries. Especially considering that ultimately all data is gathered in one central system. To overcome this Network Time Protocol (NTP RFC 13025 March 1992) has been created that explains a protocol to synchronize clocks through the Internet. Many operating systems like Microsoft Windows 2000 Server and FreeBSD, OpenBSD and Linux support this. A ntp-server (or ntpd) can be found at: http://www.eecis.udel.edu/~ntp/ It is strongly recommended that you use this.</para>
+<para>If a computer is running for some time the clocks tend to be off the correct time. This makes it harder to detect what exactly happened exactly at what moment in time and reduce value of log-entries. Especially considering that ultimately all data is gathered in one central system. To overcome this Network Time Protocol (NTP RFC 13025 March 1992) has been created that explains a protocol to synchronize clocks through the Internet. Many operating systems like Microsoft Windows 2000 Server and FreeBSD, OpenBSD and Linux support this. A ntp-server (or ntpd) can be found at: http://www.eecis.udel.edu/~ntp/ It is strongly recommended that you use this.</para>
</subsection>
</section>
projects / gnucomo.git / commitdiff