1. Manuals
  2. Brands
  3. IBM Manuals
  4. Network Router
  5. Enterprise Console
  6. Manual

Troubleshooting The Unix Log File Adapter - IBM Enterprise Console Manual

Ibm enterprise console adapters guide
Hide thumbs
Table of Contents

Advertisement

The event server also comes with some additional rules that you can install. The
$BINDIR/TME/TEC/contrib/rules/security directory contains the
security_default.rls file, which provides the following behavior to the event server:
v When a host reports a repeated login failure attempt at least two times in a row,
v A rule is included that closes the following event classes after one hour:

Troubleshooting the UNIX Log File Adapter

Perform the following steps to troubleshoot the UNIX log file adapter:
1. Stop any UNIX log file adapters that are currently running:
2. Start the adapter in debug mode.
3. Generate some messages to determine if the adapter receives them. You can
4. When events arrive, the adapter prints messages to the screen indicating the
hour. You can edit this rule to change the time or the list of classes. Refer to the
IBM Tivoli Enterprise Console Rule Builder's Guide for information about editing
rules.
– Logfile_Amd
– Logfile_Cron
– Logfile_Oserv
– Logfile_Date_Set
e-mail is sent to the e-mail alias tec_security notifying the administrators of the
attempted security breach. (The tec_security alias must be added to the e-mail
alias file before the messages can be delivered.)
– Repeated_Login_Failure
– Repeated_Login_Failure_From
– Root_Login_Success_From
-
send e-mail, perform an su, or perform any action that results in a write to
syslog. Alternatively, you can use the logger program to generate messages:
-
-
This generates an Oserv_Exec_Failed event. The message written by logger
should match one of the format specifications in the tecad_logfile.fmt file.
class and the attribute values in the class.
If you do not see any messages, the adapter is not receiving events from the
log file.
Verify that the syslogd daemon is running and is writing any new messages to
the system log files in /var/adm or its equivalent, or to the system console,
depending on how syslog.conf has been configured to write out messages. For
testing purposes, you can temporarily add the following line to syslog.conf:
This allows all messages to be written to a file so you can see what messages
have arrived. This file grows large quickly, so make this a temporary change
only. You need to HUP the syslogd daemon each time you change syslog.conf
to put these changes into effect.
Chapter 9. UNIX Log File Adapter
109

Advertisement

Table of Contents
loading

Related Manuals for IBM Enterprise Console

Related Content for IBM Enterprise Console

Table of Contents