Ergosol's Watchdog provides a neat solution to high-level server security, status and connectivity monitoring with email alerts. I tweaked it a little for adjusting it to OpenVMS 7.3 - you can grab it from http://sanyal.duckdns.org:81/pub/rampage.sav
It is working good for me - I am getting emails from all intrusion attempts and whenever someone logs in to the monitored accounts, as well as when any of the monitored HECnet nodes or internet IPs are unreachable.
The watchdog.com script is enough by itself - configuration is between markers in watchdog.com, like so:
$ ! (insert desired PERFORM's here)
$ ! - Start Marker - Place your PERFORMS between these Start and End markers
...
... YOUR CONFIG LINES HERE ...
...
$ ! - End Marker - Place your PERFORMS between these Start and End markers
I start it up at boot using this at the bottom of systartup_vms -
$ RUN/DETACHED/UIC=[1,4] -
/PRIORITY=0 -
/INPUT=DUA0:[TOOLS.RAMPAGE]WATCHDOG.COM -
/OUTPUT=NL: -
/ERROR=DUA0:[TOOLS.RAMPAGE]WATCHDOG.LOG -
/PROCESS_NAME="Watchdog" -
SYS$SYSTEM:LOGINOUT.EXE
Here is the header of watchdog.com
$ ! The RamPage Watchdog Dispatcher performs selected functions at a
$ ! repeated interval to monitor systems activities requiring the attention
$ ! of system managers. Problem notifications may be delivered via MAIL,
$ ! REPLY, OPCOM, and/or personal pagers. (NOTE: The RamPage paging
$ ! software is not required for MAIL, REPLY, and OPCOM deliveries.)
$ !
$ ! The following table describes the available functions:
$ !
$ ! -----------------------------------------------------------------------
$ ! Function Parameter(s) Description
$ ! -----------------------------------------------------------------------
$ !
$ ! INTERVAL period [refresh] Sets the interval period between
$ ! successive problem checks. The period
$ ! must be specified as hours, minutes,
$ ! and seconds in the format HH:MM:SS. The
$ ! default interval period is 10 minutes.
$ !
$ ! An optional refresh period may also be
$ ! specified in the format HH:MM:SS. This
$ ! value determines how frequently the
$ ! countdown status is refreshed for
$ ! viewing by RamPage Watchdog Monitor
$ ! utility. The default refresh period is
$ ! 5 seconds. New values must not be
$ ! greater than the interval period, and
$ ! should be evenly divisible by it.
$ !
$ ! NOTIFY username_list delivery
$ !
$ ! Sets the usernames in the given list as
$ ! the receivers of problem reports, with
$ ! delivery method as RAMPAGE, MAIL,
$ ! REPLY, and/or OPCOM. (NOTE: RAMPAGE
$ ! requires Ergonomic Solutions' RamPage
$ ! paging software).
$ !
$ ! SYSBOOT Checks and reports the system boot time
$ ! upon startup of the watchdog. Useful
$ ! in detecting unexpected reboots.
$ !
$ ! DISKS fill_percentage [device]
$ !
$ ! Checks the fill percentage of mounted
$ ! disk drives. Any which exceed the
$ ! given value are reported. A full or
$ ! partial device name may be provided to
$ ! override the default of checking all
$ ! disks. If a partial device name is
$ ! given, all devices whose device names
$ ! begin with what you entered.
$ !
$ ! NODES node_list [method] Checks all nodes in the given list and
$ ! reports any that aren't reachable. If
$ ! a method is provided, it indicates how
$ ! the node(s) are queried for detection
$ ! using the keywords DECNET (default),
$ ! CLUSTER, or NCP.
$ !
$ ! INTRUSIONS type Checks the intrusion database and
$ ! reports on any new entries. You must
$ ! specify an intrusion type of ALL,
$ ! SUSPECT, or INTRUDER.
$ !
$ ! DEVICE (none) Checks all known devices and reports
$ ! changes in error counts.
$ !
$ ! LICENSE (none) Checks the license database and reports
$ ! any products due to expire.
$ !
$ ! USERNAME username_list Checks all usernames in the given list
$ ! and reports any that are currently on
$ ! the system.
$ !
$ ! PROCESS process_list action Checks all processes in the given list
$ ! for actions REPORT_MISSING or
$ ! REPORT_PRESENT.
$ !
$ ! QUEUE status queue Checks the given queue and reports if
$ ! the status becomes one of MISSING,
$ ! STOPPED, STALLED, RESETTING, CLOSED,
$ ! PAUSED, STARTING, STOPPING, or IDLE.
$ !
$ ! PING address_list Checks all remote TCP/IP addresses in
$ ! the given list and reports any that
$ ! fail to respond.
$ !
$ ! -----------------------------------------------------------------------
Thanks
Supratim
QCOCAL::SANYAL
Edited by tuklu_san on June 23 2016 09:05 |