JARRIX SYSTEMS Pty.Ltd.

Managing Complexity through Simplicity
back

eEMU Action Scripts Examples



Page someone if a message of severity 1 comes up

Scenario:
Here, we test for E_COUNT which is set to 1 only for a new message.
(Next updates of the same message cause E_COUNT to be incremented).
Let us suppose that  /usr/local/bin/page is a wrapper that calls our paging system.
The first parameter to /usr/local/bin/page is E_CLASS.
It is used to find out whom to page (escalation search patterns).

output.sh

if [ $E_SEV -eq 1 -a $E_COUNT eq 1 ];then
        /usr/local/bin/page $E_CLASS "$E_HOST:$E_CLASS:$E_MSG:$E_COMMENT"
fi
 

Failover configuration

Scenario:
eEMU is running on two nodes: box A and box B.  If box A fails, box B takes over. Both boxes are on the same subnet.
There is a TCP alias called "monitor" assigned to the  current primary node, which might be box A
By running "netstat -i" on both nodes, we can detect which one is having the "monitor" alias.
Agents send messages to "monitor" which is an alias with its own IP address.

We would like the primary node to do all the actions and forward every message  (forward.sh script) to the secondary.
If primary fails, we assign the "monitor" TCP alias to the secondary which takes over the server role.
The failover can be automatic or manual.

The input.sh, forward.sh, output.sh and delete.sh script are identical on both nodes.
They use "netstat -i"  to find out if they are being run on the primary or secondary.

The script for the monitor alias assignment might look like this:

monitor.sh

case $1 in
start)
        echo "Starting monitor ..."
        ifconfig tu0 alias monitor netmask 255.255.255.0
        ;;
stop)
        echo "Stoping monitor ..."
        ifconfig tu0 -alias monitor
        ;;
esac
 

input.sh

ALIAS=monitor
STR=`/usr/sbin/netstat -i | grep $ALIAS`

if [ -z "$STR" ];then
        # monitor alias not running on this node
        exit 0
fi

# start forward.sh in the background so that we do not have to wait
/usr/local/emu/2345/scripts/forward.sh &

exit 0
 

forward.sh

#!/usr/bin/ksh

SECPORT=2345
SECPWD=icecream
SECONDARY=boxB

if [ "$E_TYPE" = "normal" -o "$E_TYPE" = "mask" -o "$E_TYPE" = "sleep" -o "$E_TY
PE" = "count" ];then
        /usr/local/bin/emsg1 -u $E_USER -h $E_HOST -n $SECONDARY -p $SECPORT -w $SECPWD -c $E_CLASS -o $E_TYPE -t $E_TTL -s $E_SEV -m "$E_MSG"
        exit 0
fi
# delete and comment  messages are treated separately because of their
# slightly diferrent syntax and less options necessary

if [ "$E_TYPE" = "delete" -o "$E_TYPE" = "comment" ];then
        /usr/local/bin/emsg1 -u $E_USER -h $E_HOST -n $SECONDARY -p $SECPORT -w $SECPWD -o $E_TYPE -m "$E_MSG"
fi
 

output.sh

ALIAS=monitor
STR=`/usr/sbin/netstat -i | grep $ALIAS`

if [ -z "$STR" ];then
        # monitor alias not running on this node
        exit 0
fi

# do something next
 

delete.sh

ALIAS=monitor
STR=`/usr/sbin/netstat -i | grep $ALIAS`

if [ -z "$STR" ];then
        # monitor alias not running on this node
        exit 0
fi

# do something next
 
 

Maintain multiple server filter files  in the out directory

Scenario:
Let's suppose we need to maintain 2 profiles  called  "prd" and "st" for a Unix group.
One (prd) would be for production messages (containing /P/ in their message class)
and the other (st) would be for solution test messages (containing /S/ in their message class)

All messages comming from  NT boxes are filetered out by listing NT hostnames in the file /usr/local/etc/wntnodes.

Script  get_txt_file.sh is in the xeb_profile_scripts.tar bundle  in  the contrib download area on the eEMU home page
 

output.sh

# E_TXT_WRITTEN is set only if the db txt file is updated

if [ $E_TXT_WRITTEN -eq 1 ];then
        /usr/local/emu/bin/get_txt_file.sh 2345 " grep -vf /usr/local/etc/wntnodes | egrep '/P/' " prd
        /usr/local/emu/bin/get_txt_file.sh 2345 " grep -vf /usr/local/etc/wntnodes | egrep '/S/' " st
fi
 
 

delete.sh

# no need to test E_TXT_WRITTEN since a delete is a significant event

/usr/local/emu/bin/get_txt_file.sh 2345 " grep -vf /usr/local/etc/wntnodes | egrep '/P/' " prd
/usr/local/emu/bin/get_txt_file.sh 2345 " grep -vf /usr/local/etc/wntnodes | egrep '/S/' " st
 
 

Buffering of deleted messages for some time in the green area (severity 5)

Scenario:
It may come in handy to keep alarms on the screen some time after they have been fixed.
We can use severity 5 as it displays in green.

Basically, the class of the messages is extended with the /fix string so that messages that are the buffered deletes can be easily identified.
The buffered deletes are submited to eEMU with time-to-live of 20 minutes. Notice that the existing comments are submitted
as well so that the buffered message is complete.
 

delete.sh

MYPWD=icecream
MYPORT=2345

# E_KEY=hostname:objectID
ORIG_HOST=`echo $E_KEY | cut -d: -f1`

STR=`echo $E_CLASS | grep "/fix"`
if [ -z "$STR" -a -n "$E_CLASS" ];then
        /usr/local/bin/emsg1 -u $E_USER -h $ORIG_HOST -n localhost -s 5 -p $MYPO
RT -t 20m -c $E_CLASS/fix -w $MYPWD -m "${E_MSG}"
        /usr/local/bin/emsg1 -n localhost -p $MYPORT -w $MYPWD -o comment -m "$E
_KEY $E_COMMENT"
fi
 
 
 
 
 
 
 


Copyright © 1999-2000 Jarrix Systems Pty. Ltd., Australia. All rights reserved.
Legal Statement