Tivoli/Plus for OmniGuard/EACpublib.boulder.ibm.com/tividd/td/OMN/omni/en_US/PDF/omni.pdf · Preface Tivoli/Plus for OmniGuard/EAC User’s Guide v Chapter 3, “Resource Monitoring”

Tivoli/Plus for OmniGuard/EAC

Version 1.0

October 11, 1996

Tivoli/Plus for OmniGuard/EAC User’s Guide (October 11, 1996)Copyright NoticeCopyright © 1991, 1996 by Tivoli Systems, an IBM Company, including this documentation and allsoftware. All rights reserved. May only be used pursuant to a Tivoli Systems Software License Agreementor Addendum for Tivoli Products to IBM Customer or License Agreement. No part of this publication maybe reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any computerlanguage, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, orotherwise, without prior written permission of Tivoli Systems. This document was prepared by TivoliSystems and was printed in the United States of America. The document is not intended for productionand is furnished as is without warranty of any kind. All warranties on this document are hereby disclaimedincluding the warranties of merchantability and fitness for a particular purpose.

All software has been developed at private expense and is commercially available at published prices.

Restricted Rights NoticeThe Software and its related documentation are provided with "Restricted Rights",unless the Government agrees to other terms. Use, duplication or disclosure by theGovernment is subject to the restrictions set forth in FAR clause 52.227-14 (AlternateIII) or FAR Clause 52.227-19. Unpublished--All Rights Reserved Under the Copy-right Laws of the United States. Manufacturer/Contractor is Tivoli Systems Inc., 9442Capital of Texas Highway, North, Arboretum Plaza One, Suite 500, Austin, Texas78759.

TrademarksThe following product names, denoted by an asterisk (*) at their first occurrence in this publication, aretrademarks of Tivoli Systems or IBM Corporation: AIX, OS/2, RS/6000, TME 10, TME 10 DistributedMonitoring, TME 10 Enterprise Console, TME 10 Framework, TME 10 Software Distribution, TivoliPlus, and Tivoli Management Environment.

Other company, product, and service names mentioned in this document are trademarks or registeredtrademarks of their respective manufacturers. These company, product, and service names might bedenoted by a double asterisk (**) at their first occurrence in this publication.

Tivoli/Plus for OmniGuard/EAC User’s Guide i

Tivoli/Plus for OmniGuard/EACUser’s Guide

Preface................................................................................................................... iii

Who Should Read This Guide...................................................................... iv

Prerequisite and Related Documents............................................................ iv

What This Guide Contains ........................................................................... iv

Typeface Conventions................................................................................... v

Contacting Customer Support ...................................................................... vi

Chapter 1—Getting Started with Tivoli/Plus forOmniGuard/EACInstallation Requirements ...................................................................................1-2

Software Requirements ..............................................................................1-2

Hardware Requirements .............................................................................1-3

Installing from the Desktop ................................................................................1-4

Installing from the Command Line...................................................................1-11

Tivoli/Plus Icons ...............................................................................................1-11

Tivoli/Plus Unique Features .............................................................................1-13

Starting a Tivoli/Plus Module...........................................................................1-13

Launching the OmniGuard/EAC Application ..................................................1-17

Chapter 2—Software Distribution for OmniGuard/EACConfiguring TME 10 Software Distribution File Packages................................2-2

Installing OmniGuard/EAC ................................................................................2-7

OmniGuard/EAC Installation Requirements..............................................2-8

Installing OmniGuard/EAC on All Platforms............................................2-9

Installing OmniGuard/EAC on a Single Platform....................................2-10

ii Version 1.0

Chapter 3—Resource MonitoringUsing Tivoli/Plus for OmniGuard/EAC Monitors ............................................. 3-2

Viewing the Status of Monitored Resources ...................................................... 3-5

Monitored Resources .......................................................................................... 3-6

Host Status ................................................................................................. 3-7

eacsrv Daemon Status ................................................................................ 3-8

eacnis Daemon Status ................................................................................ 3-9

slkd Daemon Status.................................................................................. 3-10

Network Collisions................................................................................... 3-11

OmniGuard/EAC User Profiles Directory: Free Space ........................... 3-12

Chapter 4—Enterprise Event ManagementConfiguration Activity........................................................................................ 4-2

Setting Up the TME 10 Enterprise Console ....................................................... 4-3

Creating a New Rule Base ......................................................................... 4-4

Adding to an Existing Rule Base ............................................................... 4-5

Setting Up the Logfile Adapter for OmniGuard/EAC........................................ 4-6

Events and Rules................................................................................................. 4-7

OmniGuard/EAC Events............................................................................ 4-7

TME 10 Distributed Monitoring Events .................................................. 4-24

Event Correlation.............................................................................................. 4-28

Chapter 5—Tasks and Jobs for OmniGuard/EACTivoli/Plus for OmniGuard/EAC Jobs................................................................ 5-2

Running an OmniGuard/EAC Job and Saving the Output ................................. 5-5

Modifying an OmniGuard/EAC Job................................................................... 5-8

Modifying for All Future Executions of the Job........................................ 5-8

Modifying for a Single Execution of the Job ............................................. 5-9

Replicating OmniGuard/EAC User Profiles..................................................... 5-11

Configuring a File Package for User Profiles .......................................... 5-11

Distributing a User Profiles File Package ................................................ 5-13

Preface

Tivoli/Plus for OmniGuard/EAC User’s Guide iii

PrefaceTheTivoli/Plus for OmniGuard/EAC User’s Guide describes specificfeatures and procedures for using the Tivoli/Plus* forOmniGuard/EAC module. This module was jointly developed byTivoli Systems and Axent Corporation** and provides an integration ofthe OmniGuard/EAC** security application with TME 10* (TivoliManagement Environment* 10). Through this integration, theTivoli/Plus for OmniGuard/EAC module delivers the systemmanagement capabilities of TME 10 for specific use withOmniGuard/EAC. Using Tivoli/Plus for OmniGuard/EAC, theOmniGuard/EAC application can be managed across a multi-platformnetwork.

Tivoli/Plus provides different modules for integrating differentproduction control applications with TME 10. Since all Tivoli/Plusmodules have a common interface, a system administrator canimplement the system management capabilities of TME 10 withvarious production control applications while enjoying the simplicityof a common interface. The addition of TME 10 SoftwareDistribution*, TME 10 Distributed Monitoring*, and the TME 10Enterprise Console* provides additional management capabilities inthe areas of client installation, resource monitoring, and eventcorrelation.

Note: This release of Tivoli/Plus for OmniGuard/EAC marks theintroduction of this product to the TME 10 product line. Asproducts join TME 10, the product names are changing. SeetheTivoli/Plus for OmniGuard/EAC Release Notes for a listof old and new product names.

All references to “Sentry” in this guide refer to TME 10Distributed Monitoring or its components.

Preface

iv Version 1.0

Who Should Read This GuideThis guide is for system administrators who use the Tivoli/Plus forOmniGuard/EAC module to manage the operation of theOmniGuard/EAC security application. Readers of this guide should befamiliar with TME 10, the OmniGuard/EAC application, and conceptssuch as directories, files, and symbolic links. Readers of this guideshould also be familiar with the operating systems running on themachines on which they will be using the Tivoli/Plus module, TME10, and the OmniGuard/EAC application.

Prerequisite and Related DocumentsThe information in theTivoli/Plus for OmniGuard/EAC User’s Guidecomplements information presented in theTME 10 Framework User’sGuideand the Tivoli/Plus User’s Guide. You must be familiar with theTME 10 Framework* and Tivoli/Plus before you can effectively use aspecific Tivoli/Plus module. You should be familiar with thedocumentation for these products before attempting to use theinformation in theTivoli/Plus for OmniGuard/EAC User’s Guide.Additionally, you should be familiar with the documentation for theOmniGuard/EAC application.

What This Guide ContainsTheTivoli/Plus for OmniGuard/EAC User’s Guidecontains thefollowing chapters:

■ Chapter 1, “Getting Started with Tivoli/Plus forOmniGuard/EAC”Contains the installation requirements and procedures forinstalling Tivoli/Plus for OmniGuard/EAC. This chapter alsocontains information about Tivoli/Plus icons, features unique toTivoli/Plus, and launching the OmniGuard/EAC application.

■ Chapter 2, “Software Distribution for OmniGuard/EAC”Describes how to set up the pre-written TME 10 SoftwareDistribution file packages to be used with Tivoli/Plus forOmniGuard/EAC for distributing and installing theOmniGuard/EAC application across a network.

Preface

Tivoli/Plus for OmniGuard/EAC User’s Guide v

■ Chapter 3, “Resource Monitoring”Describes how TME 10 Distributed Monitoring may be usedwith Tivoli/Plus for OmniGuard/EAC to monitorOmniGuard/EAC resources in order to detect and prevent systemproblems.

■ Chapter 4, “Enterprise Event Management”Describes how to set up the TME 10 Enterprise Console to beused with Tivoli/Plus for OmniGuard/EAC to provide eventmanagement. This chapter also contains a list of the events andrules specific to Tivoli/Plus for OmniGuard/EAC.

■ Chapter 5, “Tasks and Jobs for OmniGuard/EAC”Describes how to customize and run OmniGuard/EAC jobs andreports with Tivoli/Plus for OmniGuard/EAC.

Typeface ConventionsThis guide uses several typeface conventions for special terms andactions. These conventions have the following meaning:

Bold Commands, keywords, file names, or otherinformation that you must use literally appear inbold.Names of windows, dialogs, and other controls alsoappear inbold.

Italics Variables and values that you must provide appear initalics.

Bold Italics New terms appear in bold italics the first time they areused.

Monospace Code examples appear in amonospace font.

This guide may include icons in the left margin. These icons providecontext for the discussion in the text or for performing a step within aprocedure. For example, if you start a procedure by double-clicking ona task icon, that icon appears in the left margin next to the first step. Ifthe fourth step of the procedure instructs you to open another icon, thaticon appears in the left margin next to the fourth step.

Preface

vi Version 1.0

Contacting Customer SupportWe are very interested in hearing from you about your experience withthe products in TME 10. We welcome your suggestions forimprovements.

If you encounter difficulties with any TME 10 product, please contactyour customer support representative. To assist you, the TME 10Framework includes thewsupport command. This command promptsyou for problem information, which can be e-mailed to your supportprovider or saved to a text file. You can then print the saved file, andfax the resulting TME Problem Report form to your support provider.

See theTME 10 Framework Reference Manual for additionalinformation about thewsupport command.

If you have comments or suggestions about the TME 10documentation, please send e-mail to [email protected].

Tivoli/Plus for OmniGuard/EAC User’s Guide 1–1

Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

1Getting Started with Tivoli/Plusfor OmniGuard/EAC

The Tivoli/Plus for OmniGuard/EAC module provides an integrationof TME 10 with the OmniGuard/EAC security application. Thisintegration allows centralized distribution and management of theOmniGuard/EAC application across a multi-platform network. Thismodule provides the following features for managing theOmniGuard/EAC application:

■ Icons for launching OmniGuard/EAC

■ Subscription lists for masters and agents

■ File packages for TME 10 Software Distribution

■ Monitors for TME 10 Distributed Monitoring

■ TME 10 Enterprise Console events and rule sets customized forOmniGuard/EAC

■ OmniGuard/EAC-specific tasks and jobs

Note: TME 10 Software Distribution, TME 10 DistributedMonitoring, and TME 10 Enterprise Console applicationsmust be installed and configured before their correspondingTivoli/Plus feature is operational.

1

Installation Requirements

1–2 Version 1.0

Installation RequirementsBefore attempting to install Tivoli/Plus for OmniGuard/EAC on theTME 10 Framework, make certain you review the requirements in thissection.

The following table provides the context and authorization rolerequired to install Tivoli/Plus for OmniGuard/EAC.

The Tivoli/Plus for OmniGuard/EAC module must be installed on theTMR (Tivoli Managed Region) server. In order to have fullfunctionality, the Tivoli/Plus for OmniGuard/EAC module must bealso be installed on the following machines. These machines must beTME 10 managed nodes.

■ The TME 10 Enterprise Console server (if there is one).

■ Any OmniGuard/EAC masters, slaves, managers, and agents.

Software RequirementsThe OmniGuard/EAC security application should be installed beforethe Tivoli/Plus for OmniGuard/EAC module is installed.

Note: For information about current TME 10 Frameworkrequirements, refer to the release notes.

Tivoli/Plus for OmniGuard/EAC has features that use the TME 10Software Distribution, TME 10 Distributed Monitoring, and the TME10 Enterprise Console. If these applications are not installed, then thespecific feature requiring these applications will not work. However,Tivoli/Plus for OmniGuard/EAC installation allows you toincrementally re-install those features if you buy the missing productsat a later date.

Activity Context Required Role

Installing Tivoli/Plus forOmniGuard/EAC

TME 10 install_product

Installation Requirements


Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

Hardware RequirementsThe following table provides the client and server disk spacerequirements for Tivoli/Plus for OmniGuard/EAC. This space is inaddition to the space requirements for the management framework,TME 10, and the OmniGuard/EAC application.

Tivoli/Plus for OmniGuard/EAC is installed on the TMR (TivoliManaged Region) server, the TME 10 Enterprise Console server (ifyou have the TME 10 Enterprise Console), and the OmniGuard/EACnodes. The space requirements are the same for all of these machines.The Tivoli/Plus for OmniGuard/EAC module usesplatform-independent shell and Perl scripts, which is why themodule’s requirements do not differ from platform to platform.

† Not Appreciable

Platforms Libraries Binaries Database Man PagesMessageCatalogs

AIX * 0 MB 500 KB † 0 0 MB 50 KB

Digital UNIX** 0 MB 500 KB † 0 0 MB 50 KB

HP-UX** 0 MB 500 KB † 0 0 MB 50 KB

SGI IRIX** 0 MB 500 KB † 0 0 MB 50 KB

SVR4** 0 MB 500 KB † 0 0 MB 50 KB

Solaris** 0 MB 500 KB † 0 0 MB 50 KB

SunOS** 0 MB 500 KB † 0 0 MB 50 KB

Installing from the Desktop

1–4 Version 1.0

Installing from the DesktopUse the following steps to install Tivoli/Plus for OmniGuard/EACfrom the TME 10 desktop.

Note: The installation dialogs may contain aLicense Key field.Tivoli/Plus modules no longer require a license key forinstallation. Therefore, you can ignore theLicense Key field.

1. Select theInstall -> Install Product... option from theDesktopmenu



Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

to display theInstall Product window.

If the Tivoli/Plus for OmniGuard/EAC module is listed in theSelect Product to Install scrolling list, skip to step 3. If it is notlisted, proceed to step 2.


1–6 Version 1.0

2. Press theSelect Media... button to display theFile Browserwindow.

TheFile Browser window enables you to identify or specify thepath to the installation media.

If you already know the path to the CD-ROM image

a. Enter the full path in thePath Name field.

b. Press theSet Path button to change to the specified directory.

c. Press theSet Media & Close button to save the new mediapath and return to theInstall Product window. The windownow contains a list of products that are available forinstallation.



Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

If you do not know the exact path to the CD-ROM image

a. From theHosts scrolling list, choose the host on which theinstall media is mounted. Choosing a host updates theDirectories scrolling list to show the directories of the hostyou chose.

b. From theDirectories scrolling list, choose the directorycontaining the install media.

c. Press theSet Media & Close button to save the new mediapath and return to theInstall Product window. The windownow contains a list of products that are available forinstallation.

3. Select the Tivoli/Plus for OmniGuard/EAC module from theSelect Product to Installlist.


1–8 Version 1.0

4. To specify the clients on which the module will be installed, usethe left and right arrow keys to move machine names between theClients to Install On scrolling list and theAvailable Clientsscrolling list.

By default, all machines in the current Tivoli Managed Region(TMR) are listed in theClients to Install On scrolling list. Tomove a machine name to theAvailable Clients list, choose oneor more clients from theClients to Install On scrolling list andpress the right arrow button. The chosen clients are moved fromtheClients to Install On scrolling list to theAvailable Clientsscrolling list.

5. Press theInstall & Close button to install the module and closethe Install Product window.

— OR —

Press theInstall button to install the module and keep theInstallProduct window open. You can then install Tivoli/Plus forOmniGuard/EAC on another set of clients or you can installanother product.



Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

The installation process prompts you with aProduct Installwindow similar to the following example:

This window provides the list of operations that take place wheninstalling the software. This window also warns you of anyproblems that you may want to correct before you install theTivoli/Plus for OmniGuard/EAC module.

6. Press theContinue Install button to begin the installationprocess.

—OR—

Press theCancelbutton to abort the installation process.


1–10 Version 1.0

When the installation is complete, theProduct Install windowdisplays a completion message similar to the following example:

7. Press theClosebutton when theProduct Install status dialogindicates that the installation is complete.

Completionmessage

Installing from the Command Line


Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

Installing from the Command LineUse thewinstall command to install the Tivoli/Plus forOmniGuard/EAC module. The following example is the syntax for thewinstall command and its parameter.

Note: Thewinstall command has a-l license key option forspecifying a product’s license key. Tivoli/Plus modules nolonger require a license key for installation. Therefore, you donot need to use the-l license key option when installing aTivoli/Plus module with thewinstall command.

winstall -c cdrom_path -s installation_server \-i index_file

where:

-c cdrom_path Specifies the path to the CD-ROM image.

-s installation_serverSpecifies the server on which the product is to beinstalled.

-i index_file Specifies the index file from which the product is to beinstalled (OMNIEAC.IND ).

See thewinstall command in theTME 10 Framework ReferenceManual for more information.

Tivoli/Plus IconsAlthough the Tivoli/Plus icons look like (traditional) TME 10 icons,their functionality has been altered slightly to provide a faster, moreintuitive approach to navigating and deploying the module’s features.In some cases, like a TME 10 Software Distribution file package,menu items have been removed from the icon’s pop-up menu to createa more “point and click” environment.

Tivoli/Plus Icons

1–12 Version 1.0

The Tivoli/Plus icons can be activated in either of two ways:

■ Opening or executing the icon by double-clicking on it with theleft mouse button. In many cases, double-clicking executes anactivity (such as a task) without opening another dialog layer.

■ Displaying the icon’s pull-down menu by pressing and holdingthe right mouse button.

Generally, either method may be used to access a particular function.There are cases, however, where a particular function can only beaccessed by one of these methods.

The following icon represents the Tivoli/Plus for OmniGuard/EACresources:

To prevent confusion between traditional TME 10 and Tivoli/Plus forOmniGuard/EAC functionality, each Tivoli/Plus icon has beenoverlaid with the Tivoli/Plus symbol to highlight its specialfunctionality as shown in the following example:

Tivoli/Plus Unique Features


Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

Tivoli/Plus Unique FeaturesTivoli/Plus modules use the termprofile manager in a somewhatdifferent way than do the other TME 10 products. In a Tivoli/Plusmodule, a profile manager’s primary function is as asubscription list.A subscription list identifies the machines that tasks and jobs run onwhen executed. Subscription lists can contain machine names or otherprofile managers. Adding a profile manager to a subscription list issimply a way of subscribing several machines at a time rather thanadding each one individually.

TheTivoli/Plus User’s Guide describes the function of profilemanagers in the Tivoli/Plus modules in more detail. For moreinformation, see the section on subscribers and targets in theTivoli/Plus User’s Guide.

Starting a Tivoli/Plus ModuleAll Tivoli/Plus modules are kept in a collection under theTivoliPlusicon on the TME 10 desktop. The module’s icon is added to thiscollection after installation. The following icon represents theTivoli/Plus collection:

Starting a Tivoli/Plus Module

1–14 Version 1.0

Use the following steps to see the modules included in your Tivoli/Pluscollection:

1. From the main TME 10 desktop, double-click on theTivoliPlusicon or select theOpen... option from theTivoliPlus icon’spop-up menu

to display theTivoliPlus window.



Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

TheTivoliPlus window displays an icon for each Tivoli/Plusmodule installed. In the case below, two modules have beeninstalled.


1–16 Version 1.0

2. Double-click on theTivoli/Plus for OmniGuard/EAC icon orselect theOpen... option from theTivoli/Plus forOmniGuard/EAC icon’s pop-up menu to display the iconsrepresenting the tasks and other tools for managing theOmniGuard/EAC security application.

Launching the OmniGuard/EAC Application


Getting S

tarted with T

ivoli/Plus

for Om

niGuard/E

AC

Launching the OmniGuard/EAC ApplicationWhen Tivoli/Plus for OmniGuard/EAC is installed on anOmniGuard/EAC manager, the installation process creates an icon forlaunching the OmniGuard/EAC application from within TME 10. Thisicon allows you to carry out the application launch process normallyassociated with the eac command at the command line.

The icons for launching the OmniGuard/EAC application are locatedin theTivoli/Plus for OmniGuard/EAC window. EachOmniGuard/EAC administrator node has its own OmniGuard/EACicon for launching the OmniGuard/EAC application from that site. Forexample, for a server named “boston” the following icon appears:

The OmniGuard/EAC application has one logical entry point: theOmniGuard/EAC administrator. This logical entry point ispre-configured and appears on the pop-up menu for eachOmniGuard/EAC icon.

Launching the OmniGuard/EAC Application

1–18 Version 1.0

Launch the OmniGuard/EAC application by selecting theStartOmniGuard/EAC Administrator option from the icon’s pop-upmenu, which displays theOmniGuard/Enterprise Access Controlwindow.


Softw

are Distributrion for

Om

niGuard/E

AC

2Software Distribution forOmniGuard/EAC

Tivoli/Plus for OmniGuard/EAC includes a hierarchical, pre-writtenTME 10 Software Distribution file package for distributing andinstalling the OmniGuard/EAC application on agents and managers.Much of the configuration activity normally associated with a TME 10Software Distribution file package has been done for you. UsingTivoli/Plus for OmniGuard/EAC and TME 10 Software Distribution,you can distribute the OmniGuard/EAC application across amulti-platform network.

Installing OmniGuard/EAC software is a two-stage process. First, youset up the OmniGuard/EAC installation by configuring a TME 10Software Distribution file package for each type of platform on whichyou are installing OmniGuard/EAC. For example, if you are installingOmniGuard/EAC on both a Solaris and an HP-UX platform, you needto configure a TME 10 Software Distribution file package twice, oncefor each platform.

Second, you distribute the configured file packages by running theDistribute / Install OmniGuard/EAC task. This task installsOmniGuard/EAC on the selected subscribers for each platform forwhich you have configured a TME 10 Software Distribution filepackage. You can distribute OmniGuard/EAC to all configuredplatforms or choose to distribute to only a single platform.

2

Configuring TME 10 Software Distribution File Packages

2–2 Version 1.0

Tivoli/Plus for OmniGuard/EAC also provides a task that uses TME10 Software Distribution to replicate user profiles. For moreinformation, see “Replicating OmniGuard/EAC User Profiles” onpage 5-11.

Configuring TME 10 Software Distribution FilePackages

When configuring a TME 10 Software Distribution file package to beused with Tivoli/Plus for OmniGuard/EAC, you need to establish thelocation of the OmniGuard/EAC software so that TME 10 SoftwareDistribution can locate the installation binaries and files wheninstalling OmniGuard/EAC.

Tivoli/Plus for OmniGuard/EAC comes with aSetupOmniGuard/EAC Installation icon, which configures a TME 10Software Distribution file package for installing the OmniGuard/EACapplication. Once configured, the TME 10 Software Distribution filepackages are installed with theDistribute / Install OmniGuard/EACicon. (See page 2-7.)

Use the following steps to configure a TME 10 Software Distributionfile package. You need to complete a setup window for each platformon which you wish to install a particular OmniGuard/EAC application.



Softw

are Distriburtion for

Om

niGuard/E

AC

1. Select theRun job... option from theSetup OmniGuard/EACInstallation icon’s pop-up menu to display theSetupOmniGuard/EAC Installation window. This window allowsyou to configure the installation parameters.


2–4 Version 1.0

2. Select the type of operating system on which you will runOmniGuard/EAC from theTarget Installation Architecturepop-up menu. If the operating system is not on the list, select theDon’t check entry from the pop-up menu.

The architecture type is used during distribution as a validitycheck of the target nodes. For example, if a file package isconfigured for thehpux9 platform and an attempt is made todistribute the software to asunos4 target host, this architecturecheck prevents the mismatched installation from occurring. Thedistribution then continues on the remaining valid hosts.

Note: If theDon’t check entry is selected from theTargetInstallation Architecture pop-up menu, then thearchitecture validity check is not performed. As a result,you must manually verify the target subscription listbefore distributing the file package to preventdistributing the incorrect software images for the targethosts. (See page 2-9 for information on manuallyverifying the subscription list.)

3. (Optional) Use theFilepack Name Extension field to specify aunique, meaningful name for the file package icon and log file.



Softw


Om

niGuard/E

AC

4. In theSource Information block, identify the location of theOmniGuard/EAC source binaries as follows:

a. Enter the name of the TMR server or the managed nodewhere the OmniGuard/EAC source binaries are located in theManaged Node Name field.

b. In theProduct Files Directory field, enter the directory pathto the OmniGuard/EAC source installation binaries.

5. In theInstallation Options block, select the product type byclicking on either theManager or Agent button. Refer to theOmniGuard/EAC documentation for a description of theseproduct types, as well as the other OmniGuard/EAC installationoptions.


2–6 Version 1.0

6. If you selectManager as the product type, additional fields aredisplayed in theInstall Options block. Enter theOmniGuard/EAC product license information in theLicenseKey/Checksum andLicense Number of Agents fields.

Note: This license information must be obtained from AxentCorporation or your OmniGuard/EAC vendor.

7. Enter the target installation directory in theInstallationDirectory field, or leave it blank to let the OmniGuard/EACeacsetup utility select a directory automatically. For moreinformation, refer to the OmniGuard/EAC documentation.

8. In most cases, theProfile Update Daemon Port and thePassword Update Daemon Port fields can be left blank in orderfor the OmniGuard/EACeacsetup utility to select theappropriate service port numbers automatically. For moreinformation, refer to the OmniGuard/EAC documentation.

9. Enter the host name configured as the OmniGuard/EAC masterserver in theMaster system name field.

10. Enter the updating manager server host name in theManagersystem name field, or leave the defaultall specification to referto all manager servers.

11. Select theMake each target a slave toggle button if each targetnode should be configured as a slave server.

12. Specify the desiredEAC Program Installation Method byselecting either theCopy directly or theCreate symlinksbutton.

13. Press theSet And Executebutton to set all of the informationyou have entered.

Installing OmniGuard/EAC


Softw


Om

niGuard/E

AC

Installing OmniGuard/EACAfter you have configured a TME 10 Software Distribution filepackage for each platform on which you wish to installOmniGuard/EAC, you are ready to install OmniGuard/EAC on theseplatforms. You can distribute to all platforms for which you haveconfigured a TME 10 Software Distribution file package or to a singleplatform. Tivoli/Plus for OmniGuard/EAC performs pre-installationchecks, such as verifying available disk space and memory. Output foreach platform is sent to the source machine in the following files:

/tmp/omnieac_install_log. platform_name[.pack_name]

whereplatform_name refers to the operating system on whichOmniGuard/EAC was installed (it may be non-existent if no targetarchitecture was specified in the file package configuration) andpack_name refers to the optionally configured file package nameextension. Consult this file on the source machine after distributing afile package to see the results of the OmniGuard/EAC installation oneach target node.

Use theDistribute / Install OmniGuard/EAC icon to installOmniGuard/EAC. If you wish to view the TME 10 SoftwareDistribution file packages that you have created, select theOpen...option from the icon’s pop-up menu.


2–8 Version 1.0

OmniGuard/EAC Installation RequirementsTivoli/Plus for OmniGuard/EAC checks and enforces a number ofOmniGuard/EAC requirements before completing the installation.Consult the OmniGuard/EAC installation documentation for completedetails. The following requirements are checked during the installationprocess:

■ Sufficient Disk Space

For OmniGuard/EAC product installations, the file systemcontaining the/omniguard directory must have the followingdisk space available:

• Manager 15 MB

• Agent 10 MB

The /tmp directory must also have 10 MB of temporary diskspace available.

■ Supported System Architecture

File packages designated for a specified architecture are notinstalled on subscribed target nodes with a different architectureif you specify a platform in step 2 on page 2-4. This allows for asimpler subscription process because the file packages for eachplatform do not need a separate list of subscribers.

Note: There is no verification of the actual OmniGuard/EACsoftware. For example, if a Solaris file package is createdwith a path to the HP-UX OmniGuard/EAC software, anincorrect version of the OmniGuard/EAC software willbe installed on all Solaris targets.

If any of the pre-installation checks fail during file packagedistribution, an error message is added to the OmniGuard/EACinstallation log on the source host indicating on which target host theinstallation failed and the reason for the failure. By default, aninstallation failure on one target host does not prevent the file packagefrom being distributed and installed on the other hosts in the targetsubscription list.



Softw


Om

niGuard/E

AC

Installing OmniGuard/EAC on All PlatformsUse the following steps to install OmniGuard/EAC on all platforms forwhich you have configured a TME 10 Software Distribution filepackage.

Note: If you selectedDon’t Check in step 2 on page 2-4, then it isimportant to manually verify the target subscription list foreach file package to prevent distributing the software to anincorrect platform. This manual verification is described insteps 1 through 3 on page 2-10 and page 2-11. When you havecompleted these verification steps for each file package, closetheDistribute / Install OmniGuard/EAC window andcontinue with step 3 on page 2-10 of the following procedure.

1. Select theSubscribers... option from theDistribute / InstallOmniGuard/EAC icon’s pop-up menu.


2–10 Version 1.0

2. Specify the subscription lists to which you want to installOmniGuard/EAC by using the left and right arrow buttons tomove the desired lists into theCurrent Subscribers field. Whenfinished, press theSet Subscriptions & Close button.

3. Select theDistribute... option from theDistribute / InstallOmniGuard/EAC icon’s pop-up menu. Selecting this optioninstalls OmniGuard/EAC onto the machines listed on thesubscription lists that you chose.

Installing OmniGuard/EAC on a Single PlatformIf you want to install OmniGuard/EAC on only one type of platform,you can distribute only the TME 10 Software Distribution file packagethat applies to that platform.

Use the following steps to install OmniGuard/EAC on a singleplatform.

1. Select theOpen... option from theDistribute / InstallOmniGuard/EAC icon’s pop-up menu.



Softw


Om

niGuard/E

AC

2. In theDistribute / Install OmniGuard/EAC window, select theSubscribers... option from the file package icon’s pop-up menu.

3. In theSubscribers window, specify the subscription lists towhich you want to install OmniGuard/EAC on a single platformby using the left and right arrow buttons to move the desired listsinto theCurrent Subscribers field. When finished, press theSetSubscriptions & Close button.

4. Select theDistribute... option from the file package icon’spop-up menu. Selecting this option installs OmniGuard/EAConto the machines listed on the subscription lists that you chose.


2–12 Version 1.0


Resource M

onitoring

3Resource Monitoring

Tivoli/Plus for OmniGuard/EAC provides the ability to monitorcritical resources with TME 10 Distributed Monitoring. The monitorsfor TME 10 Distributed Monitoring are predefined to enable you tomanage different aspects of the operating system, such as processes,directory free space, network collisions, or the OmniGuard/EAChosts, that are crucial to the continued availability of theOmniGuard/EAC application. These monitors allow you to quicklyidentify and respond to potential problems so that system downtime isavoided.

3

Using Tivoli/Plus for OmniGuard/EAC Monitors

3–2 Version 1.0

Using Tivoli/Plus for OmniGuard/EAC MonitorsTivoli/Plus for OmniGuard/EAC comes with three types of monitors:Masters, Agents, andNode Connectivity.

Function Icon

These monitors check the status of theOmniGuard/EAC agent-related parameters suchas daemon status and the number of networkcollisions.

These monitors check the status of theOmniGuard/EAC master-related parameters,such as the available disk space whereOmniGuard/EAC stores the user profiles.

These monitors check the status of the hosts onwhich the OmniGuard/EAC agents are running.These monitors run on the Tivoli ManagedRegion (TMR) server.



Resource M

onitoring

Before the Tivoli/Plus for OmniGuard/EAC monitors are operational,they must be distributed to their subscription lists. To distribute amonitor, simply select theDistribute... option from the monitor’spop-up menu and then click on theDistribute Now button.

You do not need to distribute the OmniGuard/EAC NodeConnectivity Monitors . These monitors run on all the hosts in theTivoli Managed Region. Every time you install Tivoli/Plus forOmniGuard/EAC on a new machine, the new host receives a nodeconnectivity monitor. These monitors check to see if the host is up ordown.


3–4 Version 1.0

The other monitors are distributed to the default subscription list. TheOmniGuard/EAC Masters Monitors are distributed to theOmniGuard/EAC Master List . TheOmniGuard/EAC AgentsMonitors are distributed to the OmniGuard/EAC Agent List .

To modify the default subscription list of a particular monitor, selecttheSubscribers... option from the monitor’s pop-up menu.

Although the Tivoli/Plus for OmniGuard/EAC server monitors comealready defined to monitor resources specific to OmniGuard/EAC, youcan add monitors from the TME 10 Distributed Monitoring collectionor delete monitors as you wish. You can also edit existing monitors toperform different actions under different conditions.

Selecting the options on an OmniGuard/EAC monitor’s pop-up menudisplays the usual TME 10 Distributed Monitoring windows. Refer tothe TME 10 Distributed Monitoring documentation for more detailedinformation on using these windows.

Displays the functions for adding, deleting,and editing monitors.

Displays the function for distributing mon-itors to those managed nodes (machines)and profiles included on the monitor’s sub-scription list.

Displays the subscription list that specifiesto which machines the monitor is distribut-ed. You can modify this list.

Viewing the Status of Monitored Resources


Resource M

onitoring

Viewing the Status of Monitored ResourcesUse theOmniGuard/EAC Sentry Indicators icon to view the statusof the monitored resources.

The thermometer on theOmniGuard/EAC Sentry Indicators iconrises as the status of a monitored resource becomes more urgent.

Open theOmniGuard/EAC Agents Monitors icon, theOmniGuard/EAC Masters Monitors icon, or the OmniGuard/EACNode Connectivity Monitors icon to view the status of theOmniGuard/EAC resources. For each monitored resource, the monitoronly reports the most urgent status received within a recent time frame.The monitor reports are organized so that the most urgent status levelappears at the top of the report.

For more information on viewing the status of a monitored resource,refer to the TME 10 Distributed Monitoring documentation.

Monitored Resources

3–6 Version 1.0

Monitored ResourcesThe following table indicates the network resources that Tivoli/Plusfor OmniGuard/EAC monitors.

Monitored ResourceDescribedon Page

Monitor Icon

Host status page 3-7

eacsrvdaemon page 3-8

eacnisdaemon page 3-9

slkd daemon page 3-10

Network collisions page 3-11

OmniGuard/EAC userprofiles directory: freespace

page 3-12

Monitored Resources


Resource M

onitoring

Host StatusThe host status monitor checks whether the status of a host is up ordown. This monitor checks the status of any host or other resource onthe network that can respond to aping request. This monitor checksspecifically to see whether the targeted hosts are up or down.

This monitor checks the host status every 15 minutes.

The following table lists the pre-configured actions for this monitor:

Monitors that are defined with this monitoring source use statusoperators to evaluate data. To display a list of the available operators,refer to the TME 10 Distributed Monitoring documentation.

For information on viewing a monitor’s status report, see “Viewing theStatus of Monitored Resources” on page 3-5.

Severity Level

Trigger When Default ActionsDistributedMonitoring

Enterprise Console

Critical Critical Becomes unavailable. Send event to the TME 10Enterprise Console.Change icon.

Severe N/A N/A None

Warning N/A N/A None

Reset Harmless Becomes available. Send event to the TME 10Enterprise Console.

Normal N/A N/A None

Always N/A N/A None

Monitored Resources

3–8 Version 1.0

eacsrv Daemon StatusTheeacsrv daemon status monitor checks whether theeacsrvdaemonis up and running.

This monitor runs every minute.



Severity Level


Enterprise Console

Critical Fatal Becomes unavailable. Send event to the TME 10Enterprise Console.Change icon.

Severe N/A N/A None



Normal N/A N/A None

Always N/A N/A None

Monitored Resources


Resource M

onitoring

eacnis Daemon StatusTheeacnis daemon status monitor checks whether theeacnisdaemonis up and running.




Severity Level


Enterprise Console


Severe N/A N/A None



Normal N/A N/A None

Always N/A N/A None

Monitored Resources

3–10 Version 1.0

slkd Daemon StatusTheslkd daemon status monitor checks whether theslkd daemon is upand running.




Severity Level


Enterprise Console


Severe N/A N/A None



Normal N/A N/A None

Always N/A N/A None

Monitored Resources


Resource M

onitoring

Network CollisionsThe network collisions monitor checks the number of networkcollisions per packet on a machine.

This monitor runs every 15 minutes.



Severity Level


Enterprise Console

Critical Critical More than 25%. Send event to the TME 10Enterprise Console.Change icon.

Severe Minor More than 10%. Send event to the TME 10Enterprise Console.Change icon.

Warning Warning More than 5%. Send event to the TME 10Enterprise Console.Change icon.

Reset Harmless Less than 5%. Send event to the TME 10Enterprise Console.

Normal N/A N/A N/A

Always N/A N/A N/A

Monitored Resources

3–12 Version 1.0

OmniGuard/EAC User Profiles Directory: Free SpaceThe OmniGuard/EAC user profiles directory: free space monitorchecks the amount of free disk space in the OmniGuard/EAC userprofiles directory (/omniguard/eac/shar/upfdir/).

This monitor runs every 15 minutes.



Severity Level


Enterprise Console

Critical Critical Less than 5 MB. Send event to the TME 10Enterprise Console.Change icon.

Severe Minor Less than 10 MB. Send event to the TME 10Enterprise Console.Change icon.

Warning Warning Less than 15 MB. Send event to the TME 10Enterprise Console.Change icon.

Reset Harmless More than 15 MB. Send event to the TME 10Enterprise Console.

Normal N/A N/A N/A

Always N/A N/A N/A


Enterprise E

ventM

anagement

4Enterprise Event Management

With the TME 10 Enterprise Console, Tivoli/Plus forOmniGuard/EAC provides a set of filters for identifying events and aset of predefined correlation rules to automate the task of respondingto specific events. An event is any significant change in the state ofsystem resources or an application. In the case of Tivoli/Plus forOmniGuard/EAC, an event is a change in a monitored resource thataffects OmniGuard/EAC or the system on which OmniGuard/EAC isrunning. Examples of events are the starting and stopping of a process,a failed user login, or a host becoming unavailable. Event managementprovides a predefined or automated response to specific events, so thatpotential problems are identified and responded to before causingsystem downtime. For example, the TME 10 Enterprise Console cannotify the system administrator of repeated process failures that mayindicate a more severe problem with an application or the network. Forsome events, there is no automated response except for a message tobe displayed in the TME 10 Enterprise Console.

4

Configuration Activity

4–2 Version 1.0

Configuration ActivityThe following describes the configuration activity that occurs whensetting up the TME 10 Enterprise Console to be used with Tivoli/Plusfor OmniGuard/EAC. This activity takes place on the TME 10Enterprise Console and OmniGuard/EAC agents. Tivoli/Plus forOmniGuard/EAC performs most of the setup activity automatically.

■ TME 10 Enterprise Console Server

Using theSetup EventServer for OmniGuard/EAC icon, theTME 10 Enterprise Console is set up to

• Recognize and accept OmniGuard/EAC events.

• Respond to OmniGuard/EAC events according to thepredefined rules.

• Notify the system administrator of the events received andthe action taken.

■ OmniGuard/EAC Agents

Using theConfigure OmniGuard/EAC LogFile Adapter iconaccomplishes the following configuration activity on theOmniGuard/EAC agent nodes

• OmniGuard/EAC is configured to send events to the TME 10Enterprise Console.

• The logfile adapter is configured to recognize and forwardOmniGuard/EAC events to the TME 10 Enterprise Console.

Setting Up the TME 10 Enterprise Console


Enterprise E

ventM

anagement

Setting Up the TME 10 Enterprise ConsoleUse the procedures in this section to set up the TME 10 EnterpriseConsole to receive Tivoli/Plus for OmniGuard/EAC events.

To set up the TME 10 Enterprise Console, select theRun job... optionof theSetup EventServer for OmniGuard/EAC icon’s pop-up menu.This action displays theSetup EventServer for OmniGuard/EACwindow.

Once you have displayed theSetup EventServer forOmniGuard/EAC window, there are two options for setting up theTME 10 Enterprise Console: creating a new rule base or adding theTivoli/Plus for OmniGuard/EAC specific rules to an existing rulebase.


4–4 Version 1.0

Creating a New Rule BaseUse the following steps to set up the TME 10 Enterprise Console bycreating a new rule base.

1. Select theCreate New Rule Basebutton. This action displaysadditional fields.

2. Enter the name of the rule base you want to create in theNewRule Base name field.

Note: It is not advisable to modify the Default rule base, so donot enterDefault in the New Rule Base namefield.

3. New rule bases are created by copying (cloning) and modifyingan existing rule. Enter the name of the rule base to be copied intheRule Base to clonefield.

4. Specify the path name to the directory on the TME 10 EnterpriseConsole server in which you want to create the new rule base inthePath for new Rule Basefield.

Note: The current user for the TME 10 administrator must havewrite access to the directory that you specify in this field.

5. (Optional) Use theName of Event Console to configurefield todisplay OmniGuard/EAC related events on a particular system



Enterprise E

ventM

anagement

administrator’s event console. To make this assignment, enter thename that appears under the desired system administrator’s eventconsole icon.

6. Press theSet And Executebutton when finished.

Adding to an Existing Rule BaseUse the following steps to set up the TME 10 Enterprise Console byadding the Tivoli/Plus for OmniGuard/EAC specific rules to anexisting rule base.

1. Select theAdd To Existing Rule Base button. This actiondisplays theExisting Rule Base name field.

2. Specify the name of an existing rule base that you want to modifyto contain the OmniGuard/EAC event classes and rules in theExisting Rule Base name field.

3. (Optional) Use theName of Event Console to configurefield todisplay OmniGuard/EAC related events on a particular systemadministrator’s event console. To make this assignment, enter thename that appears under the desired system administrator’s eventconsole icon.

4. Press theSet And Executebutton when finished.

Setting Up the Logfile Adapter for OmniGuard/EAC

4–6 Version 1.0

Setting Up the Logfile Adapter forOmniGuard/EAC

OmniGuard/EAC sends events to an audit file. The TME 10 EnterpriseConsole logfile adapter for OmniGuard/EAC reads the events in theaudit file and forwards them to the TME 10 Enterprise Console in aform readable by the TME 10 Enterprise Console.

To set up the TME 10 Enterprise Console logfile adapter forOmniGuard/EAC, simply select theRun job... option from theConfigure OmniGuard/EAC LogFile Adapter icon’s pop-up menuor double-click on the icon.

Events and Rules


Enterprise E

ventM

anagement

Events and RulesTivoli/Plus for OmniGuard/EAC configures the TME 10 EnterpriseConsole to receive events from the OmniGuard/EAC audit file andTME 10 Distributed Monitoring. The TME 10 Enterprise Consoleclassifies the events and then matches them against the rule base to seeif the event has an OmniGuard/EAC predefined rule (automatedresponse).

The following tables describe the Tivoli/Plus for OmniGuard/EACevents and rules. The tables include the message that the TME 10Enterprise Console sends to the system administrator for each event.The percent signs (%s) in the messages indicate a variable. Thedefinition for each variable follows the message.

OmniGuard/EAC EventsThe following table contains the OmniGuard/EAC events sent to theTME 10 Enterprise Console.

OmniGuard/EAC Events

EAC Server

“EAC Server %s %s started on %s”,adminname,version,hostname

Event Class: EAC_svr_started

Event Severity: HARMLESS

“EAC server has been reinitialized: %s”,hostname

Event Class: EAC_svr_reinit

Event Severity: MINOR

“EAC server has been terminated: %s”,hostname

Event Class: EAC_svr_terminated

Event Severity: FATAL

Events and Rules

4–8 Version 1.0

EAC Expiration

“OmniGuard EAC will expire today: %s”,hostname

Event Class: EAC_expires_today


“OmniGuard EAC will expire in %s days”,days

Event Class: EAC_will_expire

Event Severity: CRITICAL

Syslog

“Syslog (%s) enabled: %s”,adminname,hostname

Event Class: EAC_syslog_on


“Syslog disabled: %s@%s”,adminname,hostname

Event Class: EAC_syslog_off

Event Severity: WARNING

“Error opening eac.syslog. errno= %s”,errno

Event Class: EAC_syslog_err


Checksum

“Checksum error, %s.upf may have been tampered”,username

Event Class: EAC_chksum_error



Events and Rules


Enterprise E

ventM

anagement

Account

“Deleted account: %s”,username

Event Class: EAC_account_deleted


“Deactivating, expired account: %s”,username

Event Class: EAC_deact_acct_expired


“Inactive account: %s”,username

Event Class: EAC_account_inactive


Eactl

“Eactl used by %s”,username

Event Class: EAC_eactl


Group/User Tree

“Cannot initialize Group/User Tree, Group Display file absent:%s”,hostname

Event Class: EAC_display_absent


“Cannot initialize Local Group/User Tree, Master not available:%s”,hostname

Event Class: EAC_master_unavail



Events and Rules

4–10 Version 1.0

Host Status

“Error: failed to add host to check list: %s”,addhost

Event Class: EAC_add_host_failed


Port Range

“EACSRV: inconsistent port range prefixes %s and%s”,fromport,toport

Event Class: EAC_inconsist_ports


“Could not parse excluded port range %s”,port

Event Class: EAC_parse_port_failed


Socket

“Socket error: %s”,error

Event Class: EAC_socket_err


“Socket accept failed retry: %s, %s”,retry_count,error

Event Class: EAC_socket_connect_failed


Group Lock

“Failed to remove Group Lock, Group = %s”,group

Event Class: EAC_failed_group_lck



Events and Rules


Enterprise E

ventM

anagement

Path

“EAC_MKDIRPATH: requested path %s not absolute. Exit”,path

Event Class: EAC_path_not_abs


“Home path is relative and default user has no home directory”

Event Class: EAC_rel_home_path


Malloc

“userpids malloc failed, errno=%s”,error

Event Class: EAC_usrpids_malloc_failed


“Error: tmpinfo malloc failed, errno=%s”,errno

Event Class: EAC_tmpinfo_malloc


“Error: show users in group malloc failed: errno = %s”,errno

Event Class: EAC_show_users_grp_malloc


“Error: show users in passwd malloc failed: errno = %s”,errno

Event Class: EAC_show_users_passwd_malloc


“Cannot create default root profile - malloc errno = %s”,errno

Event Class: EAC_root_prof_malloc



Events and Rules

4–12 Version 1.0

Spawning Process

“Problem spawning process %s, errno=%s”,process,errno

Event Class: EAC_spawn_failed


User Profile Directory

“EAC User profile directory not found: %s”,hostname

Event Class: EAC_upf_dir_notfound


Home Directory

“User home directory is a system file and may not be deleted”

Event Class: EAC_home_not_deleted


“Warning: unable to delete user home directory %s. Must beempty”,path

Event Class: EAC_rm_homedir_failed


Directory

“No local directory exists for profiles, dir=%s”,dirname

Event Class: EAC_no_directory


“Cannot open default directory %s for lock file checks”,dirname

Event Class: EAC_lock_open_failed



Events and Rules


Enterprise E

ventM

anagement

“Cannot open default directory %s for action file checks”,dirname

Event Class: EAC_lock_action_open_failed


“Cannot create locks directory - mkdir errno = %s”,errno

Event Class: EAC_locks_dir_mkdir


“Cannot create local locks directory - mkdir errno = %s”,errno

Event Class: EAC_local_locks_dir_mkdir


“Cannot create actions directory - mkdir errno = %s”,errno

Event Class: EAC_actions_dir_mkdir


System Status File

“Error when opening system status file, errno=%s”,errno

Event Class: EAC_sys_stat_err


Lock File

“EAC_FLOCK: could not create lockfile %s”,lockfile

Event Class: EAC_cant_create_lockfile



Events and Rules

4–14 Version 1.0

File

“EAC System Error, could not open %s for reading”,filename

Event Class: EAC_cant_open


“Cannot open file %s for reading”,licensefilename

Event Class: EAC_fopen_failed


“Cannot open file %s for writing”,tmplicensefilename

Event Class: EAC_fwrite_failed


“Cannot create display file %s - fopen errno %s”,ldispfile,errno

Event Class: EAC_cant_create_display_file


“Could not open file %s for reading, errno=%s”,agentfile,errno

Event Class: EAC_cant_open_file


“Failed to write action file, act:%s, typ:%s,ptyp:%s”,action,type,proftype

Event Class: EAC_write_action_failed


“Header error for file: %s”,actionfile

Event Class: EAC_header_error



Events and Rules


Enterprise E

ventM

anagement

Password

“Password has been changed for user %s”,username

Event Class: EAC_passwd_changed


“Password added: %s added %s (%s) account,%s”,adminname,addeduser,username,proftype

Event Class: EAC_passwd_added


“Password modified: %s changed %s (%s) account%s”,adminname,moduser,username,proftype

Event Class: EAC_passwd_mod


“Password deleted: %s deleted %s (%s) account,%s”,adminname,deluser,username,proftype

Event Class: EAC_passwd_del


“Inactivating, password too old: %s”,username

Event Class: EAC_passwd_expired


“HP-UX secure password option detected: %s”,hostname

Event Class: EAC_hpux_passwd



Events and Rules

4–16 Version 1.0

“Error adding PW entry for %s due to open temp passwd filefailure”,username

Event Class: EAC_pw_entry_err


“Error: deletion of %s from passwd file due to open temp. passwd filefailure”,username

Event Class: EAC_pw_del_failed


Logins

“System logins enabled, max:%s, local:%s,net:%s”,loginmax,loginlocal,loginnet

Event Class: EAC_sys_logins_enabled


“Group %s logins enabled”,group

Event Class: EAC_group_logins_enabled


“Group %s logins disabled”,group

Event Class: EAC_group_logins_disabled


“Attempted login to system console: %s”,username

Event Class: EAC_console_login



Events and Rules


Enterprise E

ventM

anagement

“Attempted login to modem line. tty: %s user:%s”,ttyname,username

Event Class: EAC_modem_login


“Attempted login over network: %s”,username

Event Class: EAC_network_login


“User %s attempted login to terminal.”,username

Event Class: EAC_login_terminal


“privileged login: %s (uid: %s) from: %s”,username,uid,fromtty

Event Class: EAC_privileged_login


“Invalid login to %s from %s”,touser,ttyname

Event Class: EAC_login_invalid


“Login outside time window: %s”,username

Event Class: EAC_login_out_of_band


“Privileged login: %s (uid: %s) %s”,username,uid,method

Event Class: EAC_login_priv



Events and Rules

4–18 Version 1.0

“Login window termination: %s”,username

Event Class: EAC_login_termination


“Could not send reply to login request: %s from: %s:errno=%s”,username,fromhost,errno

Event Class: EAC_cant_reply_login_req


“Could not send failed status to login request: %s from: %s:errno=%s”,username,ttyname,errno

Event Class: EAC_cant_send_failed_status


“Inactivating user %s. Too many failed attempts”,username

Event Class: EAC_too_many_failed_logins


User

“Inactivating user: %s. Unused for too long”,username

Event Class: EAC_user_unused


“Failed to change user %s password, err = %s”,username,err

Event Class: EAC_change_user_failed


“Could not send kill pid %s for user %s, on %s: May be gonealready”,pid,username,onhost

Event Class: EAC_kill_failed



Events and Rules


Enterprise E

ventM

anagement

“Failed to send logout warning: pid %s for user %s, on%s”,pid,username,onhost

Event Class: EAC_no_logout_warning


“Failed to update user %s during group update -%s”,username,reason

Event Class: EAC_grp_update_failed


Profile

“Profile modified: %s changed %s (%s) account -%s”,adminname,moduser,username,proftype

Event Class: EAC_profile_mod


“Profile created: %s created %s (%s) account -%s”,adminname,adduser,username,proftype

Event Class: EAC_profile_created


“Profile deleted: %s deleted %s (%s) account -%s”,adminname,deluser,username,proftype

Event Class: EAC_profile_deleted


“No profile for account: %s”,username

Event Class: EAC_no_profile



Events and Rules

4–20 Version 1.0

“Invalid profile for account: %s”,username

Event Class: EAC_invalid_profile


“EACBATCH: Sending all profiles to new Slave system: %s”,slave

Event Class: EAC_new_slave


“Converting %s profile from old version 2 to currentversion:%s”,username,version

Event Class: EAC_convert_profile


“Failed to remove user profile lock - after group lock fail, User =%s”,username

Event Class: EAC_rm_prof_failed1


“Failed to remove user profile lock, User = %s”,username



“PROFILE DELETE: Failed to remove user profile lock, User =%s”,username



“User %s had passwd file updated but profile updatefailed”,username

Event Class: EAC_prof_upd_failed



Events and Rules


Enterprise E

ventM

anagement

“Failed to send a profile to new Slave - will try again later: %s”,tohost

Event Class: EAC_prof_send_failed


“Cannot create default root profile - write errno = %s”,errno

Event Class: EAC_root_prof_write


“Cannot create default group profile - malloc errno = %s”,errno

Event Class: EAC_grp_prof_malloc


“Cannot create default group profile - write errno = %s”,errno

Event Class: EAC_grp_prof_write


NIS

“Rebuilding NIS passwd map: %s”,hostname

Event Class: EAC_nis_passwd_rebuild


“Rebuilding NIS group map: %s”,hostname

Event Class: EAC_nis_group_rebuild


“EACNIS: Server Error, could not find host name. Exiting”

Event Class: EAC_host_unknown



Events and Rules

4–22 Version 1.0

“rebuilding NIS group map: ypmake passwd error, status = %s,%s”,errcode,error

Event Class: EAC_ypmake_group_err


“rebuilding NIS passwd map: ypmake passwd error, status=%s,%s”,errcode,error

Event Class: EAC_ypmake_passwd_err


“EAC NIS Error: Could not find make in ypmakepath%s”,ypmakepath

Event Class: EAC_make_not_found


“EAC Internal Error eacnis_sendmsg unknown YPMode:%s”,ypmode

Event Class: EAC_sendmsg_err


“Remote computer named %s does not respond. Restart eacnisdaemon on that machine”,computer

Event Class: EAC_remote_err


Invalid su

“Invalid su to %s from %s”,touser,fromuser

Event Class: EAC_su_invalid



Events and Rules


Enterprise E

ventM

anagement

Failed Reply

“Failed to send reply to %s, action %s, errno %s”,tohost,action,errno

Event Class: EAC_failed_reply


Interface

“Interface used by: %s”,username

Event Class: EAC_intf_used


Internal Errors

“EAC Internal Error, cktty: ttyname not set: %s”,username

Event Class: EAC_fatal_internal


“EAC Internal System Error: could not find ypmake: %s”,hostname

Event Class: EAC_ypmake_not_found


Upfrev

“Unrecognized upfrev: %s”,upfrev

Event Class: EAC_invalid_upfrev


Remsh Request

“Could not send reply to remsh request: %s from: %s:errno=%s”,username,fromhost,errno

Event Class: EAC_cat_reply_remsh



Events and Rules

4–24 Version 1.0

TME 10 Distributed Monitoring EventsThe following table describes the events and rules that TME 10Distributed Monitoring may use when monitoring OmniGuard/EACresources. The table is organized according to the monitor that sendsthe event to the TME 10 Enterprise Console.

Batch Process

“Could not fork batch process, errno = %s”,errno

Event Class: EAC_cant_fork


TME 10 Distributed Monitoring Events

Daemon Status

"EAC Daemon %s has failed.", daemon_name

Event Description:

Event Class:

Event Severity:

An OmniGuard/EAC daemon becomesunavailable. The 3 monitored daemons are:eacsrv, eacnis, slkd.

Sentry2_0_daemon

FATAL

"EAC Daemon %s is up", daemon_name

Event Description:

Event Class:

Event Severity:

Correlation Activity:

An OmniGuard/EAC daemon becomesavailable. The 3 monitored daemons are:eacsrv, eacnis, slkd.

Sentry2_0_daemon

HARMLESS

Close related Sentry2_0_daemon down eventsand auto-acknowledge this event.


Events and Rules


Enterprise E

ventM

anagement

Host Status

OmniGuard/EAC Host Status

Event Description:

Event Class:

Event Severity:

OmniGuard/EAC host becomes unavailable.

Sentry2_0_host

CRITICAL

OmniGuard/EAC Host Status

Event Description:

Event Class:

Event Severity:


OmniGuard/EAC host becomes available.

Sentry2_0_host

HARMLESS

Close related Sentry2_0_host down events andauto-acknowledge this event.

OmniGuard/EAC UserProfiles Directory: FreeSpace

“OmniGuard/EAC /omniguard/eac/shar/upfdir File System avail.space is%s MBytes” (avail_space)

Event Description:

Event Class:

Event Severity:

Available space in the OmniGuard file systemdecreases below 5 MB on a host.

Sentry2_0_diskavail

CRITICAL


Event Description

Event Class:

Event Severity:


Sentry2_0_diskavail

MINOR


Events and Rules

4–26 Version 1.0


Event Description:

Event Class:

Event Severity:


Sentry2_0_diskavail

WARNING


Event Description:

Event Class:

Event Severity:


Available space in the OmniGuard file systemincreases beyond 15 MB on a host.

Sentry2_0_diskavail

HARMLESS

Close related Sentry2_0_diskavail events andauto-acknowledge this event.

Network Collisions

“OmniGuard/EAC - Increase in network collisions per packet: %s”(pct_collisions_per_packet)

Event Description:

Event Class:

Event Severity:

The percentage of network collisions per packetincreases beyond 25%.

Sentry2_0_netcollpct

CRITICAL


Event Description:

Event Class:

Event Severity:



MINOR


Events and Rules


Enterprise E

ventM

anagement


Event Description:

Event Class:

Event Severity:



WARNING


Event Description:

Event Class:

Event Severity:


The percentage of network collisions per packetincreases below 5%.


HARMLESS

Close related Sentry2_0_netcollpct events andauto-acknowledge this event.


Event Correlation

4–28 Version 1.0

Event CorrelationThe TME 10 Enterprise Console event server can use rules todetermine if a number of separate events are related to each other, andthen adjust its response and the information displayed on the eventconsoles accordingly. The following table describes the eventcorrelation rules and related actions provided by Tivoli/Plus forOmniGuard/EAC.

Note: The “send mail” action checks if a deliverable address called“EACAdmin” exists and sends mail to that address. If theaddress is not deliverable, the default action is to send mail to“root.”

Tivoli/Plus for OmniGuard/EAC Event Correlation Rules

OmniGuard/EAC Server Started

Condition 1: Any “server started” event.

Condition 2: This event occurs 3 times in the last 24 hours.

Automated Action(s): Send mail to Admin.

Change event severity to CRITICAL.

OmniGuard/EAC Server Reinitialized

Condition 1: Any “server reinitialized” event.




OmniGuard/EAC Server Terminated

Condition 1: Any “server terminated” event.



Change event severity to FATAL.

Event Correlation


Enterprise E

ventM

anagement

Attempted Login to System Console

Condition 1: Any failed “attempted login to system console”events by the same user.

Condition 2: This event occurs twice in the last 24 hours.

Automated Action(s): Send alert mail to Admin.


Attempted Login to Modem Line

Condition 1: Any failed “attempted login to modem line”events by the same user.




Attempted Login Over Network

Condition 1: Any failed “attempted login over network”events by the same user.




Deactivating User: Too Many Attempts

Condition 1: Any “deactivating user, too many failed logins”event.

Condition 2: The number of events in the last week is equalto 2.




Event Correlation

4–30 Version 1.0

Invalid ‘su’

Condition 1: Any “invalid su” events from the same user tothe same user.




Invalid login to <user> from <tty>

Condition 1: Any “invalid login to <user> from <tty>”events, to the same user, from the same tty.




Login outside time window

Condition 1: Any “out-of-band login” events, from the sameuser.




No Profile for Account

Condition 1: Any “no profile for account” event for the sameuser account.

Condition 2: The events come from more than 1 host.

Automated Action(s): Send alert mail.



Event Correlation


Enterprise E

ventM

anagement

Checksum Error

Condition 1: Any “checksum error” event.




EAC Internal Error

Condition 1: Any “fatal internal error” event.




Problems Spawning Processes

Condition 1: Any “spawn failed” event.




System Error - Cannot Open File for Reading

Condition 1: Any “cannot open file for reading” event.





Event Correlation

4–32 Version 1.0

Unknown Host

Condition 1: Any “unknown host” event.




No Local Directory Exist For Profiles

Condition 1: Any “no directory” event.




YP Send Message Error

Condition 1: Any “YP Send Message Error” event.




Remote Computer Does Not Respond

Condition 1: Any “remote computer error” event.





Event Correlation


Enterprise E

ventM

anagement

Couldn’t Send Failed Status To Login Request

Condition 1: Any “couldn’t send failed status” event.




Cannot Open Lock Directory

Condition 1: Any “cannot open lock directory” event.




Cannot Open Actions Directory

Condition 1: Any “cannot open actions directory” event.




Error Adding PW Entry

Condition 1: Any “error adding PW entry” event.





Event Correlation

4–34 Version 1.0

Error Deleting PW Entry

Condition 1: Any “error deleting PW entry” event.




Malloc error

Condition 1: Any “malloc error” event.




Write error

Condition 1: Any “write error” event.






Tasks and Jobs forO

mniG

uard/EA

C

5Tasks and Jobs forOmniGuard/EAC

Tivoli/Plus for OmniGuard/EAC provides tasks that allow you to runOmniGuard/EAC jobs on multiple machines and operating systems.For example, theOmniGuard/EAC Reports task generates standardOmniGuard/EAC reports from multiple master hosts across the entireenterprise. These tasks are ready to be executed as soon as you haveinstalled your Tivoli/Plus for OmniGuard/EAC module. Simplydouble-click on the task icon to execute the OmniGuard/EAC job. Youcan modify the default execution characteristics of a particular job,such as where the output of a job is displayed and on which machinesthe job will run. You may also specify whether a job runs serially oneach machine, in parallel on all machines, or staged in groups ofmachines.

The task of replicating OmniGuard/EAC user profiles is the onlytwo-step task, which includes configuring a TME 10 SoftwareDistribution file package containing a group of user profiles anddistributing the file package across the enterprise.

5

Tivoli/Plus for OmniGuard/EAC Jobs

5–2 Version 1.0

Tivoli/Plus for OmniGuard/EAC JobsThe following table lists the OmniGuard/EAC jobs and reports thatcan be customized and executed with Tivoli/Plus forOmniGuard/EAC. Double-click on the task icon to run theOmniGuard/EAC job.

Note: The task of replicating OmniGuard/EAC user profiles is atwo-step process.


Job Function Job Name and Icon

Starts the OmniGuard/EAC standarddaemons (eacsrv, eacnis, slkd).

Stops the OmniGuard/EAC standarddaemons (eacsrv, eacnis, slkd).

Prints the standard OmniGuard/EACReports. This task generates reports frommultiple master hosts across theenterprise. The report types are:

■ All users

■ Super privileges

■ Expired passwords

■ Expired profiles

■ Inactivated profiles

■ Unused profiles

■ Network privileges

■ Group members

■ System log



Tasks and Jobs forO

mniG

uard/EA

C

Job Function Job Name and Icon

Prints the current logins on all agents.

Prints the failed logins across theenterprise.

Displays the agents on which theOmniGuard/EACslkd daemon isrunning.

Deactivates a local user on a specificagent host.

Displays a user or group profile.

Deactivates a user across the entireenterprise.

Prints the available number of licenses.



5–4 Version 1.0

Configures the TME 10 EnterpriseConsole logfile adapter to intercept andforward OmniGuard/EAC events to theTME 10 Enterprise Console. (See“Setting Up the Logfile Adapter forOmniGuard/EAC” on page 4-6.)

Replicating OmniGuard/EAC userprofiles requires that you first create andconfigure a TME 10 SoftwareDistribution file package containing agroup of user profiles to be distributed ona remote master host. Use theSetup UserProfile Replication icon to configure thefile packages, (see page 5-11).

Distribute the user profiles on targetnodes specified in the respective filepackage. Use theReplicateOmniGuard/EAC User Profiles icon todistribute the file packages, (seepage 5-13).


Running an OmniGuard/EAC Job and Saving the Output


Tasks and Jobs forO

mniG

uard/EA

C

Running an OmniGuard/EAC Job and Saving theOutput

All Tivoli/Plus for OmniGuard/EAC jobs can be run immediately afterinstallation. You can run these jobs from the desktop only.

To run an OmniGuard/EAC job with the default executioncharacteristics, double-click on the icon or select Run job... from theicon’s pop-up menu.

If Tivoli/Plus for OmniGuard/EAC requires further information toexecute the job, a pop-up window appears prompting you for theinformation. Online help is available to assist you in completing thesewindows.


5–6 Version 1.0

For example:

Output is displayedin an output win-dow.

Where appropriate, apop-up window assists youin supplying additional in-formation.



Tasks and Jobs forO

mniG

uard/EA

C

The job’s output is displayed in an output window. To save the job’soutput to a file:

1. Select theSave to File... button to display theSave Job Outputwindow.

2. Enter the name of the machine on which to save the output file intheOn Host field of theSave Job Output window.

3. Enter the name of the output file that will contain the job’s outputin theOutput File field.

4. Select theSave & Close button to save the output of the job tothe file you specified.

You can also use theModify job... option of the job icon’s pop-upmenu to specify that the output be sent to a file.

Modifying an OmniGuard/EAC Job

5–8 Version 1.0

Modifying an OmniGuard/EAC JobYou can modify the execution characteristics of a job for each time thejob is run or for only a single execution of the job.

Modifying for All Future Executions of the JobUse the following steps to modify a job for each time it is run.

1. Select theModify job... option from the job icon’s pop-up menu.

Be sure to specifyon which man-aged nodes andprofile managersthe job will run.



Tasks and Jobs forO

mniG

uard/EA

C

2. Make the necessary changes in theEdit Job window. Online helpis available to assist you.

Note: Be sure to specify on which managed nodes and profilemanagers the job will run.

3. Click on theChange & Close button when finished.

Modifying for a Single Execution of the JobUse the following steps to modify a job for only a single execution ofthe job. The next time you run the same job, it will return to the defaultexecution characteristics.

1. Select theRun on selected subscribers... option from the jobicon’s pop-up menu to display the Execute Task window.


5–10 Version 1.0

2. Make the necessary changes in theExecute Task window. Onlinehelp is available to assist you.

Note: Be sure to specify on which managed nodes and profilemanagers the job will run.

3. Click on theExecute & Dismissbutton when finished.

Be sure to specifyon which managednodes and profilemanagers the jobwill be run thistime.

Replicating OmniGuard/EAC User Profiles


Tasks and Jobs forO

mniG

uard/EA

C

Replicating OmniGuard/EAC User ProfilesReplicating OmniGuard/EAC user profiles is a two step process. First,you create a file package for the profiles to be replicated. Second, youdistribute the file package across the enterprise.

Configuring a File Package for User ProfilesUse the following steps to create and configure a TME 10 SoftwareDistribution file package containing a group of user profiles to bedistributed on remote master hosts.

1. Select theRun job... option from theSetup User ProfileReplication icon’s pop-up menu to display theSetup UserProfile Replication window.


5–12 Version 1.0

2. (Optional) In theFilepack Name Extensionfield of theDistribution Options block, enter a unique, meaningful namefor the file package icon.

3. Specify the name of the OmniGuard/EAC master server wherethe user profile files are located in theMaster name field of theSource Information block.

4. You are now ready to specify which user profiles on the masterserver you want to replicate on the target nodes.

• If you want to replicate all the user profiles present on themaster server, select theAll Users On Master Sourcebutton.

• If you want to replicate only certain user profiles present onthe master server, select theSpecify User Names button,which causes theUsers field to be displayed. In theUsersfield, enter the specific user profiles to be distributed,separated by single spaces.

5. Select thePre-expire User Passwords button in the InstallationOptions block if you want to force users to change theirpassword the first time they log in on the target node.

6. Press theSet And Execute button to set all of the informationyou have entered and create a file package.



Tasks and Jobs forO

mniG

uard/EA

C

Distributing a User Profiles File PackageUse the following steps to distribute across the enterprise the TME 10Software Distribution file package containing a group of user profiles.

1. Select theSubscribers... option from theReplicateOmniGuard/EAC User Profiles icon’s pop-up menu.

2. Specify the subscription lists to which you want to distribute theOmniGuard/EAC user profile files by using the left and rightarrow buttons to create the desired lists in theCurrentSubscribers field. When finished, press theSet Subscriptions &Close button.

3. Select theDistribute... option from theReplicateOmniGuard/EAC User Profiles icon’s pop-up menu. Selectingthis option distributes the OmniGuard/EAC user profile files ontothe machines listed on the subscription lists that you chose.


5–14 Version 1.0

Tivoli/Plus for Omniguard User’s Guide Index–1

Index

Aaccount events 4-9activating Tivoli/Plus icons 1-12authorization role 1-2

Cchecksum events 4-8command line installation 1-11commands

winstall 1-11wsupport vi

ConfigureOmniGuard/EAC LogFile AdapterOutput window 4-6

configuring a file packagefor distributing user profiles 5-11for installing OmniGuard/EAC 2-2

conventions, typeface vcorrelating event rules 4-28customer support, contacting vi

Ddaemon status events 4-24desktop installation 1-4directory events 4-12Distribute / Install OmniGuard/EAC window

2-10Distribute Profiles window 3-3distributing software 2-1– 2-11documents

prerequisite iv

related iv

EEAC expiration events 4-8EAC server events 4-7eacnis daemon 3-9eacsrv daemon 3-8eactl events 4-9Edit Job window 5-8event management 4-1– 4-34events 4-7

account 4-9batch process 4-24checksum 4-8correlation rules 4-28– 4-34daemon status 4-24directory 4-12EAC expiration 4-8EAC server 4-7eactl 4-9failed reply 4-23file 4-14group lock 4-10group/user tree 4-9home directory 4-12host status 4-10, 4-25interface 4-23internal errors 4-23invalid su 4-22lock file 4-13login 4-16malloc 4-11network collisions 4-26NIS 4-21OmniGuard/EAC 4-7– 4-24OmniGuard/EAC user profiles directory,

free space 4-25password 4-15path 4-11

Index–2 Version 1.0

port range 4-10profile 4-19remsh request 4-23socket 4-10spawning process 4-12syslog 4-8system status file 4-13TME 10 Distributed Monitoring 4-24–

4-27upfrev 4-23user 4-18user profile directory 4-12

Execute Task window 5-10

FFile Browser window 1-6file events 4-14file packages

configuring for OmniGuard/EACinstallation 2-2

configuring for user profiles distribution5-11

viewing 2-7

Ggetting started 1-1– 1-18group lock events 4-10group/user tree events 4-9

Hhardware requirements 1-3home directory events 4-12host status 3-7

events 4-10, 4-25

Iicons

activating 1-12for configuring file packages 2-2,

5-11for configuring logfile adapter 4-2for distributing user profiles file

packages 5-13for installing OmniGuard/EAC 2-7for launching OmniGuard/EAC 1-17for monitors 3-2, 3-6for OmniGuard/EAC jobs 5-2– 5-4for setting up TME 10 Enterprise

Console 4-2for subscription lists 3-4Sentry Indicator 3-5Tivoli/Plus 1-11, 1-13Tivoli/Plus for OmniGuard/EAC 1-12Tivoli/Plus symbol 1-12

Install Product window 1-5, 1-7installation requirements 1-2

hardware 1-3software 1-2

installing OmniGuard/EAC 2-1, 2-7all platforms 2-9requirements 2-8single platform 2-10

installing Tivoli/Plus for OmniGuard/EACfrom the command line 1-11from the desktop 1-4requirements for 1-2

invalid su events 4-22

Jjobs

list of 5-2modifying 5-8

all executions 5-8single execution 5-9


purpose 5-1running 5-5saving output 5-7Tivoli/Plus for OmniGuard/EAC 5-1–

5-13

Llaunching OmniGuard/EAC 1-17lock file events 4-13login events 4-16

Mmachine requirements 1-2malloc events 4-11managing events 4-1– 4-34modifying OmniGuard/EAC jobs 5-8


modulesstarting 1-13viewing 1-15

monitored resourceseacnis daemon 3-9eacsrv daemon 3-8host status 3-7list of 3-6network collisions 3-11OmniGuard/EAC user profiles directory,

free space 3-12slkd daemon 3-10viewing 3-5

monitoring resources 3-1– 3-12monitors

customizing 3-4distributing 3-3icons for 3-2, 3-6subscription lists 3-4

using 3-2

Nnetwork collisions 3-11

events 4-26NIS events 4-21

OOmniGuard/EAC

events 4-7– 4-24icon 1-17installation requirements 2-8installing

all platforms 2-9single platform 2-10

jobs 5-2launching applications 1-17modifying jobs 5-8


running jobs 5-5user profile directory, free space

events 4-25monitor 3-12

OmniGuard/Enterprise Access Controlwindow 1-18

Ppassword events 4-15path events 4-11port range events 4-10prerequisite documents, to this guide ivprocedures

configuring file packages 2-2customizing monitors 3-4


distributing monitors 3-3installing OmniGuard/EAC

all platforms 2-9single platform 2-10

installing Tivoli/Plus forOmniGuard/EAC

from the command line 1-11from the desktop 1-4

launching OmniGuard/EAC 1-17modifying OmniGuard/EAC jobs


running default OmniGuard/EAC jobs5-5

saving ouput 5-7setting up the TME 10 Enterprise

Console 4-3starting

a module 1-13OmniGuard/EAC 1-17

using monitors 3-2viewing monitored resources 3-5

Product Install window 1-9, 1-10profile

events 4-19managers 1-13

Rrelated documents, to this guide ivrequirements

hardware 1-3installation 1-2machine 1-2software 1-2

resource monitoring 3-1– 3-12rules for events 4-7, 4-28– 4-34running OmniGuard/EAC jobs 5-5

Ssaving output 5-7Sentry Indicator Collection window 3-5Sentry Indicator icons 3-5Sentry. See TME 10 Distributed Monitoringsetting up

OmniGuard/EAC installation 2-1Tivoli/Plus for OmniGuard/EAC 1-1TME 10 Enterprise Console 4-3TME 10 Software Distribution file

packages 2-1Setup EventServer for OmniGuard/EAC

window 4-3Setup OmniGuard/EAC Installation window

2-3Setup User Profile Repication window 5-11slkd daemon 3-10socket events 4-10software

distribution 2-1– 2-11requirements 1-2

spawning process events 4-12starting

modules 1-13OmniGuard/EAC 1-17

Subscribers window 2-9subscription lists 1-13syslog events 4-8system status file events 4-13

Ttasks 5-1– 5-13

see alsojobsTivoli/Plus

icons 1-11, 1-12, 1-13plus symbol 1-12unique features 1-13window 1-15


Tivoli/Plus for OmniGuard/EACgetting started 1-1– 1-18icons 1-12installation requirements 1-2installing

from the command line 1-11from the desktop 1-4

profile managers 1-13subscription lists 1-13window 1-16

Tivoli/Plus for OmniGuard/EAC window3-3

Tivoli/Plus modulesstarting 1-13viewing 1-15

TME 10 Distributed Monitoring 3-1events 4-24– 4-27list of monitored resources 3-6resource monitoring 3-1using monitors 3-2viewing monitored resources 3-5

TME 10 Enterprise Consolesetting up 4-3

adding to an existing rule base 4-5creating a new rule base 4-4

setup icon 4-2TME 10 Software Distribution, configuring

file packages 2-2TME Desktop window 1-4, 1-14typeface conventions v

Uuser

events 4-18profile directory events 4-12profiles, replicating 5-11

using monitors 3-2

Vviewing

file packages 2-7monitored resources 3-5Tivoli/Plus modules 1-15

Wwindows

Configure OmniGuard/EAC LogFileAdapter Output 4-6

Distribute / Install OmniGuard/EAC2-10

Distribute Profiles 3-3Edit Job 5-8Execute Task 5-10File Browser 1-6Install Product 1-5, 1-7OmniGuard/Enterprise Access Control

1-18Product Install 1-9, 1-10Sentry Indicator Collection 3-5Setup EventServer for OmniGuard/EAC

4-3Setup OmniGuard/EAC Installation

2-3Setup User Profile Replication 5-11Subscribers 2-9Tivoli/Plus 1-15Tivoli/Plus for OmniGuard/EAC 1-16,

3-3TME Desktop 1-4, 1-14

winstall command 1-11wsupport command vi
