HPE Community
Operating System - OpenVMS
1753774 Members
6951 Online
108799 Solutions
New Discussion юеВ

Re: off server logging facility

 
Tim Nelson
Honored Contributor

тАО03-09-2006 04:21 AM

тАО03-09-2006 04:21 AM

off server logging facility

I saw a reference or two to having VMS report it's system events to a syslog server. It initially looks like it is not possible.
Here is my requirment and hopefully there are some ideas.

It is required that all system events be logged to a tertiary server. The administrators of the primary server cannot have admin privelages to modify the events recorded on the tertiary server.

The above is somewhat the purpose of a centralized syslog server where each server will send log events to and have reviewed by a different party.

Any ideas for the VMS world ? I see there is a syslog daemon available for VMS but getting all of vms to tie into the logger utility may not be possible.

Thanks to all !!
0 Kudos
Reply
10 REPLIES 10
Arch_Muthiah
Honored Contributor

тАО03-09-2006 04:35 AM

тАО03-09-2006 04:35 AM

Re: off server logging facility

Tim,

SYSLOG server freeware exists for OpenVMS, specifically
a syslogd server is available via the FileServ package.

Archunan
Regards
Archie
0 Kudos
Reply
Uwe Zessin
Honored Contributor

тАО03-09-2006 05:17 AM

тАО03-09-2006 05:17 AM

Re: off server logging facility

I don't think that helps Tim. I beleive he wants the CLIENT functionality in VMS: the VMS system sends events (operator requests, error log entries, DECnet events, IP events, ...) via |syslog| protocol to another system.
.
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО03-09-2006 06:33 AM

тАО03-09-2006 06:33 AM

Re: off server logging facility

Uwe has the idea.

Audit is requiring system events to be mirrored or logged "off" server. Although the syslog daemon that is ported from UNIX to VMS serves this purpose the next hurdle would be getting VMS to send it's events through the logger command.

If reply/enable could be told to send the messages into the logger command, that might be a way around it.
or
Write DLC to monitor the operator.log and then send each new entry through logger.
or
I see that the reply command will allow for op messages to another node. This might be easiest but the other node would have to be a VMS server admin'd/controlled by another group.

0 Kudos
Reply
Bill Hall
Honored Contributor

тАО03-09-2006 07:35 AM

тАО03-09-2006 07:35 AM

Re: off server logging facility

Tim,

I would assume that a requirement of this type would have some "budget dollars" behind it. I recommend looking at ConsoleWorks from TDI <>. Very good product and good people to work with. You have your choice of the usual popular server platforms including VMS. We use it to connect to, monitor and archive the output on serial consoles all around North America. We also send alarms based on "events" that come across consoles. We don't use their syslog or Windows client, but they are available for ConsoleWorks also.

Bill
Bill Hall
0 Kudos
Reply
Phillip Thayer
Esteemed Contributor

тАО03-09-2006 08:29 AM

тАО03-09-2006 08:29 AM

Re: off server logging facility

Tim,

I have also used Consoleworks at a couple of different sites and it works well. It will allow you to log anything that would normally come across theconsole. Including if someone logs in on the console and does some work. It can be set to watch for specific text strings and trigger events based off the text strings. I also would recommend it.

Phil
Once it's in production it's all bugs after that.
0 Kudos
Reply
John Gillings
Honored Contributor

тАО03-09-2006 08:40 AM

тАО03-09-2006 08:40 AM

Re: off server logging facility

Tim,

Not SYSLOG, but check the section "Using a Remote Log File" in "HP OpenVMS Guide to System Security" - it gives a worked example of sending all AUDIT messages to a remote system (using DECnet). The remote file is a second audit journal.

If the SYSLOG thing doesn't already exist, there are mechanisms which would simplify creating a SYSLOG client - use an audit listener mailbox (also in the Guide to System Security a few pages beyond the remote log example). It's just a matter of writing a little program to catch the audit messages from the mailbox, reformat them as SYSLOG packets and toss them out on the wire for the SYSLOG server. (I'd be astonished if someone hasn't already done this).
A crucible of informative mistakes
0 Kudos
Reply
Ian Miller.
Honored Contributor

тАО03-09-2006 09:22 AM

тАО03-09-2006 09:22 AM

Re: off server logging facility

which events are to be sent?
____________________
Purely Personal Opinion
0 Kudos
Reply
Robert Gezelter
Honored Contributor

тАО03-09-2006 11:04 AM

тАО03-09-2006 11:04 AM

Re: off server logging facility

Tim,

I have done this for one of my clients, who had a similar need.

A lot depends on what precisely you are monitoring. There are ways to capture OPCOM and the AUDIT Event streams. It takes some care, but works quite well.

- Bob Gezelter, http://www.rlgsc.com

0 Kudos
Reply
Robert Atkinson
Respected Contributor

тАО03-09-2006 08:06 PM

тАО03-09-2006 08:06 PM

Re: off server logging facility

I'd recommend IAM:Consoles from Itheon (www.itheon.com).

Like ConsoleWorks, it traps events coming out of OPA0 and can send them via a number of methods, including SNMP, PAGE, EMAIL, TNG, etc.

It's very useful for creating DCL scripts to reply to or act upon OPCOM requests or messages.

Rob.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.