hour. You can edit this rule to change the time or the list of classes. Refer to the IBM Tivoli Enterprise Console Rule Builder’s Guide for information about editing rules.

Logfile_Amd

Logfile_Cron

Logfile_Oserv

Logfile_Date_Set

The event server also comes with some additional rules that you can install. The $BINDIR/TME/TEC/contrib/rules/security directory contains the security_default.rls file, which provides the following behavior to the event server:

vWhen a host reports a repeated login failure attempt at least two times in a row, e-mail is sent to the e-mail alias tec_security notifying the administrators of the attempted security breach. (The tec_security alias must be added to the e-mail alias file before the messages can be delivered.)

vA rule is included that closes the following event classes after one hour:

Repeated_Login_Failure

Repeated_Login_Failure_From

Root_Login_Success_From

Troubleshooting the UNIX Log File Adapter

Perform the following steps to troubleshoot the UNIX log file adapter:

1.Stop any UNIX log file adapters that are currently running: init.tecad_logfile stop

2.Start the adapter in debug mode. init.tecad_logfile -d start

3.Generate some messages to determine if the adapter receives them. You can send e-mail, perform an su, or perform any action that results in a write to syslog. Alternatively, you can use the logger program to generate messages: logger -t oserv -i execve failed: path: errno 13

This generates an Oserv_Exec_Failed event. The message written by logger should match one of the format specifications in the tecad_logfile.fmt file.

4.When events arrive, the adapter prints messages to the screen indicating the class and the attribute values in the class.

matched CREATED_PROFILE_MANAGER name is ’Profile1’’

If you do not see any messages, the adapter is not receiving events from the log file.

Verify that the syslogd daemon is running and is writing any new messages to the system log files in /var/adm or its equivalent, or to the system console, depending on how syslog.conf has been configured to write out messages. For testing purposes, you can temporarily add the following line to syslog.conf:

*.info <Tab> <filename>

This allows all messages to be written to a file so you can see what messages have arrived. This file grows large quickly, so make this a temporary change only. You need to HUP the syslogd daemon each time you change syslog.conf to put these changes into effect.

Chapter 9. UNIX Log File Adapter 109

Page 120 Page 122
Page 121
Image 121
IBM Enterprise Console manual Troubleshooting the Unix Log File Adapter, LogfileAmd LogfileCron LogfileOserv LogfileDateSet
Page 120 Page 122

Enterprise Console specifications

IBM Enterprise Console is a robust solution designed to centralize and streamline IT operational monitoring and management. As organizations increasingly rely on complex IT infrastructures, including cloud services, on-premise systems, and hybrid environments, the need for an effective monitoring tool has become paramount. IBM Enterprise Console addresses these needs by providing a comprehensive view of IT operations, enabling organizations to respond to incidents with agility and precision.

One of the key features of IBM Enterprise Console is real-time monitoring. The solution offers a single pane of glass through which IT teams can observe the performance of various systems and applications. This capability allows organizations to detect and respond to incidents promptly, minimizing downtime and ensuring that services remain available for end users. The console integrates seamlessly with multiple data sources, allowing for the aggregation of alerts, events, and logs from diverse IT environments.

Another significant aspect of IBM Enterprise Console is its automation capabilities. The platform supports automated workflows and incident management processes, helping to reduce the workload on IT teams. Automation not only enhances efficiency but also ensures consistency in incident response. By leveraging predefined rules and actions, organizations can standardize their operational protocols, leading to faster resolution times and improved service quality.

The IBM Enterprise Console utilizes advanced analytics and artificial intelligence to enhance operational insights. Machine learning algorithms can help identify patterns and anomalies in system performance, allowing organizations to anticipate potential issues before they escalate into critical incidents. This proactive approach to IT monitoring not only improves reliability but also fosters a culture of continuous improvement across the organization.

Security features are also integrated into the IBM Enterprise Console, allowing for the monitoring of security incidents alongside IT operations. This unified approach helps organizations to respond more effectively to security threats, enabling them to correlate operational and security data for a comprehensive view of their infrastructure.

In conclusion, IBM Enterprise Console stands out as a powerful tool for IT operations management. Its real-time monitoring, automation capabilities, advanced analytics, and integrated security features make it an ideal solution for organizations looking to enhance operational efficiency and responsiveness. By leveraging this technology, businesses can ensure that their IT environments remain stable, secure, and aligned with their strategic goals.
Top Page Image Contents