; Nova Software, Inc. www.nova-sw.com ; Network Equipment Performance Monitoring System (NEPM) www.nepm.net ; Remote Log Courier (RLC) Control File Rev. 2.2 (041128) ; GENERAL FORMATTING RULES FOR THIS FILE: ; -This is a line-oriented control file. Each entry must appear on a single line, however long. ; Use word wrap in your editor to view lines exceeding one screen width and be certain that it does not ; insert extraneous newlines. ; -Optional: Comments follow the first semicolon on a line. Do not preceed the ';' with an extra space. ; Semicolons in text entries can be protected with a preceeding '\'. The '\;' pair will not ; be interpreted as the beginning of a comment. ; -Semicolon and comment may be omitted on any non-empty line. ; -The length and number of comments is unlimited. (Line length may be limited in some editors.) ; -Do not pad entries with leading or trailing spaces. ; -This file is in two sections divided by a separator line which must begin with '::::'. ; No other line may begin with '::::'. ; -The characters ; : / \ | < > " must not appear within filenames. ; -All mail addresses must contain one and only one '@' symbol. ; *************************** SECTION 0NE: GENERAL AND DEFAULT PARAMETERS **************************** ; -THE ORDER OF ENTRIES IN THIS SECTION (TO THE :::: MARK) IS FIXED. ; On the following line replace the first 22 characters with your evaluation period or unlimited-time license key. 0123456789012345678901; License key ; Mail and filesystem parameters: Either valid entries or '0's must be provided as indicated. ; There are no internal defaults for the first four values. ; You must make entries for all four values. ; REQUIRED -- mail "from" account. This MUST be a valid account at the server on the next line!. nepm-rlc@yourdomain.com; ; Full name of the smtp (send) mail host server to courier by mail, or 0 to courier via the filesystem. mail.yourdomain.com; ; Mail "to" account at which the NEPM Builder program receives mail nepm-arb@yourdomain.com; ; URL of backup (secondary) smtp mail server if available, 0 otherwise. 0;backupmail.yourdomain.com; ; Path to which to write captured files on the local filesystem. Internal default is 'data/Courier'. ; Use the directory separator appropriate to the system on which this directory is hosted. ; REQUIRED ENTRY: This entry is also used for emergency saving when log management is enabled. data\Courier; ; The following group is the default connect parameters to monitored systems. They change the program's internal defaults. ; -Unneeded items in this group following the last one to be changed may be omitted. Thus to change ; only the telnet port number enter that line, all lines preceeding it, and omit all lines ; following it to the "::::" mark. The Courier's internal defaults will be used for the omitted values. ; -Enter '0' as a placeholder on required intervening lines that will not be used. ; -Use care to enter new values correctly. NEPM places few constraints on the values you enter. ; -THESE DEFAULTS ARE IN ORDER OF DECREASING LIKLIHOOD OF NEED, SO THAT THE FEWEST POSSIBLE NEED BE ENTERED. ; THEIR ORDER DIFFERS FROM THAT OF THE ENTRIES ON THE ELEMENT CAPTURE LINES!!!! ; Default telnet login password on target systems if needed. Internal default is clrMpen. clrMpen; ; Default telnet login id on target systems if needed. Internal default is NEPMRLC ; NOTE: Common WinNT telnet servers, including that distributed with NEPM, require you to prefix the ; login with the windows domain name followed by a backslash thus: windows_domain\NEPMRLC NEPMRLC; ; NOTE: Choose one of the following two default prompts depending on the OS type of the target system. Comment out the other. ; Consult the User Guide for more detail on prompt equivalences. ; Default prompt after telnet login, in regular expression form, for UNIX type target OS's. Represents the usual user prompt of $ ;(\s\$\s)$; ; Other UNIX equivalences are (\s#\s)$ for # , (\s>\s)$ for > , (\s!\s)$ for ! , (\s:\s) for : . Keep the prompt as specific as possible to avoid false matches in log text. ; Default prompt after telnet login, in regular expression form, for WinNT OS's. This is the internal default. [[:upper:]]:(.+>\s*)$; ; The following line is the default target Elements-and-files-to-be-monitored specification. Syntax details and use are defined below. ; Internal default is <>/var/log/messages.1|/var/log/messages|/var/log/httpd/access_log.1|/var/log/httpd/access_log <>|/var/log/messages.1|/var/log/messages|<>|/var/log/messages.1|/var/log/messages|/var/log/httpd/access_log.1|/var/log/httpd/access_log; default elements & files to be captured ; A sample default file capture spec for WinNT and IIS: ;<>|::EventLog_System|::EventLog_Application|<>|d:\WinNT\system32\LogFiles\W3svc1\::DatedLogs ; Default OS type of target system: 'Unix', 'WinNT', or 'IOS' only. Internal default is 'Unix'. Unix; ; Default telnet port number. Internal default is 23. Acceptable range is 1 to 65534 ; The telnet server distributed with NEPM installs with a default port number of 1023. ; (WARNING: Many of the lower port #'s are in use by other services. Consult your system documetation to avoid conflicts.) 23; ; D to enable delete of each original log file on the target system after capture and successful couriering, or 0 to disable. ; Filesytem permissions must also be set appropriately to allow deleting log files from this login account. ; Internal default is 0. 0; ; Default command to raise the privileges level. Internal default is 'su root' for Unixs. ; Use 'enable' for Cisco IOS and compatible OS's. Not applicable for WinNT. 0; ; Default privileged password. Login will issue the "raise privileges" command above if this entry is present . ; There is no internal default. ; WARNING: IF A NON-ZERO VALUE IS ENTERED HERE YOU MUST OVERRIDE THIS DEFAULT with a '0' sub-entry in the ; privileged password entry on every target system line below on which elevated priviledges is not required. 0; ; Default privileged user (e.g. root) prompt in regular expression form. Internal default is (#\s*)$ (#\s*)$; ; THE FOLLOWING SEPARATOR LINE BEGINNING WITH :::: IS REQUIRED IN THIS LOCATION IN ALL CONTROL FILES. ::::; ****************************** End of the global parameters DO NOT REMOVE OR MOVE THIS LINE. ; *************************** SECTION TWO: INDIVIDUAL TARGET SYSTEM CAPTURE PARAMETERS **************************** ; CONNECT AND DATA CAPTURE PARAMETERS FOR EACH ITEM OF EQUIPMENT TO BE MONITORED. ; -SPECIFICATION: Each line in this section must be a comma-separated list of the following values for its target system: ; IP address for telnet access to the target system,telnet port #, user prompt regexp after login,user ID,user password,OS type, command to raise privilege level, privileged password, privileged prompt regexp, delete-after-capture flag,Elements-and-files-to-be-monitored sub-list [spec below] ; SYNTAX DETAILS: ; -Any omitted sub-entry will be filled from the default, if one exists. THE IP ADDRESS (FIRST ENTRY) HAS NO DEFAULT AND ; MUST ALWAYS BE FILLED. ; -Target systems are accessed in the order that the lines are listed. ; -Each entry (i.e. one monitored system) must occupy one line only, however long required to contain all the information. ; Use word wrap in your editor to view long lines, making certain that extraneous newlines are not silently inserted by it. ; -Omit sub-entries by leaving nothing (not even spaces) between the commas. The commas are necessary as placeholders ; (i.e. sub-entry counters.) ; -The order of entries IS NOT THE SAME as that in the default entries in the previous section of this control file. ; Here the order is in the sequence needed to connect and capture logs. ; -Use IP addresses rather than FQDN's. DNS lookups will slow the capture process and may introduce unnecessary failures. ; -Be careful to use the correct port number for telnet on each target system and remember that NEPM's optional telnet ; server for WinNT defaults to port 1023. ; -Do not include any extraneous spaces before or after the commas. ; -Telnet password and/or login ID will not be used and can be omitted if the server on the monitored system does not ask ; for either or both of them. ; -Privileged password and prompt are only needed and used in cases in which log read access is restricted to a higher ; privilege level. Omit them otherwise unless there is a default privileged password. Use '0' in this case. ; -Prompts must be in regular expression form. Consult the User Guide for regular expression equivalents to common ; command line prompts. ; -THE ELEMENTS-AND-FILES-TO-BE-MONITORED SYNTAX SPECIFICATION: ; -The element name appears first (on the left) in double angle brackets, thus: <> ; This can be any name you choose for mnemonic convenience. The same name must be used in the ; messages section of the Builder's control file. The name is used by the Builder to associate ; event message sets with the corresponding captured log file sets. ; -Case is ignored in element names. ; -Element names must contain only alphanumeric characters (letters and numbers) and underscore, '_'. ; -Include 'system' (case insensitive) in an element name to associate the file group with its Operating System and the ; default event lists used by the Builder. ; -Each file pathname to be captured and associated with that elementname is listed following its element name. ; -The characters ; : / \ | < > " must not appear within filenames. ; -File pathnames may contain spaces. ; -The directory separator in pathnames must be that appropriate to the target system, e.g '\' for WinNT and '/' for UNIX. ; -Each file pathname must be bounded on the left and right with the '|' character. As many spaces as desired can be inserted after ; the '|' symbol for visual clairity. Do not put any spaces in front of the '|' symbol. ; -List the element identifiers and associated file spec group in any order. ; -CRITICAL: Multiple file pathnames within in each element file group MUST be listed in chronological order, ; earliest on the left, latest on the right, i.e. messages.3|messages.2|messages.1|messages, etc. ; -The four Event sub-logs on WinNT can only be specified as ::EventLog_System, ::EventLog_Application, ::EventLog_Security, and ; ::EventLog_DNS, without any path prefix. Use NO extra spaces with these log names. These logs cannot be read and captured ; directly from the filesystem as other logs are. They must be read thru the WNTELC tool downloaded with NEPM. ; -IIS dated logs (WinNT's): Specifiy ISS dated logs with the pathname but use ::DatedLogs in place of the ; filename. This syntax tells the NEPM Courier to capture the latest two logs in this directory, ignoring the ; filename, which will change hourly, or daily, etc. ; SAMPLES: ; Nine target systems that use only default values: 192.168.1.1,,,,,,,,,, 192.168.1.2,,,,,,,,,, 192.168.1.3,,,,,,,,,, 192.168.1.4,,,,,,,,,, 192.168.1.5,,,,,,,,,, 192.168.1.6,,,,,,,,,, 192.168.1.7,,,,,,,,,, 192.168.1.8,,,,,,,,,, 192.168.1.9,,,,,,,,,, ; On WinNT get the System and Application Event Logs and IIS log, 192.168.1.2,1023,>$,nova-sw\user1,xxxxxx,WinNT,,,,<<>|::EventLog_System|::EventLog_Application|<>|d:\WinNT\system32\LogFiles\W3svc1\ncsa1.log| ; On WinNT get IIS dated logs, 192.168.1.2,1023,>$,nova-sw\user1,xxxxxx,WinNT,,,,<<>|::EventLog_System|::EventLog_Application|<>|d:\WinNT\system32\LogFiles\W3svc1\ncsa1.log| ; Load up a full set (5 weeks worth) of all types of logs on a Unix system. ; For best performance run this capture line only the first time. Use the following correponding line all following periodic capture. 192.168.1.1,,,,,,,,,,<>|/var/log/messages.5|/var/log/messages.4|/var/log/messages.3|/var/log/messages.2|/var/log/messages.1|/var/log/messages|<>|/var/log/messages.5|/var/log/messages.4|/var/log/messages.3|/var/log/messages.2|/var/log/messages.1|/var/log/messages|/var/log/httpd/access_log.5|/var/log/httpd/access_log.4|/var/log/httpd/access_log.3|/var/log/httpd/access_log.2|/var/log/httpd/access_log.1|/var/log/httpd/access_log ; Daily or hourly capture line for the same Unix system hosting a webserver (the two latest files must always be captured to insure getting all events on the boundary between them.) 192.168.1.1,,,,,,,,,,<>|/var/log/messages.1|/var/log/messages|<>|/var/log/messages.1|/var/log/messages|/var/log/httpd/access_log.1|/var/log/httpd/access_log| ; Get Unix system logs and Apache logs as superuser. 192.168.1.1,,(\$\s*)$,user2,xxxxxx,Unix,,yyyyyy,(#\s*)$,,<>|/var/log/messages.1|/var/log/messages|<>|/var/log/messages.1|/var/log/messages|/var/log/httpd/access_log ; On WinNT get IIS data logs by telnet relay from a non-WinNT system 100.200.1.2,,,,relay 192.168.1.2,1023,>$,nova-sw\user1,xxxxxx,WinNT,,,,<>|c:\WinNT\system32\LogFiles\W3svc1\::DatedLogs|