FSM CALA Users Guide

User Manual:

Open the PDF directly: View PDF .
Page Count: 308

Download
Open PDF In Browser	View PDF

FSM CALA User’s Guide
FileNet System Monitor 4.0.0

FileNet Corporation

Table of Contents
1. Copyright Notice ..................................................................................................................... 1
Trademarks........................................................................................................................... 1
Notice ................................................................................................................................... 1
2. Notices ..................................................................................................................................... 3
3. About this document .............................................................................................................. 4
Who Should Read This Guide .............................................................................................. 4
List of documents ................................................................................................................. 4
General information .............................................................................................................. 4
Where you find this guide ............................................................................................ 4
Typeface Conventions .................................................................................................. 4
Contacting FileNet Support.......................................................................................... 5
4. FSM CALA Overview............................................................................................................... 6
FSM CALA (CALA)............................................................................................................... 6
CALA Binaries.............................................................................................................. 6
CALA GUI .................................................................................................................... 6
5. Installation ............................................................................................................................... 7
General Installation Information............................................................................................ 7
Non-Tivoli CALA Installer...................................................................................................... 7
General description...................................................................................................... 7
Installing a product on the local machine..................................................................... 9
Remote installation .................................................................................................... 10
Further installation options......................................................................................... 13
Relationship between installer GUI install_cala.sh .................................................... 14
6. Component Architecture ...................................................................................................... 16
CALA System platforms ..................................................................................................... 16
Supported JAVA JRE or JDK versions (CALAGUI and CALA V2S Editor prerequisite) ..... 16
Implementation on Microsoft Windows based systems ...................................................... 16
CALA installation as Windows Service ...................................................................... 16
CALA de-installation on Windows systems................................................................ 16
Configuration file logctlsrv.conf for a Windows service installation..................................... 16
Client / Server Architecture................................................................................................. 17
Implemented components .................................................................................................. 18
Read-only component (Reader)................................................................................. 18
Filter component (Filter)............................................................................................. 19
Event generating components ................................................................................... 19
Processing server msgclsfsrv (Message Classification Server) ................................ 19
Sub components Rules Engine and Message Mapping (msgclsfsrv sub components)
20
Sub component Completer (msgclsfsrv sub component) .......................................... 20
Sub component Remapper (msgclsfsrv sub component) .......................................... 20
Emitter components ................................................................................................... 20
T/EC transmit component .......................................................................................... 21
Application proxy for DMZ.......................................................................................... 21
Control component logctlsrv ...................................................................................... 21
CLI logctlcmd ............................................................................................................. 22
Supported logctlcmd commands ............................................................................... 22
Generating test events ............................................................................................... 23
Possible component architecture (predecessors / successors).......................................... 23
ii
FSM CALA User’s Guide

Communication between CALA components ..................................................................... 24
Default tcp ports used by CALA components..................................................................... 25
Event caching ..................................................................................................................... 25
7. Configuration file logctlsrv.conf ...................................................................................... 27
Global configuration instructions applicable to all components .......................................... 27
Configuration instruction serverlist............................................................................. 27
run instruction ............................................................................................................ 28
target Instruction ........................................................................................................ 29
port instruction ........................................................................................................... 29
Port list functionality ................................................................................................... 30
conf instruction........................................................................................................... 30
ip instruction............................................................................................................... 31
Serverlist functionality ................................................................................................ 31
Broadcast functionality............................................................................................... 31
8. Configuration GUI ................................................................................................................. 33
Using the CALA Configuration GUI .................................................................................... 33
Starting the GUI ......................................................................................................... 33
Setting up a new configuration (Create ...) ................................................................ 34
Opening an existing configuration (Open ...).............................................................. 35
Saving a created or changed configuration (Save, Save as) ..................................... 35
Exporting parts of the configuration for use with the CALA configurator ................... 36
Differences between CALAGUI configurations and CALA Configurator .................... 38
Altering the global configuration settings ................................................................... 38
Configuration instructions logctlsrv_port and logctlcmd_port............................ 39
Configuration instruction cala_srv_port (Windows systems only) ..................... 40
The configuration instructions logctlsrv_adapters and logctlcmd_adapters...... 40
Maintenance instruction .................................................................................... 41
More global settings................................................................................................... 42
Configuration check ................................................................................................... 42
component configuration............................................................................................ 43
9. Component-specific configuration...................................................................................... 45
Common settings................................................................................................................ 45
Display version information ........................................................................................ 48
ascfileread .......................................................................................................................... 50
ascfileread specific parameters and their setting in the configuration file .................. 50
ascfileread command line parameters ....................................................................... 54
ntevtlogread ........................................................................................................................ 55
ntevtlogread specific parameters and their setting in the configuration file................ 55
ntevtlogread command line parameters..................................................................... 58
tecfmtfilt .............................................................................................................................. 59
tecfmtfilt specific parameters and their setting in the configuration file ...................... 59
tecfmtfilt command line parameters ........................................................................... 61
v2fmtfilt ............................................................................................................................... 62
v2fmtfilt specific parameters and their setting in the configuration file ....................... 62
v2fmtfilt command line parameters ............................................................................ 63
calamon .............................................................................................................................. 65
calamon specific parameters and their setting in the configuration file...................... 68
calamon command line parameters........................................................................... 69
Structure of FIRs created by calamon ....................................................................... 69
snmpread............................................................................................................................ 71
snmpread specific parameters and their setting in the configuration file ................... 71
iii
FSM CALA User’s Guide

Snmpread command line parameters........................................................................ 73
Snmpread generated Events ..................................................................................... 73
mssqlread and oracleread .................................................................................................. 75
mssqlread/oracleread specific parameters and their setting in the configuration file. 75
mssqlread and oracleread command line parameters ............................................... 81
jdbcread.............................................................................................................................. 82
jdbcread specific parameters and their setting in the configuration file ..................... 82
msgclsfsrv........................................................................................................................... 84
Definition MessageMap File....................................................................................... 84
Definition RulesMap File ............................................................................................ 84
The basic msgclsfsrv window .................................................................................... 85
The Message Map Types window .............................................................................. 85
Definition of MessageMap Classification Type (MCT) ............................................... 86
MCT parameters and their setting in the configuration file................................ 86
MCT configuration parameters ................................................................. 87
The Message Map definition window......................................................................... 91
Default Mapping ................................................................................................ 92
Deleting slots..................................................................................................... 92
Special slots for duplicate detection .................................................................. 92
Another example for a complete message map definition................................. 93
Operations on FIR fields per Message Maps .................................................... 95
The Rules definition window ...................................................................................... 95
Definition of Rules Map Type (RMT) .......................................................................... 96
RMT parameters and their setting in the configuration file................................ 96
RMT configuration line parameters........................................................... 97
The Rules maps window.......................................................................................... 100
Rules Map Parameters and their setting in the configuration file .................... 100
Definition Base Event............................................................................................... 101
Reserved fieldnames and their meaning ................................................................. 101
Condition values ...................................................................................................... 103
Rules Map Example................................................................................................. 103
Completer definition window .................................................................................... 106
Completer Parameters and their setting in the configuration file..................... 106
Remapper definition window.................................................................................... 108
Remapper parameters and their setting in the configuration file..................... 108
Auxkeys definition window ....................................................................................... 110
Auxkeys parameters and their setting in the configuration file ........................ 110
the msgclsfsrv flowlimiter ......................................................................................... 111
msgclsfsrv command line parameters ..................................................................... 115
calaproxy .......................................................................................................................... 116
calaproxy specific parameters and their setting in the configuration file .................. 116
calaproxy command line parameters ....................................................................... 117
tecfmtemit ......................................................................................................................... 118
tecfmtemit specific parameters and their setting in the configuration file................. 118
tecfmtemit command line parameters...................................................................... 119
tecifcsrv ............................................................................................................................ 120
tecifcsrv specific parameters and their setting in the configuration file .................... 120
tecifcsrv command line parameters ......................................................................... 121
cmdemit ............................................................................................................................ 123
cmdemit specific parameters and their setting in the configuration file.................... 123
cmdemit command line parameters......................................................................... 124
cmdemit input events ............................................................................................... 124
iv
FSM CALA User’s Guide

smtpemit ........................................................................................................................... 125
smtpemit specific parameters and their setting in the configuration file................... 125
smtpemit command line parameters........................................................................ 126
smtpemit input events .............................................................................................. 126
snmpemit .......................................................................................................................... 126
snmpemit specific parameters and their setting in the configuration file.................. 127
snmpemit command line parameters....................................................................... 127
snmpemit input events ............................................................................................. 128
SNMPv1 .......................................................................................................... 128
SNMPv2c ........................................................................................................ 129
SNMPv3 .......................................................................................................... 129
Hint for SNMPv2c and SNMPv3 users ............................................................ 129
mysqlemit ......................................................................................................................... 131
mysqlemit specific parameters and their setting in the configuration file ................. 131
mysqlemit command line parameters ...................................................................... 134
jdbcemit ............................................................................................................................ 135
jdbcemit specific parameters and their setting in the configuration file .................... 135
reportemit ......................................................................................................................... 137
reportemit specific parameters and their setting in the configuration file ................. 137
reportemit command line parameters ...................................................................... 141
javasrv .............................................................................................................................. 143
javasrv specific parameters and their setting in the configuration file ...................... 143
javasrv command line parameters ........................................................................... 143
javasrv/pchread........................................................................................................ 144
remote component............................................................................................................ 145
remote component specific parameters and their setting in the configuration file ... 145
10. Security .............................................................................................................................. 147
Encrypted Communication ............................................................................................... 147
The one-time-pad encryption algorithm ................................................................... 147
Configuring encryption............................................................................................. 148
The crypttool..................................................................................................................... 150
Supervision of connections............................................................................................... 151
Encryption error events ............................................................................................ 152
Connection accepted event...................................................................................... 152
Accept timeout events.............................................................................................. 152
Connection lost events............................................................................................. 152
CALA communication over firewalls ................................................................................. 152
CALA communication over DMZ ...................................................................................... 153
Revert connections: Servers connecting to clients ........................................................... 155
clients waiting for servers to connect ....................................................................... 155
servers connecting to clients.................................................................................... 156
A sample client/server configuration using demand clients ..................................... 157
A. The v2 format ...................................................................................................................... 159
Storage form ..................................................................................................................... 159
Identifiers .......................................................................................................................... 159
General design of the v2 format ....................................................................................... 159
Comments................................................................................................................ 159
Header ..................................................................................................................... 160
Global Variables....................................................................................................... 160
Automatically assigned variables ............................................................................. 160
Variables to set timestamp....................................................................................... 161
v
FSM CALA User’s Guide

Classes and sub-expressions........................................................................................... 161
Classes .................................................................................................................... 161
Sub-expressions ...................................................................................................... 162
Expressions ...................................................................................................................... 162
Matching types......................................................................................................... 163
Character Match (individual characters).......................................................... 163
Character Match (individual characters by ASCII code).................................. 163
Multi match (multiple match) ........................................................................... 163
Constant string match ..................................................................................... 165
Subexpression match...................................................................................... 165
Mandatory, optional and repetitive expressions................................................................ 165
Mandatory expression.............................................................................................. 166
Optional expression ................................................................................................. 166
Optional repetitive expression.................................................................................. 166
Group binding ................................................................................................................... 167
Example of format file sna.v2s ......................................................................................... 168
B. The command table file format.......................................................................................... 170
C. msgclsfsrv Text Formatting............................................................................................... 172
Some examples how text formatting works ...................................................................... 173
D. Pchread XML Configuration .............................................................................................. 174
Properties ......................................................................................................................... 174
Request for historic data .......................................................................................... 175
Clusters, Hosts and Applications ...................................................................................... 175
Events............................................................................................................................... 176
Conditions ................................................................................................................ 176
Actions ..................................................................................................................... 177
E. CALA created events.......................................................................................................... 179
CALA Testevent ................................................................................................................ 179
Connection Accepted Event ............................................................................................. 179
Connection Lost Event ..................................................................................................... 180
Accept Timeout Event....................................................................................................... 180
Encryption Error Event ..................................................................................................... 181
Heartbeat Event................................................................................................................ 181
Status Events (Startup/Shutdown) ................................................................................... 182
F. Additional tools ................................................................................................................... 183
install_cala.sh ................................................................................................................... 183
General description.................................................................................................. 183
Parameters............................................................................................................... 183
Installation process .................................................................................................. 185
cala_untar.sh .................................................................................................................... 185
General description.................................................................................................. 185
Parameters............................................................................................................... 185
Examples ................................................................................................................. 186
brdcsttool .......................................................................................................................... 186
General description.................................................................................................. 186
Parameters............................................................................................................... 186
Examples ................................................................................................................. 187
testv2sfile and testfmtfile .................................................................................................. 187
General description.................................................................................................. 187
Parameters............................................................................................................... 187
Examples ................................................................................................................. 188
vi
FSM CALA User’s Guide

sendfir............................................................................................................................... 188
General description.................................................................................................. 188
Parameters............................................................................................................... 189
Examples ................................................................................................................. 189
d_v2fmtfilt and d_tecfmtfilt................................................................................................ 189
G. CALA Configurator............................................................................................................. 191
CALA Configurator Basics................................................................................................ 191
Supported components............................................................................................ 191
Standard architectures............................................................................................. 191
Restrictions .............................................................................................................. 191
General............................................................................................................ 191
ascfileread/ntevtlogread and tecfmtfilt/v2fmtfilt................................................ 192
calamon........................................................................................................... 192
TEC interface .................................................................................................. 192
Templates................................................................................................................. 193
Creating your own templates........................................................................... 193
Directory structure in the export directory of CALAGUI ........................................... 193
Directory structure on each Tivoli server ................................................................. 194
Synchronizing the Configurator repository............................................................... 194
Step 1: Synchronizing CALAGUI and TMR server.......................................... 194
Step 2: Synchronizing TMR server and Gateways.......................................... 195
Where to put files referenced from within a configuration ........................................ 195
Directory structure on client ..................................................................................... 195
Starting the Configurator.......................................................................................... 196
Input files (.cala files) ............................................................................................... 196
General parameters ........................................................................................ 196
.cala .................................................................................................. 196
ascfileread .............................................................................................. 197
ntevtlogread ............................................................................................ 197
snmpread................................................................................................ 197
mssqlread, oracleread ............................................................................ 197
reportemit (datatype specific definitions) ................................................ 198
msgclsfsrv............................................................................................... 198
cmdemit, mysqlemit, reportemit, smtpemit, snmpemit, tecfmtemit,
remote_component ........................................................................ 199
aux_*.cala........................................................................................................ 199
completer_*.cala.............................................................................................. 200
remapper_*.cala .............................................................................................. 200
calamon_*.cala................................................................................................ 201
javasrv_.cala .......................................................................... 201
report_*.cala.................................................................................................... 201
tec_*.cala......................................................................................................... 201
remote_*.cala .................................................................................................. 202
Referenced files ....................................................................................................... 202
Naming convention.......................................................................................... 202
Standard location ............................................................................................ 203
Details............................................................................................................................... 203
Detailed description of configuration........................................................................ 203
ascfileread ....................................................................................................... 203
ntevtlogread..................................................................................................... 203
tecfmtfilt / v2fmtfilt............................................................................................ 204
calamon........................................................................................................... 204
vii
FSM CALA User’s Guide

javasrv ............................................................................................................. 205
snmpread ........................................................................................................ 205
mssqlread / oracleread.................................................................................... 206
db_log_types ................................................................................................... 206
msgclsfsrv ....................................................................................................... 207
MCT................................................................................................................. 207
MessageMap entry.......................................................................................... 208
RMT................................................................................................................. 208
RulesMap entry ............................................................................................... 209
Auxkey entry.................................................................................................... 209
Completer entry............................................................................................... 210
Remapper entry .............................................................................................. 210
tecfmtemit........................................................................................................ 210
tecifsrv............................................................................................................. 210
reportemit ........................................................................................................ 211
remote components......................................................................................... 211
Example for .cala files, templates and the resulting configuration ........................... 211
fndw4log.cala - Definition for secondary datatype fndw4log ........................ 212
remapper_fnislog.cala - Definition for remapper ........................................ 212
tec_panagon.cala - Definition for tecifcsrv.................................................... 212
remote_panagon.cala - Definition for remote component ............................. 212
Template.......................................................................................................... 212
Resulting configuration file .............................................................................. 213
Configured components .................................................................................. 214
Configuration details of msgclsfsrv ............................................................... 214
H. A complete logctlsrv.conf .................................................................................................. 215
I. Detailed description of the status report ........................................................................... 218
configuration status .......................................................................................................... 218
environment ...................................................................................................................... 218
log control server queues ................................................................................................. 220
component status general properties ............................................................................... 220
target status...................................................................................................................... 222
client status....................................................................................................................... 223
ascfileread and ntevtlogread............................................................................................. 224
tecfmtfilt and v2fmtfilt........................................................................................................ 224
oracleread and mssqlread ................................................................................................ 225
mysqlemit ......................................................................................................................... 225
reportemit ......................................................................................................................... 226
How to detect configuration errors using the status output............................................... 226
J. Supported character sets................................................................................................... 227
List of supported character sets ....................................................................................... 227
K. Licenses .............................................................................................................................. 229
Overview........................................................................................................................... 229
The Apache Software License.......................................................................................... 231
The PHP License.............................................................................................................. 232
MySQL Commercial License ............................................................................................ 234
Non-Profits, Academic Institutions, and Private Individuals ..................................... 234
Recommendations ................................................................................................... 235
FOSS Exception ...................................................................................................... 235
Older Versions ......................................................................................................... 235
When in Doubt ......................................................................................................... 235
viii
FSM CALA User’s Guide

Cygwin API Licensing Terms ............................................................................................ 236
Mozilla Public License 1.1 (MPL 1.1) ............................................................................... 237
The Artistic License .......................................................................................................... 245
Sun Microsystems and Java Licenses.............................................................................. 248
JavaTM 2, Standard Edition (J2SETM) Specification (Specification)........................... 248
Sun Microsystems, Inc. Binary Code License Agreement ....................................... 250
BORLAND JBUILDER PROFESSIONAL VERSION 5..................................................... 253
SAX LICENSE .................................................................................................................. 264
Copyright Status ...................................................................................................... 264
No Warranty ............................................................................................................. 264
Copyright Disclaimers .............................................................................................. 264
W3C SOFTWARE NOTICE AND LICENSE ..................................................................... 265
The GNU Public License .................................................................................................. 266
The GNU Lesser General Public License......................................................................... 272
The MIT License............................................................................................................... 281
RSA Security Releases RSA Encryption Algorithm into Public Domain........................... 282
Net-SNMP License ........................................................................................................... 283
OpenSSL License............................................................................................................. 287
CookSwing License .......................................................................................................... 290
The java tar public domain license ................................................................................... 291
The MX4J License............................................................................................................ 292

ix
FSM CALA User’s Guide

List of Tables
5-1. Relationship between GUI parameters and command line options of install_cala.sh.......... 14

List of Figures
7-1. Format of the serverlist instruction....................................................................................... 27
7-2. Format of run instruction ...................................................................................................... 28
7-3. Format of targets instruction ................................................................................................ 29
7-4. Format of port instruction ..................................................................................................... 29
7-5. Format of conf instruction .................................................................................................... 30
7-6. Format of ip instruction ........................................................................................................ 31
8-1. Format of logctlsrv_port and logctlcmd_port instruction ...................................................... 40
8-2. Format of cala_srv_port instruction ..................................................................................... 40
8-3. Format of logctlsrv_adapters and logctlcmd_adapters instructions ..................................... 41
8-4. Format of maintenance instruction....................................................................................... 41
9-1. The port list configuration entry has the following format:.................................................... 46
9-2. Format of argument line containing port assignment........................................................... 46
9-3. Format of run statement....................................................................................................... 46
9-4. Format of run statement containing debug arguments ........................................................ 47
9-5. Displaying version information of snmpread ......................................................................... 49
9-6. An example configuration line for ascfileread....................................................................... 50
9-7. Format of pathlist instruction................................................................................................ 51
9-8. Format of ptrnlist instruction................................................................................................. 52
9-9. Format of assoc instruction.................................................................................................. 53
9-10. Format of evtlog instruction................................................................................................ 56
9-11. Format of spacereplacement instruction............................................................................ 56
9-12. Format of skip_old instruction ............................................................................................ 56
9-13. Format of prefilt_in and prefile_out instructions ................................................................. 57
9-14. Format of assoc instruction................................................................................................ 58
9-15. Format of formatlist instruction........................................................................................... 60
9-16. Format of formatlist instruction........................................................................................... 63
9-17. Format of cmdtab instruction ............................................................................................. 68
9-18. Format of type instruction ................................................................................................. 72
9-19. Format of class instruction ................................................................................................. 72
9-20. Format of prefilt_in and prefilt_out instructions .................................................................. 72
9-21. Some example configuration lines for mssqlread (identical for oracleread).................... 75
9-22. Format of db_log_types instruction.................................................................................... 76
9-23. Format of dbuser instruction .............................................................................................. 76
9-24. Format of database instruction .......................................................................................... 77
9-25. Format of table instruction ................................................................................................. 77
9-26. SQL statement used to find events .................................................................................... 77
9-27. Format of db_entry_id instruction ...................................................................................... 77
9-28. Format of map instruction .................................................................................................. 78
9-29. Format of copy_unmapped instrucion................................................................................ 78
9-30. Format of defaultclass instruction ...................................................................................... 79
9-31. Format of classmap instruction .......................................................................................... 79
9-32. Format of type instruction .................................................................................................. 79
9-33. Format of prefilt_in and prefilt_out instructions .................................................................. 80
9-34. Format of timestamp instruction......................................................................................... 80
9-35. Format of types instruction................................................................................................ 87
x
FSM CALA User’s Guide

9-36. Format of mct configuration line......................................................................................... 87
9-37. Format of mct type instruction............................................................................................ 88
9-38. Format of mct handledby instruction ................................................................................. 88
9-39. Format of mct msgmaps instruction................................................................................... 88
9-40. Format of mct eventframe instruction................................................................................. 89
9-41. Format of mct dupekey instruction ..................................................................................... 89
9-42. Format of message map definition..................................................................................... 91
9-43. Excerpt from the related message map file ....................................................................... 93
9-44. Format of rmt rules instruction ........................................................................................... 97
9-45. Format of rmt configuration line ......................................................................................... 97
9-46. Format of rmt for instruction............................................................................................... 97
9-47. Format of rmt type instruction ............................................................................................ 98
9-48. Format of rmt rulesmap instruction .................................................................................... 98
9-49. Format of rules map definition ......................................................................................... 100
9-50. Format of completers instruction...................................................................................... 106
9-51. Format of completers configuration line ........................................................................... 107
9-52. Format of remappers instruction ...................................................................................... 108
9-53. Format of remapper configuration line ............................................................................. 109
9-54. Format of auxkeys instruction .......................................................................................... 111
9-55. Format of auxkeys configuration line ............................................................................... 111
9-56. Format of flowlimiter instruction ....................................................................................... 112
9-57. Format of eventquota instruction.................................................................................... 113
9-58. Format of eventperiod instruction.................................................................................. 113
9-59. Format of unblock instruction.......................................................................................... 114
9-60. Format of blockedevent and unblockedevent instructions .......................................... 114
9-61. Event definition................................................................................................................. 114
9-62. Format of logfile instruction.......................................................................................... 115
9-63. Format of database instruction ............................................................... 131
9-64. Format of the dbuser instruction ...................................................................................... 131
9-65. Format of tableconf instruction......................................................................................... 132
9-66. Format of db_status instruction...................................................................................... 132
9-67. Format:............................................................................................................................. 133
9-68. Format of dest_file instruction.......................................................................................... 138
9-69. Format of report_slots instruction .................................................................................... 139
9-70. Format of critical_slot instruction ..................................................................................... 139
9-71. Format of critical_slots instruction.................................................................................... 140
9-72. Format of report_file instruction ....................................................................................... 140
9-73. Format:............................................................................................................................. 143
9-74. Format of javasrv commandline..................................................................................... 143
10-1. The one-time-pad communication schema ...................................................................... 147
10-2. The crypttool usage screen.............................................................................................. 150
10-3. CALA sending events over a firewall................................................................................ 152
10-4. CALA sending over a DMZ .............................................................................................. 153
10-5. Format of demand_targets instruction ............................................................................. 155
10-6. Format of demand_clients instruction .............................................................................. 156
A-1. Format of v2s spec expression.......................................................................................... 160
A-2. Format of v2s global bind expression ................................................................................ 160
A-3. Format of v2s class expression ......................................................................................... 161
A-4. Format of v2s subexpression definition ............................................................................. 162
A-5. Format of v2s subexpression call ...................................................................................... 162
A-6. Format of v2s constant string match ................................................................................. 165
A-7. Format of v2s constant string match with alternatives....................................................... 165
xi
FSM CALA User’s Guide

A-8. Format of v2s subexpression match.................................................................................. 165
D-1. the xml file header ............................................................................................................. 174
D-2. the xml file footer ............................................................................................................... 174
D-3. Format of event path ......................................................................................................... 176
F-1. Usage of brdcsttool............................................................................................................ 186
F-2. Usage of testv2sfile and testfmtfile .................................................................................... 187
F-3. Usage of sendif.................................................................................................................. 189

List of Examples
5-1. Example for using Connected drive/dir on MS Windows ..................................................... 11
5-2. Example for using Connected drive/dir on Unix ................................................................... 12
7-1. Example using serverlist ...................................................................................................... 27
7-2. Example using the run statement ........................................................................................ 28
7-3. Example targets usage ........................................................................................................ 29
7-4. Example targets usage with outgoing port........................................................................... 29
7-5. Example port usage ............................................................................................................. 30
7-6. Example conf usage ............................................................................................................ 30
7-7. Example ip usage ................................................................................................................ 31
7-8. Example ip instruction using the serverlist functionality....................................................... 31
8-1. Global settings in the logctlsrv.conf file.......................................................................... 39
8-2. Example for logctlsrv_port and logctlcmd_port usage ......................................................... 40
8-3. Example for cala_srv_port usage ........................................................................................ 40
8-4. Example for logctlsrv_adapters and logctlcmd_adapters usage.......................................... 41
8-5. Example for logctlsrv_adapters and logctlcmd_adapters usage.......................................... 41
8-6. Example for additional settings in logctlsrv.conf ............................................................ 42
9-1. Example configuration of logical server name ..................................................................... 46
9-2. Example portlist ................................................................................................................... 46
9-3. Example run statement containing port assignment ............................................................ 46
9-4. Example run statement ........................................................................................................ 47
9-5. Example of run statement containing debug arguments (not from the window above): ...... 47
9-6. Example pathlist instruction ................................................................................................. 51
9-7. Example ptrnlist instruction .................................................................................................. 52
9-8. Example assoc instruction ................................................................................................... 53
9-9. Files that would match with above pathlist, pattrnlist and assoc configuration .................... 53
9-10. An example configuration line for ntevtlogread............................................................... 55
9-11. Example evtlog instruction ................................................................................................. 56
9-12. Example spacereplacement instruction ............................................................................. 56
9-13. Example skip_old instruction ............................................................................................. 56
9-14. Example prefilt_in and prefilt_out instructions ................................................................... 57
9-15. Example for a pre-filter file to match all events from the SNMP and Print source:............. 57
9-16. Example assoc instruction ................................................................................................. 58
9-17. Another example for assoc instruction using different primary types................................. 58
9-18. An example configuration line for tecfmtfilt .................................................................. 59
9-19. Example formatlist instruction ............................................................................................ 60
9-20. An example configuration line for v2fmtfilt .................................................................... 63
9-21. Example formatlist instruction ............................................................................................ 63
9-22. An example message template.......................................................................................... 67
9-23. An example configuration line for calamon ........................................................................ 68
9-24. Example cmdtab instruction............................................................................................... 68
9-25. An example configuration line for snmpread ...................................................................... 71
xii
FSM CALA User’s Guide

9-26. Example type instruction................................................................................................... 72
9-27. Example class instruction .................................................................................................. 72
9-28. Example prefilt_in and prefilt_out instructions ................................................................... 73
9-29. Example db_log_types instrcution ..................................................................................... 76
9-30. Example dbuser instruction................................................................................................ 76
9-31. Example database instruction............................................................................................ 77
9-32. Example table instruction ................................................................................................... 77
9-33. Example db_entry_id instruction........................................................................................ 78
9-34. Example map instruction.................................................................................................... 78
9-35. Example copy_unmapped instrucion ................................................................................. 78
9-36. Example defaultclass instruction........................................................................................ 79
9-37. Example classmap instrucion ............................................................................................ 79
9-38. An example mapfile mapping the class of the created FIR to APP_Logon if the map field’s
value is LOGON:.................................................................................................................... 79
9-39. Example type instruction.................................................................................................... 80
9-40. Example prefilt_in and prefilt_out instructions ................................................................... 80
9-41. Examples for the timestamp instruction ............................................................................. 81
9-42. An example database string for jdbcread ......................................................................... 82
9-43. An example jdbread configuration using a mysql connector for connection to the local
database fndsdb ................................................................................................................ 82
9-44. These are the configuration lines created for the message map classification type: ......... 86
9-45. Example types instruction ................................................................................................. 87
9-46. Example mct configurationline ........................................................................................... 87
9-47. Example mct type instruction ............................................................................................. 88
9-48. Example mct handledby instruction ................................................................................... 88
9-49. Example mct msgmaps instruction .................................................................................... 88
9-50. Example mct eventframe instruction .................................................................................. 89
9-51. Example dupekey instruction ............................................................................................. 89
9-52. Another example of a complete MCT definition ................................................................. 90
9-53. Example message map definition ...................................................................................... 91
9-54. An example mapfile for the above map definition .............................................................. 92
9-55. Another example for a complete message map definition ................................................. 93
9-56. An example msgclsfsrv configuration with a rules map type definition .............................. 96
9-57. Example Format of rmt rules instruction ............................................................................ 97
9-58. Example rmt configuration line........................................................................................... 97
9-59. Example rmt for instruction ................................................................................................ 98
9-60. Example of rmt type instruction.......................................................................................... 98
9-61. Example rmt rulesmap instruction ..................................................................................... 98
9-62. Example of rmt corrkey instruction..................................................................................... 99
9-63. Another example of a complete RMT definition ................................................................. 99
9-64. Example rules map definition........................................................................................... 100
9-65. Example of rules engine usage with base events ............................................................ 101
9-66. Some example conditions ................................................................................................ 103
9-67. Example rules map definition........................................................................................... 104
9-68. Example rules map file..................................................................................................... 104
9-69. An example msgclsfsrv configuration using a completer ................................................. 106
9-70. Example completers instruction ....................................................................................... 107
9-71. Example completers configuration line ............................................................................ 107
9-72. Another completer example ............................................................................................. 107
9-73. An example msgclsfsrv configuration using a remapper.................................................. 108
9-74. Example remappers instruction ....................................................................................... 108
9-75. Example remapper configuration line .............................................................................. 109
xiii
FSM CALA User’s Guide

9-76. Another example for a remapper configuration line ......................................................... 109
9-77. An example message map using auxkeys ....................................................................... 110
9-78. An example msgclsfsrv configuration using auxkeys....................................................... 110
9-79. Example auxkeys instruction............................................................................................ 111
9-80. Examples auxkeys configuration line ............................................................................... 111
9-81. An example msgclsfsrv configuration using auxkeys....................................................... 111
9-82. Example flowlimiter instruction......................................................................................... 112
9-83. Format of the flowlimiter configuration line....................................................................... 112
9-84. An example flowlimiter configuration line ......................................................................... 112
9-85. Examples eventquota configuration line......................................................................... 113
9-86. Examples eventperiod configuration line....................................................................... 113
9-87. Examples unblock configuration line .............................................................................. 114
9-88. Examples blockedevent and unblockedevent configurations ...................................... 114
9-89. Examples logfile configuration line .............................................................................. 115
9-90. An example configuration line for calaproxy..................................................................... 116
9-91. An example configuration line for tecfmtemit ................................................................ 118
9-92. An example configuration line for tecifcsrc .................................................................. 120
9-93. An example configuration line for cmdemit ...................................................................... 123
9-94. An example configration line for smtpemit ...................................................................... 125
9-95. An example configuration line for snmpemit .................................................................... 127
9-96. Setting sysUpTime to current time ................................................................................... 129
9-97. Setting the snmpTrapOID variable ................................................................................... 130
9-98. An example mysqlemit configuration line........................................................................ 131
9-99. Example database instruction................................................................. 131
9-100. Example the dbuser instruction...................................................................................... 131
9-101. Example tableconfinstruction ......................................................................................... 132
9-102. Example db_status instruction ..................................................................................... 132
9-103. Example: ........................................................................................................................ 134
9-104. An example database string for jdbcread ..................................................................... 135
9-105. An example jdbread configuration using a mysql connector for connection to the local
database fndsdb .............................................................................................................. 135
9-106. An example configuration line for reportemit .............................................................. 137
9-107. Example dest_file instruction ......................................................................................... 138
9-108. Example dest_file instruction using % expressions......................................................... 138
9-109. Example report_slots instruction.................................................................................... 139
9-110. Example critical_slot instruction..................................................................................... 139
9-111. Example critical_slots instruction ................................................................................... 140
9-112. Example report_file instruction ...................................................................................... 140
9-113. A sample report template:.............................................................................................. 141
9-114. An example result for the above template...................................................................... 141
9-115. An example configuration line for javasrv .................................................................... 143
9-116. Example: ........................................................................................................................ 143
9-117. An example configuration line for a remote component ................................................. 145
10-1. Example ip chains rules ................................................................................................... 154
10-2. Example demand_targets instruction ............................................................................. 156
10-3. Example demand_clients instruction ............................................................................... 157
10-4. A client configuration using demand targets .................................................................... 157
10-5. A server configuration: using demand clients .................................................................. 157
A-1. Example of comments in v2s............................................................................................. 159
A-2. Example of a v2s spec expression .................................................................................... 160
A-3. Example of a v2s global bind expression .......................................................................... 160
A-4. Example of a v2s class expression.................................................................................... 161
xiv
FSM CALA User’s Guide

A-5. Example of a v2s subexpression definition........................................................................ 162
A-6. Example of a v2s subexpression call................................................................................. 162
A-7. Example v2s character match: matching the letter A ......................................................... 163
A-8. Example v2s: matching a sequence of alphanumeric chars ............................................. 163
A-9. Example for a mandatory v2 expression group ................................................................. 166
A-10. Example for an optional v2 expression group.................................................................. 166
A-11. Example for an optional-repetitive v2 expression group .................................................. 166
A-12. Example for a v2s group bind expression........................................................................ 167
A-13. An example v2s format file .............................................................................................. 168
C-1. Using the first 5 characters of the user field to process a Message Map definition........... 172
C-2. An example message map for the above definition........................................................... 172
D-1. An example properties configuration................................................................................. 175
D-2. An example event tag ........................................................................................................ 176
D-3. Example of a valid event rule definition ............................................................................. 178
E-1. Creating a test event for ascfileread .................................................................................. 179
F-1. Example: calling testfmtfile ................................................................................................ 188
F-2. An example configuration line for d_v2fmtfilt ..................................................................... 190
H-1. a complete logctlsrv.conf ............................................................................................. 215
I-1. An example status output.................................................................................................... 218
I-2. An example status output of environment settings ............................................................. 219
I-3. An example status output of queue entries......................................................................... 220
I-4. An example process status output ...................................................................................... 222
I-5. An example target status output ......................................................................................... 223
I-6. An example encryptionlevel output ..................................................................................... 223
I-7. An example stream status output........................................................................................ 224
I-8. An example formatfile status output.................................................................................... 225
I-9. An example database connection status output (reader).................................................... 225
I-10. An example database connection status output (emitter) ................................................. 226
I-11. An example reportemit status output ................................................................................ 226

xv
FSM CALA User’s Guide

List of Screenshots
Installer login screen ..................................................................................................................... 7
The installers’ main window .......................................................................................................... 7
Selecting the product in the installer main window........................................................................ 8
The installers main window for installation of calamoma .............................................................. 8
The installation confirmation dialog............................................................................................... 9
The file transfer progress window ............................................................................................... 10
The installation result window ..................................................................................................... 10
The installer remote settings panel ............................................................................................. 11
Choosing the file transfer method ............................................................................................... 12
Choosing the remote execution methd........................................................................................ 12
Setting MS Windows ftp server to UNIX mode............................................................................ 13
CALA installer further options ..................................................................................................... 13
CALA installer informational messagebox for completing installation ......................................... 14
The CALAGUI Configuration menu .............................................................................................. ??
The CALAGUI new configuration dialog...................................................................................... 34
The default HP-UX client configuration. ...................................................................................... 34
The open configuration dialog ..................................................................................................... 35
The save configuration file dialog................................................................................................ 36
The options dialog when saving a configuration ......................................................................... 36
The .cala files export dialog ........................................................................................................ 36
The Check secondary data types dialog ..................................................................................... 37
The Global configuration parameters dialog ............................................................................... 38
Theresult window of Check loaded configuration........................................................................ 42
The components context menu ................................................................................................... 43
The Settings of connection to Source dialog............................................................................... 43
The Settings of connection to Target dialog ................................................................................ 43
A sample settings window for a CALA component...................................................................... 45
The Settings of ascfileread dialog ............................................................................................... 50
The Settings of ntevtlogread dialog............................................................................................. 55
The Settings of tecfmtfilt dialog ................................................................................................... 59
The Settings of v2fmtfilt dialog .................................................................................................... 62
The Settings of calamon dialog................................................................................................... 65
The Settings of snmpread dialog ................................................................................................ 71
The Settings of mssqlread dialog................................................................................................ 75
The Settings of msgclsfsrv dialog ............................................................................................... 85
The MessageMap Types dialog .................................................................................................. 85
The message map definition dialog ............................................................................................ 91
The rules definition dialog ........................................................................................................... 96
The rules maps dialog............................................................................................................... 100
The completer definition dialog ................................................................................................. 106
The remapper dialog ................................................................................................................. 108
The auxkeys definition dialog .................................................................................................... 110
The tecfmtemit settings dialog .................................................................................................. 118
The tecifcsrv settings dialog...................................................................................................... 120
The cmdemit settings dialog ..................................................................................................... 123
The settings of smtpemitdialog ................................................................................................. 125
The settings of snmpemit dialog ............................................................................................... 126
The settings of reportemit dialog............................................................................................... 137
The settings of remote_component dialog ................................................................................ 145

xvi
FSM CALA User’s Guide

Chapter 1. Copyright Notice
FileNet System Monitor
(June, 2007)
Copyright © 2000-2007 by CENIT AG Systemhaus, Germany, including this documentation and
all software. All rights reserved. May only be used pursuant to a CENIT AG Systemhaus
Software License Agreement.
No part of this publication maybe reproduced, transmitted, transcribed, stored in a retrieval
system, or translated into any computer language, in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, manual, or otherwise, without prior written permission
of CENIT AG Systemhaus. CENIT AG Systemhaus grants you limited permission to make
hardcopy or other reproductions of any machine-readable documentation for your own use,
provided that each such reproduction shall carry the CENIT AG Systemhaus copyright notice. No
other rights under copyright are granted without prior written permission of CENIT AG
Systemhaus. The document is not intended for production and is furnished as is without warranty
of any kind. All warranties on this document are hereby disclaimed including the warranties of
merchantability and fitness for a particular purpose.
Note to U.S. Government Users Documentation related to restricted rights Use, duplication or
disclosure is subject to restrictions set forth in GSA

Trademarks
The following product names are trademarks of Tivoli Systems or IBM Corporation: AIX, IBM,
OS/2, RS/6000, Tivoli Management Environment, TME 10, Tivoli, Tivoli Enterprise Console
(T/EC).
Microsoft, Windows, Windows NT, Windows 95 and the Windows logo are trademarks or
registered trademarks of Microsoft Corporation.
UNIX is a registered trademark in the United States and other countries licensed exclusively
through X/Open Company Limited.
Hewlett Packard, HP, and HP-UX are trademarks or registered trademarks of Hewlett Packard
Corporation.
Other company, product, and service names mentioned in this document may be trademarks or
servicemarks of others.

Notice
References in this publication to Tivoli Systems or IBM products, programs, or services do not
imply that they will be available in all countries in which Tivoli Systems or IBM operates. Any
reference to these products, programs, or services is not intended to imply that only Tivoli
Systems or IBM products, programs, or services can be used. Subject to Tivoli Systems or IBM’s
valid intellectual property or other legally protectable right, any functionally equivalent product,
program, or service can be used instead of the referenced product, program, or service. The
evaluation and verification of operation in conjunction with other products, except those expressly
designated by Tivoli Systems or IBM, are the responsibility of the user.

1
Chapter 1. Copyright Notice

CENIT AG Systemhaus may have patents or pending patent applications covering subject matter
in this document. The furnishing of this document does not give you any license to these patents.
You can send license inquiries, in writing, to the
CENIT AG Systemhaus, Product Marketing Tivoli Plus Modules, Industriestr. 52-54, 70565
Stuttgart, Germany

2
Chapter 1. Copyright Notice

Chapter 2. Notices
This document contains information proprietary to FileNet Corporation (FileNet). Due to
continuing product development, product specifications and capabilities are subject to change
without notice. You may not disclose or use any proprietary information or reproduce or transmit
any part of this document in any form or by any means, electronic or mechanical, for any
purpose, without written permission from FileNet.
FileNet has made every effort to keep the information in this document current and accurate as
of the date of publication or revision. However, FileNet does not guarantee or imply that this
document is error free or accurate with regard to any particular specification. In no event will
FileNet be liable for direct, indirect, special incidental, or consequential damages resulting from
any defect in the documentation, even if advised of the possibility of such damages. No FileNet
agent, dealer, or employee is authorized to make any modification, extension, or addition to the
above statements. FileNet may have patents, patent applications, trademarks, copyrights, or
other intellectual property rights covering subject matter in this document. Furnishing this
document does not provide any license to these patents, trademarks, copyrights, or other
intellectual property.
Please take a few moments to read the End User License Agreement on the FileNet System
Monitor 4.0.0 documentation CD. By installing the FileNet System Monitor 4.0.0 software, the
customer agrees to be bound by the terms of this agreement. FileNet System Monitor,
copyright-protected by CENIT AG Systemhaus, is licensed and rebranded by FileNet
Corporation. FileNet, ValueNet, Visual WorkFlo, and OSAR are registered trademarks of FileNet
Corporation. Document Warehouse and UserNet are trademarks of FileNet Corporation. All
other product and brand names are trademarks or registered trademarks of their respective
companies. See the Centera License Agreement for copyright information pertaining to EMC
Centera.
Copyright © 1984, 2007 FileNet Corporation. All rights reserved.
FileNet Corporation 3565 Harbor Boulevard Costa Mesa, California 92626 USA
800.FILENET (345.3638) Outside the U.S., call: 1.714.327.3400
www.filenet.com (http://www.filenet.com)

3
Chapter 2. Notices

Chapter 3. About this document
Who Should Read This Guide
The target audience for this guide are system administrators who use the FSM CALA. Users of
the guide should have some knowledge about Unix and/or Windows operating system and the
FSM CALA.

List of documents
FileNet System Monitor CALA Guide
Datatypes that can be processed by the FSM CALA
FileNet System Monitor Monitoring Guide
Description of all monitors contained in FileNet System Monitor
FileNet System Monitor Task Guide
Description of all tasks contained in FileNet System Monitor
FileNet System Monitor Users Guide
Installation guide
FileNet System Monitor Release Notes
Description of changes and bugfixes

General information
Where you find this guide
You can find this documentation on the FSM installation CDROM in the following folder:
UNIX: /INSTALL/docs
Windows: :\INSTALL\docs

Typeface Conventions
The guide uses several typeface conventions for special terms and actions. These conventions
have the following meaning:
code Keywords and code examples occur like this
varname Variable names occur like this
filename File names occur like this
constant Constants and names of tasks, monitors etc. appear like this

4
Chapter 3. About this document

command Command names appear like this
parameter Parameters and options for commands apperar like this
userinput Values that th user must provide appear like this
Computer output Output from programs appears like this

guilabel Names of windows, dialogs, and other controls appear like this
Programlistings appear like this:
001
002
...
003

# a program listing
echo "This is an example program listing (shell script) with nothing bu .
t an extremly long echo command"
exit 0

Note: The character . at the end of a line in a computer output or program listing shows, that the
line has been wrapped and is continued in the next line.

Contacting FileNet Support
We are very interested in hearing from you about your experience with the product. We welcome
your suggestions for improvements.
If you encounter difficulties with the FSM please contact the FileNet support
(http://www.filenet.com).

5
Chapter 3. About this document

Chapter 4. FSM CALA Overview
FSM CALA (CALA)
CALA consists of the following components
•

CALA binaries The programs which implement the different CALA functions

•

CALA GUI The graphical User Interface to design, test and create CALA environments

CALA Binaries
•

Receive (read) events from different event sources (active and passive event management,
Logfile, Event log, Syslog, SNMP, active Monitoring)

•

Process events (filtering, manipulation, correlation, formatting)

•

Sends events to different destinations (T/EC, SNMP manager, SMPT email, report files,
execution of commands)

CALA GUI
•

Used to design a layout of CALA components (CALA architecture)

•

Design testing

6
Chapter 4. FSM CALA Overview

Chapter 5. Installation
General Installation Information
This chapter describes the CALA installation process.

Non-Tivoli CALA Installer
This version of CALA supports the graphical installation of CALA on all supported platforms.
The CALA Installer can be invoked by executing the script setup.sh on the FSM CDROM. On
Windows platforms you can use the Batch program setup.bat to start CALA Installer.

• For Windows JRE 1.4 is installed on the CD
• Non-Windows users need JRE or JDK 1.4 to start the CALA installation GUI.
• You need not set the environment variable JDK if the java binary can be found in your PATH.

General description
setup.sh or setup.bat starts the CALA installation GUI. CALA Installer is a Java GUI interface
for the installation script install_cala.sh (see Annex for further information about
install_cala.sh).

If the CALA installer is started from the WebConsole in a full FSM environment, you must login to
the cala_rex server before the installer window is shown.

Installer login screen

This is the installer main window:

7
Chapter 5. Installation

The installers’ main window

The CALA installation GUI is used to install CALA itself and its associated tools CALAGUI,
V2SEdit and CalaMoMa.
The product is selected from the product listbox. Depending on product selection, some of the
GUI components are disabled.

Selecting the product in the installer main window

8
Chapter 5. Installation

The installers main window for installation of calamoma

The configuration selection area and the CALA cache dir entry field are only enabled if cala is
selected, they are not needed for the installation of any CALA tool.
The JDK path is only editabled for the java tools calamoma, v2sedit and calagui.
The source directory is shown for informational purpose only and is not editable in any case.

Installing a product on the local machine
To install a product on the local machine, the following steps have to be done:
•

select a product

•

customize target directory and possibly JDK path

•

CALA only: you may choose a default configuration from the configurations listbox and set its
parameters in the settings dialog which appears after pressing the Set configuration variables
button. You can copy and adjusrt an existing configuration by pressing the Copy configuration
from ... button.

•

press the Install button

This will show the installation confirmation dialog window.

9
Chapter 5. Installation

The installation confirmation dialog

If the installation has been confirmed, the installation files are transferred from the source (cd or
ftp server) to the target directory,

The file transfer progress window

and the installation process is started. The installation progress is displayed in the results
window. The button of this window is enabled only after the installation process has terminated
(with or without success).

The installation result window

10
Chapter 5. Installation

Remote installation
The CALA installer is enabled to install products on a remote machine if the following
preconditions are fulfilled:
•

the target directory on the remote machine can be accessed via a local mounted drive or
directory, ftp or cala_rex .

•

the target machine allows rlogin, telnet or cala_rex to start the installation process. If the target
directory is accessible, but no remote login is allowed (neither rlogin nor telnet nor cala_rex ),
at least the installation files can be copied to it (see description of the Copy files only checkbox
below).

If the CALA installer is started directly from CD, the File transfer method box contains the option
Connected drive/dir only. The Remote execution method box contains the option Rlogin only.
If the CALA installer is started from the WebConsole in a full FSM environment, the File transfer
method box contains the options cala rex and Connected drive/dir. The Remote execution method
box contains the option cala rex only.
The configuration can be changed to allow more protocols if required.
To install on a remote machine select the remote machine radio button. This enables the
comboboxes for Filetransfer and Remote execution as shown in the screenshot below

The installer remote settings panel

The Install method area contains two lines: the first line configures the file transfer to the target
host and the second configures the remote execution.
If the Copy files only checkbox is selected, the installation files are only copied to the target
directory without starting the installation process. A setup script or batchfile is created which can
be run manually to complete the installation. A dialog box shows how the installation can be
completed.
The file transfer can be done either by ftp, via a locally mounted drive (Windows system) or
directory (nfs on unix) or via cala_rex. Select the transfer type from the listbox.
If ftp is selected, a user and password for accessing the remote host must be given. When
choosing Connected drive/dir , the mount point (or drive) on the installing host and the drives or
directories original name on the target host are needed. These additional parameters can be
entered after pressing the ... button to the right of the Filetransfer combobox.
When choosing cala rex , no further parameters are needed.

11
Chapter 5. Installation

CALA should be installed on drive C: on a remote host. This drive is connected to Z: on the
installing machine, so Z: is the mount point and C: is the original drive.

Example 5-1. Example for using Connected drive/dir on MS Windows

CALA should be installed in directory /opt/FileNet/SysMon/cala on a remote host. The
directory /opt/FileNet/SysMon is connected to /mnt on the installing machine, so /mnt is the
mount point and /opt/FileNet/SysMon is the original directory.

Example 5-2. Example for using Connected drive/dir on Unix

Choosing the file transfer method

The second line sets the remote execution protocol telnet, rlogin ot cala_rex.
If Rlogin is selected, a password may not be needed the appropiate field can therefor be left
empty. If telnet is selected, a user and password for accessing the remote host must be given.
These additional parameters can be entered after pressing the ... button to the right of the
Remote execution combobox.,
When choosing cala rex , no further parameters are needed.

Choosing the remote execution methd

To start the installation, perform the following actions:
•

select a product

•

select the remote machine button
12

Chapter 5. Installation

•

enter the ftp user and password or the mount point and original directory if required

•

enter the telnet or rlogin user and password if required

•

customize target directory and possibly JDK path

•

CALA only: you may choose a default configuration from the configurations listbox and set its
parameters in the settings dialog which appears after pressing the Set configuration variables
button.

•

press the Install button

The following installation process is the same as for local installation, see above for details.
Information for users of the Microsoft Windows ftp server and telnet servers: When the
Microsoft Windows ftp server (part of the internet information server IIS) is used, it must be ensured,
that the directory listing style is set to Unix for all directories accessed by the CALA tools.

Setting MS Windows ftp server to UNIX mode

The Windows telnet server must be configured not to use NTLM authentification. The NTLM
authentification parameter must be set to 0. (Use the tlntadmn tool to configure the telnet server.)

Further installation options
The options located in the Install options panel control system-specific settings such as autostart.

CALA installer further options

Keep monitor settings
If this checkbox is selected, the current monitoring configuration on the client will not be
replaced by original monitor settings contained in the selected configuration archive.
Reconfigure only
If this checkbox is selected, the binaries will not be transferred during the installation
process. The configuration file will be recreated according to the settings in the Set
configuration variables dialog.
13
Chapter 5. Installation

Create environment file
Tells the installation script to create the environment file set_cenit_env.sh in the directory
/etc/cenit (on UNIX) or /etc/cenit (on Windows) or in a subdirectory of this directory.
Uninstall
Check this option to remove the product from the selected client.
Autostart

•

Select After installation and at boot time to create the links that are required to start CALA
at boot time (UNIX) or to register the CALA service for automatic startup (Windows).
CALA will be started after successful installation as well.

•

Select After installation to start CALA only after installation.

•

Select None if CALA should not be started automatically at all.

CALA installer informational messagebox for completing installation

The Unpack binaries checkbox is available for CALA only and is selected by default. If it is
unchecked, only the CALA configuration, but not the binaries are copied or updated at the target
host. This feature is useful when using the CALA Configurator and should only be used by
experts.
Select the Verbose mode box to get further information from the installation process. This may be
helpful if the installation fails.

Relationship between installer GUI install_cala.sh
The following table shows the relation between the parameters and the command line options of
install_cala.sh.

parameter

corresponds to

Product

-product

source directory

-sourcedir

Chapter 5. Installation

Default value (if any)
subdirectory Images on the
same level as current
directory; if ../Images does
not exist, current directory
14

parameter

corresponds to

Default value (if any)

Target directory

-targetdir

current directory

CALA cache dir:

-cachedir

current directory

JDK path

-jdkdir

Directory where the java
binary used to start the CALA
installation GUI is located

Unpack binaries

-untar

Uninstall product

-remove

(not specified)

Keep monitor settings

-keepmonitors

(not specified)

Table 5-1. Relationship between GUI parameters and command line options of
install_cala.sh

For details see description of install_cala.sh in Annex 9: Additional tools.

15
Chapter 5. Installation

Chapter 6. Component Architecture
CALA is realized as a multi component Client/Server architecture, which enables customers to
realize any kind of centralized and distributed Logfile and monitoring architecture. Almost all
components are available on a comprehensive list of platforms (see restrictions on below site).

CALA System platforms
For detailed information about supported server and client platforms check the latest release
notes.

Supported JAVA JRE or JDK versions (CALAGUI and
CALA V2S Editor prerequisite)
For detailed information about required Java JRE or JDK versions for JAVA tools check latest
release notes.

Implementation on Microsoft Windows based systems
Implementation of CALA on the Windows system platform has been implemented as an
Windows Service.

CALA installation as Windows Service
Installation of the Windows Service is performed using the program cala_srv.exe.
Installation with start mode manual : cala_srv.exe -install
Installation with start mode automatic : cala_srv.exe -auto

CALA de-installation on Windows systems
To remove the CALA Windows service start cala_srv.exe -remove from the command line.

Configuration file logctlsrv.conf for a Windows service
installation
If CALA is installed as an Windows service, configuration file logctlsrv.conf must either be
placed in directory/folder %SystemRoot%\system32\config or in a directory/folder of your
choice, which is mapped to the environment variable CALA_DIR of the Windows system
environment.
The CALA Windows service reads environment variables CALA_DIR and CALA_CACHE_DIR
out of the registry (registry key
16
Chapter 6. Component Architecture

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cala_srv) if they are not
mapped in the environment.
If all registry keys are set properly (see chapter Tivoli integration, Post distribution: CALA
installation for details) there is no need to reboot the Windows system.
Note: The CALA processes can also be started as a normal program instead of an Windows service. In
this case the CLI-program logctlcmd (refer to description) should be used should be used for starting
and stopping of the CALA components.

Note: On Windows, CALA needs the file PSAPI.DLL to be available on the system. The file is
automatically installed with CALAin the CALA installation directory and must not be removed.

Client / Server Architecture
To satisfy various requirements (source-independent duplicate recognition, performance,
configuration during operation), a specific client/server architecture was developed for the CALA
system which distinguishes between the following functions:
•

Reading of event sources

•

Event filtering

•

Classification and duplicate recognition

•

Transmitting data (e.g. sending events to the T/EC)

All component of this architecture can be implemented on various systems, or just on a single
system (computer).
This diagram illustrates a possible architecture of the CALA system:

17
Chapter 6. Component Architecture

This open architecture enables CALA to be implemented at almost any desired level of
complexity or heterogeneity.
In addition, the CALA firewall component calaproxy can be interposed between any FIR-based
component.

Implemented components
Read-only component (Reader)
Readers can be used to read event sources. Event sources can be regular files (Logfiles) or
pipes, but also Windows Event Logs. The following readers are components of the CALA module:
Component
name

Component type Description

ascfileread

ASCII File reader This component reads files and pipes available in ASCII
format.

ntevtlogread

Windows Event
Log reader

This component reads out the Windows Event Log.

mssqlread

MS SQL
database reader

This component reads logfiles written into a ms sql
database.

oracleread

Oracle database
reader

This component reads logfiles written into a oracle
database.

jdbcread

JDBC database
reader

This component reads logfiles written into a database
accessible via JDBC.
18

Chapter 6. Component Architecture

For all readers there is a special CLI parameter (-E ), which should be used whenever the
intention is solely to process events from the sources being read and which have been written to
(generated) since the adapter was started.
Note: As an option, other readers can be implemented on a customer-specific basis.

Filter component (Filter)
Filters are used to disassemble data streams, which were read out of event sources by readers.
In all cases, readers are only able to transmit to filters because only they have the ability to
disassemble unstructured data streams into events (FIRs) based on format definitions (format
files).
In technical terms, filters are arranged between the reader and the processing process or the
emitter process.
Component
name

Component type Description

tecfmtfilt

T/EC Format filter Interprets and classifies input from components
ascfileread and ntevtlogread based on Tivoli .fmt files.
This protects existing customer investment in format
files.

v2fmtfilt

Complex filter

This component filters and interprets input from reader
ascfileread based on the CALA-format description.

Event generating components
Component
name

Component type Description

snmpread

SNMP trap
receiver

Receives SNMP traps and forwards them as CALA
events (FIRs) to the specified targets.

calamon

Monitoring
engine

Executes monitoring scripts/programs and generates
events (FIRs) depending on return codes or output.

Processing server msgclsfsrv (Message Classification Server)
Correlation system msgclsfsrv is the brain behind CALA and is used for duplicate detection,
event handling and computing (basic forms of computing).
Event handling includes the functions of event suppression as well as escalation (change in
severity).
Component
name

Component type Description

Chapter 6. Component Architecture

19

Component
name

Component type Description

msgclsfsrv

Classification
server

This component is the brain behind CALA. It contains
the functions of classification, duplicate detection, event
suppression and escalation.

Sub components Rules Engine and Message Mapping
(msgclsfsrv sub components)
The rules engine and the massage mapping component are subcomponents of the message
classification server and are used to process correlating events and timer on events as well as
any manipulation on events.
For detailed information about the Rules Engine and the Message Mapping Component refer to
related sub chapters within this chapter.

Sub component Completer (msgclsfsrv sub component)
The sub component Completer in process msgclsfsrv is used for downstream (i.e. after
processing by the central processing server) bulk setting or deleting of slots (Tivoli T/EC slots) as
a function of other existing or unmapped slots, or to fade out slots.
Language constructs such as if!, unless! or for! are implemented for processing purposes based
on the existence (if) or absence (unless) of slots.
Application area:
Mapping of unmapped default slots, e.g. severity.
Fading out of mapped slots, e.g. those required for internal processing.

Sub component Remapper (msgclsfsrv sub component)
Sub component Remapper in process msgclsfsrv is capable of re-mapping slot contents, or of
defining new slots.
This enables the system to rename event class names in a customer-specific manner.
Example:
Changing LogfileBase to _LogfileBase.
Comment: the event class _LogfileBase must be defined in a BAROC file.

Emitter components
Emitters (Senders) are used for sending or subsequently processing events, e.g. after a report
has been raised. The following emitters/senders are available:
Component
name

Component type Description

Chapter 6. Component Architecture

20

Component
name

Component type Description

tecfmtemit

T/EC-EventPreparation

This component prepares the logs to be processed and
sends them to the T/EC transmit component (see
below).

cmdemit

Task Engine

This component is capable of executing any commands.
Parameters are read out of Message Map files.

reportemit

Reporting Emitter This component is used for all the events. Events may
be reported in T/EC Event dump format or in a own
format specified in a template file.

snmpemit

SNMP Trap
Emitter

This components throws SNMP events from received
CALA FIRs.

smtpemit

SMTP Emitter

This component sends emails to report the received
CALA FIRs.

jdbcemit

Database Emitter This component writes events to a database accessible
via JDBC.

T/EC transmit component
Component
name

Component type Description

tecifcsrv

T/EC Interface
Server

This component sends prepared events to the T/EC.
There are 3 variants of this component:
• Secure Version: oserv communication
(ManagedNode)
•

Unsecure Version: TCP/IP communication (EIF)

•

Endpoint Version: Tivoli TMA communication

Application proxy for DMZ
Component
name

Component type Description

calaproxy

Application proxy

This component is used as an application proxy in
Demilitarized Zones (DMZ). This sends received FIRs to
a downstream component on a computer on the far side
of a firewall.

Control component logctlsrv
Component
name

Component type Description

Chapter 6. Component Architecture

21

Component
name

Component type Description

logctlsrv

Control server

This component is used to control and configure all other
CALA components.

Logctlsrv is controlled using the CLI (command line interface) logctlcmd. Logctlcmd reads
configuration information from the file logctlsrv.conf and starts the process logctlsrv, which
then takes control of the configuration management of all other CALA component.

CLI logctlcmd
The Command Line Interface logctlcmd is used on all platforms supported by external control of
the CALA component.
Note: Starting and stopping the CALA component on Windows systems can be implemented by the
Windows Service Manager (refer to CALA installation as an Windows service) as well.

Supported logctlcmd commands
startup
Starting the CALA component. A CALA Windows installation is started by the command net
start cala_srv if CALA is installed as a service.
shutdown
Stopping the CALA component. A CALA Windows installation is stopped by the command
net stop cala_srv if CALA is installed as a service.
restart
Restarts the CALA component
status
Status query of the CALA component. In addition to the output of all status information for
the installed CALA component, output includes information about the Tivoli environment
employed as well as important CALA environment variables.
reconfigure
Reconfiguration of the CALA component during runtime. Changes to the configuration
(configuration file logctlsrv.conf) are taken into account at this time.
maintenance_on
Activation of the Maintenance Level (processing is delayed)
maintenance_off
Deactivation of the Maintenance Level (processing is restarted)

22
Chapter 6. Component Architecture

test 
This command is employed in order to generate a CALA test event from a component. This
test event can be used to test communication between the component (local on a computer
or on a remote computer).
Note: The CALA programs need a shared library which has to be available to them. See the following
table for the name of the library and the environment variable to be set to it s path.

operating system

filename of shared library environment variable

MS Windows

libcala.dll

PATH

AIX

libcala.so

LIBPATH

Solaris

libcala.so

LD_LIBRARY_PATH

Linux

libcala.so

LD_LIBRARY_PATH

HP-UX

libcala.sl

SHLIB_PATH

Generating test events
Apart from the emitters (senders), all components are able to generate test events. This means
that communication can be tested between the individual components. Test events can be
generated using the CLI call:
logctlcmd test 

Possible component architecture (predecessors /
successors)
The following table illustrates the possible component architecture with predecessors (previous
stage) and successor (subsequent stage).

Componentname

predecessor

successor

ascfileread

-

tecfmtfilt, v2fmtfilt

ntevtlogread

-

tecfmtfilt v2fmtfilt

tecfmtfilt

ascfileread, ntevtlogread

any FIR processing componenta

v2fmtfilt

ascfileread, ntevtlogread

any FIR processing componenta

snmpread

-

any FIR processing componenta

calamon

-

any FIR processing componenta

mssqlread

-

any FIR processing componenta

oracleread

-

any FIR processing componenta

jdbcread

-

any FIR processing componenta

Chapter 6. Component Architecture

23

Componentname

predecessor

successor

javasrv / pchread

-

any FIR processing componenta

msgclsfsrv

any FIR generating componentb

any FIR processing componenta

cmdemit

any FIR generating componentb

-

reportemit

any FIR generating componenta

-

snmpemit

any FIR generating componenta

-

smtpemit

any FIR generating componenta

-

jdbcemit

any FIR generating componenta

-

tecfmtemit

any FIR generating componenta

tecifcsrv (end, sec, uns)

calaproxy

any FIR generating componenta

any FIR processing componenta

remote component

any FIR generating componenta

any FIR processing componenta,
tecifcsrv (end, sec, uns)

tecifcsrv (end, sec, uns)

tecfmtfilt

-

Notes:
a. FIR processing components are:
• msgclsfsrv
• cmdemit
• reportemit
• tecfmtmit
• calaproxy
• snmpemit
• smtpemit
• jdbcemit
• remote component
b. FIR generating components are:
• tecfmtfilt
• v2fmtfilt
• calamon
• snmpread
• msslread, oracleread, jdbcread
• javasrv / pchread
• msgclsfsrv
• calaproxy
• remote component

Communication between CALA components
Communication between individual CALA components is based on TCP/IP communication with
variable package size.
The data records read in (Logs, Windows Event Log, Syslog, etc.) are transferred by the filter
processes to Filter Input Records (FIR) which form the basis for communication between all
other CALA components.
When this standardized data object (FIR) is implemented for CALA component communication,
CALA components are able to link up in almost any conceivable order.

24
Chapter 6. Component Architecture

The data (FIRs) can be transmitted through ports configured in any desired manner, and every
component can also receive or transmit data via any desired number of ports.

Default tcp ports used by CALA components
The following table shows the default tcp ports used by CALA components. Chapter 10
"Configuration file logctlsrv.conf" describes how the port settings can ne changed.

component name

default port

logctlsrv

23861

logctlcmd

23860

ascfileread

23831

ntevtlogread

23832

calamon

23833

snmpread

23834

oracleread

23835

mssqlread

23836

jdbcread

23837

tecfmtfilt

23838

V2fmtfilt

23839

msgclsfsrv

23840

calaproxy

23841

tecfmtemit

23842

cmdemit

23843

reportemit

23844

snmpemit

23845

smtpemit

23846

tecifcsrv

23847

jdbcemit

23848

Event caching
If a component looses contact with a downstream component during the transmission of events,
these events are then stored in a cache file. In this case, the client process tries to reconnect to
the server every 5 seconds.

25
Chapter 6. Component Architecture

As soon as a new connection can be established, the cached event can be transmitted. Once the
transmission confirmation has been received, the cache entries are deleted.
Cache files are stored in the directory/folder defined by the environment variable
CALA_CACHE_DIR. If CALA_CACHE_DIR has not been set, environment variables TEMP and
TMP (with Windows also the SystemRoot) are evaluated. If none of these variables has been set,
the cache file is stored in the current directory/folder.
Note: The cache files are named ...cache, so they may not be displayed by a
normal ls call.

26
Chapter 6. Component Architecture

Chapter 7. Configuration file logctlsrv.conf
The entire configuration of CALA is performed by the file called logctlsrv.conf which must be
present on every system equipped with any CALA component.
logctlsrv.conf contains all communication and start information required for the CALA
configuration component implemented on the computer to operate locally, as well as other
component-dependent options.
Important: This chapter is only intended to explain the format. Configuration file logctlsrv.conf is
generated using the graphic configuration program CALAGUI which is part of the CALA Plus
Module. CALAGUI only supports configuration files for later changes (re-opening a configuration)
which were generated from itself. It may not be possible for the CALAGUI to further process
manually changed logctlsrv.conf files (i.e. to read them back in).

Format of configuration instructions
All logctlsrv.conf file entries follow the same format
={,}
Comment: these instructions are constructed hierarchically and reflect the tree structure.

Global configuration instructions applicable to all
components
The following chapter contains the global (once per configuration) and supra-component
parameters/instructions. These instructions are now described in abridged form, each one being
explained with an example.

Configuration instruction serverlist
The instruction is the only instruction which is a mandatory requirement for the configuration file.
serverlist describes the list of components which have to be started on the corresponding system
by the control command logctlcmd.

serverlist=

Figure 7-1. Format of the serverlist instruction

If a component has to send data (FIRs) for a downstream component to another computer, the
name of the component on the downstream computer has to be part of the list.

27
Chapter 7. Configuration file logctlsrv.conf

001
...

serverlist=tecifcsrv,tecfmtemit,msgclsfsrv,tecfmtfilt,v2fmtfilt,ascfiler .
ead

Example 7-1. Example using serverlist

Note: Comment: The sequence reflects the starting sequence for components.

Every component featured in the serverlist instructions list requires a separate configuration
entry which controls the parameters and communication routes governing this component and
downstream components.
The general structure is as follows:
=!{,!}

run instruction
The run instruction describes the commandline call of the relevant component with parameters

run!

Figure 7-2. Format of run instruction

The parameter -P  is a mandatory requirement for each component, it defines the
communication port for the component.
All CALA components also support parameter -d which, in the event of error
diagnosis being required, describes the diagnosis file for all outputs. Parameter -d must directly
be followed by the name of the logfile (no blanks are allowed) with or without path indication.

Caution
Diagnosis files from various components can reach a size of several hundred
Megabytes within just a few minutes.

001

run!tecfmtemit P 51967 dtecfmtemit.diag

Example 7-2. Example using the run statement

The above example defines port 51967 as the communication port for the component
tecfmtemit. Diagnosis information is directed to filename tecfmtemit.diag. In case of several
28
Chapter 7. Configuration file logctlsrv.conf

ports being used, these port numbers must be indicated in the form of a list, separated by a
semicolon.
For complete description of all parameters refer to the appendix.

target Instruction
The target instruction describes the list of components which follow this component and therefore
receive data (FIRs) from the current component.

targets!{,}

Figure 7-3. Format of targets instruction

001

targets!tecifcsrv

Example 7-3. Example targets usage

This example defines the CALA component tecifcsrv as a target component for output data
(FIRs)
By default the outgoing port (the local port which is used to establish the connection with a
server) is choosen by the system and can therefore by any available port. For security purpose
when communication via a firewall, it may be useful to define the outgoing port, which can be
done by adding : to the target component.

001

targets!tecfmtemit:5656,calaproxy:5655

Example 7-4. Example targets usage with outgoing port

port instruction
The port instruction is needed for inter-process communication. This port must match the port
number of the run instruction. In the case of several ports being used, these port numbers must
be indicated in the form of a list, separated by a semicolon.

29
Chapter 7. Configuration file logctlsrv.conf

port!{;}

Figure 7-4. Format of port instruction

port number: tcp communication port, on which the process listens for incoming data.

001

port!51967

Example 7-5. Example port usage

Note: The server components can be configured for a range of ports.

Port list functionality
On both client and server side, a list of ports (separated by semicolons) can be indicated.
Components can use these for communication purposes (on the output end) and can be
addressed via them in return (input end).

conf instruction
The conf instruction is used for configuration management (logctlcmd and logctlsrv).
All sub instructions are defined by using the conf instruction are assigned to the relevant
process, then made available to the remaining CALA components (configuration management).

conf!{,}

Figure 7-5. Format of conf instruction

001

conf!run;port;targets

Example 7-6. Example conf usage

30
Chapter 7. Configuration file logctlsrv.conf

The aforementioned conf instruction defines sub instructions run, port and targets for these
components. The configuration management function supplies/updates all CALA components
with this information.
Note: run and port do not have to be specified explicitly.

ip instruction
The ip instruction is needed whenever the component being described is installed on a different
computer (multi-stage CALA concept).

ip!

Figure 7-6. Format of ip instruction

Note: If the ip instruction is set, no run and no conf instruction can exist for these components.

001

msgclsfsrv=ip!foo.bar.com

Example 7-7. Example ip usage

In this case, the server foo.bar.com is used as a target system. Data (FIRs) for msgclsfsrv is
sent to this host for further processing.

Serverlist functionality
Instead of one IP address or hostname, a list of targets hosts can be specified. The single
hostnames/IP addresses are separated with semicolons (;). When connecting to the server, a
client will try the hosts in the given order and connect to the first host accepting its request. In
other words, if the first server fails to respond, the next server on the list is used.

001

msgclsfsrv=ip!foo.bar.com;thud.grunt.com;194.39.165.97

Example 7-8. Example ip instruction using the serverlist functionality

31
Chapter 7. Configuration file logctlsrv.conf

Broadcast functionality
Client components can use the BROADCAST wildcard instead of an IP address/hostname to
make use of the implemented broadcast functionality. After a start or after a breakdown in
communication with a server, the component searches for a new server via the defined port (port
list) in the local network.
Entry BROADCAST must be used within the server list of the remote component, "enable
broadcasting" must be ticked at the receiving component.
For broadcasting on a specific subnet, BROADCAST: can be used.

32
Chapter 7. Configuration file logctlsrv.conf

Chapter 8. Configuration GUI
There is a graphical user interface for configuration which creates the CALA-configuration file as
well as a Tivoli ACP Profile for distribution purposes.

Using the CALA Configuration GUI
The configuration GUI is used for creating CALA configurations. Every component-specific
parameter can be set using the graphical system.
The menu item Open (Configuration−→Open) is used to read an existing configurations, the menu
item Create (Configuration−→Create) enables the creation of a new configuration. The
configuration system is able to create pure Tivoli ACP Profiles as well as only the CALA
configuration file.

Starting the GUI
CALAGUI can be started with the batch file calagui.bat on Windows systems or with the shell
script calagui.sh on UNIX. Both scripts are located in the calagui directory.
CALAGUI supports the following options:
-c 
specifies the directory that contains the configuration files for CALAGUI.
Default: conf (This value should not be changed.)
-o 
specifies the standard output directory for configurations. It is recommended that you create
a subdirectory for each configuration and its related files.
Default: data
-s 
specifies the path to additional scripts that are executed when a configuration is saved.
Default: scripts
-x
specifies the output path for exporting .cala files.
Default: export
Note: The export directory is used as repository for files related to the CALA Configurator. At the
moment, you must synchronize your CALAGUI installation(s) and the TMR Server manually. For
details about the subdirectories created in the export directory and the synchronization process
between CALAGUI, TMR Server and ManagedNodes see the annex, section Directory structure in the
export directory of CALAGUI.

If you want to change the default values, you must edit the corresponding start script. It is
currently not possible to specify the options on the command line.

33
Chapter 8. Configuration GUI

The architecture window opens whenever the configuration tool starts. All available functions
(Create, Open, Save, etc.) are arranged under menu item Configuration

The CALAGUI Configuration menu

Setting up a new configuration (Create ...)

The CALAGUI new configuration dialog

To create a configuration, please select menu item Create ... in the Configuration menu.
Select a configuration name of your choice, a Tivoli ProfileManager name for generating an ACP
Profile, the target platform and the type of configuration.
Note: The type of configuration is only used to select the default settings to be used for the
architecture. These settings can then be modified later.

Pressing the OK button loads the selected architecture into the architecture window, based on
standard definitions.
34
Chapter 8. Configuration GUI

The default HP-UX client configuration.

The illustrated example contains the default client HP-UX architecture.

Opening an existing configuration (Open ...)
To open an existing configuration, please select menu item Open ... in the Configuration menu.
Select the desired configuration by selecting the appropriate configuration file.

The open configuration dialog

The existing configuration is then loaded into the architecture window.

Saving a created or changed configuration (Save, Save as)
Saving with the menu option Save is used to save a new or existing configuration, Save as ... is
used to save an existing configuration under a different name. If the configuration being saved
35
Chapter 8. Configuration GUI

has not already been assigned a configuration file (using Create ... or Save as ... ), the following
file browser window is opened.

The save configuration file dialog

Enter the desired name of the configuration file (any name can be selected) and confirm by
pressing the Save button. Another menu box then appears on screen.

The options dialog when saving a configuration

Select the type of Save process (Only configuration file or ACP Profile) and confirm by pressing
the OK button. The configuration created is then saved under the specified name.It is
recommended that you create a subdirectory for each configuration and its related files.

Exporting parts of the configuration for use with the CALA
configurator
Input files for the CALA configurator can be created by selecting the menu entry Export .cala files.
A new dialog window opens, where the user can select the data types to be exported.

36
Chapter 8. Configuration GUI

The .cala files export dialog

Secondary data type export
Each of the secondary data types of the loaded configuration can be selected for export.
General data export
The general data types need a unique postfix to be given. This enables for example several
remote components to be configured.
After selecting the data types to be exported and pressing Check and continues export , the
configuration of the selected data types is checked e.g. if the name of the prefilter and message
map files are conform to the naming conventions. Warnings from this check shouldn t be ignored
non-conform files will be ignored by the CALA configurator.

The Check secondary data types dialog

37
Chapter 8. Configuration GUI

Selecting Save now from the check window creates the export files. All files are created in
subdirectories of the export directory specified with the x switch in the start script of CALAGUI. A
subdirectory is created for each secondary data type. All referenced files (format files, map files )
that can be found in the directory where the configuration is saved and that are conform to the
naming convention are copied to the corresponding export directory.
Note: If any referenced file do not exist within the directory where the configuration file is located, not
all required files will be present after export. All missing files need to be copied manually afterwards.

For more information about the CALA configurator and the exported file format refer to chapter
CALA Configurator in the appendix.

Differences between CALAGUI configurations and CALA
Configurator
There are some differences between configuration files that are saved from CALAGUI and
configurations that are generated by CALA Configurator even if you compare an "original"
configuration and a configuration that was generated from the .cala files exported from the
"original":
•

The port numbers for the components are taken from the template file. The port for the remote
component is the only one that is taken from the original configuration.

•

The logical names of the components as well as the binary names in the run-statements are
taken from the template file.

•

If you want to start CALA under a specific user you must specify this user and the
corresponding password as parameter for the task Generate profile for CALACFG. The
user specified in the global configuration settings in CALAGUI will not be passed to the ACP
record generated for CALA Configurator.

•

If you want to export settings for a client configuration as well as for a server configuration that
contain the same secondary data types, you must include both configurations in one
configuration file. This is required because the .cala files are rewritten each time you export a
configuration file that contains definitions for a secondary data type that was exported before.

Altering the global configuration settings
The menu option Global configuration settings can be used for subsequent changes to global
settings in a configuration.
Note: Maintenance windows for the CALA can be also specified in this window.

38
Chapter 8. Configuration GUI

The Global configuration parameters dialog

Any desired number of maintenance windows can be configured. Simply ensure that settings do
not overlap. Global settings are set by pressing the OK button.
Global settings in the configuration file
The configuration shown above will result in the following configuration lines:

001
002
003
004

logctlsrv_port=11000
logctlcmd_port=11001
cala_srv_port=10999
maintenance=Fri 2300;Sat 0300;01 2200;02 0500

Example 8-1. Global settings in the logctlsrv.conf file

Configuration instructions logctlsrv_port and logctlcmd_port
To change the TCP port used by the logctlsrv and logctlcmd programs, use the instructions
logctlsrv_port and logctlcmd_port in the configuration file. If no port is set for one of these
programs, the default port (51956 for logctlsrv and 51952 for logctlcmd) is used.
The ports for log control server (logctlsrv) and log control command (logctlcmd) are taken
from the GUIs entry fields Port of log control server and Port of log control command
Note: If any of these ports are provided as command line argument to logctlcmd, the given port(s)
is/are used instead of the port(s) from the configuration file.

39
Chapter 8. Configuration GUI

Note: CALA should can only be configured to use port numbers in the range from 1025 to 65535. Do
not change the ports manually to any number outside this range!

001
002

logctlsrv_port=
logctlcmd_port=

Figure 8-1. Format of logctlsrv_port and logctlcmd_port instruction

001
002

logctlsrv_port=11000
logctlcmd_port=11001

Example 8-2. Example for logctlsrv_port and logctlcmd_port usage

Configuration instruction cala_srv_port (Windows systems only)
If the Windows Service is used, the port for this service can also be set in the configuration file. If
not specified cala_srv uses the default port 51951.

001
002

cala_srv_port=
logctlcmd_port=

Figure 8-2. Format of cala_srv_port instruction

001

cala_srv_port=10999

Example 8-3. Example for cala_srv_port usage

The configuration instructions logctlsrv_adapters and logctlcmd_adapters
These instruction are used to specify the network adapters used by logctlcmd and logctlsrv. By
default these programs listen on the loopback device only, which means, that only local
processes can connect to them.
This behavior prevents the logctlsrv from being attacked by remote invaders, but is also denies
requests from remote logctlcmds.To open the log control server for communication with remote
processes set logctlsrv_adapters to the network adapters from which connections are allowed.

40
Chapter 8. Configuration GUI

To enable a log control command to communicate to remote processes, the affected network
devices have to be given in the logctlcmd_adapters instruction.This instructions can be
overwritten by using the logctlcmd command line parameter

001
002

logctlsrv_adapters={:}
logctlcmd_adapters={:}

Figure 8-3. Format of logctlsrv_adapters and logctlcmd_adapters instructions

001
002

logctlsrv_adapters=10.0.114.201
logctlcmd_adapters=10.0.114.201:192.168.1.1

Example 8-4. Example for logctlsrv_adapters and logctlcmd_adapters usage

Maintenance instruction
The maintenance instruction defines fix maintenance windows which occur periodically. Those
maintenance windows are set in the GUIs Maintenance Window settings table.
Within a maintenance window, CALA does not read any events from the event sources. Reading
from sources is resumed when the maintenance window is over. All events created within a
maintenance window are discarded by the CALA components, even if they are read outside a
maintenance window.

001
...

maintenance=[ | ] <2digit hours><2digit minutes>{ .
;[ | ] <2digit hours><2digit minutes>}

Figure 8-4. Format of maintenance instruction

001

maintenance=Fri 2300;Sat 0300;01 2200;02 0500

Example 8-5. Example for logctlsrv_adapters and logctlcmd_adapters usage

Fixed maintenance windows are configured in the configuration file by using the maintenance
instruction. Each maintenance window consist of a pair of dates, given in the following format:
[ | ] <2digit hours><2digit minutes>
A daily maintenance window only contains the part for hours and minutes (no dayofweek or
dayofmonth is given). Hours are given in the 24 hours format.

41
Chapter 8. Configuration GUI

A weekly maintenance window also contains a three letter abbreviation of the weekday followed
by a blank and the hour- and minute-string. A monthly maintenance window is configured giving
the day of the month, followed by a blank and the hour- and minute-string.
The example given above defines one weekly maintenance window from 23:00 on Friday to
03:00 on Saturday and one monthly maintenance windows from 22:00 on each 1 st of the month
to 5:00 on each 2 nd .

More global settings
There are some more global settings like operating system, profile manager, configuration name,
user and password, which are needed for configuration purposes. For details refer to chapter
Analysis of configuration file.

001
002
003
004
005

#operating-system: nt
#profile-manager: ACP for CALA
#name of configuration: NT_Client
#user: cala
#password: 1b14460e00

Example 8-6. Example for additional settings in logctlsrv.conf

Configuration check
You can use the menu option Check loaded configuration to check your CALA configuration.

Theresult window of Check loaded configuration

42
Chapter 8. Configuration GUI

component configuration
Each component has a context menu, which opens when pressing the right mouse button while
the cursor is placed over the component.

The components context menu

If the menu item Delete component is chosen, the selected component is removed from the
configuration.
The menu entry Settings opens the component specific configuration window. Due to individual
parameters every component has its own configuration window, see chapter Component-specific
configuration for details. The components configuration window can also be opened by double
clicking the component.
Selecting one of the menu options Edit sources and Edit targets will open another dialog.

The Settings of connection to Source dialog

43
Chapter 8. Configuration GUI

The Settings of connection to Target dialog

Both dialogs are very similar:
•

Add new Source or Add new Target will create a new component (a dialog for selecting a logical
name and component type will appear) and connect it to the currently selected component.

•

Connect with existing Source Connect or Connect with existing Target shows a list box where the
user can choose the component to connect to.

•

To remove a component from the source/target list, select the source/target in the left list box
and choose Delete component . This will remove the selected source/target component from
the list.

•

The changes can be applied by pressing Ok or discarded by selecting Cancel

44
Chapter 8. Configuration GUI

Chapter 9. Component-specific configuration
By double clicking on a component symbol, the components settings dialog window appears.
This settings dialog differs between the components, but some fields are common.

Common settings
This is a sample settings window, the window of the component calaproxy, which is explained
later.

A sample settings window for a CALA component

The first element of each settings dialog is the choice Component type where the type of the
component is specified (calaproxy in this example). The dialogs face depends on the
components type and may change if the type is changed.
Logical name
This entry field contains the logical name of the component, which must be unique within the
configuration.

45
Chapter 9. Component-specific configuration

The logical name is used to address the components configuration. The logical name will
appear in the serverlist and as the identifier for the components configuration line.

001
002
...

serverlist= calaproxy
calaproxy=run!calaproxy -P 11022,port!11022,targets!remote_emit, conf!p .
ort;run;targets

Example 9-1. Example configuration of logical server name

Portlist (port instruction)
The port list gives the ports, the process listens on, at least one port has to be defined for
each process. The same port number must not be used for two components on the same
machine.
001

port!{;}

Figure 9-1. The port list configuration entry has the following format:

001

port!11022

Example 9-2. Example portlist

For local processes, there is a need to given the port number on the argument line.
001
...

 -P {: | -:}[-]

Figure 9-2. Format of argument line containing port assignment

001

run!calaproxy -P 11022

Example 9-3. Example run statement containing port assignment

Run statement (run instruction)
The entry field Run statement sets the binary of this component. The first 7 characters are
fix, because they specify the components type which is calapro (which stand for
calaproxy) in this case. When using the same component twice on one machine, different
binary files must be used.
46
Chapter 9. Component-specific configuration

001

run!

Figure 9-3. Format of run statement

001

run!calaproxy -P 11022

Example 9-4. Example run statement

Debugging
If the Checkbox Enable debug mode is set, the process creates a log file for debugging. If no
filename is given in Debug filename , the log is written to diag_log.txt There is also a list
box for setting the debug level. The debug level can be set to any number between 0 (report
everything) and 9 (report only fatal failures). If no debug level is chosen, all messages are
written into the debug file.
001

 -d[[::]]

Figure 9-4. Format of run statement containing debug arguments

001

run!calaproxy -P 11022 d:5:calaproxy.log

Example 9-5. Example of run statement containing debug arguments (not from the
window above):

Supplementary parameters
Any other program argument can be set here. There are some common arguments, which
are described here. Some components have special arguments, please refer to the
components description.
parameter

example

description

default
value

-M 

-M100

max. number of client connections to accept

100

-SF

-SF

stop sever if bind to socket fails

disabled

-NSR

-NSR

don’t allow socket rebind

allowed

-CT

-CT30

set connection timeout before caching (a cache file 30
is created if no connection to a server could be
created for  seconds)

-CM


sets the maximum size of the cache file (in bytes)
CM5000000

Chapter 9. Component-specific configuration

5000000

47

parameter

example

description

default
value

-CD 

-CD1440

sets the max. age for cached events before they
are discarded, 0 disabled discarding

0

-AT  -AT60

timeout for receiving acknowledges from server
(seconds)

120

-AS  -AS2

server acknowledge sending period (seconds)

2
disabled

-CLE

-CLE

create connection lost events

-CAE

-CAE

create connection accepted events for all accepted disabled
connection from remote clients

-CAT


-CAT60

Sets the connection accept timeout this is the time
(in seconds) in which the client has to send a first
data package after connecting. If  is a
positive value, a accept timeout event is created if
any client connected but didn t send any data , if
 is negative, no event is created. -CAT0
disables this feature

-30

-ZHEARTBEAT_PERIOD=
Tells the component to create heartbeat events

ZHEARTBEAT_PERIOD=120
periodically. (Does not work for ascfileread,
snmpemit and smtpemit.)

disabled

-ZCREATE_STATUS_EVENTS=1
Creates CALA startup and shutdown events.

disabled

ZCREATE_STATUS_EVENTS=1
These Events are only send to remote servers or to
T/EC. (Does not work with ascfileread.) There is
a special implementation of startup/shutdown
events for snmpemit and smtpemit refer to chapter
Configuring status events of snmpemit and
smtpemit in the appendix for details.
There are some more parameters for encryption, please refer to chapter Security for further
information.
The following parameters are set by the CALAGUI and must not appear in the
supplementary parameters text field:
parameter

example

description

default
value

-P 

-P 16001

port(s) to open for event reception several ports
none
can be given separated by colons, a port range can
be given like this: <1st port>-.

-d [:
- :]filenamecreates a log file loglevel can be a number between don’t create

d:3:msgclsfsrv.log
0 (log everything) and 9 (log only fatal errors), be
a logfile
aware, that log files may grow very fast if loglevel
is set low
-SB

-SB

enable broadcast server

-AB
-AB
sets on which network device (give by ip address)
{:} 10.0.114.201the component should listen for events, several

disabled
listen on all
devices

devices may be separated by colons the loopback
device is added automatically

48
Chapter 9. Component-specific configuration

Display version information
All component binaries can also be called from the command line using the -v parameter, which
prints a version information. The SNMP components snmpread and snmpemit also display the
version of the used snmp library.

[c:\opt\cenit\cala].\snmpread -v
*******************************************************************
**
**
**
snmpread is part of the CENIT Advanced Logfile Adapter
**
**
**
**
version: 2.01-064 - generation date: Jun 26 2003 10:57:18
**
**
**
**
(c)1999-2002 CENIT AG Systemhaus
**
**
**
*******************************************************************
**
NET-SNMP version 4.2.3
**
*******************************************************************
[c:\opt\cenit\cala]

Figure 9-5. Displaying version information of snmpread

49
Chapter 9. Component-specific configuration

ascfileread
The ASCII file reader component reads the data from one or more configured files and sends it
to a filter for further processing. The ascfileread window is used for defining all files, directories,
folders and the related data formats for reading out files and pipes.
Wildcards (*, ?) can be used for directories/folders as well as for filenames. There are also
additional wildcards to define logfiles and to specify hours, days, months and years within file
names. E.g. if a logfile is to be monitored with a 2-digit month and a 4-digit year number at the
end of its name (logfile_06-2000), the wildcard used for defining its name would look like this:
logfile_MM-YYYY

The Settings of ascfileread dialog

ascfileread specific parameters and their setting in the
configuration file
The following configuration line was created from the window above:

001
...
...

ascfileread=run!ascfileread -P 11002,port!11002,targets!tecfmtfilt;v2fmt .
filt,pathlist!1;/var/adm;2;/fnsw/local/logs/elogs,ptrnlist!1;messages;2 .
;elogYYYYMMDD,assoc!1;1;tec;solaris_syslog;2;2;v2;fn_log,conf!port;run; .

50
Chapter 9. Component-specific configuration

targets;pathlist;ptrnlist;assoc

...

Figure 9-6. An example configuration line for ascfileread

pathlist instruction
pathlist defines the list of paths (directories/folders) in which logfiles are searched. Its
parameters are taken from the GUI configuration from the column Path definitions.
001

pathlist!;{;;}

Figure 9-7. Format of pathlist instruction

001

pathlist!1;/var/adm;2;/fnsw/local/logs/elogs

Example 9-6. Example pathlist instruction

The above example defines two directories/folders in which the logfiles being processed
may exist. A unique number must be defined for each path. This number is referenced using
the assoc instruction described below.
The separate configuration of paths and filename simplifies configuration if the same pattern
has to be used for several paths. (E.g. if you are looking for the pattern *.log in three
different paths, the pattern has to be configured only once.)
Wildcards and variables requiring interpretation that can be used in pathnames.

Supported wildcards:
*
designates any sequence of characters
?
designates any character

Variables requiring interpretation:
HH

two-digit hour display
MM

number of month, two-digit
DD

day, two-digit
YY

number of year, two-digit

51
Chapter 9. Component-specific configuration

YYYY

number of year, four-digit

ptrnlist instruction (pattern list)
The ptrnlist instruction defines the list of file patterns used for processing purposes. The
ptrnlist parameters are taken from the GUI configuration from the column Pattern definitions.
ptrnlist!;[:]{;; .
[:]}

001
...

Figure 9-8. Format of ptrnlist instruction

ptrnlist!1;messages:UTF-8;2;elogYYYYMMDD

001

Example 9-7. Example ptrnlist instruction

Wildcards and variables requiring interpretation are used to describe filenames.

Supported wildcards:
*
designates any sequence of characters
?
designates any character

Variables requiring interpretation:
HH

two-digit hour display
MM

number of month, two-digit
DD

day, two-digit
YY

number of year, two-digit
YYYY

number of year, four-digit
For a list of supported encoding refer to Supported character sets.
For every pattern entry a number is assigned which reflects the assoc instruction described
below for reflecting the path/filename combination to be processed.
52
Chapter 9. Component-specific configuration

•

The above example defines two file patterns which are interpreted at run time.

•

The first pattern addresses a file named messages which is expected to be UTF-8
encoded.

•

Sample 2 is used to define precise daily logfiles, starting with elog. On 20.12.2000 this
configuration would, for example, process filename elog20001220. The file is exptected to
use the default system encoding.

• sna*.err

would address all filenames beginning with prefix sna and extension .err.

• messages.?

would identify all messages files having a one character extension.

By default the ascfileread checks every 5 minutes for new matching paths and files.
assoc instruction
The assoc instruction associates paths from the pathlist with file patterns from the ptrnlist
instruction. Each row from the Settings of ascfileread window’s table generates one assoc
entry in the configuration file.
001
...

assoc!;;;{;;;;}

Figure 9-9. Format of assoc instruction

001

assoc!1;1;tec;solaris_syslog;2;2;v2;fn_log

Example 9-8. Example assoc instruction

PathlistX represents a previously defined path number, ptrnlistX represents a previously
defined filename number (pattern).
The parameter  can be selected from values and represents the relation to
logfiles which can be described as .fmt, represents the logical link to complex data formats.
The parameter  can be selected from one of the format names defined
under formatlist. (see configuration of filter components).
This prompts a search for the following directory/folder combination:
• /var/adm/messages

(type tec/solaris_syslog)

• /fnsw/local/logs/elogs/elogYYYYMMD

(type v2/fn_log)

Example 9-9. Files that would match with above pathlist, pattrnlist and assoc
configuration

Note: To read pipes on Microsoft Windows \\pipe\ must be given as path, the pipes name has to be
given as filename.

53
Chapter 9. Component-specific configuration

ascfileread command line parameters
These parameters can be set in the field supplementary parameters

parameter

example

description

default
value

-E

-E

When opening a logfile the first time: skip all old
events, send only new events

disabled

-e

-e

Skip all old events each time a logfile is opened, send disabled
only new events

-U


-U 60

Sets the period when ascfileread looks for new files 300
in seconds.

-H
-H
 foo.bar.com

Sets the name of the host, ascfileread runs on. The
hostname is requested by gethostname() function if
this parameter is not given.

use gethostname()

-B

-B5

Specifies the max. number of 16K blocks to be send
to the filters each second. This parameter should be
used with care, because it may result in some
unknown error events.

no limit

-O

-OUTF-8

Specifies the default character set to be used for
reading files if no encoding is specified.

the system
default

54
Chapter 9. Component-specific configuration

ntevtlogread
The ntevtlogread (NT Event log Reader) is used for reading the Microsoft Windows Event log.
The Settings of ntevtlogread window is used to define all read functions and parameters. For
every event log (system, security, application or any user defined eventlog), a dedicated
secondary data type can be assigned. This makes it possible to use a separate format file for
every type of eventlog.

The Settings of ntevtlogread dialog

ntevtlogread specific parameters and their setting in the
configuration file
The following configuration line was created from the window above

001
...
...
...
...
...

ntevtlogread=run!ntevtlogread -P 11003,port!11003,targets!tecfmtfilt,evt .
log!1;system;2;application;3;security,spacereplacement!1;1;2;1;3;1,asso .
c!1;tec;nt_system;2;tec;nt_application;3;tec;nt_security,skip_old!1;1;2 .
;1;3;0,prefilt_in!2;prefilt_nt_app.flt,prefilt_out!3;prefilt_nt_sec.flt .
,conf!port;run;targets;evtlog;spacereplacement;assoc;skip_old;prefilt_i .
n;prefilt_out

Example 9-10. An example configuration line for ntevtlogread

evtlog instruction
evtlog defines which eventlogs the reader should read. The eventlogs are given as a pair
;.
55
Chapter 9. Component-specific configuration

The popup menu of the text field Eventlog name shows a selection of standard eventlog ids
for Windows NT and Windows 2000 systems. Selecting a id from the popup menu pastes
this id into the text field.
001

evtlog!;{;;}

Figure 9-10. Format of evtlog instruction

001

evtlog!1;system;2;application;3;security

Example 9-11. Example evtlog instruction

This defines, that the Microsoft Windows system, application and security eventlogs
must be read and each of them is given a numeric id (system=1, application=2, security=3).
spacereplacement instruction
Defines if blanks should be replaced by underscores for fields source and sid. The
instruction consist of a pair ; for each logfile. If  is set to 1 this
means "spacereplacement on", 0 means "spacereplacement off".
001

spacereplacement!;0|1{;;0|1}

Figure 9-11. Format of spacereplacement instruction

001

spacereplacement!1;1;2;1;3;1

Example 9-12. Example spacereplacement instruction

This example switches space replacement on for the three defined event logs (system,
application and security).
skip_old instruction
If this parameter is set for a logfile, all entries which have a timestamp before 0:00 clock of
the current day, are discarded. The instruction consist of a pair ; for each
logfile. If  is set to 1 this means "skip old entries", 0 means "process old entries".
001

skip_old!;[0|1]{;;[0|1]}

Figure 9-12. Format of skip_old instruction

56
Chapter 9. Component-specific configuration

001

skip_old!1;1;2;1;3;0

Example 9-13. Example skip_old instruction

The example switches skip_old on for the system log (1) and the application log (2). skip_old
is switched of for the security log (3).
prefilt_in and prefilt_out instructions
These instructions set pre-filters for each logfile. The association consist of a pair ;.
Pre-filters are used to discard events before sending them to any other process. The in-filter
specifies events that should not be discarded, the out-filter specifies events that should be
discarded. Pre-filters are optionally. If no filter is set, all events are send to the target
processes.
001
002

prefilt_in!;{;;}
prefilt_out!;{;;}

Figure 9-13. Format of prefilt_in and prefile_out instructions

001
002

prefilt_in!2;prefilt_nt_app.flt
prefilt_out!3;prefilt_nt_sec.flt

Example 9-14. Example prefilt_in and prefilt_out instructions

This defines an in-filter for the application log (2) and an out-filter for the security log (3).
The pre-filter files are text files, structured like this:
•

each line contains a list of assignments =

•

assignments are separated by semicolons: =;=

•

several possible values for one key can be separated by a comma
(=,)

•

a filter matches if any line matches

•

only events that match any prefilt_in and do not match any prefilt_out are sent to the filter
process

•

if no pre-filter is set, all events are sent to the filter process

Possible pre-filter keys are: eventid , eventtype and source
001

source=SNMP,Print;

Example 9-15. Example for a pre-filter file to match all events from the SNMP and Print
source:

57
Chapter 9. Component-specific configuration

assoc instruction
The assoc instruction associates an event log with a type and logical name.

001
...

assoc!;;{;;;}

Figure 9-14. Format of assoc instruction

001

assoc!1;tec;nt_system;2;tec;nt_application;3;tec;nt_security

Example 9-16. Example assoc instruction

The  parameter can be selected from values tec and v2s. tec represents
the relation to logfiles which can be described as .fmt, v2s represents the logical link to
complex data formats.
The parameter  can be selected from one of the format names defined
under formatlist (see parameters of v2fmtfilt and tecfmtfilt).
001

assoc!1;tec;nt_system;2;v2;nt_application;3;tec;nt_security

Example 9-17. Another example for assoc instruction using different primary types

ntevtlogread command line parameters
These parameters can be set in the field supplementary parameters
parameter

example

description

default
value

-E

-E

When opening an eventlogthe first time: skip all old
events, send only new events

disabled

-e

-e

Skip all old events each time a eventlog is opened,
send only new events

disabled

Sets the name of the host, ntevtlogread runs on.
The hostname is requested by gethostname()
function if this parameter is not given.

use gethostname()

Specifies the default character set to be used for
reading files if no encoding is specified.

UCS2-LE

-H
-H
 foo.bar.com
-O

-OUTF-16

58
Chapter 9. Component-specific configuration

tecfmtfilt
The T/EC format filter window (tecfmtfilt) is used for defining all secondary data formats,
which are not multi-line (these can be described using a standard Tivoli .fmt file).

The Settings of tecfmtfilt dialog

Filter processing of data by component tecfmtfilt is based on Tivoli .fmt files. These are read
in directly from format definitions (without prior compilation).
For every format file, a logical secondary data type must be defined with the formatlist instruction.
The secondary data type identifier should have any coherence with the format filename.
The primary data type of the tecfmtfilt filter is always tec.

tecfmtfilt specific parameters and their setting in the
configuration file
This is the configuration line created from the settings windows above:
59
Chapter 9. Component-specific configuration

001
...
...
...

tecfmtfilt=run!tecfmtfilt -P 11004,port!11004,targets!msgclsfsrv,formatl .
ist!solaris_syslog;solaris_syslog.fmt;nt_system;nt_system.fmt;nt_applic .
ation;nt_application.fmt;nt_security;nt_security.fmt,conf!port;run;targ .
ets;formatlist

Example 9-18. An example configuration line for tecfmtfilt

formatlist instruction
The formatlist instruction defines an association between secondary data types and Tivoli
.fmt files which describe how to create events from the data stream. The association is
taken from the GUI’s table.
formatlist!;{;;}

001
...

Figure 9-15. Format of formatlist instruction

formatlist!solaris_syslog;solaris_syslog.fmt;nt_system;nt_system.fmt;nt_ .
application;nt_application.fmt;nt_security;nt_security.fmt

001
...

Example 9-19. Example formatlist instruction

Any desired name can be used as a logical name (= secondary data type), e.g. aix4r1 for
the format file tecad_logfile_aix4-r1.fmt
The example defines the tecfmtfilt to process the four data types solaris_syslog,
nt_system, nt_application and nt_security which are defined in the following format
files:
secondary data type

format file name

solaris_syslog

solaris_syslog.fmt

nt_system

nt_system.fmt

nt_application

nt_application.fmt

nt_security

nt_security.fmt

Note: Events which are assigned a classname starting with *DISCARD are discarded by this
component. (This is an enhancement of the Tivoli adapter, which discards only events from the
one class *DISCARD* ).

Note: Since CALA 2.03 tec format files need to be saved in UTF-8 encoding if they contain
Non-ASCII-127 characters.

60
Chapter 9. Component-specific configuration

tecfmtfilt command line parameters
These parameters can be set in the field supplementary parameters

Parameter

example

description

-Q 

-Q 2000000 Sets the size of the static buffer used for parsing.
Increase this value if you get the message not
enough quickmem in the debug file.

default
value
1048576

61
Chapter 9. Component-specific configuration

v2fmtfilt
The v2 format filter window (v2fmtfilt) is used for describing all complex data flows, which
cannot be described with a conventional Tivoli .fmt file. This includes multi-line logfile formats or
those formats which can only be described using complex expressions.

The Settings of v2fmtfilt dialog

In contrast to the standard Tivoli format descriptions, the CALA v2 format makes it possible to
implement format descriptions of almost any level of complexity.

v2fmtfilt specific parameters and their setting in the

62
Chapter 9. Component-specific configuration

configuration file
The configuration of v2fmtfilt is identical to the configuration of tecfmtfilt the difference is
the format of the input files (which is Tivoli .fmt for tecfmtfilt and .v2s for v2fmtfilt).

001
...

v2fmtfilt=run!v2fmtfilt -P 11005,port!11005,targets!msgclsfsrv,formatlis .
t!fn_log;fn_log.v2s,conf!port;run;targets;formatlist

Example 9-20. An example configuration line for v2fmtfilt

formatlist instruction
The filter-specific parameter formatlist has already been described with filter tecfmtfilt
.The difference with the formatlist definition for v2fmtfilt is the syntax the format files use.
Format files used with the v2fmtfilt have to be in v2 format, while format files used with
the tecfmtfilt have to be in Tivoli file format.
001
...

formatlist!;{;;}

Figure 9-16. Format of formatlist instruction

001

formatlist!fn_log;fn_log.v2s

Example 9-21. Example formatlist instruction

The primary data type for the v2fmtfilt filter is always v2 .
Note: The syntax of CALA v2 format files is explained in the appendix.

Note: Events which are assigned a classname starting with *DISCARD are discarded by this
component.

Note: Since CALA 2.03 v2 format files need to be saved in UTF-8 encoding if they contain
Non-ASCII-127 characters.

v2fmtfilt command line parameters
These parameter can be set in the field supplementary parameters
Chapter 9. Component-specific configuration

63

Parameter

example

description

default
value

-Q 

-Q 2000000 Sets the size of the static buffer used for parsing.
Increase this value if you get the message not
enough quickmem in the debug file.

1048576

-D

-D

disabled

If this parameter is given, each event contains the
following fields (which are taken from the events
timestamp or from current time if no timestamp is
given):
• YEAR: 4 digits
• MONTH:2
• DAY:2

digits

digits

• HOUR:2

digits

• MINUTE:2

digits

• SECOND:2

digits

64
Chapter 9. Component-specific configuration

calamon
calamon is CALA’s monitoring engine implementation.

Note: There is a configuration GUI for command tables called Monitoring Manager , refer to the
Monitoring Manager User’s Guide for more information of this product.

The Settings of calamon window defines the name and the settings of the command table file
which contains the parameters for the processes to be started.

The Settings of calamon dialog

There are two tables with parameters, which must all be set to a value (empty parameters are not
allowed).
The first table configures the scripts or programs to be started and their parameters. It contains
the following columns:

65
Chapter 9. Component-specific configuration

script name
path and name of the script to be started
command line parameters
parameters which are passed to the script
primary data type , secondary data type and event class
type of event to be created
stdout field
FIR field to receive the script s output to stdout
stderr field
FIR field to receive the script s output to stderr
return code field
FIR field to receive return value of the script
comment prefix
prefix which marks a line of the scripts output as comment (e.g. #)
comment field
FIR field to receive comment lines (which are removed from stdout field)
escalation field
FIR field to receive escalation level (is set from escalation file)
escalation file
name of escalation file (see escalation table description below)
the execution times specification
The execution times specification is similar to the unix crontab, it uses the following columns
execution months
month may be given numeric (from 1 to 12) or as three letter appreviations (e.g.
11,Jan-Mar to allow execution in November, January, February and March)
execution days of month
e.g. 1,15 to allow scripts execution each 1st and fifteenth
execution days of week
the days of week are given as three letter appreviations or numeric values (0 to 7, 0 and
7 mean sunday).
execution hours
24 lesson format, e.g. 23-1 to allow execution from 11 p.m. to 1 a.m.
execution minutes
minutes from 0 to 60

66
Chapter 9. Component-specific configuration

execution seconds
seconds from 0 to 60
execution period
length of period in seconds or in format DD:HH:MM[:SS]
(days:hours:minutes[:seconds])

message template
a template for the message to be written into the message slot (may contain links to other
fields)
message slot
slot the name of the message slot
The script is run periodically within the specified execution times.
The message template can contain links to other fields (e.g. the stdout and stderr fields). Links to
other fields are indicated by writing the field name enclosed with < and >.

001

The disk  is % full. You may run in difficulties.

Example 9-22. An example message template

The escalation settings are given in the lower table which contains the followings parameters:
escalation file
name of escalation file (the same escalation file may occur multiple times here, but should
only occur in lines which are following each other)
return code of script*
the script s return code
lower level output on stdout*
lower limit of escalation level or alpha-numeric value of stdout
upper level output on stdout
upper limit of escalation level (used only for numeric values of lower/upper level output on
stdout)
lower level output on stderr* and upper level output on stderr
see above, but output on stderr is used
value of escalation field
value the escalation field is set to

67
Chapter 9. Component-specific configuration

action
either DISCARD (no event is created), SEND (create an event and send it to the targets) or
SENDFIRST (create an event only if the escalation value changes)
Fields marked with a * may also contain wildcards with special meanings:
*

matches any or no output
+

matches any output
!

matches no output
When using non-numeric monitors, only the lower values are checked. The escalation files are
checked top down, the first matching line is used.

calamon specific parameters and their setting in the
configuration file
Because the configuration of calamon may be very complex, it is moved to calamon specific files.
Therefore its configuration line in logctlsrv.conf is very simple:

001
...
...

calamon=run!calamon -P 11006,port!11006,targets!msgclsfsrv,cmdtab!cmdtab .
.tbl,source!CALA,sub_source!cala_mon,cmdline_slot!cmdline,conf!port;run .
;targets;cmdtab

Example 9-23. An example configuration line for calamon

cmdtab instruction
The cmdtab instruction sets the name of the calamon command table file. The filename is
given in the GUI s entry field command table filename
001

cmdtab!

Figure 9-17. Format of cmdtab instruction

001

cmdtab!cmdtab.tbl

Example 9-24. Example cmdtab instruction

Note: The format of the command table file is described in the appendix.

68
Chapter 9. Component-specific configuration

source instruction

The source instructions set s the value of the source slots of the created FIRs. If source is
not configured, the source slot is set to FSM CALA .
sub_source instruction
Like the source instruction sets the value of the source slot, the sub_source instruction sets
the value of the standard T/EC field sub_source . If not configured, sub_source is set to the
logical name of the calamon process.
cmdline instruction
This instruction defines the name of the field to receive the command line (program +
arguments) called for the monitor. If unset, this information is written into the slot cmdline .

calamon command line parameters
This parameter can be set in the field supplementary parameters

parameter

example

-H
-H
 foo.bar.com

description

default
value

Changes the hostname written into the events
HOSTNAME field.

tcp/ip
hostname

-T


-T 120

Sets the timeout for monitor scripts/programs.

60

-O

-OUTF-8

Specifies the default character set to be used for
passing parameters to the monitor and to parse the
input streams.

the system
default
encoding

Structure of FIRs created by calamon
The following table shows the fields of a calamon created FIR:

slot name

value

source

from source instruction

sub_source

from sub_source instruction

cmdline (configurable)

command line (program + arguments)

date

monitors execution time

hostname

name of the host running calamon

origin

ip address of the host running calamon

rc

monitors return code

Chapter 9. Component-specific configuration

69

slot name

value

stdout

monitors output to stdout

stderr

monitors output to stderr

comment

monitors output to stdout lines beginning with
comment prefix

msg

message generated from message template

severity

events severity according to escalation table

The names of the fields rc, stdout, stderr, comment, severity and msg are defined in the
command table. If stdout and stderr are written into the same slot, stderr is redirected to
stdout .
Events can also be suppress depending on their return code or output to stdout or stderr (see
documentation of escalation table above).

70
Chapter 9. Component-specific configuration

snmpread
snmpread is the CALA component to receive SNMP traps and forward them as CALA events

(FIRs).

The Settings of snmpread dialog

snmpread specific parameters and their setting in the
configuration file
This is the configuration line created from the settings window

001
002

snmpread=run!snmpread -P 11008,port!11008,
targets!msgclsfsrv,type!tec;snmp,

71
Chapter 9. Component-specific configuration

003

class!SNMP_Event,conf!port;run;targets;type;class

Example 9-25. An example configuration line for snmpread

type instruction
The type instruction specifies the primary and secondary data type assigned to received
events. Its values are taken from the primary data type and secondary data type entry fields.
(Either both or none has to be given.)
001

type!;

Figure 9-18. Format of type instruction

001

type!tec;snmp

Example 9-26. Example type instruction

This defines received SNMP events to be of primary type tec and of secondary type snmp.
The type instruction is optional. If it is not given, the default values for primary (cala) and
secondary type (snmpreader) are used.
class instruction
This instruction defines the class received SNMP events will get. This value is taken from
the entry field Name of class . This instruction is optional, if it is not given (no value in entry
field), the default class CALA_SNMP is used.
001

class!

Figure 9-19. Format of class instruction

001

class!SNMP_Event

Example 9-27. Example class instruction

prefilt_in and prefilt_out instructions
These instructions sets pre-filters for the SNMP reader.
Pre-filters are used to discard events before sending them to any other process. The in-filter
specifies events that should not be discarded, the out-filter specifies events that should be
discarded.
Pre-filters are optionally. If no filter is set, all events are send to the target processes.

72
Chapter 9. Component-specific configuration

001
002

prefilt_in!
prefilt_out! 

Figure 9-20. Format of prefilt_in and prefilt_out instructions

001
002

prefilt_in!snmp_in.flt
prefilt_out!snmp_out.flt

Example 9-28. Example prefilt_in and prefilt_out instructions

The pre-filter keys are the received SNMP fields (description see below). For further
information about pre-filters, refer to the pre-filter section in the ntevtlogread description.
Pre-filters are optional. Every event is sent to the targets if no pre-filter is set.

Snmpread command line parameters
These parameter can be set in the field supplementary parameters

parameter

example

description

default
value

-p 

-p 20015

Sets the tcp port on which to listen for SNMP events.
(This parameter can be set with the CALA-GUI entry
field Snmp port)

162 (the
default
SNMP port)

Snmpread generated Events
Events (FIRs) generated by the CALA component snmpread process contain the following fields:

field name

description

ORIGIP

IP address of trap sender (IP address or
resolved hostname)

SENDOID

OID of sending system

COMMUNITY

community string

TRAPTYPE

trap type

SPECTYPE

spectype

OID

OID of Variable 

TYPE

Type of Variable  Possible values are:
ASN_OCTET_STRING, ASN_INTEGER and
ASN_BIT_STRING

VALUE

Value of Variable 

 is the number of the SNMP event variable. These variables are numbered starting from 1.

73
Chapter 9. Component-specific configuration

E.g. the first variable OID will be stored in the field OID1, while the TYPE of the third variable will
be stored in field TYPE3.

74
Chapter 9. Component-specific configuration

mssqlread and oracleread
The MS SQL and ORACLE readers are designed for reading log entries from a database. The
configuration of these readers is completely identical.
The mssqlread is used to read events from a MS SQL database (MS SQL-Server >= 7) and is
only available for the Microsoft Windows platforms.
For reading ORACLE databases , the oracleread can be used. It is available for Windows
2000/2003/Xp Professional, AIX and Solaris. It supports oracle databases with version 8.0 or
higher.

The Settings of mssqlread dialog

For each table to be read, a database log type has to be defined. When using the CALA
configuration GUI, each database log type is displayed as a row in the table on the bottom of the
window.
There are several parameters to be set for each database log type, those marked with an
asterisk (*) are mandatory.

mssqlread/oracleread specific parameters and their setting in
the configuration file
These are the configuration lines created from the settings window:

001
...
002

mssqlread=run!mssqlread -P 11011 -AB 127.0.0.1,port!11011,targets!msgcls .
fsrv,
db_log_types!log_audit_fndsdb,conf!port;run;targets;db_log_types

75
Chapter 9. Component-specific configuration

003
004
...
005
...
006
...
007
...
008

log_audit_fndsdb=table!AUDIT_LOG,database!fndsdb,db_entry_id!AL_DATETIM
E;ASCE,
map!AL_PROCESSID;pid;AL_STATUS;AL_STATUS;AL_WORKSTATN_ADDR;workstation;
AL_EVENT_PARAM1;msg;
AL_EVENT_PARAM2;PARAM2;AL_EVENT_PARAM3;PARAM3;AL_EVENT_PARAM4;PARAM4;AL
_USER;USER,
copy_unmapped!0,timestamp!AL_DATETIME,type!tec;FNDS_MSSQL,defaultclass!
FNDS_AUDITLOG_Error,
classmap!ds_class.map;AL_EVENT_ID,pollinterval!30

.
.
.
.

Figure 9-21. Some example configuration lines for mssqlread (identical for oracleread)

db_log_types instruction
The db_log_types instruction contains a list of all configured database log types to be
monitored by this server. Each db_log_type needs to be configured in a own line.
001

db_log_types!{;}

Figure 9-22. Format of db_log_types instruction

001

db_log_types!log_audit_fndsdb

Example 9-29. Example db_log_types instrcution

This defines the database log type labeled log_audit_fndsdb.
The following instructions are set in the database log type configuration line:
dbuser instruction
The dbuser instruction gives a database user and password to be used when connection to
the database. The password is encrypted and can only be configured using the CALA
configuration GUI.
001

dbuser![;]

Figure 9-23. Format of dbuser instruction

001

dbuser!tec;11161219140600

Example 9-30. Example dbuser instruction

The dbuser parameter is optional. If no user is specified, the reader tries to connect the
database without any user and password (system user authentification).

76
Chapter 9. Component-specific configuration

database instruction
This instruction defines to database to be used.
001

database!

Figure 9-24. Format of database instruction

001

database!fndsdb

Example 9-31. Example database instruction

table instruction
The name of the database table is given with this instruction.
001

table!

Figure 9-25. Format of table instruction

001

table!AUDIT_LOG

Example 9-32. Example table instruction

db_entry_id instruction
The db_entry_id instructions sets the table column which is used for entry identification and
if the order. The values in this field must be unique for each entry and they must either be
descending or ascending.
The first time the SQL reader is started, it must read the whole table to find the newest entry
(the one with the highest or lowest value in the id-field).
To find new events, the following SQL statement is used (line 001 shows the statement used
for descending, line 002 the statement used for ascending tables):
001
002

select * from table where id-field < id-of-last-entry
select * from table where id-field > id-of-last-entry

Figure 9-26. SQL statement used to find events

77
Chapter 9. Component-specific configuration

001

db_entry_id!;[DESC|ASCE]

Figure 9-27. Format of db_entry_id instruction

001

db_entry_id!AL_DATETIME;ASCE

Example 9-33. Example db_entry_id instruction

map instruction
To map database field names to event slot names, the map instruction is used. It takes pairs
of parameters, each consisting of the database field name and the FIR field name.
001

map!;{;;}

Figure 9-28. Format of map instruction

001

map!AL_PROCESSID;pid;AL_STATUS;AL_STATUS;AL_WORKSTATN_ADDR;workstation

Example 9-34. Example map instruction

This parameter is optional. If it is not set, the database field names are used as FIR field
names.
copy_unmapped instruction
The copy_unmapped instruction is a boolean instruction which only takes one of the values
0 or 1.
It defines whether or not mapped database fields (fields, which names do not have a map
entry, see above) should be copied into the resulting FIR (FIR field name = database field
name) or should be discarded.
001

copy_unmapped![0|1]

Figure 9-29. Format of copy_unmapped instrucion

001

copy_unmapped!0

Example 9-35. Example copy_unmapped instrucion

The copy_unmapped parameter is optional, it s default value is 1.

78
Chapter 9. Component-specific configuration

defaultclass instruction
This instruction sets the default class to be used if no class mapping is defined or no
matching class is found in the classmap file.
001

defaultclass!

Figure 9-30. Format of defaultclass instruction

001

defaultclass!FNDS_AUDITLOG_Error

Example 9-36. Example defaultclass instruction

This instruction is optional, if it isn’t set, the default class is set to MSSQLREAD_Base
(mssqlread) or ORACLE_Base (oracleread).
classmap instruction
The classmap instruction takes two arguments: a filename and a database field.
The classmap file is an ASCII file containing one mapping instruction per line. A mapping
consists of the database fields value and the class name separated by white spaces.
001

classmap!;

Figure 9-31. Format of classmap instruction

001

classmap!ds_class.map;AL_EVENT_ID

Example 9-37. Example classmap instrucion

001

LOGON APP_Logon

Example 9-38. An example mapfile mapping the class of the created FIR to APP_Logon
if the map field’s value is LOGON:

The classmap instruction is optional. The default class (given with the default class
instruction) is used if no configuration is given.
type instruction
The type instruction specifies the primary and secondary data type assigned to created
events. Its values are taken from the primary data type and secondary data type entry fields.
(Either both or none has to be given.)

79
Chapter 9. Component-specific configuration

001

type!;

Figure 9-32. Format of type instruction

001

type!tec;FNDS_MSSQL

Example 9-39. Example type instruction

The type instruction is optional. If it is not given, the default values for primary (tec) and
secondary type (mssql/oracle) are used.
prefilt_in and prefilt_out instructions
These instructions sets pre-filters for each database logfile.
Pre-filters are used to discard events before sending them to any other process. The in-filter
specifies events that should not be discarded, the out-filter specifies events that should be
discarded.
Pre-filters are optionally. If no filter is set, all events are send to the target processes.
001
002

prefilt_in!
prefilt_out! 

Figure 9-33. Format of prefilt_in and prefilt_out instructions

001
002

prefilt_in!sql_in.flt
prefilt_out!sql_out.flt

Example 9-40. Example prefilt_in and prefilt_out instructions

The pre-filter keys are the database fields. For further information about pre-filters, refer to
the pre-filter section in the ntevtlogread description.
Pre-filters are optional. Every event is sent to the targets if no pre-filter is set.
timestamp instruction
There are two possibilities to use the timestamp expression.
•

If the database table contains a numerical timestamp field or one from any date or time
type, only the fieldname has to be given to this instruction.

•

If the timestamp is split into several fields or is given within any text field, a extended
usage of timestamp is needed. The field names and text position of the date parts have to
be given.

80
Chapter 9. Component-specific configuration

001
002
...

timestamp!
timestamp!;;{;;< .
db-field>;}

Figure 9-34. Format of timestamp instruction

date-part-id can be one of $YEAR, $MONTH, $DAY, $HOUR, $MINUTE and $SECOND.
The text position argument is given similar to the text position in message map description,
see for details.
001
002
003
...

timestamp!date
timestamp!AL_DATETIME
timestamp!datestr;$YEAR;F0L3;datestr;$MONTH;F4L5;datestr;$DAY;F6L7;time .
str;$HOUR;F0L1;timestr;$MINUTE;F2L3;timestr;$SECOND;F4L5

Example 9-41. Examples for the timestamp instruction

The second sample is a definition for a table having two columns for the timestamp: the
datestr column containing the date in the format YYYYMMDD and timestr column with the
time in the format HHMMSS. (E.g.: datestr= 20020415 and timestr=084933 for 8:49:33 on
april 15th 2002)

mssqlread and oracleread command line parameters
These parameter can be set in the field supplementary parameters

parameter

example

description

-D


-D
Sets the name of a remote databserver. .
foo.bar.com

-H
-H
Changes the value of the hostname field in the
 thud.grunt.netcreated events.

default
value
localhost
tcp/ip
hostname

-L


-L 60

Set the timeout for database login (in seconds).

60

-E

-E

Skip old events: Discard all events found when
opening the database the first time.

disabled

81
Chapter 9. Component-specific configuration

jdbcread
The jdbc reader implements a generic database reader component similar to mssqlread and
oracleread. It uses the java jdbc interface to access the database and can therefore be used to
access any database for which a jdbc driver is available.

jdbcread specific parameters and their setting in the
configuration file
The configuration of the jdbcread is very similar to the configuration of mssqlread and
oracleread.
There are few differences:
•

Additional command line parameters for the java virtual machine (e.g. classpath settings) can
be passed before the component parameters are given. This parameters must at least add the
calaJNI.jar file to the classpath. End the java parameters with two dashes.

•

The database name consists of three parts:
•

the JDBCRead java classname
(de/cenit/eb/sm/cala/jdbc/reader/DefaultCalaJDBCRead by default)

•

the jdcb driver class

•

the jdbc database URL

These parts are separated by colons.

001
...

de/cenit/eb/sm/cala/jdbc/reader/DefaultCalaJDBCRead:com.mysql.jdbc.Drive .
r:jdbc:mysql://localhost/fndsdb

Example 9-42. An example database string for jdbcread

001
...
...
002
003
...
...
...
...
...
...

jdbcread=run!jdbcread -Djava.class.path=calaJNI.jar;mysql-connector.jar .
-- -P 11011 -AB 127.0.0.1,port!11011,targets!jdncread,db_log_types!log_ .
audit_fndsdb,conf!port;run;targets;db_log_types
log_audit_fndsdb=table!AUDIT_LOG,database!de/cenit/eb/sm/cala/jdbc/read
er/DefaultCalaJDBCRead:com.mysql.jdbc.Driver:jdbc:mysql://localhost/fnd
sdb,db_entry_id!AL_DATETIME;ASCE,map!AL_PROCESSID;pid;AL_STATUS;AL_STAT
US;AL_WORKSTATN_ADDR;workstation;AL_EVENT_PARAM1;msg;AL_EVENT_PARAM2;PA
RAM2;AL_EVENT_PARAM3;PARAM3;AL_EVENT_PARAM4;PARAM4;AL_USER;USER,copy_un
mapped!0,timestamp!AL_DATETIME,type!tec;FNDS_MSSQL,defaultclass!FNDS_AU
DITLOG_Error,classmap!ds_class.map;AL_EVENT_ID,pollinterval!30

.
.
.
.
.
.

Example 9-43. An example jdbread configuration using a mysql connector for connection
to the local database fndsdb

82
Chapter 9. Component-specific configuration

The jdbc reader needs a java 1.4 or higher virtual machine to be in the library path.
For further configuration information refer to section mssqlread and oracleread.

83
Chapter 9. Component-specific configuration

msgclsfsrv
The processing server msgclsfsrv is the core component of CALA. Due to its central function it
features some specific configuration parameters, which are explained in the following chapter.
To provide better understanding of these causal relationships, a few of the key terms and their
functions are explained first.
Comment: Several msgclsfsrv processes can be implemented in parallel manner on a system.
Since version 2.1, this no longer requires a unique name for the program binary.

Definition MessageMap File
General: The value/information defined in a Message Map file is used to manipulate/process
events (FIRs). This means that a kind of linear control function is implemented with the Message
Map definitions.
The structure of a Message Map file is defined with a Message Classification Type (MCT), i.e.
the format is not firmly specified.

Definition RulesMap File
General: A Rules Map file is a description of rules for event handling. Rules are used to handle
correlations between correlating events and to perform actions/modifications on events
in dependency of previous by received events.
The structure of a Rules Map file is defined with a Rules Map Type (RMT), i.e. the format is not
firmly specified.
The large number of possible parameters available for the Message Classification Server
(msgclsfsrv) configuration makes it necessary to have a hierarchical structure in the
configuration window.

84
Chapter 9. Component-specific configuration

The basic msgclsfsrv window

The Settings of msgclsfsrv dialog

General settings for msgclsfsrv, such as logical name and ports can be configured in the basic
window.Further configuration can be set in the sub-windows.

The Message Map Types window
In order to set up MCT definitions (Message Classification Types), the appropriate field must be
selected. At this point, the Message Classification Type (MCT) window opens.

85
Chapter 9. Component-specific configuration

The MessageMap Types dialog

Definition of MessageMap Classification Type (MCT)
A message map classification type (MCT) is a logical unit for message mapping. It is used to
process data streams (specified by primary and secondary data type) for a list of emitters.
All configured MCTs are working parallel, this means, that each incoming event is put into every
MCT which is defined for its stream. The MCTs will process the event and send it to the emitters
defined on it. If no MCT is found for an event, the event is not modified and sent to all targets of
msgclsfsrv.
A MCT definition can use one or more message map files which are given in the table
Corresponding message maps . For more information about message map files see The
Message Map definition window.

MCT parameters and their setting in the configuration file
Each MCT is configured in a line of its own within the configuration file logctlsrv.conf . The
message classification servers configuration line only contains references to the MCT definitions.

86
Chapter 9. Component-specific configuration

001
...
...
002
...

msgclsfsrv=run!msgclsfsrv -P 11010,port!11010,targets!tecfmtemit;cmdemit .
; calaproxy;reportemit;snmpemit;smtpemit,types!map_sev,conf!port;run; t .
argets;types
map_sev=type!v2;fn_log,handledby!calaproxy;tecfmtemit,msgmaps!fn_severi .
ty.map;fn_severity,eventframe!7200,dupekey!$CLASS;L;ORIGIN;L

Example 9-44. These are the configuration lines created for the message map
classification type:

types instruction

The types instruction contains a list of all message map classification types to be used by
the message classification server
001

types!{;}

Figure 9-35. Format of types instruction

001

types!map_sev

Example 9-45. Example types instruction

MCT configuration line

001
...
...
...

=type!,handledby!{; .
}, msgmaps!{;;},eventframe!, dupekey!{;}

Figure 9-36. Format of mct configuration line

001
...

map_sev=type!v2;fn_log,handledby!calaproxy;tecfmtemit,msgmaps!fn_severit .
y.map;fn_severity,eventframe!7200,dupekey!$CLASS;L;ORIGIN;L

Example 9-46. Example mct configurationline

87
Chapter 9. Component-specific configuration

MCT configuration parameters
type instruction
This describes the data type combination (primary / secondary) which is applied to this MCT
definition. These parameters are set by the entry fields Primary data type and Secondary data
type
001

type!;

Figure 9-37. Format of mct type instruction

001

type!v2;fn_log

Example 9-47. Example mct type instruction

handledby instruction
The handledby instruction describes the following component(s) which contain(s) results of
this type as a target. If no handledby parameter is defined, all FIRs are propagated to all
defined emitters. The emitters for the MCT are taken from the textbox Emitter
001

handledby!{;}

Figure 9-38. Format of mct handledby instruction

001

handledby!calaproxy;tecfmtemit

Example 9-48. Example mct handledby instruction

Explanation: The FIRs of this type are propagated to calaproxy and tecfmtemit .
msgmaps instruction
The msgmaps instruction gives a list of message map file to be used from this MCT. Each
message map file must be specified by its filename and a logical identifier, which is used to
define the file s format later.
In the settings window the message map files are set in the table corresponding message maps
001
...

msgmaps!;{;;}

Figure 9-39. Format of mct msgmaps instruction

88
Chapter 9. Component-specific configuration

001

msgmaps!fn_severity.map;fn_severity

Example 9-49. Example mct msgmaps instruction

Explanation: The above example defines the Message Map fn_severity whose Message
Map data are stored in the fn_severity.map file.
eventframe instruction
The event frame describes a time frame. Events received during this time frame are checked
for duplicates.
The default value is 3600 seconds = 1hr. Event frame settings can be indicated separately
for every MCT (Message Classification Type). If no event frame is given, or event frame is
set to 0 seconds, duplicate detection is disabled.
001

eventframe!

Figure 9-40. Format of mct eventframe instruction

001

eventframe!7200

Example 9-50. Example mct eventframe instruction

Example explanation: This event frame setting defines a time interval of 2 hours (7200
seconds) for duplicate detection purposes.
dupekey instruction
A dupekey is a key which is used to recognize duplicate events. It is created from one or
more parts of an event. The event fields used within this key are defined in the table
Duplicate keys (dupekey definition)
001

dupekey!;{;;}

Figure 9-41. Format of mct dupekey instruction

001

dupekey!$CLASS;L;ORIGIN;L

Example 9-51. Example dupekey instruction

The dupekey instruction defines the field names (slots) which should be used for duplication
detection purposes. Sub-parameter text-position defines which part of the key field
should be used for duplication detection purposes.Further information on the text position
can be found in chapter msgclsfsrv Text Formatting.
The example defines a combination of internal slot $CLASS and the slot ORIGIN as a
duplication detection key. L means the entire field contents (starting from the left) are used.
89
Chapter 9. Component-specific configuration

If the dupekey is omitted, duplicate detection is disabled unless the $DUPEKEY field is
mapped in the FIR during the classification process. In this case, the key referenced by the
$DUPEKEY is used. This must be entered in the configuration list and in the AUXKEYS list (see
Auxkeys definition window).

001
...

mqlogmct=type!v2;MQ,handledby!tecfmtemit,msgmaps!suppressed.map;suppress .
map1;mq.map;mqmap1;severity.map;redefsevmap1,dupekey!errcode;L;msg;L

Example 9-52. Another example of a complete MCT definition

Explanation of the example:
•

One MCT definition is defined with the name mqlogmct

•

Primary type is v2, secondary type is MQ.

•

Data is sent to tecfmtemit for further processing. (handleby sub-parameter)

•

The Message Map definitions suppressmap1 (described by the file suppressed.map), mqmap1
(described by the file mq.map) and redefsefmap1 (described by the file severity.map).

•

The slots errcode and msg are used for this MCT type for duplicate detection and designator
designates the use of the complete string (from left) for duplicate detection

90
Chapter 9. Component-specific configuration

The Message Map definition window
Once the MCT definition window has been closed by pressing the OK button, the Message Map
file relating to the MCT must be defined. This configuration is performed using sub-menu Message
maps

The message map definition dialog

This window defines the format of the message map files. To edit the message map file contents,
press the Edit button. Message Map parameters and their setting in the configuration file
A format description must exist for every Message Map file stored in the configuration file
logctlsrv.conf .

001
...

=key!;{;;}, fields!{;}

Figure 9-42. Format of message map definition

001

fn_severity=key!severity;L,fields!severity

Example 9-53. Example message map definition

The slot names following the keyword key (at least 1 slot) are related to the MessageMap
assignment. The slot names which follow the keyword fields are mapped using the values for the
relevant line/column.This means that all slot names can be indicated as key and as field as well.
Explanation of the example

91
Chapter 9. Component-specific configuration

The format of the Message Map definition with the name fn_severity contains the key
severity and the severity field is also used as a mapable field.
Note: This Message Map definition is used for implementing non-Tivoli severity values on severity
values used by Tivoli.

The file which describes this format possesses has following format:

001
002
003
004
005
006

INFO HARMLESS
WARN WARNING
ERROR CRITICAL
Error CRITICAL
Notice HARMLESS
Warning WARNING

Example 9-54. An example mapfile for the above map definition

The content of the slot severity for all events manipulated with this Message Map is processed in
accordance with this conversion table. E.g.: If the severity field on an event being processed
contains the value Notice , the contents of the severity slot will be mapped to HARMLESS after
processing.
The CALA-processing server defines a few internal slots which are required for internal
processing, but which can also be forwarded as external slots (to the T/EC). The most important
internal slot is $CLASS which represents the event class name of the T/EC ( Class ).

Default Mapping
If the map file contains a line with the special string __DEFAULT_KEY__ as key, the mapping
defined in this line is used for events which do not match for other mappings.
Note: The default entry can be used anywhere in the map file, if several occurences are found, the
latest one is used.

Deleting slots
Event fields can be deleted by setting it s value to *. To delete a complete event, map it s class to
**. This works with message maps, rules maps and re-mapping.

Special slots for duplicate detection
To implement duplicate detection, 5 reserved internal field names (internal slots) are
implemented, $SEVFLD, $ESCAT, $ESCLEV, $CLASS and $DUPEKEY.
These slots have the following meaning:

Chapter 9. Component-specific configuration

92

field name

description

$SEVFLD

Describes the name of the field which implements the severity field.

$ESCAT

Describes the number of identical events which are suppressed using duplicate detection.

$ESCLEV

Describes the value of the severity level $ESCAT for identical events and escalates the
$ESCAT+1 event to this level.

$CLASS

The class of the event (FIR)

$DUPEKEY

Name of a duplicate key, see also section Auxkeys definition window

$ESCCNT

Escalation counter holds the no. of escalations that occurred (can be used in further
processing).

Another example for a complete message map definition

001

mqmap1=key!errcode;L,fields!$CLASS;$SEVFLD;severity;$ESCAT;$ESCLEV

Example 9-55. Another example for a complete message map definition

Explanation of the example
•

The Map Definition mqmap1 message uses the errcode field for duplicate detection. The entire
contents of this field are considered (text position L)

•

The first field in the field instruction $CLASS (internal slot, see above) is mapped with this
Message Map in relation to the errcodes (key field is errcode ).

•

The second field, $SEVFLD, describes the name of the severity field (the severity field can be
any field within the FIR).

•

The third field is an assignment for the field severity. In this example the field severity is
also used for escalation, so the mapping is overwritten if an escalation occurs.

•

The fourth field, $ESCAT, contains the number of identical events (identical in terms of the
defined dupekey fields in the MCT definition) which have to be suppressed.

•

The last defined field $ESCLEV defines the value of the field with which the field described in
$ESCFLD is mapped if an escalation occurs. An escalation occurs, if (within one event frame)
more than in $ESCAT defined events of the same type arrived.

001

AMQ9001 AMQ_CALA_AMQ9001 severity MINOR 10 CRITICAL

Figure 9-43. Excerpt from the related message map file

Using this message map, events are processed as follows:
•

If a FIR is received, whose errcode slot contains the value AMQ9001, the Eventclass ($CLASS
slot) is mapped to AMQ_CALA_AMQ9001.

93
Chapter 9. Component-specific configuration

•

The field which describes the severity is called severity (T/EC standard).

•

Default severity is mapped to MINOR

•

The 2 nd to 9 th event with errcode set to AMQ9001 will be suppressed.

•

If 10 events are identified as identical within the defined period of time (refer to event frame
instruction), the severity level is increased to CRITICAL and a new event is initiated (FIR).

94
Chapter 9. Component-specific configuration

Operations on FIR fields per Message Maps
A normal message map contains just strings, which were assigned to the specified FIR fields.
For some applications, it may be useful to do some arithmetic operations on fields. If the
mapping value has one of the following pre- or postfixes, a special action is performed.

Prefix/Postfix

Action

+

string concatenation

++

addition

--

subtraction

**

multiplication

//

division

All these operations can be used as postfix or prefix. Usage as prefix (e.g. ++5) means
  
while the operator given as postfix means
  
E.g. if the value of the field counter is 5, and the mapping value for this field is --3, the resulting
value will be 2 (= 5-3). If the mapping value is 8--, the result will be 3 (= 8-5).
All operators except the string concatenation operator (+), only work with numeric values. If any
operation value is not numeric or a division by zero occurs, the field will be set to the string NaN
(Not a Number).
Instead of provoding a fixed value, it is also possible to give a reference to any other field of the
FIR. A reference is given with the prefix & followed by the field’s name. If no operation is defined,
the reference just copies the value of the referenced field.
If any of these operators appears in a string, which should be assigned to the field, this string
must be written in quotes. If a quote appears in a quoted string, it has to be escaped with
backslashes (\).
Some examples:
•

++5 increases the field’s value by 5.

•

5++ increases the field’s value by 5 (same as above).

•

--1 decreases the field’s value by 1.

•

10-- sets the field’s value to 10 minus its old value.

•

2** doubles the field’s value.

•

++&count increases the field by the value stored in the field named count.

•

&count is replaced by the value of the field count.

•

PREFIX+ adds the string PREFIX to the beginning of the field’s value.

•

+POSTFIX appends the string POSTFIX to the end of the field’s value.

•

"--&count" sets the field’s value to the value of the count field decreased by one.

Chapter 9. Component-specific configuration

95

The Rules definition window

The rules definition dialog

Definition of Rules Map Type (RMT)
A rules map type is a logical unit to handle correlation between events. Like message map types,
rules map types are used to process data streams for one or more emitters, but a RMT can also
handle several data streams having different primary and secondary data types.

RMT parameters and their setting in the configuration file
The configuration of rules map types is similar to configuration of message map types. This is the
configuration line of the example above:

001
...
...
002

msgclsfsrv=run!msgclsfsrv -P 11010,port!11010,targets!tecfmtemit;cmdemit .
;calaproxy;reportemit;snmpemit;smtpemit,types!map_sev,rules!test_rule,c .
onf!port;run;targets;types;rules
test_rule=for!reportemit,type!tec;cala_test,corrkey!$CLASS;L;sub_source .

96

...

;L,rulesmaps!tr_map.rmp;tr_map

Example 9-56. An example msgclsfsrv configuration with a rules map type definition

rules instruction
The rules instruction lists the RMTs used by the message classification server.
001

rules!{;}

Figure 9-44. Format of rmt rules instruction

001

rules!test_rule

Example 9-57. Example Format of rmt rules instruction

RMT configuration line

001
...
...
...

=for!{;},type!;{;;},rulesmaps!;{;rulesmap filename>;}, corrkey!;{;;}

Figure 9-45. Format of rmt configuration line

001
...

test_rule=for!reportemit,type!tec;cala_test,corrkey!$CLASS;L;sub_source; .
L, rulesmaps!tr_map.rmp;tr_map

Example 9-58. Example rmt configuration line

RMT configuration line parameters
for instruction
The for instruction sets the targets the rule is to be used for. If no for parameter is defined,
this rule is used for every target. The target emitters are listed in the textbox Emitters.

97

001

for!{;}

Figure 9-46. Format of rmt for instruction

001

for!reportemit

Example 9-59. Example rmt for instruction

Explanation: This rule is processed for each event queued for the emitter reportemit.
type instruction
This describes the data type combinations (primary/secondary) which are applied to this
RMT definition.
Events which do not match any of these types are passed through the rules processing.
Unlike the type instruction of message map types, the type instruction for rules map types is
able to process more than one data stream therefore the primary and secondary data types
are not given in text fields but the table Data types.
001

type!;{;;}

Figure 9-47. Format of rmt type instruction

001

type!tec;cala_test

Example 9-60. Example of rmt type instruction

rulesmaps instruction
The rules map instruction gives a list of rules map files to be used with this RMT. Each rules
map file must be specified by its filename and a logical identifier, which is used to define the
files format later. (See table Corresponding Rules Maps in settings window.)
001
...

rulesmaps!;{;;}

Figure 9-48. Format of rmt rulesmap instruction

001

rulesmaps!tr_map.rmp;tr_map

Example 9-61. Example rmt rulesmap instruction

98

Explanation: The above example defines the Rules Map tr_map whose Rules Map data are
stored in the rules map tr_map.rmp file.
corrkey instruction
The corrkey instruction defines the field names (slots) which should be used for correlation
detection purposes. Corrkeys are configured and used like dupekeys , refer to the dupekey
instruction explained above.
001

corrkey!$CLASS;L;sub_source;L

Example 9-62. Example of rmt corrkey instruction

Another example of a complete RMT definition

001
...

samplerule1=for!tecfmtemit,type!v2;MQ;tec;ntevtlog,rulesmaps!rulesmap1.r .
mp;rulesmapfmt1;rulesmap2.rmp;rulesmapfmt2,corrkey!$CLASS;L;msg;L

Example 9-63. Another example of a complete RMT definition

Explanation of the example:
•

One RMT definition with the name samplerule is defined.

•

Each event which is queued for tecfmtemit is passed through this rule

•

This RMT is used on events with primary type v2, secondary type MQ or primary type tec and
secondary type ntevtlog

•

The rules map definitions are rules mapfmt1 (described by the file rulesmap.rmp),
rulesmapfmt2 (described by the file rulesmap2.rmp)

•

The event’s class and the slot msg are used for this RMT type for correlation detection.
Designator designates the use of the complete string (from left) for correlation detection.

99

The Rules maps window
To specify the format of a rules map file, open the rules maps window. This window looks very
similar to the message map definition window, but has an additional table Conditions. To load the
rules map file into an editor, press the Edit button.

The rules maps dialog

Rules Map Parameters and their setting in the configuration file
A format description must exist for every Rules Map file stored in the configuration file
logctlsrv.conf .

001
...
...

=key!;{;;{;},fields!{;},ext_conditions .
!;{;;}

Figure 9-49. Format of rules map definition

The new extended conditions parameter (ext_conditions) works like the conditions
parameter with the enhancement, that only parts of a field can be used for a condition. This for
example is useful, if only a part of a field is interessting. For a definition of the text format see
msgclsfsrv Text Formatting .
If ext_conditions and conditions are both used in the same rules map, the entries for the
extended contion fields have to appear after the conditions entries.

100

001
...

tr_map=key!$CLASS;L,conditions!sub_source;~count,fields!~count;count;$AC .
TION

Example 9-64. Example rules map definition

The slot names following the keyword key (at least 1 slot) are related to the Rules Map
assignment.
The slot names given as conditions (keyword conditions) are checked before executing the rule.
If the rule is executed (all conditions are fulfilled), the slot names which follow the keyword fields
are mapped using the values for the relevant line/column. This means that all event slot names
can be used for key, for condition and for field.
To understand how the rules engine works, some further definitions are needed.

Definition Base Event
Any received event can be kept in memory to be compared with the new received events for
correlation handling. These events are called base events.

A fileservers client has to be monitored. If the fileserver is not reachable, an event of class
FILESERVER_DOWN is received. If the fileserver is reachable again, an event
FILESERVER_UP is expected.
When receiving a FILESERVER_DOWN, a base event is created, which will be deleted if a
FILESERVER_UP event occurs.
If more than one clients send a FILESERVER_DOWN, the base event can be modified to hold
e.g. a list of all clients which tried to access the server.

Example 9-65. Example of rules engine usage with base events

Slots of the base event can also be used in the conditions and fields statements with using a ~ as
prefix. (E.g. to check against the field count of the base event, ~count should be written.)

Reserved fieldnames and their meaning
The rules engine defines a few internal slots which are required for internal processing. Most of
them can also be forwarded as external slots (to the T/EC).
The slots that are used internal only are $TIMER and $ACTION . They should only be set by the
rules map, but not be used in the correlation key, the conditions statement or as a reference.

field name

Chapter 9. Component-specific configuration

description

101

field name

description

$TIMER

If this field is set by a rules map to any positive value
secs, a timer is started for the base event. If no
correlating event is received within secs seconds,
the timer is stopped and an event of class
_TIMER_ is created, which
can be processed by the rules map. The timer is also
stopped, if any correlating event is received. Setting
$TIMER to any value <= 0 deactivates it.

$ACTION

This fields specifies which action on the event
storage has to be done, for further information see
below.

$CREATION_TIME

This slot is set only in base events and contains the
time,the base event was created (in seconds since
1.1.1970).

$TIME_NOW

This slot contains the current time in seconds since
1.1.1970.

$CORRKEY

Name of the correlation key to use (usage is analog
to $DUPEKEY in message maps)

By setting the field $ACTION, the base event storage can be handled. If set to one of the following
fields, the described action will be started:
_ CREATE:BASE _
copies the received event into the event storage (to be a new base event), no event will be
sent to the targets.
_ DISCARD:BASE _
deletes the correlating base event from the storage (no event will be sent to the targets)
_ DISCARD:CURRENT _
deletes the currently received event and leaves the event storage untouched. (no event will
be sent to the targets)

By setting $ACTION to one of the following values, any modification of the event storage is
possible and a FIR will be sent to the targets:
_CREATEANDSEND: _
like _ CREATE:BASE _ but also sends an event to the targets
_SENDANDDISCARD:_
like _ DISCARD:BASE_ but also sends an event to the targets
_SEND:_
sends an event to the targets (does not create or delete any base event)

102

 can be set to BASE to send the base event, or to CURRENT to send the current received
event. If  is neither set to BASE nor to CURRENT, its value is interpreted as a slot within the

currently received (and modified) event. This slot must contain a FIR-string in the format:
001

={;=}

The created FIR has the same class and data types like the FIR it was created from (the
currently received one). To change the class or data types, the special fields $CLASS, $PRITYPE
and $SECTYPE can be used.

Condition values
Instead of mapping fields (which are used like message map mapping fields), condition fields are
only compared with the event s fields the value of the fir field is not modified. The following
operators (given as prefix with the fields value) can be used (single or combined):
>
is true if the event field s value is greater than the following one (for numbers only)
<
is true if the event field s value is lower than the following one (for numbers only)
=
is true if the event field s value is the same as the following one (for numbers and strings)
!
inverts the following operator, if ! is given without any value, it returns true, if the event field
does not exist
*
is true for all values if the event field exists
If no operator is given, a string comparison is performed.

<10 is true if the value of the FIR field is lower than 10
!>12 is true if the value of the FIR field is not greater than 12 (same as <= 12 )
!=4 is true if the value of the FIR field is not 4 (same as <>4 )
!=four is true if the value of the FIR field contains not the string four
=four is true if the value of the FIR field contains the string four
four is true if the value of the FIR field contains the string four

Example 9-66. Some example conditions

103

Rules Map Example
Now we have the background information to understand the rules example. Here s the
configuration line again:

001
...

tr_map=key!$CLASS;L,conditions!sub_source;~count,fields!~count;count;$AC .
TION

Example 9-67. Example rules map definition

The rules map file may have the following entries (# prefixes comment lines)

001
002
003
004
005
006

# key condition condition field field special field
#$CLASS (key) sub_source ~count ~count count $ACTION
CALA_Testevent ascfileread ! 1 ~count _ CREATEANDSEND:CURRENT_
CALA_Testevent ascfileread 1 2 ~count _ DISCARD:BASE_
CALA_Testevent * ! 1 ~count _ CREATEANDSEND:CURRENT_
CALA_Testevent * * ++1 ~count _ SEND:CURRENT_

Example 9-68. Example rules map file

Explanation of this example:
•

The only class handled by this rules map is CALA_Testevent . (See first column. Such events
are generated when calling logctlcmd test.)

•

The lines 003-004 implement a filter for test events generated from ascfileread: every
second event is suppressed.

•

Line 003 means: If event is from class CALA_Testevent and sub_source is ascfileread and
the field count is not set in the base event (which is true if no base event is currently created)
then create a base event and set its field count to 1, copy the base event’s count field to the
currently received event and send this event to the target.

•

Line 004 means: If event is of class CALA_Testevent and sub_source is ascfileread and
field count of the base event is set to 1, then discard both, the base event and the currently
received one. (The settings of the count fields don t have any effect in this case).

•

The two lines 005-006 implement a counter for test events. The field count will be set to the
number of test events which occurred for the same sub_source.

Remember that base events are found with the correlation key, which is defined to
$CLASS;L;sub_source;L in this example (see description of Rules definition window).
What happens if any test events from ascfileread arrive?
The first test event from ascfileread creates a base event and is forwarded to the emitter (it’s
count field is set to 1). The base event is created with the correlation key
CALA_Testeventascfileread.
When a second test event from ascfileread is received, the base event is found with count=1
and therefore, both events (the arrived and the base event) are discarded.

104

The third event will be treated like the first, because no base event with the correlation key
CALA_Testeventascfileread will be found . The fourth one gets the same processing like the
second, and so on.

105

Completer definition window
A completer delivers final completion of event processing, independently of primary or
secondary data type.

The completer definition dialog

Completers are used to complete events, i.e. slot contents are mapped, deleted or created.
Completer instructions are performed after processing of message and rules maps.

Completer Parameters and their setting in the configuration file
These are the configuration lines created for the completer definition shown above:

001
...
...
002

msgclsfsrv=run!msgclsfsrv -P 11010,port!11010,targets!tecfmtemit;cmdemit .
;calaproxy;reportemit;snmpemit;smtpemit,completers!report_cpl,types!map .
_sev,rules!test_rule,conf!port;run;targets;completers;types;rules
report_cpl=for!reportemit,fill!report_flag;1,if!sub_source

Example 9-69. An example msgclsfsrv configuration using a completer

completers instruction
The completers instruction holds a list of completers used by the message classification
server.

106

001

completers!{;}

Figure 9-50. Format of completers instruction

001

completers!report_cpl

Example 9-70. Example completers instruction

Completers configuration line

001
...
002
...

=for!{;},fill!;{;;},unless!{;}
=for!{;},fill!;< .
value>{;;},if!{;}

Figure 9-51. Format of completers configuration line

The first format (line 001) maps one or more slots with the defined value(s) provided that
one or more slots do not exist. The second format (line 002) maps one or more slots with
one or more defined values provided that one or more slots exist.This mechanism is typically
used when setting default slots or when deleting slots which are not required.
Any desired number of if and unless instructions can be used combined in a completer
instruction.
001

report_cpl=for!reportemit,fill!report_flag;1,if!sub_source

Example 9-71. Example completers configuration line
Explanation of the example:

Completer report_cpl maps the slot report_flag to if a slot sub_source exists.
001

generalcpl1=for!tecfmtemit,fill!source;CALALOGS,unless!source

Example 9-72. Another completer example

Explanation:
Completer generalcpl1 maps the source slot with the CALALOGS value provided that this
slot does not exist.

107

Remapper definition window

The remapper dialog

Remappers are used to re-map class names and field names, although this does not apply to
their contents. The Remapper works in the same way as the completer on all events (FIRs).

Remapper parameters and their setting in the configuration file
The following configuration lines are created for the remapper definition in the window above:

001
...
...
...
002

msgclsfsrv=run!msgclsfsrv -P 11010,port!11010,targets!tecfmtemit;cmdemit .
;calaproxy;reportemit;snmpemit;smtpemit,completers!report_cpl,remappers .
!smtpemit_remap,types!map_sev,rules!test_rule,conf!port;run;targets;com .
pleters;remappers;types;rules
smtpemit_remap=for!smtpemit,fieldalias!msg;MSGBODY

Example 9-73. An example msgclsfsrv configuration using a remapper

remappers instruction
The remappers instruction holds a list of remappers used by the message classification
server.
001

remappers!{;}

Figure 9-52. Format of remappers instruction

108

001

remappers!smtpemit_remap

Example 9-74. Example remappers instruction

Remappers configuration line
For each remapper, there is a remapper configuration line.
001
...
...

=for!{;},fieldalias!;{;;},classalias .
!;{;;}

Figure 9-53. Format of remapper configuration line

001

smtpemit_remap=for!smtpemit,fieldalias!msg;MSGBODY

Example 9-75. Example remapper configuration line

Both field- and class-alias are optional but at least one alias has to be defined. The example
remapper renames the field msg to MSGBODY before sending the event to the emitter
smtpemit.
001

remapclass=for!reportemit,classalias!Logfile;CALA_Logfile

Example 9-76. Another example for a remapper configuration line

Explanation of the example
The Remapper remapclass re-maps the class name logfile to the CALA_Logfile.

109

Auxkeys definition window
The auxkeys parameter defines an additional (list of) key(s) used for duplicate or correlation
detection. Auxkeys are used to specify different dupe- or corrkeys for each map or rule. To use
an auxkey as dupekey, a map has to set the field $DUPEKEY with the auxkeys label. A rules
map must set the $CORRKEY field with the auxkeys label for this.
This is an example message map which sets different dupekeys for each map (assuming that the
aukeys dupekey_calatest , dupekey_diskspace and dupekey_su_failure are defined in
logctlsrv.conf - see below):

001
002
003
004

#$CLASS (key) $DUPEKEY
CALA_Testevent dupekey_calatest
Solaris_Disk_Space dupekey_diskspace
Solaris_Su_Failure dupekey_su_failure

Example 9-77. An example message map using auxkeys

The auxkeys definition dialog

Auxkeys parameters and their setting in the configuration file

001
...
...
...
002
003

msgclsfsrv=run!msgclsfsrv -P 11010,port!11010,targets!tecfmtemit;cmdemit .
;calaproxy;reportemit;snmpemit;smtpemit,completers!report_cpl, remapper .
s!smtpemit_remap,types!map_sev,rules!test_rule,auxkeys!errcode1;locatio .
n,conf!port;run;targets;completers;remappers;types;rules;auxkeys
errcode1=$CLASS;L;errcode;N
location=$CLASS;L;location;L

Example 9-78. An example msgclsfsrv configuration using auxkeys

110

auxkeys instruction
The auxkeys instruction holds a list of auxkeys used by the message classification server
and its subcomponents.

001

auxkeys!{;}

Figure 9-54. Format of auxkeys instruction

001

auxkeys!errcode1;location

Example 9-79. Example auxkeys instruction

Auxkeys configuration line
Each auxkey has to be defined in a configuration line of its own.
001

=;{;;}

Figure 9-55. Format of auxkeys configuration line

Further information on the text position parameter can be found in the annex.
001
002

errcode1=$CLASS;L;errcode;N
location=$CLASS;L;location;L

Example 9-80. Examples auxkeys configuration line

The example defines two auxkeys errcode1 and location which can be used within
message maps rules maps for duplication or correlation detection.

the msgclsfsrv flowlimiter
The msgclsfsrv flowlimiter is a component of the msgclsfsrv which can be used to control the
number of events send to the targets. It detects event storms and stops event forwarding until the
event occurance has reached a normal value.

001
...
002
003
...
004

msgclsfsrv=run!msgclsfsrv -P 11010,port!11010,targets!reportemit,flowlim .
iters!reportemit;fl_reportemit,conf!run;port;targets;flowlimiters
fl_reportemit=eventquota!10;100;30,eventperiod!300,unblock!30;50;60,blo .
ckedevent!fl_event,unblockedevent!fl_event2,logfile!fl_reportemit.fir
fl_event=$PRITYPE=tec;$SECTYPE=CALA_FLOWLIMITER;$CLASS=FLOWLIMITER_BLOC .

111

...
005
...

K;msg=FLOWLIMITER is blocking some events: $FLOWLIMITER_BLOCKED_INFO
fl_event2=$PRITYPE=tec;$SECTYPE=CALA_FLOWLIMITER;$CLASS=FLOWLIMITER_UNB .
LOCK;msg=FLOWLIMITER unblocked: $FLOWLIMITER_BLOCKED_INFO

Example 9-81. An example msgclsfsrv configuration using auxkeys

flowlimiters instruction
The flowlimiters instruction configures the targets to be supervised by the flowlimiter. A
flowlimiter entry consists of two entries: the name of the target and a symbolic name of the
corresponding flowlimiter configuration. Several entries are separated by semicolons.
001

flowlimiter!;{;;}

Figure 9-56. Format of flowlimiter instruction

001

flowlimiters!reportemit;fl_reportemit

Example 9-82. Example flowlimiter instruction

Note: When using flowlimiters for several targets, one flowlimiter should be defined for each of
this targets. Using the same flowlimiter (the same flowlimiter name) for serveral targets is not
supported.

flowlimiter configuration line
A flowlimiter configuration line is identified by the flowlimiters name. It contains the
configuration of the flowlimiter e.g. the number of events which are allowed to pass in a
specified period.
001
...
...
...

=eventquota!;;{;;;},eventperiod!,u .
nblock!;;,blockedevent!,unblockedevent!,logfile!

Example 9-83. Format of the flowlimiter configuration line

001
...

fl_reportemit=eventquota!10;100;30,eventperiod!300,unblock!30;50;60,bloc .
kedevent!fl_event,unblockedevent!fl_event2,logfile!fl_reportemit.fir

Example 9-84. An example flowlimiter configuration line

112

eventquota

The eventquota instruction defines the conditions for detecting an event storm. It takes
three arguments:
•

the time period for the limits described below

•

the maximum number of events for a single stream

•

the maximum number of events overall streams

These three arguments are separated by semicolons and may be repeated to define
several time periods.
001
...

eventquota!;;{;;;}

Figure 9-57. Format of eventquota instruction

001

eventquota!130;0;100

Example 9-85. Examples eventquota configuration line

The example defines a time period of 30 seconds and a limits of 10 events for a single
datastream and 100 events overall.
If more than 10 events for a single data stream arrive within a period of 30 seconds, the
11th and all following events are blocked by the flowlimiter.
The overall limit is hit, if there have been 100 events sent within the last 30 seconds.
The 101st event and all following will be blocked.
Blocked events are written to a logfile configured in the logfile instruction. If an event
storm has detected, an information event configured by the blockedevent instruction is
generated.
eventperiod

The eventperiod statement specifies the period of informational events.
001

eventperiod!

Figure 9-58. Format of eventperiod instruction

001

eventperiod!300

Example 9-86. Examples eventperiod configuration line

The example eventperiod configuration specifies a period of 300 seconds. As long as
any datatype is blockedby the flowlimiter, an informational event is created each 300
seconds.

113

unblock

The unblock instruction is the counterpart of the eventquota instruction. It defines the
conditions to unblock a data stream and resume event delivering. It takes the same
arguments as the eventquota instruction, but only a single triplet.
•

the time period for the limits described below

•

the maximum number of events for a single stream

•

the maximum number of events overall streams

001

unblock!;;

Figure 9-59. Format of unblock instruction

001

unblock!60;30;50

Example 9-87. Examples unblock configuration line

If a single datastream has been blocked, it is unblocked if within 60 seconds not more
than 30 events arrive for this datastream.
If a general block occured (all datastreams are blocked), it is unlocked if not more than
50 events are procssed within 60 seconds.
blockedevent and unblockedevent

The blockedevent and unblockedevent statements specify the events the be sent, if
an event storm starts or ends. They both just take one argument: the identifier of the
event configuration. The event configuration is specified in an own line.
001

blockedevent!,unblockedevent!

Figure 9-60. Format of blockedevent and unblockedevent instructions

001
002
...
003
...

blockedevent!fl_event,unblockedevent!fl_event2
fl_event=$PRITYPE=tec;$SECTYPE=CALA_FLOWLIMITER;$CLASS=FLOWLIMITER_BLOC .
K;msg=FLOWLIMITER is blocking some events: $FLOWLIMITER_BLOCKED_INFO
fl_event2=$PRITYPE=tec;$SECTYPE=CALA_FLOWLIMITER;$CLASS=FLOWLIMITER_UNB .
LOCK;msg=FLOWLIMITER unblocked: $FLOWLIMITER_BLOCKED_INFO

Example 9-88. Examples blockedevent and unblockedevent configurations

The event definition is configured in an own line, starting with the event name and
following the format:

114

001

=;{;;}

Figure 9-61. Event definition

The special string $FLOWLIMITER_BLOCKED_INFO in a slot value is replaced with
additional information about blocked/unblocked data streams.
Note: Since the flow limiter is the last component of msgclsfsrv, the created events do not
pass any mappers, remappers or completers.

logfile

The logfile statement specifies the name of the file to receive blocked events. Each
event is written to an own line, event format is the same as described above (
blockedevent and unblockedevent statements).
001

logfile!

Figure 9-62. Format of logfile instruction

001

logfile!blocked_events.dmp

Example 9-89. Examples logfile configuration line

This example defines the events to be written to a file blocked_event.dmp within the
cala directory.

msgclsfsrv command line parameters
There are currently no additional command line parameters for msgclsfsrv.

115

calaproxy
The calaproxy is a simple server process to forward events to one or more targets. It was
designed for use in a DMZ (Demilitarized Zone).

calaproxy specific parameters and their setting in the
configuration file
This is the configuration line created from the settings window:

001
...

calaproxy=run!calaproxy -P 11022,port!11022,targets!remote_emit, conf!po .
rt;run;targets

Example 9-90. An example configuration line for calaproxy

116

There are no special parameters for calaproxy. For description of standard parameters see
Common settings.

calaproxy command line parameters
There are currently no additional command line parameters available for calaproxy.

117

tecfmtemit
The T/EC format emitter tecfmtemit converts events from CALA’s FIRs format into a string
format which is understood by Tivoli components. The T/EC interface server tecifcsrv will send
this string to the T/EC.

The tecfmtemit settings dialog

tecfmtemit specific parameters and their setting in the
configuration file
This is the configuration line created from the settings window:

118

001
...

tecfmtemit=run!tecfmtemit -1120,port!1120,targets!tecifcsrv, conf!port;r .
un;targets

Example 9-91. An example configuration line for tecfmtemit

There are no special parameters for tecfmtemit, for description of standard parameters see
chapter Common settings.

tecfmtemit command line parameters
There are currently no additional command line parameters available for tecfmemit.

119

tecifcsrv
The T/EC interface server sends events which are in string format to the Tivoli enterprise
console. FIRs are converted into the string format using the T/EC format emitter tecfmtemit
(see tecfmtemit).
This window defines all parameters for the CALA-T/EC communication component tecifcsrv.
Component tecifcsrv exists as a Secure Version (Tivoli ManagedNode communication), an
Endpoint-Version (Tivoli TMA communication) and as a purely un-secure TCP/IP Version (EIF
communication).

The tecifcsrv settings dialog

Note: The run instruction for NT systems must contain parameters -p .Normally, the
Default T/EC port on NT systems is set/mapped to 5529 (-p 5529).

tecifcsrv specific parameters and their setting in the
configuration file
This is the configuration line created from the settings window:

120

001
...

tecifcsrv=run!tecifcsrvend -P 11030 -h @EventServer,port!11030,conf!port .
;run

Example 9-92. An example configuration line for tecifcsrc

There are no special parameters for tecfmtemit, for description of standard parameters see
chapter Common settings.

tecifcsrv command line parameters
parameter

example

description

-p 5529

Specifies the TCP-port not set
the T/EC server is
listening on. Attention:
This parameter must
be given on NT
system, on Unix it is
optional.

-h tiv1.cenit.de

IP-Address or name of the tcp/ip hostname
the host running the
T/EC server.

-c

-c

Set communications
mode to
connectionless
communication.
(Should be used if
only few events are
send to T/EC, for
details see the Tivoli
documentation for
Event Integration
Facility.)

useconnection
oriented
communication

-C

-C

Switches usages of
one way and
connectionless
connections. (For
details see the Tivoli
documentation for
Event Integration
Facility)

not set

-p 

-h 

Chapter 9. Component-specific configuration

default value

121

parameter
-l 

example

description

default value

-l if_cala.conf

Sets the name of the
Tivoli T/EC adapter
configuration file. (For
details on the T/EC
adapter configuration
files see the Tivoli
documentation for
Event Integration
Facility.)

tecad_cala.conf

122

cmdemit
The component cmdemit is a task engine. It is used to execute various programs (binary
programs, scripts, batch programs, etc.). Any number of parameters can be issued.
The programs to be executed are taken from some special slots within the received event (see
below). These slots can be set using one of the filter components (tecfmtfilt, v2fmtfilt) or
the message classification server.

The cmdemit settings dialog

cmdemit specific parameters and their setting in the
configuration file
This is the configuration line created from the settings window:

123

001

cmdemit=run!cmdemit -P 11021,port!11021,conf!port;run

Example 9-93. An example configuration line for cmdemit

There are no special parameters for cmdemit. For description of standard parameters see
Common settings.

cmdemit command line parameters
parameter
-m

-k

example

description

default value

-m1

Sets the maximum number of child processes
allowed to run parallel. To get all child
processes called serially, specify 1.

10

-k60

Specifies the timeout (in seconds) for child
processes to terminate. If a child process
doesn t terminate within the given time, it is
killed.

60

cmdemit input events
Events sent to the command emitter need some special fields to be set.

field name

description

$COMMAND

Name of binary or script to be executed.

$NUMARGS

Number of arguments specified within this FIR.

$ARG

Argument , where  is the
argument number. The first argument is put in
a slot $ARG0, the second one in $ARG1 and so
on.

124

smtpemit
This component was created for enabling CALA to send emails from incoming events.

The settings of smtpemitdialog

smtpemit specific parameters and their setting in the
configuration file
This is the configuration line created from the settings window:

001

smtpemit=run!smtpemit -P 11025,port!11025,conf!port;run

Example 9-94. An example configration line for smtpemit

125

There are no special parameters for smtpemit. For description of standard parameters see
Common settings.

smtpemit command line parameters
There are currently no additional command line parameters available for the mail emitter.

smtpemit input events
Events sent to the mail emitter need some special fields to be set.

field name

description

SERVER

hostname or IP address of host running any
SMTP server like sendmail.

PORT

(optional) port no. on the target system
(default: 25 (SMTP))

CLIENT

(optional) Hostname or IP address of sending
system (default: local address)

SENDER

sender’s email address

SUBJECT

email subject

RECIPIENT

email address to deliver email to (several
adresses separated by comma are supported)

MSGBODY

message text

TIMEOUTSEC

(optional) timeout for TCP/IP requests to
SMTP-server (seconds) (default: 30)

TIMEOUTUSEC

(optional) timeout for TCP/IP requests to
SMTP-server (milliseconds) (default: 30)

snmpemit
The SNMP trap emitter snmpemit was designed for creating SNMP traps from CALA events
(FIRs).

126

The settings of snmpemit dialog

snmpemit specific parameters and their setting in the
configuration file
This is the configuration line created from the settings window:

001

snmpemit=run!snmpemit -P 11024,port!11024,conf!port;run

Example 9-95. An example configuration line for snmpemit

There are no special parameters for snmpemit. For description of standard parameters see
Common settings.

127

snmpemit command line parameters
parameter

example

description

default
value

-a

-a

replaces all characters >= ascii 126 with underscores not set
(some snmp consoles can handle such characters)

-w

-w

replaces all whitespace characters (tabs, linefeed,
newline etc.) with space characters (some snmp
consoles can handle such characters)

not set

snmpemit input events
Events sent to the snmp emitter need some special fields to be set.

field name

description

SNMP_VERSION

(optional) valid values are SNMPv1, SNMPv2c, SNMPv2c_INFORM,
SNMPv3 and SNMPv3_INFORM (default: SNMPv1)

TARGIP

Hostname or IP address of host to receive SNMP trap

TARPORT

(optional) port no. on the target system (default: 162)

TRANSPORT_PROTOCOL

(optional) the ip transport protocol, valid values are tcp and udp
(default: udp)

ORIGIP

(optional) Hostname or ip address of sending system (default: local
address)

NUMVARS

number of variables attach to this trap

OID

the object id of variable no.  (mostly a subtree of SENDOID)

TYPE

the type of variable no.  which must be either STRING or
NUMERIC.

VALUE

the value of variable no. 

 specifies a number between 1 and $NUMVARS. For each variable the three fields OID, TYPE
and VALUE followed by the variables number have been defined.

Depending on the used SNMP version there are additional fields needed:

SNMPv1
field name

description

SENDOID

(optional) the object id of the sending system (default: .1.3.6.1.4.1.8235
iso.org.dod.internet.private.enterprises.cenit)

COMMUNITY

the SNMP community

TRAPTYPE

(optional) the type of this trap

SPECTYPE

(optional) the specific type of this trap

128

SNMPv2c
field name

description
the SNMP community

COMMUNITY

SNMPv3
field name

description

SECURITY_LEVEL

the security level, valid values are noAuthNoPriv, authNoPriv and
authPriv

AUTH_ENGINE_ID

the id of autoritative security engine (hexadecimal no. starting with 0x)

CONTEXT_ENGINE_ID

(optional) the id of the context engine (default: same as
AUTH_ENGINE_ID)

AUTH_USER

the security name for SNMPv3 authentification

AUTH_PASSPHRASE

the authentification passphrase

AUTH_PROTO

(optional) the authentification protocol valid values are MD5 and SHA
(default: MD5)

PRIV_PASSPHRASE

the privacy passphrase

PRIV_PROTO

(optional) the privacy protocol, the only valid value is DES (default:
DES)

CONTEXT_NAME

(optional) the destination context name (default: empty)

ENGINE_BOOTS

(optiona) engine boots count (default: 1)

ENGINE_TIME

(optional) the engine time (default: current time)

Depending on the selected security level, the fields beginning with AUTH_ and PRIV_ are
needed or not.

Hint for SNMPv2c and SNMPv3 users
When using SNMPv2c and SNMPv3 the first two variables are defined to have special meanings
as described below. (For details refer to RFC 2576.)
The first variable is called sysUpTime and contains the system uptime, it is from type TIMETICKS
and has the OID 1.3.6.1.2.1.1.3.0. If VALUE is set to 0, the snmpemit sets it to the current
time..

001
002
003

OID1=1.3.6.1.2.1.1.3.0
TYPE1=TIMETICKS
VALUE1=0

Example 9-96. Setting sysUpTime to current time

129

The second variable, the snmpTrapOID contains the traps oid which is the enterprise OID
followed by .0. and the trap type or one of the following pre-defined values:
•

1.3.6.1.6.3.1.1.5.1 (coldStart)

•

1.3.6.1.6.3.1.1.5.2 (warmStart)

•

1.3.6.1.6.3.1.1.5.3 (linkDown)

•

1.3.6.1.6.3.1.1.5.4 (linkUp)

•

1.3.6.1.6.3.1.1.5.5 (authenticationFailure)

•

1.3.6.1.6.3.1.1.5.6 (egpNeighborLoss)

The snmpTrapOID variable is from type OBJID.

001
002
003

OID2=.1.3.6.1.4.1.8235.0.1
TYPE2=OBJID
VALUE2=0

Example 9-97. Setting the snmpTrapOID variable

130

mysqlemit
The MySQL emitter is a component for writing events into a MySQL database. The CALAGUI
doesn’t currently support mysqlemit, so it has to be configured manually or using the CALA
Configurator (see CALA Configurator Basics and Details ).

mysqlemit specific parameters and their setting in the
configuration file
The mysqlemit supports several parameters for database and eveet configuration, this is a
sample configuration line:

001
...
...
...
...
...
...

mysqlemit=run!mysqlemit P 22012 -Hmysqlserv,port!22012,database!cala,dbu .
ser!calaweb;0e0e1908150e1300,tableconf!db_id;default;%s_new;%s_history, .
ok_status!0,dbfields!$HOSTNAME;hostname;k+;$area;area;k+;$info;info;k*; .
$CTIME;date;dao;msg;msg;ma;status;status;s;$ORIGIN;adapterhost;;$LOGFIL .
ENAME;source;;value;value;a;$CTIME;since;d;$mode;mode;a,logfile_type!$m .
ode;2,conf!run;port;database;dbuser;ok_status;dbfields;tableconf;logfil .
e_type

Example 9-98. An example mysqlemit configuration line

database instruction
This defines the database to be used
001

database!

Figure 9-63. Format of database instruction

001

database!cala

Example 9-99. Example database instruction

dbuser instruction
The dbuser instruction sets the database user and password. The password has to be given
encrypted, use the Monitoring Manager to encrypt the password. (Use the password dialog
from the Tools menu, for ruther information refer to the CalaMoMa User’s Guide.)
001

dbuser!;

Figure 9-64. Format of the dbuser instruction

131

001

dbuser!calaweb;0e0e1908150e1300

Example 9-100. Example the dbuser instruction

tableconf instruction
This configures the table(s) to be used.
The mysqlemit can be configured to use different database tables depending on event slots.
The first parameter of this instruction defines the FIR field to be used for the table name
assembling.
The second parameter is a default value for events which don t have set that field.
The third parameter is a mask string to be used to create the table name. It may contain a %s
which would be replaced by the value taken from the FIR field. If no %s is used within this
string, the first two fields of this instruction are ignored.
The last parameter is a mask for another table the history table. The mysqlemit uses two
tables: one table for current events, and another, a history table, for out-of-date events.
Monitor events are first written into the current events table. If a new value from the same
monitor is received, the old event is moved to the history table and the current event table
receives the new one.
001

tableconf!;;;

Figure 9-65. Format of tableconf instruction

001

tableconf!db_id;default;%s_new;%s_history

Example 9-101. Example tableconfinstruction

ok_status instruction
This instruction tells the mysqlemit which status value means that everything is ok.
This is used when overwriting events in the current events table and moving them to the
history table. If the status is ok, an event is only moved to the history table, when its status
switched to not ok, no matter if any message field changes or not. (That is because status
changes aren’t from historical interest as long as the main status is ok.)
If an event is in the not ok status, it s also moved if any of the message fields change,
because this could be needed for problem diagnistics.
001

ok_status!

Figure 9-66. Format of db_status instruction

132

001

ok_status!0

Example 9-102. Example db_status instruction

dbfields instruction

This instruction maps event fields to database fields and classificates them.
Each field mapping consists of three parameters:
•

the FIR field

•

the corresponding database field (row)

•

the field classification flags

The following table shows the available field classification flags an their meanings. Each field
may have set none, one or several flags. Be aware, that the commas have to be configured,
even if there is no flag to set for a field.
flag

name

description

k

is keyfield

This is a database keyfield, used to identify
corresponding events.

s

is statusfield

This is a status field, see description of the
ok_status instruction for special handling of status
fields.

m

is message field

This is a message field, see description of the
ok_status instruction for special handling of
message fields.

d

is date field

This field contains a data, which needs special
handling when writing it to the database.

l

lower case field

This field’s name will allways be set to lower case
spelling.

a

update always

This field should always be updated in the
database, even if neither status nor message fields
changed.

o

overlay

If an event is moved to the history database, the
overlay fields from the new (replacing) event is
copied into the old event. (Useful to save the
end-time of a status.)

S

update if status changes Specifies the field only to be updated if the status
changes.

O

update if status changes Specifies the field only to be updated, if the status
to ok
switches to ok (overrides S).

+

remove dummy keyfield

FSM internal: this is a keyfield for dummy entries

*

remove dummy empty

FSM internal: this is empty for dummy entries

001

133

002

dbfields!,,{,,,}

Figure 9-67. Format:

001
002
...
...

dbfields!$HOSTNAME;hostname;k+;$area;area;k+;$info;info;k*;$CTIME;date; .
dao;msg;msg;ma;status;status;s;$ORIGIN;adapterhost;;$LOGFILENAME;source .
;;value;value;a;$CTIME;since;d;$mode;mode;a

Example 9-103. Example:

mysqlemit command line parameters
parameter

example

description

default value

-H 

-H mysqlserv

sets the database
server

localhost

-L 

-L 30

sets the timeout for
SQL operations (in
seconds)

infinite

134

jdbcemit
The jdbc emitter implements a generic database emitter component similar to mysqlemit. It uses
javas’ jdbc interface to access the database and can therefore be used to access any database
for which a jdbc driver is available.

jdbcemit specific parameters and their setting in the
configuration file
The configuration of the jdbcemit is very similar to the configuration of mysqlemit.
These are few differences:
•

Additional command line parameters for the java virtual machine (e.g. classpath settings) can
be passed before the component parameters are given. This parameters must at least add the
CtkDB.jar file to the classpath. End the java parameters with two dashes.

•

The database name consists of three parts:
•

the jdbcemit java classname (de.cenit.eb.sm.ctk.db.DefaultCTKDatabaseDriver by
default)

•

the jdcb driver class

•

the jdbc database URL

These parts are separated by colons.

001
...

de.cenit.eb.sm.ctk.db.DefaultCTKDatabaseDriver:com.mysql.jdbc.Driver:jdb .
c:mysql://localhost/cala

Example 9-104. An example database string for jdbcread
This example uses mysqls’ jdbc driver to connect to the database. The jdbc driver class is
com.mysql.jdbc.Driver, the database url is jdbc:mysql://localhost/cala. The java
interface of jdbcemit is implemented in the
de.cenit.eb.sm.ctk.db.DefaultCTKDatabaseDriver class.

001
...
...
...
...
...
...
...
...

jdbcemit=run!jdbcemit -Djava.ext.dirs=../tools/de.cenit:../tools/com.mys .
ql -- -SR -P 23848 -Hlocalhost,port!23848,database!de.cenit.eb.sm.ctk.d .
b.DefaultCTKDatabaseDriver:com.mysql.jdbc.Driver:jdbc:mysql://localhost .
/cala,dbuser!webtpladmin;00001204190d081409081e00,tableconf!customer;fi .
lenet;%s_new;%s_history,ok_status!0,dbfields!$HOSTNAME;hostname;k+;$are .
a;area;k+;$info;info;k*;$CTIME;date;dao;msg;msg;ma;status;status;s;$ORI .
GIN;adapterhost;;$LOGFILENAME;source;;error_id;error_id;a;$unit;unit;;v .
alue;value;a;$CTIME;since;d;$mode;mode;a,logfile_type!$mode;2,conf!run; .
port;database;dbuser;ok_status;dbfields;tableconf;logfile_type

Example 9-105. An example jdbread configuration using a mysql connector for
connection to the local database fndsdb

135

The jdbc emitter needs a java 1.4 or higher virtual machine to be in the library path.
For further configuration information refer to section mysqlemit.

136

reportemit
The reportemit component is used for creating reports from received events.

The settings of reportemit dialog

reportemit specific parameters and their setting in the
configuration file
The configuration line for the report emitter looks like this

001
...
...
...

reportemit=run!reportemit -P 11023,port!11023,dest_file!/home/cala/repor .
ts/default.rep,report_slots!date;msg,critical_slot!report_flag;1,report .
_file!tec;solaris_syslog;DEFAULT;sun.rep;tec;nt_security;nt_security.tp .
l;nt_security.rep,conf!port;run;dest_file;report_slots;critical_slot;re .

137

...

port_file

Example 9-106. An example configuration line for reportemit

dest_file instruction
This defines a default report file each data stream not given in the template table will be
reported to this file.This file is written in a format similar to the output of the Tivoli tool
wtdumprl. The destination file is taken from the text field Destination file
001

dest_file![:]

Figure 9-68. Format of dest_file instruction

001

dest_file!/home/myuser/reports/default.rep

Example 9-107. Example dest_file instruction

The example tells reportemit to write its events to /home/myuser/reports/default.rep
unless the template table specifies another file.
The name of the output file may contain various % expressions for date and time. (A new file
is created if one parameter changes.) The following expressions are possible:
% expression

description

%a

name of the day of the week (abbreviation, 3 letters)

%A

complete name of the day of the week

%b

name of the month (3 letters)

%B

complete name of the month

%d

day in the month

%H

hour (00-23)

%I

hour (00-12)

%j

day of the year

%m

month as a number

%M

minute

%U

week in the calendar year (00-53), Sunday being the first day in each
week

%w

day of the week as a number (0=Sunday)

%W

week in the calendar year (00-53), Monday as the first day in each week

%y

year, two-digit

%Y

year, four-digit

%%

The % character

For a list of supported encoding refer to Supported character sets.

138

001

dest_file!/home/cala/reports/report_%Y%m%d.rep:UTF-16

Example 9-108. Example dest_file instruction using % expressions

This example will create a new report file each day, which will be named report_<4 digit
year>. E.g. on May 8th 2001 incoming events would be reported to the file
report_20010508.rep.
The file will be written UTF-16 encoded.
report_slots instruction
The report_slots instruction is optional. If set, it specifies which FIR fields should be
reported. If the report_slots instruction is not set, all slots will be reported. The report slots
are taken from the text area Report slots.
001

report_slots!{;}

Figure 9-69. Format of report_slots instruction

001

report_slots!date;msg

Example 9-109. Example report_slots instruction

critical_slot instruction
To specify whether a FIR should be reported by reportemit, there s the possibility to
configure a critical slot. If both field name and value are given, the reportemit reports only
FIRs having the specified value within that field, if only a field name is given, the FIR is
reported if the field exists.
The critical_slot instruction is optional. If it is not given, all received FIRs are reported.The
values of critical_slot can be given in the two text fields Critical slot.
001

critical_slot![;]

Figure 9-70. Format of critical_slot instruction

001

critical_slot!report_flag;1

Example 9-110. Example critical_slot instruction

The example specifies to report only events which have the field report_flag set to 1.

139

critical_slots instruction
The critical_slots instruction is an extension of the critical_slot instruction. It defines different
critical slots for one or more data types.

001
...
...

critical_slots!;;;{;;;;}

Figure 9-71. Format of critical_slots instruction

001

critical_slots!tec;solaris_syslog;severity;FATAL

Example 9-111. Example critical_slots instruction

There are some field values with special meanings:
*

slot exists or doesn’t exist (disables the critical slot for this data type)
+

slot exists
-

slot doesn’t exists
If there is no critical_slots configuration for any data type, the critical_slot configuration is
used as default configuration.
report_file instruction
For special reports, there is the possibility to use template files for each data stream (given
by primary and secondary data type). The data for template file handling is given in the
template table at the bottom of the window.
001
...
...

report_file!;;