{IM構築}5.6 相関イベント発行の設定

  • 物理ホスト

【1】相関イベント発行機能の起動設定

/opt/jp1cons/bin/jcoimdef -egs ON

/etc/opt/jp1cons/jco_stop
/etc/opt/jp1cons/jco_start
/opt/jp1cons/bin/jco_spmd_status


【2】相関イベント発行履歴ファイルのサイズおよび面数の設定

vim /etc/opt/jp1cons/default/egs_env.conf

[JP1_DEFAULT\JP1CONSOLEMANAGER\EVGEN]
"OPERATION_LOG_SIZE"=dword:00A00000
"OPERATION_LOG_NUM"=dword:00000005

/opt/jp1base/bin/jbssetcnf /etc/opt/jp1cons/default/egs_env.conf

/opt/jp1cons/bin/jco_spmd_reload


【3】相関イベント発行機能の起動オプションの設定

vim /etc/opt/jp1cons/conf/evgen/profile/egs_system.conf

VERSION=1

START_OPTION=warm

/opt/jp1cons/bin/jco_spmd_reload

【4】相関イベント発行定義の作成および反映

vim /etc/opt/jp1cons/conf/evgen/define/egs_def.conf

VERSION=2

[egs_test_event]
TARGET=B.SOURCESERVER==mmm181;mmm182
CON=CID:1,B.ID==1,E.SEVERITY==Emergency
CON=CID:2,B.ID==1,E.SEVERITY==Alert
TIMEOUT=30
TYPE=combination
SAME_ATTRIBUTE=E.USERNAME
CORRELATION_NUM=5
SUCCESS_EVENT=E.SEVERITY:Emergency,B.MESSAGE:[相関イベント発生]
FAIL_EVENT=E.SEVERITY:Information,B.MESSAGE:[相関イベント不成立]

/opt/jp1cons/bin/jcoegscheck -f /etc/opt/jp1cons/conf/evgen/define/egs_def.conf

/opt/jp1cons/bin/jcoegschange -f /etc/opt/jp1cons/conf/evgen/define/egs_def.conf

 

【5】動作確認


/opt/jp1base/bin/jevsend -e SEVERITY=Emergency -m test1 -i 1
/opt/jp1base/bin/jevsend -e SEVERITY=Alert -m test2 -i 1
/opt/jp1base/bin/jevsend -e SEVERITY=Critical -m test3 -i 1
/opt/jp1base/bin/jevsend -e SEVERITY=Error -m test4 -i 1


--相関イベント発行履歴ファイル
ls -l /var/opt/jp1cons/operation/evgen/
tail -f /var/opt/jp1cons/operation/evgen/egs_discrim1.log


【6】状態確認

--相関イベント発行機能状態確認
/opt/jp1cons/bin/jcoegsstatus

--相関イベント発行機能停止
/opt/jp1cons/bin/jcoegsstop

--相関イベント発行機能開始
/opt/jp1cons/bin/jcoegsstart

 

 

  • 論理ホスト


【1】相関イベント発行機能の起動設定

/opt/jp1cons/bin/jcoimdef -egs ON -h mmm190


/etc/opt/jp1cons/jco_stop.cluster mmm190
/etc/opt/jp1cons/jco_start.cluster mmm190
/opt/jp1cons/bin/jco_spmd_status -h mmm190


【2】相関イベント発行履歴ファイルのサイズおよび面数の設定

mkdir -p /mnt/sdc2/im/jp1cons/default
vim /mnt/sdc2/im/jp1cons/default/egs_env.conf

[mmm190\JP1CONSOLEMANAGER\EVGEN]
"OPERATION_LOG_SIZE"=dword:00A00000
"OPERATION_LOG_NUM"=dword:00000005

/opt/jp1base/bin/jbssetcnf /mnt/sdc2/im/jp1cons/default/egs_env.conf

/opt/jp1cons/bin/jco_spmd_reload -h mmm190

--待機系への反映

共通定義情報の出力
/opt/jp1base/bin/jbsgetcnf -h mmm190 > /root/jbscnf.txt
scp /root/jbscnf.txt mmm192:/root

共通定義情報の取り込み
ssh mmm192 "/opt/jp1base/bin/jbssetcnf /root/jbscnf.txt"


【3】相関イベント発行機能の起動オプションの設定

vim /mnt/sdc2/im/jp1cons/conf/evgen/profile/egs_system.conf

VERSION=1

START_OPTION=warm

/opt/jp1cons/bin/jco_spmd_reload -h mmm190

クラスタシステムで運用する場合にはwarmに設定

【4】相関イベント発行定義の作成および反映

vim /mnt/sdc2/im/jp1cons/conf/evgen/define/egs_def.conf


VERSION=2

[egs_test_event]
TARGET=B.SOURCESERVER==mmm191;mmm192
CON=CID:1,B.ID==1,E.SEVERITY==Emergency
CON=CID:2,B.ID==1,E.SEVERITY==Alert
TIMEOUT=30
TYPE=combination
SAME_ATTRIBUTE=E.USERNAME
CORRELATION_NUM=5
SUCCESS_EVENT=E.SEVERITY:Emergency,B.MESSAGE:[相関イベント発生]
FAIL_EVENT=E.SEVERITY:Information,B.MESSAGE:[相関イベント不成立]


/opt/jp1cons/bin/jcoegscheck -f /mnt/sdc2/im/jp1cons/conf/evgen/define/egs_def.conf

/opt/jp1cons/bin/jcoegschange -h mmm190 -f /mnt/sdc2/im/jp1cons/conf/evgen/define/egs_def.conf

 

【5】動作確認


/opt/jp1base/bin/jevsend -e SEVERITY=Emergency -m test1 -i 1 -d mmm190
/opt/jp1base/bin/jevsend -e SEVERITY=Alert -m test2 -i 1 -d mmm190
/opt/jp1base/bin/jevsend -e SEVERITY=Critical -m test3 -i 1 -d mmm190
/opt/jp1base/bin/jevsend -e SEVERITY=Error -m test4 -i 1 -d mmm190


--相関イベント発行履歴ファイル
ls -l /mnt/sdc2/im/jp1cons/operation/evgen/
tail -f /mnt/sdc2/im/jp1cons/operation/evgen/egs_discrim1.log

【6】状態確認

--相関イベント発行機能状態確認
/opt/jp1cons/bin/jcoegsstatus -h mmm190

--相関イベント発行機能停止
/opt/jp1cons/bin/jcoegsstop -h mmm190

--相関イベント発行機能開始
/opt/jp1cons/bin/jcoegsstart -h mmm190