- 物理ホスト
【1】相関イベント発行機能の起動設定
/opt/jp1cons/bin/jcoimdef -egs ON
/etc/opt/jp1cons/jco_stop
/etc/opt/jp1cons/jco_start
/opt/jp1cons/bin/jco_spmd_status
【2】相関イベント発行履歴ファイルのサイズおよび面数の設定
vim /etc/opt/jp1cons/default/egs_env.conf
[JP1_DEFAULT\JP1CONSOLEMANAGER\EVGEN]
"OPERATION_LOG_SIZE"=dword:00A00000
"OPERATION_LOG_NUM"=dword:00000005
/opt/jp1base/bin/jbssetcnf /etc/opt/jp1cons/default/egs_env.conf
/opt/jp1cons/bin/jco_spmd_reload
【3】相関イベント発行機能の起動オプションの設定
vim /etc/opt/jp1cons/conf/evgen/profile/egs_system.conf
VERSION=1
START_OPTION=warm
/opt/jp1cons/bin/jco_spmd_reload
【4】相関イベント発行定義の作成および反映
vim /etc/opt/jp1cons/conf/evgen/define/egs_def.conf
VERSION=2
[egs_test_event]
TARGET=B.SOURCESERVER==mmm181;mmm182
CON=CID:1,B.ID==1,E.SEVERITY==Emergency
CON=CID:2,B.ID==1,E.SEVERITY==Alert
TIMEOUT=30
TYPE=combination
SAME_ATTRIBUTE=E.USERNAME
CORRELATION_NUM=5
SUCCESS_EVENT=E.SEVERITY:Emergency,B.MESSAGE:[相関イベント発生]
FAIL_EVENT=E.SEVERITY:Information,B.MESSAGE:[相関イベント不成立]
/opt/jp1cons/bin/jcoegscheck -f /etc/opt/jp1cons/conf/evgen/define/egs_def.conf
/opt/jp1cons/bin/jcoegschange -f /etc/opt/jp1cons/conf/evgen/define/egs_def.conf
【5】動作確認
/opt/jp1base/bin/jevsend -e SEVERITY=Emergency -m test1 -i 1
/opt/jp1base/bin/jevsend -e SEVERITY=Alert -m test2 -i 1
/opt/jp1base/bin/jevsend -e SEVERITY=Critical -m test3 -i 1
/opt/jp1base/bin/jevsend -e SEVERITY=Error -m test4 -i 1
--相関イベント発行履歴ファイル
ls -l /var/opt/jp1cons/operation/evgen/
tail -f /var/opt/jp1cons/operation/evgen/egs_discrim1.log
【6】状態確認
--相関イベント発行機能状態確認
/opt/jp1cons/bin/jcoegsstatus
--相関イベント発行機能停止
/opt/jp1cons/bin/jcoegsstop
--相関イベント発行機能開始
/opt/jp1cons/bin/jcoegsstart
- 論理ホスト
【1】相関イベント発行機能の起動設定
/opt/jp1cons/bin/jcoimdef -egs ON -h mmm190
/etc/opt/jp1cons/jco_stop.cluster mmm190
/etc/opt/jp1cons/jco_start.cluster mmm190
/opt/jp1cons/bin/jco_spmd_status -h mmm190
【2】相関イベント発行履歴ファイルのサイズおよび面数の設定
mkdir -p /mnt/sdc2/im/jp1cons/default
vim /mnt/sdc2/im/jp1cons/default/egs_env.conf
[mmm190\JP1CONSOLEMANAGER\EVGEN]
"OPERATION_LOG_SIZE"=dword:00A00000
"OPERATION_LOG_NUM"=dword:00000005
/opt/jp1base/bin/jbssetcnf /mnt/sdc2/im/jp1cons/default/egs_env.conf
/opt/jp1cons/bin/jco_spmd_reload -h mmm190
--待機系への反映
共通定義情報の出力
/opt/jp1base/bin/jbsgetcnf -h mmm190 > /root/jbscnf.txt
scp /root/jbscnf.txt mmm192:/root
共通定義情報の取り込み
ssh mmm192 "/opt/jp1base/bin/jbssetcnf /root/jbscnf.txt"
【3】相関イベント発行機能の起動オプションの設定
vim /mnt/sdc2/im/jp1cons/conf/evgen/profile/egs_system.conf
VERSION=1
START_OPTION=warm
/opt/jp1cons/bin/jco_spmd_reload -h mmm190
※クラスタシステムで運用する場合にはwarmに設定
【4】相関イベント発行定義の作成および反映
vim /mnt/sdc2/im/jp1cons/conf/evgen/define/egs_def.conf
VERSION=2
[egs_test_event]
TARGET=B.SOURCESERVER==mmm191;mmm192
CON=CID:1,B.ID==1,E.SEVERITY==Emergency
CON=CID:2,B.ID==1,E.SEVERITY==Alert
TIMEOUT=30
TYPE=combination
SAME_ATTRIBUTE=E.USERNAME
CORRELATION_NUM=5
SUCCESS_EVENT=E.SEVERITY:Emergency,B.MESSAGE:[相関イベント発生]
FAIL_EVENT=E.SEVERITY:Information,B.MESSAGE:[相関イベント不成立]
/opt/jp1cons/bin/jcoegscheck -f /mnt/sdc2/im/jp1cons/conf/evgen/define/egs_def.conf
/opt/jp1cons/bin/jcoegschange -h mmm190 -f /mnt/sdc2/im/jp1cons/conf/evgen/define/egs_def.conf
【5】動作確認
/opt/jp1base/bin/jevsend -e SEVERITY=Emergency -m test1 -i 1 -d mmm190
/opt/jp1base/bin/jevsend -e SEVERITY=Alert -m test2 -i 1 -d mmm190
/opt/jp1base/bin/jevsend -e SEVERITY=Critical -m test3 -i 1 -d mmm190
/opt/jp1base/bin/jevsend -e SEVERITY=Error -m test4 -i 1 -d mmm190
--相関イベント発行履歴ファイル
ls -l /mnt/sdc2/im/jp1cons/operation/evgen/
tail -f /mnt/sdc2/im/jp1cons/operation/evgen/egs_discrim1.log
【6】状態確認
--相関イベント発行機能状態確認
/opt/jp1cons/bin/jcoegsstatus -h mmm190
--相関イベント発行機能停止
/opt/jp1cons/bin/jcoegsstop -h mmm190
--相関イベント発行機能開始
/opt/jp1cons/bin/jcoegsstart -h mmm190