ControlTower™ - SIE Computing Solutions
Contents
1. group for log files syntax group name or gid loggroup sys mode for log files syntax octal mode e g 0600 or comma separated sequence of symbolic absolute modes strings uoga rwxs logmode u rw Optional strftime 3 format used to timestamp lines in logfile if empty lines are not time stamped syntax string loglinestamp c Ha HEE EE HEHE HE HEE Logfile parameters read by logcheck program run every 10 minutes from root crontab Maximum logfile size in bytes before closing and rotating syntax integer ControlTower User s Guide B 3 APPENDIX B DEFAULT Configuration File logmaxsize 50000 Number of old log files to compress and keep in rotation syntax integer logmaxfiles 7 Optional how often to timestamp logfile in minutes one of 10 20 30 60 or zero to disable syntax integer logstamp 60 strftime 3 format used to output periodic logfile timestamps if empty no periodic timestamps will be output syntax string logstampformat 4444 eee eee aKa Ee KKKKKKKKKKKKKKKK Logfile compression program path syntax string logcompress Logfile compression program options compression program is expected to ALWAYS compress the log file even if this does not result ina space savings syntax string logcompressopt f Logfile compression program output extension including DOT character syntax2. APPENDIX D An Example Configuration group grp groupauthfile Modifications to global parameters have been made in the LOCAL file instead of the DEFAULT file The LOCAL file is Don t allow client programs to change serial line parameters ttychanges false So no one can send a break to a device set th breakstring to the text NO breakstring 116 117 041 Everyone can read the log files logmode u rw g r o r Set loglinestamp to NULL so that lines are not time stamped loglinestamp Since there are no timestamps per line there will be timestamps every 10 min logstamp 10 Add the week to the default periodic time stamp Logstampformat KK KKK KKH So Week SU KKKKKKKKKKKK KK Logfile compression program path syntax string Change compression utility to gzip for better compression logcompress usr bin gzip This is the same as in the DEFAULT file but is left here for clarity logcompressopt f This is the extension that is appended by gzip logcompressext gz Put logfilter file with logfiles it affects This file will filter input to all log files including ones under a group logfilter var log cmgrlog LOCALlogfilterfile Unset the authuser parameter D 2 ControlTower User s Guide authuser This file currently contains auracmgr all so that only people with the auracmgr password have access to devices authfile LOCALauthfile Set s
3. As an alternative you can add this line to the LOCAL file to enable encryption for all managed systems by default The line ForceEncrypt true will cause any requests for remote connections that do not sup port encryption at the default level to be refused by the Control Tower Host Also if encryption is not enabled for a managed system the Viewer client can enable it on connect with V 3 0 Hosts only using the command cmgr f 128 lt server_name gt Other ControlTower Security Features In addtion to remote access encryption the following security features are provided by ControlTower e All remote connections over a network require entry of a pass word If the authuser parameter is set all remote users will share the password for the user specified in authuser Alternatively access can be managed on a per user basis using the authfile parameter e All network connections are checked using IP address access control lists to permit or deny connections from specific hosts or entire networks or net blocks This is achieved with the tcpallow and tcpdeny parameters The following parameters control remote access over a net work or modem tcpenable enable use of TCP IP connections authuser name of user in password file to use for password verification ControlTower User s Guide 4 3 CHAPTER4 Security and Configuration Concepts Log File Management authfile specifies the name of a file containing
4. cd opt AURAcmgr config 4 Using the text editor of your choice vi is shown here create a file having the name by which you wish this managed device to be known system vi lt managed_device_name gt cfg The file must have a c fg extension 5 Insert into the file the line device dev cua lt port_number gt where lt port_number gt 1s the port to which this device has been attached For example device dev cua 23 for a managed device connected to serial port 23 ControlTower User s Guide 5 3 CHAPTERS Configuring ControlTower using the Command Line Interface When you have created configuration files for all managed devices connected to the server you are ready to start Control Tower Configuration File Hierarchies and Precedence Configuration file hierarchies are illustrated in Figure 4 The leaf nodes override anything above For example Group overrides LOCAL and LOCAL overrides DEFAULT but a configuration file for a managed device ovderrides all of these for that device DEFAULT LOCAL I Group Config Config FIGURE 4 Configuration File Hierarchies Configuring Groups You can associate groups of managed devices using a subdirec tory Each subdirectory must have a file with the same name as the subdirectory and the extension grp This file contains the group configuration parameters All devices that have configura tion files within th
5. downgrade their connection to read only Requires attach and fattach permission Detach from the managed device i e make the connection read only Query a server variable as follows V Version W who s connected to managed device T tail of the log file A all show options Set a server variable as follows s set terminal stty parameters Requires stty permission T set tail length show options Send a BREAK if currently attached The user is prompted to confirm this action which is aborted if not confirmed Requires break permission Display help text on escape sequences 6 8 ControlTower User s Guide APPENDIX A Refer ence User Commands cmer 1 NAME cmgr Aurora ControlTower Console Manager viewer program SYNOPSIS cmgr 78aAlLPNv d debuglevel ec keylength t taillen o options system server port xcmgr 78aA1LPN d debuglevel ec keylength p port t taillen o options system server port DESCRIPTION cmgr establishes an interactive session with the console port of the named sys tem If no system name is specified a list of possible systems will be printed If server follows the system name a TCP IP connection will be made to the ControlTower User s Guide A 1 APPENDIX A Reference named server and the system name is used literally no abbreviations accepted The server name can be followed by a colon and a por
6. 255 255 255 0 3 a single hexadecimal value Oxffffff00 if no mask is supplied all bits in the host address are examined so host 32 is the same as host If set a host must match an entry in tcpallow in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string acl tcpallow If set a host must NOT match an entry in tcpdeny in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string acl tcpdeny o B 6 ControlTower User s Guide APPENDIX C Glossary Attach see Read Write mode AURAcmegr The ControlTower command line Viewer Client software package Required for installation of AURAcmegrs package AURAcmegrs The ControlTower Server Software package Requires that the AURAcmgr package be installed AURAcmgrs is required for installation of the AURAjcmgr package Break Signal An RS 232 signal that for some managed devices is interpreted as a device reset command Breakout Box Hardware used to connect RS 232 serial devices to multiport serial cards Also referred to as a Connection Box Character Oriented Viewer Client Software supplied by Aurora Technologies that pro vides access to the managed devices console serial port through a character oriented window Also known as CLI Viewer Client and Command Line
7. 5 MB free in opt 50 MB free in var Note The indicated memory requirements are based on the assumption that ControlTower software is run on a dedicated server Running additional services on the host is NOT recommended 2 2 ControlTower User s Guide Select the Host Machine Important Host Selection and Set up Considerations Your ControlTower Host is a critical component of your console management solution Aurora Technologies recommends the fol lowing steps to increase the security availability and perfor mance of your ControlTower Host e The ControlTower Host system should be a dedicated system It should not be used by applications or users that might inter fere with its console management role e The host machine should be attached to a UPS uninterruptible power supply of sufficient capacity to ensure that it will be up as long or longer than all managed devices The host should not depend on NFS mounted disks for its operation The host should not depend on NIS Yellow Pages or NIS for its operation e Minimize the number of user accounts e Minimize host access both physically and through the net work via filters firewalls Break Signal Considerations The supported Aurora multiport serial hardware has been thor oughly tested to verify that it does not transmit spurious break signals Nevertheless Aurora Technologies recommends that you take the following precautions e Attach all DB25 c
8. AURAcmgrs the server package requires AURAcmgr AURAcmgrd the documentation package Select which packages to install The ControlTower Host requires AURAcmgr and AURAcmgrs at a minimum Remote viewers require AURAcmgr 3 6 ControlTower User s Guide Installing ControlTower Software To Add a Package 1 Change to the package directory using one of the following commands eIf you mounted the CD ROM drive manually system cd mnt sparc sos5 elf vold mounted the CD ROM drive system cd cdrom auracmgr_2_00 sparc sos5 2 Start the installation script You can either install all packages on the CD or add selective packages To install all packages type system pkgadd d To add selective packages type system pkgadd d lt package_name gt where lt package_name gt is the name of the package you are installing for example AURAcmgrs or AURAcmgrd See the pkgadd 1M man page for additional informa tion 3 Type y in response to the resulting prompts When you see the message Installation of lt package_name gt was successful where lt package_name gt is a single installed package or the last of multiple packages the software installation is complete 4 To verify that the software has been properly installed on your host type system pkginfo 1 lt package_name gt You should see lt package_name gt in the output If you prefer to see all packages on your system type system pkginfo 1 m
9. Here are some examples Mary a z lamb matches any string with Mary at the beginning any number including 0 of lower case letters and spaces and lamb at the end 0 9 matches any string that doesn t have at least one digit has matches any string with at least one occurrence of has with at least one character after it It is important that logfilter files keep and drop the data they are expected to To verify that they do a syntax checker has been supplied that can run a logfilter file against sample input The syntax checker is filtertest in opt AURAc mgr sbin The syntax is opt AURAcmgr sbin fil tertest lt filterfile gt lt inputfile gt If the lt filterfile gt contains a drop command and the first exam ple of a Regular Expression drop Mary a z lamb and the lt inputfile gt contains Mary had a little lamb Mary had a little lamb Mary had 9 lambs Mary has a little lamb ControlTower User s Guide 5 13 CHAPTERS Configuring ControlTower using the Command Line Interface The output from filtertest will be KEEP Mary had a little lamb DROP Mary had a little lamb KEEP Mary had 9 lambs a 2 DROP Mary has little lamb SUMMARY keep drop 2 If the lt filterfile gt contains a drop command and the second example of a Regular Expression drop 0 9 the out put from filtertest will be DROP Mary had a little lamb DROP Mary h
10. Time To expedite service have your product serial number and your system information available e FAX 781 290 5358 Attn Customer Service and Support e Email support auroratech com To receive standard warranty coverage on your Aurora product including 90 days of free technical support you must print fill out and fax or mail back the Aurora Warranty Registration Card that is located in the back of this manual Phone support can only be provided after product registration is complete Extended Hardware and Software Support Agreements can be purchased to provide additional coverage Sending in this card also lets us keep you up to date on the com plete line of Aurora Technologies products If you have any questions or comments on your Aurora Technol ogies product contact our Customer Service and Support Department at support auroratech com or our Sales Department at sales auroratech com o vi Aurora ControlTower User s Guide Contents PREFACE About TALS ROOK espe ean cacti ett ee eatin cc aap ee atsaweaseae iii Who Should Use This Book iv Documentation Conventions v Related Manuals v Getting Help vi Registration vi CHAPTER 1 Jntroduction to ControlTower Console Management System 1 1 CHAPTER 2 Getting Started anran ia ered ee atts Rs a 2 1 Before Installing oonan tlie niet cneneles 2 1 Select the Host Machine 0 cece eessecceeeeeseecneeceeceseeeeeesaeesaaees 2 2 Important Host S
11. as follows CHAPTER 1 Introduction to ControlTower Console Management System CHAPTER 2 Getting Started CHAPTER 3 Installing ControlTower Software CHAPTER 4 Security and Configuration Concepts CHAPTER 5 Configuring ControlTower using the Command Line Interface CHAPTER 6 Administering Managed Devices using the Command Line Interface Provides introductory information about ControlTower Describes how to prepare for installation Describes installation Provides security and advanced configuration concepts Provides configuration instruc tions using the Command Line Interface Provides information on adminis tering managed devices using the command line interface Aurora ControlTower User s Guide iii PREFACE About this Book APPENDIX A Reference APPENDIX B DEFAULT Configuration File APPENDIX C Glossary APPENDIX D An Example Configuration APPENDIX E Warranty Who Should Use This Book Lists man pages of ControlTower related User Commands Lists the default configuration file Presents frequently used terms and definitions Shows examples of a LOCAL file a group file and device files Outlines Aurora Technologies Warranty and Maintenance infor mation This book is a user s guide and reference for System Administra tors who are using ControlTower to manage servers iv Aurora ControlTower User s Guide About this Book Documentation Conventio
12. ec eee tet tik hate lk ident de i otic ease 5 9 TO StAX HES oe cot Sedzetets teeth aea a a a a 5 10 logode coni oe E CA E A ttt 5 10 IOBOWNEL onenei Ses A ted 5 10 LOS STOUP eiai eeina ne en a a oiiaaie SE 5 10 lOSCOMPTLESS annenin a eee a eles 5 11 logcomipress pt rih i aire a iiaa s ea aS 5 11 logcompressektnien anan e SE 5 11 VO SPE tis eron enn ee a aert hot seed he Maia as 5 11 AUCHUSCL oerien ewer ear hi GRIN anand fess Petes 5 14 AUCH esn in aen ea ae aie einen eas 5 15 ControlTower User s Guide ix Contents tepenabl s c ns8 cute o ia ee e i a 5 16 tepalo Winnice eiiie R EE R ee ate 5 16 tepdeny o eae eA iad e a eRe iced a ted E 5 16 defaultenery pt crore a e AE RNA eS 5 16 TOLCEENCTY PELs acs c delet A eee E E AE t 5 17 localenable formerly UNIXenable eee eeeeeeeeeeeee 5 17 localauth formerly UNI Xauth 0 0 0 eeeceeneeeeeeeteees 5 17 disconnectidles ssi chninaue ieee anainedueie ces 5 17 detachidle cc ssncec sie tes deudeee Mee ase eed 5 17 CHAPTER 6 Administering Managed Devices using the Command Line LNA CLT ACE sissazeskgrass atevassahevesststuassedtentansceuanesertstetectaasiecias 6 1 Administering Managed Devices using the Command Line Mer E aessstahetatesecuadtatetan hae ee ee I A eee 6 1 Setting the PATH Variable cece eeeeeseceseeeeceeeeeeeeneeeneees 6 1 Setting the CONSOLE_SERVERS Variable 0 ceeeeeeeee 6 2 About CLI Viewer Client siusis isese rrenetan 6 3 CLI Viewer Client Opera
13. except for the device and stty settings which are transpar ent For instance logdir set in a device file will override the logdir setting of the LOCAL file However there are parameters that interact with parameters of a different name and these each have their own hierarchy Examples of this will be described as they are encountered See APPENDIX B DEFAULT Configuration File for a complete listing of the DEFAULT file Also see the config 4 man page Security Information Since ControlTower sessions may involve the use of the root password or may involve root access on a managed device or remote communications between the Viewer the ControlTower Host you will want to keep security issues in mind when setting up and maintaining ControlTower Remote Access Security This version of ControlTower supports encryption of communi cations between a Viewer client running on a remote system and the ControlTower Host This feature mitigates the security risks of transmitting sensitive data over TCP IP networks Aurora recommends that you always enable encryption when using the Viewer remotely unless your TCP IP connection to the server is over a secure LAN environment You can also use SSH to encrypt a remote connection to a Viewer running on the Con trolTower Host ControlTower User s Guide Security Information To enable encryption for a managed system include the line DefaultEncrypt 128 in its configuration file
14. exists the entry will be skipped unless the f option is used in which case the existing file will be saved as a bak file The o option specifies the configuration file output directory FILES opt AURAcmgr config system cfg system configuration files SEE ALSO config 4 conserv 8 ControlTower User s Guide A 13 APPENDIX A Reference Maintenance Procedures Filtertest 8 NAME filtertest Aurora ControlTower Console Manager log filter test program SYNOPSIS filtertest n q filterfile inputfile DESCRIPTION filtertest reads an Aurora ControlTower Console Manager log filter file checks the file for syntax and reads an input file and applies the filters to each line of the input file If no input file is specified lines are read from the stan dard input stream Each match is reported on the standard output and a sum mary of each type of match keep drop alert is reported on standard errors when end of file is reached on standard input When the n no filter option is specifed filtertest will exit with zero true status after successfully parsing the filter file When the q filter is specified matches are not reported on standard output A summary is still reported on standard error SEE ALSO conserv 8 A 14 ControlTower User s Guide Maintenance Procedures locbrok 8 Maintenance Procedures locbrok 8 NAME locbrok Aurora ControlTower Console Manager server Location Br
15. fattach permissions any users already connected will not be diconnected and the device will be attached in read only mode e View a device managed by a remote server system emgr lt managed_device_name gt lt remote_server_name gt If security is being administered using aut huser the next line entered will be password lt remote_server_authuser_password gt ControlTower User s Guide 6 5 CHAPTER6 Administering Managed Devices using the Command where lt remote_server_authuser_password gt is the password for the user assigned to the authuser parameter on the remote server The default is auracmegr but if authuser has been set to a different user that user s password will be required See the section Setting the CONSOLE_SERVERS Variable on page 6 2 for information on setting up this account If security is being administered using aut hfile the next lines entered will be username lt remote_server_authfile_user gt password lt remote_server_authfile_user_password gt Note The lt remote_server_authfile_user gt specified will have the permissions assigned to them in the authfile file The following commands have the described effects when CONSOLE_SERVERS is set to both the local and remote servers When this is the case cmgr treats devices on a remote server in the same way it treats local devices e List devices managed by the local server only system cmgr l cmgr must have syste
16. for security related messages which are tagged with the auth facility code See the sys logd 1M man page for information on configuring the syslog daemon If you are having difficulty using syslog to debug problems contact Customer Service and Support See Getting Help on page vi ControlTower User s Guide 4 11 CHAPTER4 Security and Configuration Concepts Compatibility With Previous Versions of ControlTower ControlTower 3 0 is backward compatible with all previous ver sions as follows e Version 3 0 Viewers can connect to Version 1 0 servers but encryption cannot be enabled for these connections e Version 1 0 Viewers can connect to Version 3 0 servers but authorization will use authuser and encryption cannot be enabled e Ifthe ForceEncrypt parameter is enabled pre Version 3 0 Viewers will refuse remote connections e Configuration files from previous releases are migrated to Version 3 0 automatically Note however that configuration changes made to the DEFAULT file will be lost unless it is copied to the LOCAL file before Version 3 0 is installed 4 12 ControlTower User s Guide cHAPTERS Configuring Controllower using the Command Line Interface Configuration Tasks This chapter tells how to configure ControlTower software using the Command Line Interface CLI This includes how to set up configuration files for each managed device This chapter assumes strong knowledge of UNIX com
17. information are written to the log file based on sequences of characters found within the line using Regular Expression matching Log filtering is configured using the logfilter parameter to specify a file name and pop ulating a file of that name with Regular Expression commands that will drop or keep lines that would otherwise be written ControlTower User s Guide Authorization Parameters or not to the log file This can conserve disk space See logcom press on page 5 11 andthe config 4 man page for informa tion about other ways of conserving disk space Authorization Parameters You can configure a number of aspects of user access to the Con trolTower Host including e Whether and how local domain access to a ControlTower Host is permitted e Whether and from what hosts remote TCP IP access to the ControlTower Host is permitted e The usernames to use for remote access to a ControlTower Host e Setting permissions for access to managed devices Local Access Control UNIX domain access is used for local Command Line Viewer Client access This is the case when the CONSOLE_SERVERS envi ronment variable is not set and the Command Line Viewer is started without specifying a remote server lt device_name gt lt server_name gt Use the localenable parameter to permit or deny local domain access to ControlTower Hosts By default local domain access is permitted Llocalenable true Use the
18. into the CD ROM drive 5 Create a directory for the mount point system mkdir mnt Note If this directory already exists you will see an error message that can be ignored 6 Mount the CD ROM manually To do this you must know the device pathname for the CD ROM drive On SCSI connected CD ROM drives the path is typically dev dsk cO0t6d0s0 For IDE CD ROM drives the path is typically dev dsk c0t2d0s0 If you do not know your CD ROM pathname see your System Administrator Type system mount r F hsfs lt device_pathname gt mnt where lt device_pathname gt is the device name of your CD ROM drive For example for a SCSI CD ROM device type system mount r F hsfs dev dsk c0t6d0s0O mnt See the mount 1M man page for additional information ControlTower User s Guide 3 5 CHAPTER 3_ Installing ControlTower Software If you are unable to mount the CD ROM ask your System Administrator for assistance Mounting the CD ROM Using vold To Mount the ControlTower CD ROM using vold 1 Log in as root login root Password lt root_password gt 2 Insert the CD ROM into the CD ROM drive 3 Type system volcheck 4 The CD ROM should be mounted as cdrom auracmgr_3_00 This is for version 3 0 of ControlTower For other versions please consult our web site Adding a Package There are three packages that are included with ControlTower AURAcmgr the command line viewer package
19. lt command gt Setting the PATH Variable To simplify entering ControlTower commands you should add opt AURAcmegr bin to your shell path as follows ControlTower User s Guide 6 1 CHAPTER6 Administering Managed Devices using the Command ksh or sh PATH PATH opt AURAcmgr bin export PATH MANPATH SMANPATH opt AURAcmgr man export MANPATH csh or tesh set path Spath opt AURAcmgr bin setenv MANPATH SMANPATH opt AURAcmgr man Setting the CONSOLE_SERVERS Variable Set the CONSOLE_SERVERS environment variable If you will be running ControlTower on multiple servers con nected in a network and would like to use the Viewer Client to monitor devices managed by a different server you may want to set CONSOLE_SERVERS to specify these servers If CONSOLE_SERVERS contains a comma separated list of Con trolTower servers the Viewer Client will have access to all of the listed servers Set CONSOLE_ SERVERS as follows ksh or sh CONSOLE_SERVERS lt server_system1 gt lt server_system2 gt export CONSOLE_SERVERS csh or tesh setenv CONSOLE_SERVERS lt server_systemI gt lt server_system2 gt The CONSOLE_SERVERS environment variable only exists for the server on which it was set Each ControlTower server from which you wish to connect to devices on other other servers should have the CONSOLE_SERVERS environment variable set ControlTower User s Guide About CLI Viewer Client About CLI
20. on any applicable bug fixes Policies and pricing are subject to change without notice For extended support please refer to the Aurora Technologies Inc web site at www auroratech com or call your Sales representative for details o ControlTower User s Guide E 3 APPENDIX E_ Warranty Software License Agreement THIS LEGAL DOCUMENT IS AN AGREEMENT BETWEEN YOU THE END USER OR LICENSEE AND AURORA TECHNOLO GIES INC AURORA OR LICENSOR BY OPENING THIS DISTRIBUTION MEDIA PACKAGE YOU ARE AGREEING TO BE COME BOUND BY THE TERMS OF THIS AGREEMENT WHICH INCLUDES THE SOFTWARE LICENSE AND SOFTWARE WAR RANTIES COLLECTIVELY THE AGREEMENT THIS AGREEMENT CONSTITUTES THE COMPLETE AGREE MENT BETWEEN YOU THE LICENSEE AND AURORA IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT DO NOT OPEN THE DISTRIBUTION MEDIA PACKAGE PROMPTLY RE TURN THE UNOPENED PACKAGE HARDWARE IF ANY AND THE OTHER ITEMS INCLUDING WRITTEN MATERIALS BIND ERS AND OTHER CONTAINERS THAT ARE PART OF THIS PRODUCT TO THE PLACE OF PURCHASE Aurora Technologies Software License 1 GRANT OF LICENSE In consideration of payment of the License fee which is part of the price paid for this product Aurora as LICEN SOR grants to you the LICENSEE a non exclusive right to use and dis play this copy of an Aurora Software program the Software on a sin gle computer at a single location If the single computer on which
21. one or more of the following connect may connect to server attach may attach in r w mode fattach may force others off stty may change tty params break may send break all all of the above seperated by plus signs to add capabilities or mi nus signs to subtract them Idle time limit parameters detachidle Syntax integer If non zero the maximum time in minutes before de taching demoting to view only an idle attached viewer If zero no idle limit is enforced disconnectidle Syntax integer If non zero the maximum time in minutes before dis connecting an idle viewer regardless of whether viewer is attached or view only If zero no idle limit is enforced opt AURAcmgr config DEFAULT default values opt AURAcmgr config LOCAL site local default values opt AURAcmgr config group group grp group default values A 10 ControlTower User s Guide File Formats config 4 opt AURAcmgr config group system cfg per system configuration SEE ALSO conserv 8 logcheck 8 ControlTower User s Guide APPENDIX A Reference Maintenance Procedures conserv 8 NAME conserv Aurora ControlTower Console Manager server process SYNOPSIS conserv d debuglevel o parameter value system DESCRIPTION Aurora ControlTower Console Manager server launches a conserv for each managed system conserv reads the system cfg file see config 4 and opens the serial port specified by the device paramet
22. software It tells how to select an appropriate Control Tower Host and how to properly identify managed devices It also lists materials you need for installation Before installing the ControlTower software you must complete the following tasks Select the host machine Select appropriate systems as remote viewer clients Identify managed devices Verify that you have all necessary parts and materials includ ing cables and null modem adapters Install new hardware and drivers Obtain a license key Connect managed devices Instructions on these tasks are found in this chapter When these tasks are complete you can proceed with installation ControlTower User s Guide 2 1 CHAPTER2 Getting Started Select the Host Machine You can use either an SBus or PCI Bus SPARC machine as the ControlTower Host The machine you choose must meet the fol lowing minimum requirements PCI Systems Host Memory Operating System Serial Controller Hardware Disk Space SBus Systems Host Memory Operating System Serial Controller Hardware Disk Space Sun Ultra 5 or Ultra system of compa rable performance 64 MB RAM minimum Solaris 2 6 or above Aurora Aries Multiport 8000P or 16000P XP 7R 5 MB free in opt 50 MB free in var SPARC 5 or SPARC system of compara ble performance 64 MB RAM minimum Solaris 2 6 or above Aurora Nova Multiport 1600SE or LMS 1000 Series
23. tested in turn against each regular expression starting from the top of the list e When a match is found processing stops Therefore only the action of the first match is performed e If no match is found the default action of keep occurs The following examples work collaboratively Regular Expression Application All lines containing the text Mary had a little lamb will be keep Mary had a little lamb logged All other lines containing the term lamb will be excluded drop lamb from the log file All text that begins with a is a Comment comment and is ignored Regular Expressions Certain characters have special meaning in Regular Expres sions The most common are listed below along with their usage the end of a string the beginning of a string or NOT if it occurs at the begin ning of a character s in square brackets any single character other than a newline one or more occurrences of the preceeding character e g a zero or more occurrences of the preceeding character e g a delimits individual characters that form a string 5 12 ControlTower User s Guide Configuration Parameters and Defaults delimits a set of characters which must contain every char acter in the string for a match denotes a range of characters e g a z if before any of the special characters above makes that character represent itself
24. ControlTower Console Management System User s Guide Release 3 0 15 10104 00 Rev C Copyright 2002 Aurora Technologies Inc a Carlo Gavazzi Group Company All Rights Reserved Printed in the United States of America This publication is protected by Federal Copyright Law with all rights reserved No part of this publica tion may be copied photocopied reproduced stored in a retrieval system translated transmitted or tran scribed in any form or by any means manual electric electronic electromagnetic mechanical optical or otherwise in whole or in part without prior written consent from Aurora Technologies Inc Limitation of Liability Information contained in this document is subject to change without notice The statements configura tions technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Aurora Technologies Inc makes no warranty expressed or implied with respect to this manual and any related items their quality performance merchantability or fitness for any particular use It is solely the purchaser s responsibility to determine its suitability for any particular use In the interest of improving internal design operational function and or reliability Aurora Technologies Inc reserves the right to make changes to the products described in this document without notice No guarantee express or impl
25. ESE HEHE SHE SHE SHE syntax integer minutes disconnectidle 0 If non zero the maximum time in minutes before detaching demoting to view only an idle attached viewer If zero no idle limit is enforced syntax integer minutes detachidle 0 HH HH HH EE EE aE EE EE EE EE EE EE HEHE HE HE HE EE EE HE HE HH E TE FE E HE HE HE E E E E E E E E local Unix domain socket parameters Allow local Unix domain connections was called unixenable in Version 1 00 old name still accepted syntax boolean localenable true Require password on local Unix domain connections was called unixenable in Version 1 00 old name still accepted syntax boolean localauth false HH HE HE TE FE E aE FE E EE EE EE EE EE EE HEHEHE HE HE HE HE HE FE E HH HH HH HE HE E E E E E E E E E E TCP socket parameters allow TCP IP connections syntax boolean ControlTower User s Guide B 5 APPENDIX B DEFAULT Configuration File tcpenable true The following have no default value and may be left blank syntax comma separated list of host mask pairs The host may be a name from etc hosts or DNS or dotted decimal octets nnn nnn nnn nnn The mask is optional and can be used to specify which bits of the host address are to be examined 1 a single decimal number 24 signifying the number of high order bits set in the mask 2 four dotted decimal octets
26. Guide 3 3 CHAPTER 3 Installing ControlTower Software Files and Directories ControlTower software is installed in the following directories op op va op op op t A t A t A t A t A U U U U U RAcmg RAcmg r log cmg RAcmg RAcmg RAcmg r bin r sbin rlog r config r man r doc User Viewer binaries System Server binaries Default directory for log files Configuration files Man pages Online pdf version of this manual Determine if Volume Manager is running Before installing you will need to determine whether your sys tem is running Volume Manager vold To Check if Volume Manager vo14 is running on your system 1 Log in as root login root Password lt root_password gt 2 Type system ps elf grep vold If you see a line with usr sbin vold in the far right column vold IS running on the system Skip the section below and proceed to Mounting the CD ROM Using vold on page 3 6 If you do not see a line with usr sbin vold in the far right column vold is NOT running on the system Follow instructions below 3 4 ControlTower User s Guide Installing ControlTower Software Mounting the CD ROM Manually Use this procedure to mount the CD ROM if vold is not run ning To Mount the ControlTower CD ROM manually 3 Log in as root login root Password lt root_password gt 4 Insert the CD ROM
27. IGHT NOTICE THIS SOFTWARE OR ANY OTHER COPIES THEREOF MAY NOT BE PROVIDED OR OTHERWISE MADE AVAILABLE TO ANY OTHER PERSON NO TITLE TO AND OWNERSHIP OF THE PROGRAM IS HEREBY TRANSFERRED THE INFORMATION IN THIS SOFTWARE IS SUBJECT TO CHANGE WITHOUT ControlTower User s Guide B 1 APPENDIX B DEFAULT Configuration File NOTICE AND SHOULD NOT BE CONSIDERED AS A COMMITMENT BY AURORA TECHNOLOGIES INC HEE aE FE FE aE aE EE aE aE aE EE aE aE aE EEE aE HE EEE EE EE EEE EEE aE EE EEE EE EE EE krr NOTE WELL HH Ha HE EE EE EE EEE EE HE EE EE EEE HE EE HE HE EE EE EE FE E HE HH FE E HE HE E E EE E E E E E With very few exceptions a value for each parameter MUST be specified NO default values are present in the code so values must be specified here or in a per system config file All parameters for which a default can be reasonably picked appear here Sh SR SE OSE OSE OSE Ha aH a E a a E EE EE aE EE EE HE EE EE EEE EEE HE HE HE EE HE FE E HH HH HE HE HE E E E E E E E E E E serial line parameters devicename for serial port attached to system console syntax string device set O_EXCL exclusive open bit on serial port open syntax boolean exclusive true create and honor UUCP compatible lock files for the serial port syntax boolean uulock true tty mode syntax one or more tokens separated by commas or spaces tokens integer speed baud es5 cs6 C57 98 flag flag f
28. M enter serial ControlTower User s Guide ControlTower Extended Support Agreement Note var Variable Quantity depends on situation ControlTower User s Guide Install New Hardware and Drivers Install New Hardware and Drivers Install new Aurora hardware on your chosen ControlTower Host system before you begin the ControlTower software installation For information on installing the hardware see the Aurora Tech nologies User s Guide for the hardware you are installing Note Third party serial hardware is not supported Obtain License Key File ControlTower requires a license key file for correct operation To obtain a license key please contact Aurora Technologies Cus tomer Service and Support The product serial number and license information will be posted on the inside of the CD case Contact information is as follows e The Web www auroratech com for product literature phone numbers and address e Phone service From US exchanges 508 588 6110 Mon Fri 8 30AM 6 00PM Eastern Time To expedite service have your product serial number and your system information available e FAX 508 588 0498 Attn Customer Service and Support e Email support auroratech com Note Telephone numbers occasionally change Please see web site for current contact information When you contact Customer Service and Support you will need to provide e your ControlTower serial number e the hostid of the sys
29. PTERS Configuring ControlTower using the Command Line Interface ttychanges ttychanges allows Viewer Client programs to change tty line parameters The default is true breakstring breakstring allows you to configure what is sent instead of a break signal If the breakst ring parameter is not set the break action will send a break signal to the managed device If the breakstring parameter has been configured the specified text will be sent The default is null oreakstring If set to unset this parameter in a configuration file at a lower level set it to novalue breakst ring may contain backslash escaped characters r n t ooo one or more octal digits xXX two hex digits logdir logdir allows you to specify a directory to which log files will be written The default is var log cmgrlog The value must be expressed as an absolute path If the managed device is a member of a group the device log file will be created in a subdi rectory with the same name as the group logfile logfile allows you to explicitly specify the file to which log output will be written Logfile defaults to Llogdir lt serv ername gt but can be customized to a pathname for each server individually or all servers combined If multiple server outputs are combined it is recommended that you disable Logst amp lognameprepend If enabled lognameprepend prepends the server name to all logs made Useful for combining several server log outpu
30. Password lt root_password gt 3 2 ControlTower User s Guide Installing ControlTower Software 7 Change directory to the AURAcmgr config directory system cd opt AURAcmgr config Aurora always strongly recommends that you make all config uration changes for all devices in the LOCAL file as this file is not overwritten when new ControlTower software is installed If modifications have been made to the DEFAULT file save the DEFAULT file to the LOCAL file to prevent the information in the DEFAULT file from being overwritten system cp DEFAULT LOCAL Note It is not necessary to save configuration files other than DEFAULT because they will not be removed or overwritten To remove the package for ControlTower software type system pkgrm AURAcmgr Type y in response to all resulting prompts To remove the ControlTower documentation package type system pkgrm AURAcmgrd Type y in response to all resulting prompts You may now proceed to install your new ControlTower soft ware Installing ControlTower Software To install ControlTower software you will need a host that is equipped with a CD ROM drive If the host does not have a CD ROM drive you will need to install the software through another machine on the network that does Contact Aurora Technologies Customer Service and Sup port for instructions on installing ControlTower software over a network ControlTower User s
31. RE 3 Asynchronous RJ45 to DB25 Null Modem Adapter Out of Band Flow Control Preparing Managed Devices for Serial Communication Follow the procedures below to prepare your managed devices for serial communication with the ControlTower Host system IMPORTANT When preparing managed devices for serial communication you must disconnect the keyboard from the managed device as described in Step 2 below Hardware 1 Connect serial port A on the managed device to the Control Tower Host system serial port 2 Shut down and power off the managed device Disconnect the keyboard When a Sun machine boots and does not find a key board attached it uses serial port A as the console port Do NOT enable logins on ttya The standard console entry in etc inittab is all that is needed ControlTower User s Guide 2 9 CHAPTER2 Getting Started 3 Power on the managed device using the power switch You should be able to watch the system boot using the Command Line Viewer Client Software You do not need to install any ControlTower software on managed devices O ControlTower User s Guide CHAPTER 3 Installing ControlTower Software This chapter tells how to install ControlTower software Prior to installation you must complete the steps in CHAPTER 2 Getting Started Installation includes several tasks Remove existing ControlTower Software Determine if Volume Manager is running Mount the CD ROM Add package
32. SO services 4 locbrok 8 ControlTower User s Guide A 5 APPENDIX A Reference File Formats config 4 NAME config Aurora ControlTower Console Manager server configuration file SYNOPSIS opt AURAcmgr config DEFAULT opt AURAcmgr config LOCAL opt AURAcmgr config group group grp opt AURAcmgr config group system cfg DESCRIPTION The Aurora ControlTower Console Manager conserv and logcheck programs read DEFAULT site LOCAL group and per system configuration files of the format described here The DEFAULT file contains all global default val ues and should not be edited The LOCAL file is then read to allow avoid los ing local changes to the DEFAULT file that might be lost in an upgrade If the system config file is located in a subdirectory that directory must contain a group configuration file with the same name as the directory and the suffix cfg Finally the system cfg file is read to supply values unique to a single system The name of the configuration file determines the name of the managed system as known to the ControTower console management server and need not be the official name of the server File Format Lines which start with a character are treated as comments and ignored Configuration lines are of the form parameter value where parameter is a ControlTower User s Guide File Formats config 4 case insensitive parameter name and value is the parameter value Pa
33. Syntax integer Determines how often to timestamp the log file in min utes one of 10 20 30 60 or zero to disable periodic timestamps logstampformat Syntax string Format string passed to strftime 3 to format periodic logmaxsize logmaxfiles logcompress logcompressopt logcompressext logfile timestamps If empty periodic timestamps are not output Syntax int The maximum log file size in bytes before logcheck 8 ro tates and compresses log files zero to disable Syntax int Maximum number of log files for logcheck to keep in rota tion Syntax string Pathname of a program for logcheck 8 to use to com press old log files Syntax string Command line option s for logcheck 8 to pass to the program specified by the logcompress parameter The compression pro gram should always compress the input file even if no savings will be realized Syntax string The file extension suffix that the program specified by the logcompress parameter will add to the input file name Local connection control parameters localenable localauth Syntax boolean True to allow local unix domain socket connections This parameter was called unixenable in version 1 00 which is still ac cepted as an alias Syntax boolean True to force local unix domain socket connection us ers to be prompted for password see authuser below This parameter was called unixauth in version 1 00 which is still accepted as an ali
34. Viewer Client CLI Viewer Client see Character Oriented Viewer Client cmgr Aurora Technologies supplied software program running the Character Oriented Viewer Client functionality in the existing terminal window Command Line Viewer Client see Character Oriented Viewer Client ControlTower User s Guide C 1 APPENDIX C Glossary Connect The act of connecting to a managed device Connection Box see Breakout Box Console Management see Console Management Services Console Management Services Logging and real time viewing of output from managed devices and control of managed devices Console Serial Port The serial port on the managed device whereby commands can be sent and data received Also known as Serial Console Port and Console Port Control See Read Write mode ControlTower Host see ControlTower Host Server System ControlTower Host Server System The computer on which the ControlTower Server Soft ware has been installed regardless of whether any Aurora Hardware is installed ControlTower Host System The computer system including Breakout Boxes Multiport Serial Cards Expansion Chassis and ControlTower Software Also known as Host Host System ControlTower Server Software Software supplied by Aurora Technologies that provides console management services see the entries for AURAcmgrs AURAjemegr Force Control See Force Read Write mode Force Read Write Mode T
35. Viewer Client ControlTower CLI Viewer Client is a user interface to the Con trolTower server software After contacting the ControlTower server the Viewer Client establishes an active session with the console port of a single device managed by that server You must run one instance of Viewer Client software for each device you want to view You can run the ControlTower Viewer Client on the Control Tower Host or on any Solaris for SPARC system connected to the host via network or modem There are two commands that start the Viewer Client e cmgr which runs in the current terminal window or e xcmgr which opens and runs in anew xterm CLI Viewer Client Operation When you run the Viewer Client you can specify in the com mand line the managed device you want to view and the access mode Specifying a Managed Device to View To connect to a managed device the Viewer Client needs to know e the name of the managed device and e the name of the ControlTower Host machine that manages that device if it is on a remote server These are specified in the command line when you run the Viewer Client as follows system xcmgr lt managed_device_name gt Q lt host_name gt If you do not specify lt host_name gt the Viewer Client looks in the CONSOLE_ SERVERS environment variable for a comma ControlTower User s Guide 6 3 CHAPTER6 Administering Managed Devices using the Command separated list of systems running ControlTo
36. Xauth localauth controls whether a password is required when using the command line viewer from the ControlTower Server Host The default is false disconnectidle disconnectidle sets the maximum amount of time in min utes that the Viewer Client session is allowed to remain idle regardless of whether it is in read only or read write mode After this point the Viewer Client is disconnected If the parameter is set to 0 there will be no automatic disconnect The default value is O detachidle detachidle sets the maximum amount of time in minutes that the Viewer Client is allowed to remain idle while in read write mode After this point the Viewer Client is set to read only mode If the parameter is set to 0 there will be no forced shift into read only mode The default value is 0 O ControlTower User s Guide 5 17 CHAPTERS Configuring ControlTower using the Command Line Interface ControlTower User s Guide CHAPTER 6 Administering Managed Devices using the Command Line Interface Administering Managed Devices using the Command Line Interface This chapter tells how to administer and monitor managed devices using the Command Line Interface CLI You can administer and monitor managed devices through the Control Tower Host and from remote Viewer Clients This chapter assumes knowledge of UNIX commands If any listed commands are unknown or their usage is unclear please see the man page for the command man
37. a list of authorized users and their permissions The user specified in authuser must be a valid user but the account need not have a usable shell i e usr bin false This parameter is ignored if authfile is set If you are using the authfile parameter the parameter should contain the name of a file with a relative or absolute path Each entry in the file specified by authfile should contain a valid account name The localauth parameter must be set to true for the permissions in the authfile to take effect on the local host NOTE Relative paths are relative to the location of the con figuration file for the device to which that parameter is applied For instance if a device is under a group but the authfile that applies to that device is set in the LOCAL file the authfile file will need to reside under the group directory If the same authfile applies to multiple groups a copy of the file will need to reside under each group directory IMPORTANT Jf you enable remote access t cpen able true and authuser lt user_with_password gt or authfile lt file_with_list_of_users gt you should consider set ting up network access control lists using tcpallow and tcpdeny See the config 4 man page You can configure a number of aspects of log file management including Where log files are stored The contents of log files The maximum size of log files The number of saved log files How saved log files are compressed The log
38. ad a little lamb KEEP Mary had 9 lambs a 1 DROP Mary has little lamb SUMMARY keep drop 3 If the lt filterfile gt contains a drop command and the third exam ple of a Regular Expression drop has the output from filtertest will be KEEP Mary had a little lamb KEEP Mary had a little lamb KEEP Mary had 9 lambs a 3 DROP Mary has little lamb SUMMARY keep drop 1 Note If you would prefer to use a delimiter other than l any character can be used as long as it begins and ends the Regular Expression authuser authuser specifies a user who is authorized to use a particular port If authuser is used instead of authfile there will only be one authorized user per port so everyone who needs access to this port will use the same user name and password The default is auracmgr Note Either authuser or authfile can be used for each device Both cannot be used simultaneously ControlTower User s Guide Configuration Parameters and Defaults authfile authfile is set to the name of a file that contains a comma separated list of users and their permissions The file name speci fied by authfile can include an absolute or relative path If relative the path is relative to the directory in which the auth file parameter is set This parameter is unset by default Once set to unset authfile ina configuration file at a lower level set it to novalue The permissions that ca
39. alter native shipping method Each product that is returned for repair must in clude a failure report and must have the RMA number clearly marked on the outside packaging Return Address Attn RMA Department Aurora Technologies Inc 646 Summer Street Brockton MA 02302 USA ControlTower User s Guide Warranty Information 90 Day Technical Support Products must be registered with Aurora Technologies Inc s Customer Service and Support CSS organization to receive the 90 Day Technical Support You must fill out and mail or FAX the warranty card that is in cluded with the product before receiving technical assistance What you get during the 90 Day Technical Support 90 Day Technical Support is provided by e mail FAX or by telephone Customers calling in for technical support on current Aurora technolo gies Inc products will receive a response within four 4 business hours Customer s e mails or faxed requests will receive a response within twenty four 24 business hours The Technical Support hours in Massachusetts are 8 30 a m 6 00 p m Eastern Time Monday through Friday excluding holidays Services provided under the 90 Day Technical Support Plan are e Help on installation and configuration e Help diagnosing problems with Aurora hardware and standard released Aurora device drivers e Help navigating and locating existing Aurora documentation e Acceptance of bug reports and providing status updates
40. as Network access control parameters tcpenable tcpallow Syntax boolean True to allow TCP IP connections Syntax string If non null TCP connections will only be accepted if the ControlTower User s Guide A 9 tcepreject authuser authfile APPENDIX A Reference remote host matches a member of this list of comma seperated TCP hosts or networks to allow connections from Hosts may be host names or IP addresses Each may be followed with a forward slash and an optional mask in dotted octet format hex or decimal network mask length All of the following have the same effect 255 255 255 0 Oxffffff00 24 The mask determines which bits in the IP addresses will be examined Any bit position with a zero mask bit will be ignored Syntax string If non null TCP connections will be rejected if the remote host matches a member of this list see tepallow for syntax Syntax string The name of a local user remote users must supply the password for when connecting If not set empty or the user does not exist no one can connect over the network or locally if unixauth see above is set Syntax string The path to an optional per user authorization file which contains a list of authorized users and their capabilities The path may be relative If the authfile parameter is not specified all users must authen ticate as the user specified by the authuser parameter The authfile for mat is username followed by
41. bility With Previous Versions of ControlTower 4 12 viii ControlTower User s Guide Contents CHAPTER 5 Configuring ControlTower using the Command Line Interface 5 1 Configuration Tasks 0 0 csesscesscsseseceeseessecnseceeeeseeseeeeaaeeaaees 5 1 Set Up Managed Device Configuration Files eee 5 2 Creating a Configuration File for a Managed Device 5 3 Configuration File Hierarchies and Precedence 5 4 Configuring Group eeceseceseeeeseeeeseecnseceeceseeeseseneeenaees 5 4 Creating Logins For Remote Users 00 ec cescesceeeeeeeeeeeeneeeneees 5 5 Starting the ControlTower Server Software ee eeeeeeeeees 5 5 Stopping the ControlTower Server Software cesses 5 6 Configuration Parameters and Defaults eee eeeeeeeeeeeeeeee 5 7 OXCIUSIVES coesssdeusctSseuieetieseetserseetiv E A a aiai eaei 5 7 lo ckini tten E REE EE E 5 7 IE A ANERE eed E A 5 7 tty Chan 8 04 ave Sie eee een ee 5 8 breakstring ciinei eeu eerie aceite enebiee 5 8 NO SCI A E E Si atiahnes ache teens 5 8 los file sisi cess nuites eee ee a ee 5 8 lognameprepend 0 ce eee eeeeceseceteeeeeeseeeseecaeceeeeeeeeseeeaeeeaaees 5 8 LO SIN PUbs epeei noticia ahah seni ag teeta 5 9 IOSMESSAGES tei tae Alege enat oeae ce thl dialed 5 9 JOSStaM ps anelee aiee a desergetes Pycceatidetn i 5 9 logstampformat e cece eeeceseceteeeeeseeeeseecaeceeeseeeeeeeaeeeaaees 5 9 los linestamp tices eein aiaa i ieee 5 9 TOSIM AK SIZ
42. ceteceeeees 3 8 Install License Key File nrinancrasimagodinntrin nii 3 9 Installing ControlTower Software on Remote Systems 3 10 CHAPTER 4 Security and Configuration CONCEPUS ccccccccccsesccsscsessesecsecsesseseeeesensess 4 1 Configuration Information 0 0 0 0 ceeeeeeceesecneeeeceseeeaeeeaeeeaeees 4 1 Security Information ssseeeeeeeeesesereerseesrrsserersresserresreereserses 4 2 Remote Access Security eeeessereeesrrestrresresserrrsresreerrsrs 4 2 Other ControlTower Security Features ce eeeeeeeeeeeneee 4 3 Log File Management ounsi inaa 4 4 Storage Directory for Log Files 0 0 eee eeeeseceneeeeeeeeeenees 4 5 Contents of the Log File eeeeneeeeeeesreersressrrrrsrrsresresrs 4 5 Log File Rotation chen ilies eiai ain a 4 5 Log File Compression esseeeseeeeeeseereserererreresrrsresresresrees 4 6 Log File Timestamping 0 ceceeeeeeeeseecneeeeeeeeeeneeeeeeaeees 4 6 Log File Protections nenns asp 4 7 Disk Space for Log Files sciieccinoiiniiiiniireiiisan 4 8 Los Pilterin S neea i ae Ae Ae 4 8 Authorization Parameters ccceceeceseeeeseeceeeeeeeeeeeeeeaeeeaeees 4 9 Local Access Control 0 eeceecesscessseeseceeeceeeeeaeeeaecnaeenseeees 4 9 Remote TCP IP Access Control c cecccccceesseeeesteeeeees 4 10 Username for Remote AcCeSS cesseeseecesteceeceeeeeneeeees 4 10 User Permissions to Access Managed Devices 4 11 Error log sine canen nnie a a daria adenine 4 11 Compati
43. ch log output will be written Defaults to Logdir lt servername gt but can be custom ized to a pathname for each server individually or all servers combined Syntax string The path to an optional log file filter file The path may be relative Each line in the logfilter file starts with a filter type one of keep drop or alert followed by a delimited POSIX 1003 2 extended regular expression see regex 7 which may be followed by optional tag text The delimiter character used to bracket the regular expression must not appear within the regular expression Syntax boolean log user input from attached user s Will cause dou ble echo of user input No echo input passwords will be logged Syntax string Format string passed to strftime 3 to format timestamp on each line written to log file If empty lines are not timestamped Syntax boolean Log connect disconnect force messages normally sent to connected users to managed system log file including parameter set messages Syntax mode Protection for per system log file May be empty Ignored if mode 0 Logfile mode is set on each re open for append ControlTower User s Guide logowner loggroup logstamp File Formats config 4 Syntax uid Owner for per system log file May be empty The Log file owner is set on each re open for append Syntax gid Group for per system log file May be empty Log file group is set on each re open for append
44. cmgr viewer exiting View a device managed by the local server in read only mode system cmgr hercules If security is being administered using aut huser the next line entered will be password lt authuser_password gt where lt authuser_password gt is the password for the user assigned to the authuser parameter The default is auracmgr but if authuser has been set to a different user that user s password will be required See the section Setting the CONSOLE_SERVERS Variable on page 6 2 for information on setting up this account If security is being administered using aut hfile the next lines entered will be username lt authfile_user gt password lt authfile_user_password gt Note The lt authfile_user gt specified will have the permis sions assigned to them in the authfile file The viewer is now attached to hercules in read only mode When you view a device in read only mode you cannot send input to that system To send input you must attach in read write mode using an escape sequence See Escape Sequences on page 6 7 Attach in read write mode to a managed device on the local server system cmgr a hercules Security will be as described above however if authfile is used for authorization if the user who logs in doesn t have at tach permission the device will be attched in read only mode Similarly if A is used to force attach if the user doesn t have att ach and
45. cted to server T show Tail of log file V show Versions of server and console programs show avail able options Set a server variable only if currently attached a single character spec ifies the information to change s set stty parameters a subset of the stty 1 command options include ertscts crtscts cstopb cstopb parenb parenb parext parext parodd parodd ixon ixon ixoff ix off istrip istrip cs5 cs6 cs7 cs8 or a baud rate T set distance back tail query will display in log file show available options Send a BREAK only if currently attached The user is prompted to con firm this action which will be aborted if not confirmed Display help on escape sequences All other characters typed are sent to the remote system when attached If not attached the bell is rung for each character typed ENVIRONMENT CONSOLE_SERVERS see above ControlTower User s Guide User Commands cmgr AURACMGR_OPTIONS AURACMGR_OPTIONS Establish per user defaults before checking com mand line options AURACMGR_OPTIONS consists of a sequence of strings and values seperated by commas one or more of attach see a option Attach see A option Tbit see 7 option debug number see d option escape string see e option tail number see t option port string see p option local see l option nolocal see L option passthru see P option nopassthru see N option SEE AL
46. d gt auracmgr system passwd auracmgr system New Password lt auracmgr_password gt system Re enter New Password lt auracmgr_password gt Starting the ControlTower Server Software Note Before starting the server you must complete the intallation tasks described in Chapter 3 ControlTower User s Guide 5 5 CHAPTERS Configuring ControlTower using the Command Line Interface Z To start the ControlTower Server To start the ControlTower server type system opt AURAcmgr sbin start When the ControlTower server software starts up it reads the managed device configuration files starts up a process for each managed device and connects to the console port of the managed device Note At start up the ControlTower server software stops existing ControlTower processes The ControlTower server is now in operation You can use the Viewer Client to monitor and administer its managed devices To start ControlTower Server for an additional Managed Device If you have added a managed device you can start a process to manage that system without restarting the ControlTower server software To start ControlTower server software for a single system exe cute the st art command and specify the new system name system opt AURAcmgr sbin start lt managed_device_name gt Note During installation the ControlTower server start up script is placed in etc init d so that subse quent reboots of the system will automatical
47. e Control C 2 Force Read Write C 2 Group 4 7 gzip 4 6 H Host 1 1 2 1 C 2 Host Machine 2 2 Host System 1 1 C 2 Host system 2 7 I Installation Software 3 3 3 9 Software remote 3 10 K kbd 2 4 L License key 2 1 2 7 3 9 Local Access 4 9 Local Viewer Client C 2 localauth 4 9 5 17 localenable 4 9 5 17 Log C 2 Log File C 2 Compression 4 6 Contents 4 5 Disk Space 4 8 Filtering 4 8 Protections 4 7 Rotation 4 5 Storage Directory 4 5 Timestamping 4 6 Log Filtering 4 8 logcompress 4 6 5 11 logcompressext 4 6 5 11 LogCompressOpt 5 11 logcompressopt 4 6 5 11 logdir 5 8 logfilter 5 11 loggroup 5 10 loginput 5 9 loglinestamp 4 7 5 9 logmaxfiles 5 10 logmaxsize 5 9 logmessages 5 9 logmode 5 10 logowner 5 10 logstamp 4 7 5 9 logstampformat 4 7 5 9 M Managed Device 2 4 5 3 C 3 Connecting 2 8 2 10 Managed device 1 1 1 2 4 9 Managed devices 2 1 Monitor C 3 N Network Client C 3 ControlTower User s Guide O Owner 4 7 P Package C 3 Parts List 2 6 PCI Systems 2 2 ping 2 4 Protection Mode 4 7 Protections 4 7 R Read Only mode C 3 Read Write mode C 3 Registration 2 vi Regular Expressions 5 12 Remote Access 4 10 encryption of 4 2 Remote Systems 3 10 Remote Viewer Client 2 4 Remove Software 3 3 S SBus Systems 2 2 Security 4 2 Security ControlTower 4 3 Serial cables 2 9 Serial Communication 2 9 Serial Driver 2 4 Ser
48. e of this option may be necessary if all 8 bits are processed by the server but are not tolerated by the terminal e View either a local or remote device and specify a different escape character system cmgr e lt managed_device_name gt This will cause all escape sequences to start with e View a remote device using encrypted communications to the server system emgr f 128 lt managed_device_name gt If the authfile parameter is set instead of authuser the users and permissions listed in the authfile file determine which escape sequences can be used by which user See authfile on page 5 15 for further information All escape sequences begin with the tilde character unless it was changed using the e option in the command line or the escape setting of the AURACMGR_OPTIONS environment variable The available escape sequences are as follows tilde period Terminate the session CTRL C Terminate the session CTRL Z Suspend the cmgr program The session is resumed with fg ControlTower User s Guide 6 7 CHAPTER6 Administering Managed Devices using the Command CTRL L a A d q VWTA s sT Toggle local logging of the connection Attach While in read only mode attach read write mode to the managed device Requires attach permission Force Attach Force an attach read write mode to the managed device If someone else is attached read write
49. election and Set up Considerations 2 3 Break Signal Considerations eeeneeeeeeeeeereeeeserresreesee 2 3 Select Appropriate Systems as Remote Viewer Clients 2 4 Identify Managed Devices sseseseeeseeresesseseresrsresrresrsresrrseess 2 4 Managed Devices Worksheet ceeceesseeseesseceteceeeeeeeeeees 2 4 Verify Materials cecs thie ateanei dui agian EAE 2 6 Install New Hardware and Drivers 0 ec eecesceeeeeeeeeeeeneeeeees 2 7 Obtain License Key File eee ceceeeeeeseeeneeceeceeeeeeeeeaeeenaees 2 7 Set Up Managed Device 00 0 ee ceseeeceeeeencecnsecneceeeeeeeeeaeesaaees 2 8 Connect Managed Devices to Host oo eee ceeceeeeeeeeneeeneees 2 8 Preparing Managed Devices for Serial Communication 2 9 ControlTower User s Guide vii Contents CHAPTER 3 Installing ControlTower Software o ccccccccccsececseesesseseeetseeescaeesesenenseeteees 3 1 If a Previous Version of ControlTower Exists on your ControlTower Hot cescecesceeeesseeeseesneceeeceseeeaeeeaecsaeceaeeees 3 2 Installing ControlTower Software ce ceeeseeeeeeeeneeeneeeneee 3 3 Files and Directories 0 ce eeeeeesseessceeseceeeceseesseeeaeceseeeaeeees 3 4 Determine if Volume Manager is running e eee 3 4 Mounting the CD ROM Manually ossos 3 5 Mounting the CD ROM Using vold n se 3 6 Adding a Packatesavcssiletivsihanot distal a a O ntti 3 6 Installing the Acrobat Reader oo cee ceeceeeeseeene
50. er conserv logs all managed system output in a file named system in the directory specified by the logdir configuration parameter Users can connect to the conserv process using the cmgr 1 program conserv 8 is normally launched by the start 8 script but can be started by hand for debugging Any number of o options may be given each with a parameter value pair to override values in the system cfg file The d option can be used to specify a debug level which if non zero keeps con serv from detaching from the terminal so that debug messages can be seen Increasing debug levels increase the amount of debug output opt AURAcmgr config system cfg configuration file opt AURAcmgr pids system process id file opt AURAcmgr sock system unix domain socket endpoint config 4 conserv 8 locbrok 8 start 8 A 12 ControlTower User s Guide Maintenance Procedures convert 8 Maintenance Procedures convert 8 NAME convert Aurora ControlTower Console Manager config file converion tool SYNOPSIS convert f o outputdir inputfile DESCRIPTION convert reads input files or the standard input if none are specified that are tab or colon delimited and creates Aurora ControlTower Console Manager config files The first column of the input is the managed system name and the second is the serial device to which the managed system console is attached Any remaining information is discarded If a configuration file already
51. ermissions e To use network client access using aut huser the user spec ified in the authuser parameter must be a valid account e Touse network client access using authfile set the param eter to the name of a file containing users and their permissions This file name can contain an absolute path or if a path is not given the file is expected to be in the directory containing the cfg file specifying this file name Each entry in the authfile file should have a valid account name Valid account names are specified by your system administrator 4 10 ControlTower User s Guide Error Logging Error Logging The account need not have a usable shell i e use usr bin false IMPORTANT Jf you enable network access t cpen able true authuser lt user_with_password gt or authfile lt file_with_list_of_users gt you should consider setting up network access control lists using tcpallowand tcpdeny See the config 4 man page User Permissions to Access Managed Devices Using the aut hfile parameter is the recommended method for controlling access to managed devices Using authfile secu rity can be configured so that each user has different permissions for each managed device and different sets of users can have access to different devices or sets of devices groups All messages output by the ControlTower Host program that runs for each device conserv are sent to syslog tagged with the daemon facility code except
52. es Inc Application and Protocol Software Limited Software Warranty Aurora Technologies Inc does not war rant that the functions contained in its Software products will meet your requirements or that the operation of the Software will be uninterrupted or error free However Aurora warrants the physical media on which the Software is furnished will be free from defects in materials and work manship under normal use for a period of ninety 90 days from the date of shipment Except as provided above the software and its written materials are pro vided As Is without warranty of any kind either expressed or implied including but not limited to the implied warranties of merchantability and fitness for a particular purpose The entire risk as to the quality and performance of the software is with the licensee Should the software prove to be defective licensee assumes the entire cost of necessary ser vicing repair or correction Return Policy Products returned for repair must be accompanied by a Return Material Authorization RMA number obtained from Aurora Technologies Inc prior to return Freight on all returned items must be prepaid by the cus tomer and the customer is responsible for any loss or damage caused by common carrier in transit Items will be returned to Aurora Technologies Inc via a Customs cleared carrier for example Federal Express UPS DHL unless prior arrangements are made by the customer for an
53. f per user authorization authfile novalue Turn off idle disconnect disconnectidle 0 Turn off idle detach detachidle 0 Don t require authorization for local connects localauth false Turn off tcpdeny so that everyone can look at managed devices tcpdeny novalue Turn on errlog so that error messages will be written to somewhere other than syslog rrlog deviceQerrlog Turn on debugging for as much info as possible debug 1 ControlTower User s Guide D 5 APPENDIX D An Example Configuration The settings in this file have been chosen to maximize the information written to log files including the additional log file devicederriog which is written to the directory in which the ControlTower server was started in this case opt AURAcmgr config Notice that the value of 1ogdir has been changed to opt AURAcmgr config This is why there are deviceo log files deviceo and deviceo 1 z in the opt AURAcmgr config directory listing above These files are listed with a star after the name indicating that these are executable files because logmode was set to 764 u rwx g8 rw O P Notice also that authuser is set to auracmgr for this device The default log directory of var 1og cmgriog contains files and directories device2 device2 1 gz device2 2 gz device3 device3 1 gz group Under the group directory is devicel devicel 1l gz devicel 2 gz device is the device
54. file timestamping frequency Log file protections 4 4 ControlTower User s Guide Log File Management Storage Directory for Log Files By default the ControlTower Host stores log files in the directory var log cmgrlog Use the logdir parameter to specify a different storage directory for log files If a device is a member of a group the log file for that device will be placed under a group directory below the Logdir directory This behavior can be overriden using the logfile parameter which explicitly sets the pathname for the log output Adding this parameter to the LOCAL file concatenates all log output to a sin gle large file Aurora recommends that if you use the logfile parameter you disable the logstamp feature and enable the lognameprepend feature to make the resulting output more read able Contents of the Log File The ControlTower Host creates and populates a log file lt device_name gt for each managed device All system console output is saved to this file By default user input is not logged Lloginput false user log messages are logged logmessages t rue CAUTION Logged user input includes passwords What is written to a log file can be controlled on a line by line basis using logfilter A file specified by the logfilter parameter contains drop and keep commands that use regular expressions to determine which messages are written to the log file Log File Rotation The ControlTower Host s
55. g 4 logcheck 8 A 16 ControlTower User s Guide Maintenance Procedures start 8 Maintenance Procedures start 8 NAME start Aurora ControlTower Console Manager server start script SYNOPSIS opt AURAcmgr sbin start system group DESCRIPTION The start script launches Aurora ControlTower Console Manager server pro cesses If no arguments are given start first runs the stop 8 script to stop all server activity then it launches a a location broker process see locbrok 8 and a conserv 8 process for each file ending in cfg in the opt AURAcmgr config directory If an argument list is given start launches a locbrok 8 process if needed and a conserv 8 for each system named in the argument list If the argument spec ifies a group directory a conserv 8 will be launched for each cfg file in the named directory FILES opt AURAcmgr config cfg config files SEE ALSO config 5 conserv 8 locbrok 8 stop 8 ControlTower User s Guide A 17 APPENDIX A Reference Maintenance Procedures stop 8 NAME stop Aurora ControlTower Console Manager server stop script SYNOPSIS opt AURAcmgr sbin stop system group DESCRIPTION The stop script stops Aurora ControlTower Console Manager server processes If no arguments are given stop kills all processes which have left pid files in the opt AURAcmegr pids directory If an argument list is given stop kills the conserv 8 process f
56. he Data Carrier Detect DCD control line Syntax stty Sets the initial terminal modes for the managed system se rial connection Any parameters missing from both the system and DE FAULT configuration will be left unmodified from system defaults admintool terminal settings have no effect ControlTower User s Guide A 7 ttychanges uulock exclusive breakstring APPENDIX A Reference Syntax boolean Allow attached clients to change serial line parameters Syntax boolean Honor and create uucp compatible lock files for the se rial port Syntax boolean Set operating system exclusive access flag on the se rial port using the TIOCEXCL ioctl Prevents non superuser processes from opening the serial port Syntax string String to send to managed system instead of BREAK sig naling The following escape sequences are allowed n newline r re turn t tab OOO octal value xXX hex value Log file parameters logdir logfile logfilter loginput loglinestamp logmessages logmode Syntax string Specify the absolute path to the directory for per system log files Log file names are by default the system name of the managed system but can be explicitly specified using the logfile parameter If the managed device is a member of a group the device log file will be cre ated in a subdirectory having the same name as the group Syntax string Specify the absolute path to the file to whi
57. he ability of the Viewer Client to take Read Write mode if there is already another user that has Read Write mode Host See ControlTower Host Server System Host System See ControlTower Host Server System Local Viewer Client A Character Oriented Viewer Client that is run directly on the Control Tower Host without the CONSOLE_SERVER environment variable defined Log see Log File Log File Output from a managed device that is stored locally on the ControlTower Host C 2 ControlTower User s Guide Managed Device A computer or other system that accepts basic management commands over an RS 232 serial interface see Console Serial Port Monitor See Read Only mode Network Client GUI or CLI connection to ControlTower Host using TCP IP Package A Solaris software package that is installed on a computer system using the Solaris system command pkgadd Package removal is done with the Solaris system command pkgrm Read Only mode The ability of the Viewer Client to monitor output from the managed device A Viewer Client connection that allows the user to view all managed device output as it happens but not to send any keystrokes to the managed device Requires the connect capability in the managed system authfile Read Write mode The ability of the Viewer Client to interact with the managed device A Viewer Client connection that allows the user to see all managed device output as it happens and to send keys
58. he command line options that will be used by the compression utility The options must include one that will compress the log file regardless of whether any reduc tion in size will be realized This is required so that a compressed file will have the extension of a compressed file otherwise the file will not be rotated The default value is See the com press 1 man page for command line options available for the default compression utility logcompressext logcompressext specifies the file extension given to a log file when it is compressed It must be the extension that will be created by the compression utility or any options that specify an extension The default is Z logfilter logfilter specifies the name of a file that contains commands that drop or keep lines in the log file based on Regular Expres sions The name of the file may include an absolute or relative path If relative the path is relative to the directory in which the logfilter parameter is set There is no default value To unset logfilter ina configuration file at a lower level set it to novalue See the regex 3 man page for information on Regular Expressions The available commands that filter log file lines using Regular Expressions are keep and drop ControlTower User s Guide 5 11 CHAPTERS Configuring ControlTower using the Command Line Interface The rules of log filtering are as follows e Each line of data from the managed device is
59. ial Port Console C 2 Index Server 4 9 Server Software C 2 Software 2 10 license agreement E 4 E 6 warranty E 2 Software Installation 3 3 3 9 Software Installation remote 3 10 Storage Directory 4 5 stty 5 7 5 15 Support 2 vi syslog 4 11 T TCP IP 4 9 4 10 TCPEnable 5 16 Timestamping 4 6 ttychanges 5 8 U unixauth 4 9 UNIX domain Access 4 9 User Commands cmgr A 1 Username 4 10 uulock 5 7 V View C 3 Viewer Client 1 2 C 3 Character Oriented C 1 CLI C 1 Command Line C 1 Local C 2 Remote 2 4 vold 3 4 3 6 Volume Manager 3 1 3 4 W Warranty E 1 E 6 X xcmgr C 3 ControlTower User s Guide ControlTower User s Guide
60. ied is made that products of Aurora Technologies Inc will be compatible with future versions of the hardware systems and operating systems specified in this manual YOU MUST READ THE SOFTWARE LICENSE AGREEMENT IN THE BACK OF THIS MANUAL AND RE TURN THE PRODUCT UNOPENED IF YOU DO NOT AGREE TO BE BOUND BY ITS CONDI TIONS Trademarks Aurora Technologies the Aurora logotype Apollo Multiport Nova Multiport Aries Multiport ControlTower Explorer Multiport LanMultiServer Saturn Multiport SBox Vanguard Multiport WanMultiServer XP7 Expansion Chassis and XP 7R Rack Mounted Expansion Chassis are trade marks of Aurora Technologies Inc a Carlo Gavazzi Group Company SPARC is a registered trademark of SPARC International Inc in the United States and other countries SSH is a registered trademark of SSH Communications Security Inc All rights reserved Sun Sun Microsystems Solaris and Ultra are trademarks or registered trademarks of Sun Microsystems Inc UNIX is a trademark of The Open Group in the US and other countries All other trademarks registered trademarks and salesmarks are the proprietary property of their respective owners This product includes software developed by the University of California Berkeley and its contributors PREFACE About this Book The ControlTower User s Guide describes how to install config ure and use ControlTower software It also provides reference information This manual is organized
61. is directory will have the group configuration ControlTower User s Guide Creating Logins For Remote Users file parameters applied to them unless these parameters are set in the devices individual configuration files To avoid confusion it is recommended that configuration file names be unique across groups The configuration file name can not be the same as the group file name Creating Logins For Remote Users You may want to perform one or more of the following tasks to set up the environment on the ControlTower server system If you intend to allow remote access to this ControlTower Host system you must create user accounts for all users who are authorized to use ControlTower remotely If you want separate logins for each user having access to the ControlTower Host sys tem remotely use the aut hf ile parameter and create a separate login for each user listed in the authfile file See Username for Remote Access on page 4 10 If you want to associate only one user account with any or all managed devices set the authuser parameter to a user name and create a user account with the name specified The default aut huser name defined in the DEFAULT configuration file is auracmgr You can redefine this for all managed devices in the LOCAL file or for an individ ual managed device in its lt managed_device_name gt cfg file To create the auracmgr user system useradd s usr bin true u lt user_i
62. l option Changes the default TCP IP port or service name used to contact remote location brokers On TCP IP connections use location broker pass thru feature This only works with version 2 00 or later remote systems When using this option the only TCP connections made will be on the auracmgr tcp port 364 which facilitates use across firewalls Network Address Translation NAT and ssh stunnel or other port forwarding The network connec tion is actually passed from the locbrok 8 process to the conserv 8 process so there is no performance penalty Neutralizes the effect of the P option Connect in view only mode neutralizes a and A Set AURACMGR_ OPTIONS style options Escape Sequences Lines that you type which start with the tilde character are lqescape sequences rq the escape character can be changed using the e option see above ControlTower User s Guide CTRL C CTRL Z CTRL L a A d q S APPENDIX A Reference Terminate the session Terminate the session Suspend the cmgr program Toggle local logging of the connection Attempt to attach read write to the console Force an attach read write to the console if anyone is currently at tached their connection will be downgraded to view only Detach from the remote console make the connection view only Query server a single character specifies the information to return A show All W show Who is conne
63. lags crtscts cstopb parenb parext parodd ixoff ixon istrip ALL flags parameters should appear here in DEFAULT file subsequent stty configuration in lt system gt cfg or with 0o on command line or via console program set command change ONLY the bits which are specified all other remain the same Sh SE SE OSE SE OSE OSE H H HE SHE SESE HE stty 9600 cs8 crtscts cstopb parenb parext parodd ixoff ixon istrip allow client programs to change serial line parameters syntax boolean ttychanges true B 2 ControlTower User s Guide string to send instead of BREAK signal optional syntax string the following escape sequences are allowed r n t ooo 1 or more octal digits xXX two hex digits breakstring HH HH Ha aE EE E EE E FE EEE EE EE EE HEHE HE HE HE HE HE EE HE HH HH HE HE HE E E E E E E E E E E Logfile parameters All system console output is saved in a logfile directory for all log files must be absolute syntax string path Sh SE Sh SE H logdir var log cmgrlog log client user input in logfile THIS INCLUDES PASSWORDS all output including echo is always saved in the logfile syntax boolean loginput false log messages sent to users user connect disconnects in logfile serial line change and break messages are always logged syntax boolean logmessages true owner for log files syntax user name or uid logowner root
64. llow client programs to change serial line parameters ttychanges true In case of problems we want to be able to send a real break breakstring This is the directory containing configuration files The log files will be sent here for easy access logdir opt AURAcmgr config This will write everything typed into a cmgr session including PASSWORDS loginput true logmessages true in the DEFAULT file mode for log files Results in rwxrw r logmode 7 64 To make debugging easier line by line time stamping is being turned back on with the default value loglinestamp c This will keep larger log files and more of them logmaxsize 500000 logmaxfiles 20 Since line time stamping is back we don t need as many periodic time stamps logstamp 60 D 4 ControlTower User s Guide Return the format of the periodic time stamp to the default Logstamplormat 4 4 AA SARA AAA RAR se KKKKKKKKKK KK KKK Logfile compression program path Use compress so that log files can be copied to and uncompressed on machines that don t have gzip logcompress usr bin compress This still hasn t changed but is left for clarity logcompressopt f Logfile compression program output extension including DOT character The compress extension is Z logcompressext Z Turn off log filtering logfilter novalue Set authuser to the user whose password everyone has authuser auracmgr Turn of
65. localauth parameter to specify whether users must enter a password for local access to ControlTower Hosts By default password entry is not required localauth false ControlTower User s Guide 4 9 CHAPTER 4 Security and Configuration Concepts Remote TCP IP Access Control Use the tcpenable parameter to permit or deny access via TCP IP to ControlTower Hosts By default TCP IP access is per mitted tcpenable true TCP IP access can be controlled on a system by system basis by entering the IP addresses of servers into tcpallow and tcp deny in a comma delimited list Username for Remote Access e All remote connections over a network require entry of a pass word This password may be the same for all devices managed by a ControlTower Host using the aut hfile parameter Alternatively authorization can be managed through the authfile parameter This is the recommended method for authorization since it gives much better control over access e All network connections are checked using IP address access control lists to permit or deny connections from specific hosts or entire networks or net blocks e The configuration parameters for TCP IP network connec tions are the following tcpenable enable use of TCP IP connections authuser name of the user in the password file to use for password verification by all users Ignored if authfile is set authfile name ofa file containing a list of authorized users and their p
66. logmaxfiles specifies the maximum number of log files As each log file is compressed it is assigned the suffix 1 and all older log files have their suffixes incremented by one with the maximum suffix being logmaxfiles The default value is 7 Note When setting this parameter you will need to consider your overall file storage requirements for all of the log files created by ControlTower logmode logmode specifies the log file permissions mode The default is u rw which means that only the owner has read write access to the log files The available values are ugoa rwx Different per missions can be set for different users user group or other by listing the different users and their permissions separated by a comma for instance u rwx g rw o r See the chmod 1 man page for more information logowner logowner specifies the owner of the log files This would be the u in the description of Logmode The default value is root Users are listed in etc passwd loggroup loggroup specifies the group to which the owner of the log files belongs This would be the g in the description of Log mode The default value is sys Defined groups are listed in etc group ControlTower User s Guide Configuration Parameters and Defaults logcompress logcompress determines the compression utility used to com press log files The default value is usr bin compress logcompressopt logcompressopt specifies t
67. ly restart ControlTower Stopping the ControlTower Server Software To stop all ControlTower Server Software processes To stop the ControlTower server execute the following com mand system opt AURAcmgr sbin stop ControlTower User s Guide Configuration Parameters and Defaults To stop ControlTower Server Software for a Single Man aged Device If you want to remove or rename a managed device you can stop the process for that managed device without stopping the entire ControlTower server To stop the ControlTower server for a single managed device execute the stop command and specify the managed device system opt AURAcmgr sbin stop lt managed_device_name gt Configuration Parameters and Defaults The following are the configuration parameters for Control Tower exclusive exclusive gives ControlTower sole access to a given port The default is t rue If this parameter is set to false other pro grams can open this port This is NOT recommended uulock uulock sets up a uucp compatible lock file so that other pro grams do not use the port to send data to another system The default is t rue stty stty controls serial port parameters The default value is 9600 cs8 crtscts cstopb parenb parext parodd ixoff ixon istrip Permissions for stty are set in the configuration file with ttychanges See the stty man page for stty options and other information ControlTower User s Guide 5 7 CHA
68. m name hercules apollo ulysses agamemnon cmgr viewer exiting e List devices managed by both local and remote servers system cmgr cmgr must have system name agamemnon serverl apollo serverl dagwood server2 dilbert server2 hercules serverl lucy server2 ulysses serverl cmgr viewer exiting View a device managed by a remote server in read only mode system cmgr lt managed_device_name gt If security is being administered using aut huser the next line entered will be password lt remote_server_authuser_password gt where lt remote_server_authuser_password gt is the password for the user assigned to the authuser parameter on the remote server The default is auracmgr but if authuser has been set to a different user that user s password will be required See the section Setting the CONSOLE_SERVERS Variable on page 6 2 for information on setting up this account ControlTower User s Guide Escape Sequences Escape Sequences If security is being administered using aut hfile the next lines entered will be username lt remote_server_authfile_user gt password lt remote_server_authfile_user_password gt Note The lt remote_server_authfile_user gt specified will have the permissions assigned to them in the authfile file e View either a local or remote device specifying that output from the managed device to the terminal be 7 bits system cmgr 7 lt managed_device_name gt Us
69. mands If any listed commands are unknown or their usage is unclear please see the man page for the command man lt command gt IMPORTANT Use of ControlTower software involves impor tant security issues Be sure to read CHAPTER 4 Security and Configuration Concepts Configuration of the ControlTower software consists of the fol lowing tasks e Set up managed device configuration files e Set up the environment ControlTower User s Guide 5 1 CHAPTERS Configuring ControlTower using the Command Line Interface Set Up Managed Device Configuration Files The default configuration for all devices managed by a Control Tower server is specified in the DEFAULT configuration file in opt AURAcmgr config In addition each device is represented by a configuration file in the format lt managed_device_name gt cfg This configuration file can override the configuration specified in the DEFAULT file Note If is strongly recommended that you make all modifications to parameters affecting all devices in the LOCAL file The DEFAULT file is removed when an old version of ControlTower is removed and the LOCAL file is not The name you give this configuration file is the name by which the managed device will be known to ControlTower It is recom mended that the configuration file for the managed device have the same name as the managed device Configuration file names e may be from 1 to 64 characters long e may be the same a
70. mation including passwords You should carefully consider to whom you make them accessible Through the use of Regular Expressions in the log filter sensitive ControlTower User s Guide 4 7 CHAPTER 4 Security and Configuration Concepts information may be removed Refer to log filtering on page 4 8 Disk Space for Log Files Your disk space requirements for log files are affected by two factors e Managed device activity i e how much data is output to the log files in a given period e Your logging requirement 1 e the length of time for which you want to save logged data You can roughly calculate your disk space usage using the fol lowing formula lt _of_managed_devices gt logmaxsize logmaxfiles logmaxsize 2 For 128 managed devices using the default values lLogmax files 7 logmaxsize 50000 and assuming a compres sion ratio of 1 2 logmaxsize 2 this calculates to 27 MB At the worst case output rate of 960 char sec however this space will suffice for only 6 minutes of logfile storage making your worst case log file storage requirement for 1 hour s worth of data 270 MB You may want to modify the defaults depending on your log file activity your available disk space and the length of time for which you require log file coverage See logcompress on page 5 11 andthe config 4 man page for more information on compressing files Log Filtering Log filtering selects which lines of
71. n be assigned to users are listed below Text in the parentheses are the parameters as seen in the auth file file Attach att ach The user can acquire read write permis sion for the managed device if there is currently no other user in read write mode for that managed device If another user is attached and the user with at tach permission tries to attach the user will be attached in read only mode Force Attach fat tach A user who has this permission can acquire read write permission to a device even if there is another user attached Another user who is attached is forced into read only mode stty st ty The user has permission to set stty parameters for devices Break break the user has permission to send a break string to the managed device None none The user has no authority to do anything All a11 the user has all of the above permissions ControlTower User s Guide 5 15 CHAPTERS Configuring ControlTower using the Command Line Interface Permissions can be combined with a plus sign or subtracted with a minus sign The following is a sample authfile file with multiple users This file contains users who have access to the devices in group auracmgr attach fattachtbreak developerl all stty The following user will be allowed view only sessions developer2 non tcpenable tcpenable determines whether remote machines are allowed to connect to the server using TCP IP over a netw
72. naged devices ControlTower Viewer Client software in addition to residing on the Host may reside on multiple systems that have network or modem capabilities to the ControlTower Host System Any func tion that can be performed from a managed devices s keyboard and display can be performed remotely from a ControlTower Viewer Client including monitoring log files running diagnos tics and rebooting managed devices In addition you can use the ControlTower User s Guide 1 1 CHAPTER 1 Introduction to ControlTower Console Management ControlTower Viewer Client to access one or more ControlTower Hosts via the network enabling you to monitor and administer any number of systems in any number of locations from a single central location or from any number of locations you choose as is shown in Figure 1 Network LJ Remote Access Remote Access Via modem link via Network Interface Control Server KY i Tower Host port Serial l Controller ControlTower Host System 4 Managed Devices FIGURE 1 o Console Management with ControlTower 1 2 ControlTower User s Guide CHAPTER 2 Before Installing Getting Started This chapter describes steps you must take before installing Con trolTower
73. nce with such sale the LICENSEE must si multaneously transfer any and all written materials and the backup copy or destroy the backup copy 8 TERM AND TERMINATION The License is effective until termi nated This License will terminate automatically without notice from Au rora if LICENSEE fails to comply with any provision of this License Upon termination you shall destroy the written materials and all copies of the Software including modified copies if any 9 UPDATE POLICY Aurora may create from time to time updated versions of the Software At its option Aurora may make such updates available to the LICENSEE and transferees who have purchased an Ex tended Support Plan from Aurora ControlTower User s Guide E 5 APPENDIX E_ Warranty 10 EXPORT RESTRICTIONS The LICENSEE understands that the United States export control laws may govern the export and re export of products to be licensed under this Agreement and that individual validat ed export licenses may be required from the U S Department of Com merce prior to the export of products The LICENSEE agrees to assist the LICENSOR to obtain any required License by supplying appropriate documentation requested by the seller The LICENSEE agrees to comply with the U S Export Administration Regulations in effect from time to time and will not re export any products without first obtaining approval from the LICENSOR and the U S Department of Commerce as required The re exp
74. ns Unless otherwise noted in the text this document uses the follow ing symbolic conventions screen display literal input lt non literal input gt command emphasis 7 Related Manuals Graphic text that appears on menus and dialog boxes appears in sans serif font Bold words or characters in formats and command descriptions represent com mands that you must type literally Lit eral values are in the bold typewriter font lt Bold italic bracketed gt words or charac ters in formats and command descrip tions represent values that you must supply Do not type the brackets ASCII text that the system displays and pathnames and commands in the text appear in plain typewriter font Italics are used in the text for emphasis titles and variables This symbol marks cautionary notes about possible damage to your equip ment or data This symbol marks procedures This symbol marks the end of a chapter For more information refer to the following manuals e Your Aurora Multiport Serial Controller User s Manual e Your Sun Microsystems documentation e On line man pages Aurora ControlTower User s Guide Getting Help Registration PREFACE About this Book If you need to reach us you can contact us by e The Web www auroratech com for product literature phone numbers and address e Phone service 508 588 6110 or U S Toll Free 1 877 428 4277 Mon Fri 8 30AM 6 00PM Eastern
75. o that a viewer will disconnect if it s been idle for 5 minutes disconnectidle 5 Set so that a viewer will detach if it s been idle for 10 minutes detachidle 10 Require authorization for even local connections to devices localauth true Keep out the people in Marketing tcpdeny 100 100 100 100 8 Notice that authfile is set to LocALauthfile with no specified path This is why a LOCALauthfile file has been created in the opt AURAcmgr config directory The con tents of this file are auracmgr all The contents of the two device configuration files in the opt AURAcmgr config direc tory are device2 cfg device dev cua 2 device3 cfg device dev cua 3 The group grp group configuration file under the group directory contains The devices in this group belong to development so we will be giving more people access to these devices authfile groupauthfile This is why a groupauthfile file has been created under the group directory Its con tents are ControlTower User s Guide D 3 APPENDIX D An Example Configuration As developers are hired add them to this file auracmgr all developerl all break developer2 attachtfattacht stty The configuration file for deviceO under the group directory contains device0 has been having problems so the settings are being changed temporarily to facilitate diagnosis devicename for serial port attached to system console device dev cua 0 a
76. oker SYNOPSIS locbrok d debuglevel DESCRIPTION The Aurora ControlTower Console Manager Location Broker reads and enforces the terms of the product licence file and keeps a database of managed system names and the TCP IP port the conserv 8 process for that managed system is available at When a cmgr 1 is run remotely it first contacts one or more Location Brokers on one or more servers in order to find out what man aged systems are available what server they are attached to and on which TCP port the conserv 8 process can be reached The locbrok process is normally launched by the start 8 script and killed by the stop 8 script opt AURAcmgr config license dat license file opt AURAcmgr pids locbrok process id file opt AURAcmgr sock system locbrok2 unix domain socket endpoint cmer 1 conserv 8 start 8 stop 8 ControlTower User s Guide A 15 APPENDIX A Reference Maintenance Procedures logcheck 8 NAME logcheck Aurora ControlTower Console Manager server logfile manager SYNOPSIS opt AURAcmgr sbin logcheck i interval DESCRIPTION logcheck is run periodicly from the root user crontab 4 to manage logfiles for the Aurora ControlTower Console Manager server logcheck 8 honors the following configuration paramaters see config 4 for descriptions logdir logstamp logmaxsize logmaxfiles logmode logowner loggroup logcompress logcompressopt and logcompressext SEE ALSO confi
77. on 0 0 eeceeceeeeeseeeseceseceseeseeeeeeesaeenaeens E 1 Hard W er narnia sie Ben ae naan iN E 1 Application and Protocol Software seeren E 2 Return Policy oeeie cseezsnsuansdecsveatccuehaestheduadceebieddads E 2 90 Day Technical Support ssseeesseseeeseeeeereeresrssreeresrssresrsses E 3 Software License AgreeMent cece ceecceseeeseeeneceeceneeeneeeeees E 4 Aurora Technologies Software License ceeeeeeeeeeerees E 4 INDEX ieena oh hse targetted ass ratte te saa aaa ARR T ee E Ra A A Sandan I 1 ControlTower User s Guide xi Contents ControlTower User s Guide CHAPTER 1 Introduction to Controllower Console Management System ControlTower Console Management System provides a reli able time and cost saving solution for monitoring and controlling multiple devices through an RS 232 interface from a central loca tion or by remote access It enables a single SPARC Solaris system to function as a common console monitor and keyboard for managed devices The ControlTower System is available for either SBus or PCI bus multiport serial controller ControlTower Console Management System consists of both software and hardware components ControlTower Software consisting of Server and Viewer Client packages resides on a Sun Solaris system The ControlTower Host System provides a com mon console and maintains system logs for all managed devices No additional software is required on the ma
78. onnectors with screws and ensure that all RJ45 connectors are firmly latched e Avoid disconnecting and reconnecting the network connec tion on running systems e Avoid power cycling the ControlTower Host at times when managed device operation is critical e If it is necessary to stop ControlTower processes use opt AURAcmgr sbin stop e After connecting or reconnecting a managed device console port to the ControlTower Host verify that the managed device ControlTower User s Guide 2 3 CHAPTER2 Getting Started is operational by connecting using a Viewer Client See the cmgr 1 man page for further information e Verify operation of all systems after power cycling the Con trolTower Host or reloading the Aurora Multiport Serial Driver e See the kbd 1 man page for information on how to enable disable break on the console serial port e Attach your host machine to a UPS uninterruptible power supply of sufficient capacity to ensure that it will be up as long or longer than all managed devices Select Appropriate Systems as Remote Viewer Clients In order to install the Viewer Client software on a remote system the remote system must be Solaris 2 6 7 or 8 In addition any machine connected to the ControlTower Host System through either the network or a modem can be used as a remote viewer client without installing additional software using telnet rlogin etc Identify Managed Devices ControlTowe
79. or each system named in the argument list If the argument specifies a group directory all run ning conserv 8 processes in the group will be killed FILES opt AURAcmgr pids pid files SEE ALSO config 5 conserv 8 locbrok 8 start 8 A 18 ControlTower User s Guide appenpixe DEFAULT Configuration File The DEFAULT configuration file opt AURAcmgr config DEFAULT specifies the default configuration for devices managed by an Aurora ControlTower server These configu ration specifications apply to every managed device unless overriden in the LOCAL configu ration file the lt group_name gt lt group_name gt grp file or the configuration file for that device opt AURAcmgr config lt device_name gt cfg Sh SE SE OSE E SRO SRE HEHE SESE SR SRE HE SHE SHE HE Aurora ControlTower Console Manager DEFAULT configuration KKKKKKKKKKKKKKKKKKKK DO NOT EDIT THIS FILE KKKKKKKKKKKKKKKKKKKK This file is read before the LOCAL file lt group gt lt group gt grp files and lt system gt cfg files Any changes to these defaults should be made by adding lines to the LOCAL or per group configuration files HEE aE a aE EE aE AE aE EE EE EEE EE FE AE EE EEE HEE EEE aE aE EEE EEE EE EEE EE EEE H COPYRIGHT c 1998 2002 BY AURORA TECHNOLOGIES INC BROCKTON MA THIS SOFTWARE IS FURNISHED UNDER A LICENSE AND MAY BE USED AND COPIED ONLY IN ACCORDANCE WITH THE TERMS OF SUCH LICENSE AND WITH THE INCLUSION OF THE ABOVE COPYR
80. ore ControlTower packages begin with the prefix AURA ControlTower User s Guide 3 7 CHAPTER 3 Installing ControlTower Software 5 Do not dismount or eject the CD ROM at this time 6 Read below to determine if you will need to install Acrobat Reader If you will NOT be installing Acrobat Reader go to the procedure To remove the CD ROM on page 3 9 Installing the Acrobat Reader An electronic version of this manual is available on the CD ROM in the documentation package AURAcmgra After installation it is found on the host computer in the directory opt AURAcmgr doc auracmgr pdf Adobe Acrobat Reader is necessary to read this pdf file If you want to use the electronic version of this manual and do not already have the Acrobat Reader installed use the following procedure to install it To install the Acrobat Reader 1 Change to the Acrobat directory using one of the following commands eIf you mounted the CD ROM drive manually system cd mnt AcroRead If vold mounted the CD ROM drive system cd cdrom auracmgr_3_00 AcroRead 2 Start the installation script system INSTALL 3 Reply to the resulting prompts When you are prompted to enter the installation directory Enter installation directory for Acrobat 3 01 opt Acrobat3 Enter lt RETURN gt to accept the default or specify another directory When you see the messages Installing platform independent files Done Installing
81. ork The default value is true tcpallow tcpallow contains a list of machines that are allowed to con nect to the server using TCP IP over a network If set t cpal Low will contain a comma delimited list of IP addresses or host names either of which can be followed by a mask There is no default value If set to unset t cpallow ina configuration file at a lower level set it to novalue tcpdeny tcpdeny contains a list of machines that are not allowed to con nect to the server using TCP IP over a network The syntax is the same as for tcpallow There is no default value If set to unset tcpdeny ina configuration file at a lower level set it to nov alue defaultencrypt defaultencrypt enables Twofish encryption over TCP IP connections The default is 0 Acceptable values are 0 128 and 256 This only takes effect if the client on a local machine con ControlTower User s Guide Configuration Parameters and Defaults nects to this server over TCP IP using the CONSOLE_SERVERS environment variable forceencrypt forceencrypt causes all incoming TCP IP connections to be dropped unless they accept the defaultencrypt or greater encryption level This will also cause all v2 0 and v1 0 TCP client connections to be dropped localenable formerly UNIXenable localenable determines whether the command line viewer cmgr has access to the local ControlTower Server Host The default is t rue localauth formerly UNI
82. ort of LICENSOR s source code whether modified or not is prohibited without prior written approval from the LICENSOR If the LI CENSOR grants the LICENSEE approval to re export source code LIC ENSEE will obtain all required export approvals from the U S Depart ment of Commerce prior to sale and shipment The LICENSEE agrees to indemnify and hold harmless the LICENSOR from all costs and expens es incurred by the LICENSOR as a result of the LICENSEE s breach of this section 11 RIGHT TO GRANT A LICENSE Aurora hereby warrants that it has the right to grant a License to use the Software to the LICENSEE and that it has the right and power to enter into this License 12 LIABILITIES In no event will Aurora be liable for any lost revenues or profits or other special indirect or consequential damages even if Au rora has been advised of the possibility of such damages Aurora s max imum liability for damage shall be limited to the License fees paid by the LICENSEE under this License for the particular Software which caused the damages 13 GENERAL LICENSEE may not sublicense assign or transfer the License on the Software except as expressly provided in this Agreement Any attempt otherwise to sublicense assign or transfer any of the rights duties or obligations hereunder is void This Agreement will be governed by the laws of the Commonwealth of Massachusetts in the United States of America ControlTower User s Guide Inde
83. platform dependent files Done 3 8 ControlTower User s Guide Install License Key File the software installation is complete 2 To remove the CD ROM 1 If you mounted the CD ROM manually dismount the CD ROM drive Ifthe CD ROM was mounted by vold skip this step and go to Step 2 system ed system umount mnt 2 Eject the CD ROM system eject cdrom Store the CD ROM in the sleeve inside the back cover of this manual Install License Key File ControlTower software requires a license key file for correct operation See Obtain License Key File on page 2 7 The license key file is opt AURAcmgr config license dat ControlTower server software AURAcmgrs requires a license key containing the hostid of the machine on which it is installed or it will not start Therefore a license key will only work for one host machine However the command line Viewer Client pack age AURAcmgr doesn t require a key and may be installed on as many systems as desired The license key also contains the number of allowable ports asso ciated with that license If you need more ports or would like to move ControlTower to a new machine a new license key will be required ControlTower User s Guide 3 9 CHAPTER 3_ Installing ControlTower Software Installing ControlTower Software on Remote Systems In order to install ControlTower Viewer Client software on a remote system the remote system must be Sola
84. r allows you to manage devices which have an RS 232 console port Systems other than those running Sun Solaris must be tested for compatibility with ControlTower Managed Devices Worksheet Complete the Managed Device Worksheet page 2 5 to help plan the types of devices you will be managing with Control Tower Some examples are provided Photocopy the worksheet for additional managed devices ControlTower User s Guide Identify Managed Devices TABLE 1 Managed Devices Worksheet Console Port DCEor Port Managed Device Name Device Type Connector Type DTE e g modems print e g DB25 DB9 ers workstations RJ45 servers ControlTower User s Guide 2 5 Verify Materials CHAPTER2 Getting Started Before installing ControlTower verify that you have all neces sary materials They are listed in the following hardware and soft ware charts TABLE 2 Hardware Parts List Qty Description 1 Dedicated server host enter host ID var User s Manuals for Sun or other system used as host 1 Multiport Serial Controller Hardware 1 Serial Controller Card User s Manual with Device Driver CD ROM 1 Driver Release Notes 1 Distribution cable or Breakout Box 1 Serial Test Plug var Adapters for Managed Devices optional TABLE 3 Software Parts List Description ControlTower CD RO
85. rameter Syntax Each parameter takes a value with one of the following syntaxes int boolean string mode uid gid stty Any integer value A prefix of 0x means value will be interpreted as base 16 hex A prefix of 0 means value will be interpreted as base 8 octal Otherwise the value is interpreted as base 10 decimal A boolean value one of 1 t true y yes to enable a parameter or on of 0 f false n no to disable a parameter An arbitrary string File protection mode ether an octal constant no leading digit re quired or a symbolic value ogua rwxs see chmod 1 man page User id decimal value or a user name from the passwd 4 file Group id decimal value or group name from the group 4 file sequence of tokens values see stty 1 man page Character size es5 cs6 cs7 cs8 Line speed supported speeds depend on underlying hard ware and operating system custom speeds are not supported 50 75 110 150 200 300 600 1200 2400 4800 9600 19200 38400 57600 76800 115200 153600 230400 307200 460800 Flags may be pre fixed with to disable ertscts cstopb parenb parext parodd ix on ixoff istrip Serial line parameters device stty Syntax string device is the only parameter which must appear in the system cfg file This is the path of a tty device for the managed system Call out devices dev cua are typically used to ignore changes in the state of t
86. ris 2 6 7 or 8 If you want to use a Command Line Interface CLI on a remote Solaris system you will need to install the ControlTower Viewer Client software package AURAcmgr on the remote system To install the AURAcmgr package see the instructions Installing ControlTower Software on page 3 3 O ControlTower User s Guide CHAPTER 4 Security and Configuration Concepts This chapter presents important ControlTower security issues It also provides information on how to configure e Encryption e Log file management e User access to ControlTower servers e Error logging e Compatibility with previous versions Configuration Information All ControlTower parameters are applied in a hierarchy depend ing on where the parameters are set Parameters set in the LOCAL or DEFAULT files at the top level opt AURAcmgr config apply to all managed devices unless overridden by set tings at a lower level Parameters set in a group configuration file opt AURAcmgr config lt group gt lt group gt grp over ride settings at the top level and device configuration files opt AURAcmgr config lt device gt cfg or opt AURAc mgr config lt group gt lt device gt cfg override group and ControlTower User s Guide 4 1 CHAPTER 4 Security and Configuration Concepts top level settings For more information refer to Configuring Groups on page 5 4 Parameter settings only override parameters of the same name
87. s Install Acrobat Reader Install the License Key Install ControlTower Software on remote systems The above tasks are explained in this chapter ControlTower User s Guide 3 1 CHAPTER 3_ Installing ControlTower Software If a Previous Version of ControlTower Exists on your ControlTower Host If there is a previous version of ControlTower installed on your ControlTower Host you must remove it before proceeding to install your new ControlTower software Note With the single exception of the DEFAULT file no existing ControlTower configuration or log file is affected removed or overwritten when you remove old ControlTower software packages If you have made con figuration changes to the DEFAULT file you should preserve that information as described in To remove existing ControlTower software below If you are unsure whether previous ControlTower software exists on your system perform the following procedure to find out To check for existing ControlTower software 1 Log in as root login root Password lt root_password gt 2 Check for existing ControlTower software by typing system pkginfo 1 grep AURA more This command displays a list of Aurora packages currently installed on your system If either AURAcmgr Of AURAcmgrd appears in the list perform the following procedure to remove the old ControlTower software To remove existing ControlTower software 1 Log in as root login root
88. s the network name but are not required to be e must have the extension c fg or grp for group config uration files e must reside in opt AURAcmgr config ora group directory directly under this directory e may not begin with a period The configuration file for a managed device must contain at a minimum the console server device pathname specifying the server port to which the managed device console port has been connected For example device dev cua 1 Note To avoid connection problems the caller device should always be used All caller devices are in the dev cua subdirectory 5 2 ControlTower User s Guide Set Up Managed Device Configuration Files For a managed device to belong to a group its configuration file must be located in the group subdirectory under opt AURAc mgr config The subdirectory must contain a grp file with the same name as the subdirectory The grp file may be empty or contain parameters that will be applied to all devices in the group The group file may not contain the device parameter You must create a configuration file for each managed device Creating a Configuration File for a Managed Device Perform the following procedure to create a minimal configura tion file for a managed device To create a configuration file Log in as root or use su login root Password lt root_password gt 3 cd to opt AURAcmer config system
89. string logcompressext Z Optional log filter file path If the path is relative no leading slash the pathname will be taken as relative to the directory in which the device cfg file was found To override a value set in a higher level configuration file use the magic string novalue syntax string path logfilter Ha aE EE EE EE EE HE FE FE EE EE HE HE HE HE HE HE HH TE FE HE HE HE HE EE EE EEE E E E E E E E Authorization parameters The name of the user remote users must supply the password for If authfile below is specified authuser only applies to version 1 viewers Se SR OSE OSE OSE SESE SRE HEHE SESE E E E H syntax string user name authuser auracmgr B 4 ControlTower User s Guide The path to an optional per user authorization file which contains a list of authorized users and their capabilities The path may be relative to group or config directory If not specified all users must authenticate as authuser if set users will be prompted for a user name To override a value set in a higher level configuration file use the magic string novalue syntax string path authfile He Ha E TE EEE EEE HE EE HE EE HE HE HE HE HE HH HH TE FE HE HE HE EE EE EE EEE E E E E E E Idle time parameters If non zero the maximum time in minutes before disconnecting an idle viewer regardless of whether view is attached view only If zero no idle limit is enforced Sh SR SR OSE OEE SHR E E H HEHE SHE SE S
90. t number or name from the services 4 file to contact on the remote server If the CONSOLE_SERVERS environment variable contains a comma seper ated list of servers and the l option is not given the servers will be contacted in turn to retrieve the list of all possible system names Each server name can optionally be followed by by a colon and a port number or name from the ser vices 4 file to use to contact the remote server If no system name is present on the command line all the system names and the server to which they are attached will be sorted and printed If a system name is present it may be an unambiguous prefix If the prefix is ambiguous all matching system names will be printed If the CONSOLE_SERVERS environment variable is not set or the l option is given the connection will be made locally using Unix domain sockets This requires file access permission to the directory in which the sockets are located and will not require a password to establish a connection If no system name is present on the command line all the system names will be sorted and printed If a system name is present it may be an unambiguous prefix If the prefix is ambiguous all matching system names will be printed xcmegr is a shell script which creates a new xterm 1 with a cmgr 1 program inside it OPTIONS 7 Output only 7 bits of data to the terminal This may be necessary if all 8 bits are being processed by the server but are no
91. t tollerated by the user s terminal 8 Neutralizes the effect of the 7 option a Attach to the system console as soon as the connection is established By default sessions are view only and an escape sequence attach command see below must be typed to send input to the remote console port If someone is already attached a view only connection will be established ControlTower User s Guide User Commands cmgr 1 A Force an attach to the system console as soon as the connection is estab lished If someone is already attached their connection will be reduced to view only vV Neutralizes the effect of the a and A options d debuglevel Set program debug level e escapechar f keylength l p port P N V 0 options Set escape character If escapechar is a single character it is used directly as the escape character If escapechar is a multi character sequence start ing with a digit it is interpreted according to strtol 3 If escapechar is none there is no escape character Default escape character is tilde Client encryption select parameter where keylength is 0 128 f 128 selects 128 bit encryption f 0 disables encryption Servers can be set to restrict TCP IP connections to minimum key lengths through the ForceEncrypt true configuration directive Force a connection to be made locally even if the CONSOLE_SERVERS environment variable is set Neutralizes the effect of the
92. ted Log File Timestamping Time stamps are periodically placed into the log files The times tamp frequency is determined by the Logst amp parameter The default setting is 60 minutes Periodic timestamp format is deter mined by the logstampformat parameter For more informa ControlTower User s Guide Log File Management tion about logstampformat see logstampformat on page 5 9 In addition each log entry begins with a timestamp This can be turned off by setting Loglinestamp to null loglines tamp You can control the appearance of the time stamp by changing the format characters See also logstamp logstampfor mat and loglinestamp on page 5 9 Log File Protections The default protection mode owner and group for a managed device s logfiles are as follows logmode u rw logowner root loggroup sys Values you can specify for these are as follows Protection Mode The value specified for Logmode can be expressed either as an octal number e g 600 or as a comma separated sequence of absolute modes strings e g u r o rw See the chmod 1 man page for a detailed description of these possible values Owner The value specified for Logowner can be expressed as a decimal user id or as a username from the password data base Group The value of Loggroup can be expressed as a decimal group id or as a group name from the groups database CAUTION Log files may contain sensitive system infor
93. tem on which you have installed ControlTower ControlTower User s Guide 2 7 CHAPTER2 Getting Started Set Up Managed Devices Connect Managed Devices to Host Whether or not you are installing new Aurora hardware you will need to connect managed devices to the ControlTower Host via asynchronous null modem cables You can also use a straight through cable and asynchronous null modem cable adapters Use one of the cable connections shown in Figure 2 and Figure 3 or a straight cable with an asynchronous null modem adapter to connect managed devices to the Aurora hardware For additional pinouts contact Customer Support at Aurora Technologies Con tact information is found in the section Obtain License Key File on page 7 Multiport Peripheral Serial Con Connector to troller Managed Connector Device DB25 DB25 TXD 2 2 TXD RXD 3 a 3 RXD RTS 4 4 RTS cts 5 P lt 5 CTS GND 7 7 GND DSR 6 6 DSR CD 8 8 CD DTR 20 X 20 DTR FIGURE 2 Asynchronous DB25 to DB25 Null Modem Cable XON XOFF Handshaking 2 8 ControlTower User s Guide Set Up Managed Devices Multiport Se Peripheral rial Controller Connector to Connector Managed Device RJ45 DB25 RIS 1 5 CTS DTR l2 6 DSR 8 CD TXD J3 3 RXD CD 4 20 DTR DSR 7 RXD 5 2 TXD GND 6 7 GND CTS 8 4 RTS FIGU
94. ther copies may exist This License is not a sale of the original Software or any copy 5 COPY RESTRICTIONS This Software and the accompanying writ ten materials are copyrighted Unauthorized copying of this Software in cluding Software that has been modified merged or included with other Software or of the written materials is expressly forbidden LICENSEE may be held legally responsible for any copyright infringement that is caused or encouraged by LICENSEBE s failure to abide by the terms of this License Subject to these restrictions and if the Software is not copy protected LICENSEE may make one 1 copy of the Software solely for backup purposes LICENSEE must reproduce and include any copyright notice on the backup copy 6 USE RESTRICTION LICENSEE may physically transfer the Soft ware from one computer to another provided that the Software is used on only one computer at a time LICENSEE may not distribute copies of the Software or accompanying written materials to others LICENSEE may not translate decompile disassemble or otherwise reverse engineer or modify adapt or create derivative works based on the Software LIC ENSEE may not modify adapt translate or create derivative works based on the written materials without prior written consent of Aurora 7 TRANSFER LICENSEE may sell the License rights in the Software to another party only if that party also agrees to the terms and conditions of this Agreement In accorda
95. tion sseseeeeeeeeeseeerereererrrereererrrsrees 6 3 Specifying a Managed Device to View 6 3 Specifying the Access Mode cee ceeesseeseceteceteeeeeeeeeeaees 6 4 Command Examples ecceceseceeceseseeeeseeceseeeeceseeeneeeaeeeneoe 6 4 Escape Sequences is icct riches Aether Milano nate a 6 7 APPENDIX A Referen eion RA E tat obesigtobea athens tatieetada bun ea A a a laos A 1 User Commands anrai muhindi ai cmgr 1 A 1 File Formats oeei eiee e a a RS config 4 A 6 Maintenance Procedures c ccccssceceesseeeeeeeeees conserv 8 A 12 Maintenance Procedures cccccceseessseeeeeeeees convert 8 A 13 Maintenance Procedures cccccceseesseeeeeees Filtertest 8 A 14 Maintenance Procedures ccccceceseeceseeeeeeeeeeees locbrok 8 A 15 Maintenance Procedures cccceessceeeesteeeeenees logcheck 8 A 16 Maintenance Procedures cccccceseessseceeeceeenssaees start 8 A 17 Maintenance Procedures cccccceseessseceeeeeeesseaees stop 8 A 18 x ControlTower User s Guide Contents APPENDIX B DEFAULT Configuration File c ccccescccssssssssssscnscsssescesessssssssecnetssneeees B 1 APPENDIX GLO SSOP Y occ a E ont crians EE E eaten EEE E wabheg O EERE C 1 APPENDIX D An Example Configuration ccccecccceceseseseeeeeseeseseeeceneeseneeseteeeeseneeaes D 1 APPENDIX E Warrantyoctesntsi natai i ET ERER A staal A E 1 Warranty Informati
96. tores old log files up to the number specified in the logmaxfiles configuration parameter ControlTower User s Guide 4 5 CHAPTER4 Security and Configuration Concepts Every ten minutes the Logcheck program is run from the root crontab file to check the size of each managed device s active log file If the log file size exceeds that specified in the Logmax size configuration parameter the active file is compressed using the standard compress utility or other compression algo rithm specified in the configuration file for the managed device Refer to the compress 1 man page The log files are then rotated with the following result e The newly compressed active logfile becomes lt system_name gt 1 Z e The next most recently compressed logfile becomes lt system_name gt 2 Z e and so on up to the value of the logmaxfiles configu ration parameter Log File Compression By default log files are compressed using the Sun Microsytems supplied compress program If you wish to use an alternate compression program such as GNU zip gzip there will be three parameters that need to be changed Llogcompress logcom pressopt and logcompressext For example to use gzip instead of the default compress program set logcompress usr local bin gzip logcompressopt f logompressext gz The logcompressext parameter must be set to the extension that the logfiles will have when compressed Otherwise the log files won t be rota
97. trokes to the managed device The act of entering read write mode is called attaching and requires the attach capability in the managed system authfile If another user is currently attached in read write mode you can forcibly take control away from them this requires both the attach and fattach capabilities in the managed system authfile View see Read Only mode Viewer Client Aurora Technologies supplied software that provides ability to issue com mands to a managed device s console serial port view log files and interact with the Control Tower Server Software xemgr Aurora Technologies supplied software script program running the Character Ori ented Viewer Client functionality in an xterm ControlTower User s Guide C 3 APPENDIX C Glossary ControlTower User s Guide APPENDIX D An Example Configuration This is an example configuration with devices at various levels and in groups and with param eters changed from their defaults at various levels This configuration has been set up and run in a lab Devices have been configured at the top level in the opt AURAcmgr config directory and under a group directory The files and directories under opt AURAcmgr config are DEFAULT LOCAL LOCALauthfile device2 cfg device3 cfg group license dat Under the group directory are the files device0 device0 1 test device0 cfg devicel cfg ControlTower User s Guide D 1
98. ts to one file ControlTower User s Guide Configuration Parameters and Defaults loginput If loginput is set to t rue all text that is entered into the Viewer Client will be written to the log file including passwords The default is false logmessages logmessages controls whether messages generated by Con trolTower are written to the log file The default is t rue logstamp logstamp inserts a line containing a time stamp into the log file at regular intervals which you determine Valid intervals are 10 20 30 or 60 minutes A value of 0 means no logstamp is written The default value is 60 logstampformat logstampformat contains the format of the time stamp that is inserted into the log file See the strftime 3c man page for valid format variables The default is 4 x3 CK KEKE KER loglinestamp loglinestamp specifies that a time and date stamp will be written on each log line received from a managed device If loglinestamp is null no line by line timestamping will be performed The default is sc See the st rft ime 3C man page for valid format variables logmaxsize logmaxsize is the maximum size of the log file in bytes Every ten minutes the log file size is checked and if it is over 10g ControlTower User s Guide 5 9 CHAPTERS Configuring ControlTower using the Command Line Interface maxsize then the file is compressed and rotated The default value is 50000 logmaxfiles
99. under the group directory that has no parameter changes of its own O D 6 ControlTower User s Guide APPENDIX E Warr anty Warranty Information Hardware All Aurora Technologies Inc hardware products are warranted against defects for two years from the date of delivery Buyer agrees that if this product proves defective Aurora Technologies Inc is obligated only to repair replace or refund the purchase of this product at Aurora Technol ogies Inc s discretion The warranty is void if the product has been sub jected to alteration neglect misuse or abuse if any repairs have been at tempted by anyone other than Aurora Technologies Inc or if failure is caused by accident acts of God or other causes beyond the control of Aurora Technologies Inc Aurora Technologies Inc reserves the right to make changes or im provements in any product without incurring any obligation to similarly alter products previously purchased In no event shall Aurora technolo gies Inc be liable for any direct indirect incidental or consequential damages arising out of or in connection with the performance or use of the product or information provided Aurora Technologies Inc s liabil ity shall in no event exceed the purchase price of the product purchased hereunder ControlTower User s Guide E 1 APPENDIX E_ Warranty The foregoing limitation of liability shall be equally applicable to any service provided by Aurora Technologi
100. wer servers If CONSOLE_SERVERS is not set Viewer Client defaults to the local ControlTower server If you do not specify lt managed_device_name gt the Viewer Client displays a list of devices accessible from the local server Specifying the Access Mode By default the Viewer Client connects to the managed device in read only mode In read only mode you must enter an escape sequence to send input to the managed device console port You can however specify that the Viewer Client should attach to the managed device console port i e read write mode with the a or A escape sequences For more informa tion see Escape Sequences on page 6 7 In read write mode the Viewer Client window functions as a console terminal attached to the managed device The users and permissions listed inthe authfile file determine which escape sequences are available to which user For more information on authfile see authfile on page 5 15 Command Examples These command examples show how to use the ControlTower Viewer Client to view managed devices The CONSOLE_SERVERS environment variable determines how devices on local and remote servers are specified for viewing 6 4 ControlTower User s Guide Command Examples The following commands have the described effects when CONSOLE_SERVERS is not set e List devices managed by the local server system cmgr cmgr must have system name hercules apollo ulysses agamemnon
101. x Symbols novalue D 5 A Acrobat Reader 3 8 Asynchronous Serial Cables 2 9 Attach 5 15 C 1 AURAcmegr 3 3 3 6 3 9 3 10 C 1 AURAcmegrd 3 3 3 6 3 7 3 8 AURAcmegrs 3 6 3 7 3 9 C 1 AURAjcmgr 3 9 Aurora Multiport Serial Driver 2 4 authfile 5 15 AuthUser 5 14 B Break 5 15 Break Signal 2 3 C 1 Breakout Box C 1 breakstring 5 8 C Cables asynchronous 2 9 Character Oriented Viewer Client C 1 CLI Viewer Client C 1 cmgr 2 4 A 1 C 1 Command Line Interface CLI 5 1 Command Line Viewer Client C 1 compress 4 6 Compression 4 6 config 4 8 4 9 Configuration Groups 5 4 Managed Device 5 2 5 4 Parameters and Defaults 5 7 5 17 Connect C 2 Connection Box C 2 conserv 4 11 Console Management 1 1 C 2 Services C 2 Console Management Services C 2 Console Serial Port C 2 CONSOLE_SERVERS 6 2 Control C 2 ControlTower Host computer 2 3 Host Server System C 2 Host System 1 1 C 2 ControlTower User s Guide Host system 2 7 Security 4 3 Server 4 9 Server Software C 2 Software 1 1 Viewer Client 1 2 Viewer Client software 1 1 ControlTower server 4 11 ControlTower Software Removing 7 3 3 ControlTower Software 3 1 D daemon 4 11 detachidle 5 17 Device driver 2 7 disconnectidle 5 17 Disk Space 4 8 Driver 2 7 E Encryption 4 2 Error Logging 4 11 4 12 exclusive 5 7 F File Rotation 4 5 Filtering 4 8 Force Attach 5 15 Forc
102. you use the Software is a multi user system this License covers all users of that system Aurora reserves all rights not expressly granted to the LICENS EE 2 DELIVERY INSTALLATION ACCEPTANCE AND RISK OF LOSS Aurora shall deliver the Software to a common carrier FOB Au rora s Facilities LICENSEE shall be solely responsible for installation of the Software on the computer LICENSEE agrees the acceptance shall occur upon delivery of the Licensed Software to a common carrier LIC ENSEE assumes all risk of loss or damage upon delivery of the Software by Aurora to LICENSEE or common carrier 3 PAYMENTS In consideration of the License and rights in the Soft ware granted by Aurora and in consideration of Aurora s performance of its obligations hereunder LICENSEE agrees to pay Aurora Technolo gies Inc the License fee according to the terms as invoiced Failure to remit complete payment according to the specified terms will result in re vocation of the License upon thirty 30 days written notice ControlTower User s Guide Software License Agreement 4 OWNERSHIP OF SOFTWARE As the LICENSEE you own the magnetic or other physical media on which the Software is originally or subsequently recorded or fixed but Aurora in no way transfers title or ownership of the Software recorded on the original distribution media and all subsequent copies of the Software regardless of the form or me dia in or on which the original and o
Download Pdf Manuals
Related Search