Purpose: Scheduler » Sensor » Audit » Alert » Countermeasure
OSsonar™ is an application that continually audits the status quo of a system by managing sensors.
A sensor audits one thing about the system and returns either a Concern or a No Concern. If a sensor has a concern, it can, if configured, launch a countermeasure to “fix” the concern. When there is a concern, the Alert Manager uses rules in the OSsonar config file to alert people to the concern.
See documentation in the config file (/ossonar/etc/config/OSSONAR.conf) on how alerts are managed.
See the document /ossonar/docs/audits.txt for a list of all sensor audits.
See the document /ossonar/docs/pgmlist.txt for a list of all OSsonar programs.
See the document /ossonar/docs/toc.txt for a Table Of Contents of all OSsonar documents.
Sensors
See the document /ossonar/docs/sensors.txt for a list of all sensors.
All compiled source code is in /ossonar/sensors/src.d.
You can write your own sensors. See the template program /ossonar/sensors/src.d/sensor_template.sh for the rules on writing a sensor.
/ossonar/etc/tables contains all configuration and data files for the sensors. Files ending with “.tab” are sensor config files.
/ossonar/etc/backup1 contains a daily backup of all *.tab files.
/ossonar/etc/backup2 contains a weekly backup of all *.tab files.
Managers
The Schedule Manager (OSscrond) uses rules in the OSsonar config file to schedule sensors. See documentation in the config file (/ossonar/etc/config/OSSONAR.conf) on how sensor schedules are managed. Additional information on OSscrond is below.
The Sensor Manager (OSsonard) manages the execution of the scheduled sensors. Additional information on OSsonard is below.
The Local Alert Manager (alertit) is called by the Sensor Manager to handle a concern from a local sensor. The local Alert Manager can transfer, if configured, a concern to the Local Alert Manager on a remote OSsonar. This allows consolidation of all alerts to one Alert Manager using one set of alert rules. See documentation in the config file (/ossonar/etc/config/OSSONAR.conf) on how this works.
The Verification Manager (OSswatchdog) is a scheduled cron job that verifies that all the manager daemons are up and running unless someone has intentionally stopped OSsonar. The Verification Manager will restart any manager daemon that has unintentionally died.
Start/Stop/Restart OSsonar
The program /ossonar/bin/OSsonar is used to start, stop, or restart OSsonar.
Either of the following commands will start the 2 daemons OSscrond and OSsonard:
/ossonar/bin/OSsonar start
/ossonar/bin/OSsonar
service ossonar start (Red Hat Linux)
Either of the following commands will stop the 2 daemons OSscrond and OSsonard:
/ossonar/bin/OSsonar stop
/ossonar/bin/OSsonar -S
service ossonar stop (Red Hat Linux)
Either of the following commands will restart the 2 daemons OSscrond and OSsonard:
/ossonar/bin/OSsonar restart
service ossonar restart (Red Hat Linux)
To start the daemons, OSsonar copies the two daemons from /ossonar/bin to /ossonar/run and then executes them from the “run” directory. This allows the programs to be updated.
Configuration File
The config file is /ossonar/etc/config/OSSONAR.conf. During installation, this file is built from either the standard /ossonar/language/en/OSSONAR.conf or from a custom /etc/OSSONAR.conf.
Edit the config file to change the default configuration of OSsonar.
All changes made to the config file are maintained when OSsonar is updated.
OSscrond Daemon
This is the Schedule Manager.
Can only be started by the command OSsonar.
All output is recorded in /ossonar/etc/logs/OSscrond.log.
Sensor actions are recorded in /ossonar/etc/logs/OSsonard.log.
Once started, this program will loop every minute until killed.
Startup:
Update “sensors” section in config file with new sensors.
Extract sensor schedules from config file.
Loop:
Restart Sensor Manager daemon (OSsonard) if needed.
Select sensors that are scheduled for now.
Write each selected sensor onto foreground or background queues.
OSsonard Daemon
This is the Sensor Manager.
Can only be started by the command OSsonar.
Once started, this program will loop until killed.
All output is recorded in /ossonar/etc/logs/OSsonard.log.
Loop:
Restart Schedule Manager daemon (OSscrond) if needed.
Execute all sensors on background queue.
Execute only one sensor on the foreground queue. Upon completion, remove sensor from foreground queue.
OSsonar Status Board
/ossonar/bin/lsstatus displays sensor activity.
OSsonar Logs
Most logs contain messages beginning on the first of the month. Each month the logs are archived and reinitialized. /ossonar/etc/archives contain each month’s logs.
Log | Description |
ALERTS.log | Local alert messages |
CONCERNS.log | Monthy concerns |
DISK.log | Weekly disk space |
DU.log | Weekly directory space |
HUGEDIRS.log | Current list of the very large directories |
INSTALL.log | Installation and update messages |
LARGEFILES.log | Current list of very large files |
LOGINS.log | Last time local users logged in |
MAILTRAFFIC0.log | Mail statistics for Sunday |
MAILTRAFFIC1.log | Mail statistics for Monday |
MAILTRAFFIC2.log | Mail statistics for Tuesday |
MAILTRAFFIC3.log | Mail statistics for Wednesday |
MAILTRAFFIC4.log | Mail statistics for Thursday |
MAILTRAFFIC5.log | Mail statistics for Friday |
MAILTRAFFIC6.log | Mail statistics for Saturday |
OSsonar.log | Master log of brief sensor messages |
OSscrond.log | Messages from OSscrond |
OSsonard.log | Messages from OSsonard |
PERF00.log | Performance statistics of system at midnight |
PERF01.log thru PERF11.log | Performance statistics of system at 1 A.M. thru 11 A.M. |
PERF12.log thru PERF23.log | Performance statistics of system at noon thru 11 P.M. |
STATUS00.log | Status of system at midnight |
STATUS01.log thru STATUS11.log | Status of system at 1 A.M. thru 11 A.M. |
STATUS12.log thru STATUS23.log | Status of system at noon thru 11 P.M. |
OSsonar Directories
bin | General OSsonar scripts |
docs | OSsonar documentation |
gnu | GNU documents |
language | Language directory |
plus | Scripts to handle remote communications |
public | Console scripts that must be public |
run | Temporary copies of programs currently running |
sensors | OSsonar’s sensors |
sys | OS commands used by OSsonar |
tables | Global tables that can be used by any sensor |
utils | Special programs rarely used by OSsonar |
etc | OSsonar’s data directory |
etc/adm | Special runtime logs |
etc/alertcnts | Sensor alert counts |
etc/archives | Month archives of etc/logs |
etc/autoupdate | An OSsonar update waiting to be processed |
etc/backup1 | Yesterday’s backup of sensor config files (.tab) |
etc/backup2 | Last Sunday’s backup of sensor config files (.tab) |
etc/checksums | File checksums |
etc/config | OSsonar’s config files |
etc/console | Alert Console |
etc/events | OSsonar’s special events |
etc/journals | Sensor journals |
etc/locks | File locks |
etc/logs | OSsonar Logs |
etc/queues | Queues |
etc/remotealerts | Remote alerts waiting to be processed |
etc/runnow | Waiting requests to rerun a sensor |
etc/tables | Sensor tables |
OSsonar Language
See the document /ossonar/docs/newtranslation.txt on how to create a new translation of OSsonar.
Alert Console
The directory /ossonar/etc/console contains an archive of the current alerts. A “Concern” alert adds a file to this directory and a “No Concern” removes a file from this directory if one exists.
See the document /ossonar/docs/console.txt.
Getting Started
See the installation document /ossonar/docs/install.txt.
OSsonar is a trade mark of Virtual Labs, Inc, Cape Canaveral, Florida USA