Welcome

Purpose­: Scheduler » Sensor » Audit » Alert » Countermeasure

OSsonar™ is an application­ ­that continually audits the status quo of a system by managing sensors.

A sensor audits one thing about the system and returns either a Concern or a No Concern.  If a sensor has a concern, it can, if configured, launch a countermeasure to “fix” the concern.  When there is a concern, the Alert Manager uses rules in the OSsonar config file to alert people to the concern.

See documentation in the config file (/ossonar/etc/config/OSSONAR.conf) on how alerts are managed.

See the document /ossonar/docs/audits.txt for a list of all sensor audits.

See the document /ossonar/docs/pgmlist.txt for a list of all OSsonar programs.

See the document /ossonar/docs/toc.txt for a Table Of Contents of all OSsonar documents.


Sensors

See the document /ossonar/docs/sensors.txt for a list of all sensors.

All compiled source code is in /ossonar/sensors/src.d.

You can write your own sensors.  See the template program /ossonar/sensors/src.d/sensor_template.sh for the rules on writing a sensor.

/ossonar/etc/tables contains all configuration and data files for the sensors.  Files ending with “.tab” are sensor config files.

/ossonar/etc/backup1 contains a daily backup of all *.tab files.

/ossonar/etc/backup2 contains a weekly backup of all *.tab files.


Managers

The Schedule Manager (OSscrond) uses rules in the OSsonar config file to schedule sensors.  See documentation in the config file (/ossonar/etc/config/OSSONAR.conf) on how sensor schedules are managed.  Additional information on OSscrond is below.

The Sensor Manager (OSsonard) manages the execution of the scheduled sensors.  Additional information on OSsonard is below.

The Local Alert Manager (alertit) is called by the Sensor Manager to handle a concern from a local sensor.  The local Alert Manager can transfer, if configured, a concern to the Local Alert Manager on a remote OSsonar.  This allows consolidation of all alerts to one Alert Manager using one set of alert rules.  See documentation in the config file (/ossonar/etc/config/OSSONAR.conf) on how this works.

The Verification Manager (OSswatchdog) is a scheduled cron job that verifies that all the manager daemons are up and running unless someone has intentionally stopped OSsonar.  The Verification Manager will restart any manager daemon that has unintentionally died.


Start/Stop/Restart OSsonar

The program /ossonar/bin/OSsonar is used to start, stop, or restart OSsonar.

Either of the following commands will start the 2 daemons OSscrond and OSsonard:

/ossonar/bin/OSsonar start

/ossonar/bin/OSsonar

service ossonar start (Red Hat Linux)

Either of the following commands will stop the 2 daemons OSscrond and OSsonard:

/ossonar/bin/OSsonar stop

/ossonar/bin/OSsonar -S

service ossonar stop (Red Hat Linux)

Either of the following commands will restart the 2 daemons OSscrond and OSsonard:

/ossonar/bin/OSsonar restart

service ossonar restart (Red Hat Linux)

To start the daemons, OSsonar copies the two daemons from /ossonar/bin to /ossonar/run and then executes them from the “run” directory.  This allows the programs to be updated.


Configuration File

The config file is /ossonar/etc/config/OSSONAR.conf.  During installation, this file is built from either the standard /ossonar/language/en/OSSONAR.conf or from a custom /etc/OSSONAR.conf.

Edit the config file to change the default configuration of OSsonar.

All changes made to the config file are maintained when OSsonar is updated.


OSscrond Daemon

This is the Schedule Manager.

Can only be started by the command OSsonar.

All output is recorded in /ossonar/etc/logs/OSscrond.log.

Sensor actions are recorded in /ossonar/etc/logs/OSsonard.log.

Once started, this program will loop every minute until killed.

Startup:

Update “sensors” section in config file with new sensors.

Extract sensor schedules from config file.

Loop:

Restart Sensor Manager daemon (OSsonard) if needed.

Select sensors that are scheduled for now.

Write each selected sensor onto foreground or background queues.


OSsonard Daemon

This is the Sensor Manager.

Can only be started by the command OSsonar.

Once started, this program will loop until killed.

All output is recorded in /ossonar/etc/logs/OSsonard.log.

Loop:

Restart Schedule Manager daemon (OSscrond) if needed.

Execute all sensors on background queue.

Execute only one sensor on the foreground queue. Upon completion, remove sensor from foreground queue.


OSsonar Status Board

/ossonar/bin/lsstatus displays sensor activity.


OSsonar Logs

Most logs contain messages beginning on the first of the month.  Each month the logs are archived and reinitialized.  /ossonar/etc/archives contain each month’s logs.

Log Description
ALERTS.log Local alert messages
CONCERNS.log Monthy concerns
DISK.log Weekly disk space
DU.log Weekly directory space
HUGEDIRS.log Current list of the very large directories
INSTALL.log Installation and update messages
LARGEFILES.log Current list of very large files
LOGINS.log Last time local users logged in
MAILTRAFFIC0.log Mail statistics for Sunday
MAILTRAFFIC1.log Mail statistics for Monday
MAILTRAFFIC2.log Mail statistics for Tuesday
MAILTRAFFIC3.log Mail statistics for Wednesday
MAILTRAFFIC4.log Mail statistics for Thursday
MAILTRAFFIC5.log Mail statistics for Friday
MAILTRAFFIC6.log Mail statistics for Saturday
OSsonar.log Master log of brief sensor messages
OSscrond.log Messages from OSscrond
OSsonard.log Messages from OSsonard
PERF00.log Performance statistics of system at midnight
PERF01.log thru PERF11.log Performance statistics of system at 1 A.M. thru 11 A.M.
PERF12.log thru PERF23.log Performance statistics of system at noon thru 11 P.M.
STATUS00.log Status of system at midnight
STATUS01.log thru STATUS11.log Status of system at 1 A.M. thru 11 A.M.
STATUS12.log thru STATUS23.log Status of system at noon thru 11 P.M.

OSsonar Directories

bin General OSsonar scripts
docs OSsonar documentation
gnu GNU documents
language Language directory
plus Scripts to handle remote communications
public Console scripts that must be public
run Temporary copies of programs currently running
sensors OSsonar’s sensors
sys OS commands used by OSsonar
tables Global tables that can be used by any sensor
utils Special programs rarely used by OSsonar
etc OSsonar’s data directory
etc/adm Special runtime logs
etc/alertcnts Sensor alert counts
etc/archives Month archives of etc/logs
etc/autoupdate An OSsonar update waiting to be processed
etc/backup1 Yesterday’s backup of sensor config files (.tab)
etc/backup2 Last Sunday’s backup of sensor config files (.tab)
etc/checksums File checksums
etc/config OSsonar’s config files
etc/console Alert Console
etc/events OSsonar’s special events
etc/journals Sensor journals
etc/locks File locks
etc/logs OSsonar Logs
etc/queues Queues
etc/remotealerts Remote alerts waiting to be processed
etc/runnow Waiting requests to rerun a sensor
etc/tables Sensor tables

OSsonar Language

See the document /ossonar/docs/newtranslation.txt on how to create a new translation of OSsonar.


Alert Console

The directory /ossonar/etc/console contains an archive of the current alerts.  A “Concern” alert adds a file to this directory and a “No Concern” removes a file from this directory if one exists.

See the document /ossonar/docs/console.txt.


Getting Started

See the installation document /ossonar/docs/install.txt.


­

OSsonar is a trade mark of Virtual Labs, Inc, Cape Canaveral, Florida USA

Permanent link to this article: https://www.ossonar.com/