Getting Started A Getting Started Guide for Locum RealTime Monitor Manual Version 2.1 LOCUM SOFTWARE SERVICES LIMITED Locum House, 84 Brown Street, Sheffield, S1 2BS, England Telephone: +44 (0) 114 252-1199 E-mail: enquiries@locumsoftware.com Web: www.locumsoftware.com
Contents System Requirements... 3 Windows Requirements... 3 MCP Requirements... 3 Network Requirements... 3 License Requirements... 3 Trial Licenses... 3 Pre-requisites... 4 Have you installed the software?... 4 Privilege Requirements... 4 First Steps... 6 Familiarise yourself with RealTime Monitor... 6 Using RealTime Config... 7 The RealTime Config Main Window... 7 Configuring a Connection in RealTime Config... 8 About Connections... 8 Creating a New Connection... 8 The SafeLib Configuration dialog in RealTime Config... 9 Activity Codes... 10 What are Activity Codes?... 10 Monitored Events... 13 The Edit Monitored Events dialog... 13 List of Monitored Events... 14 Alert Filters... 16 About Alert Filters... 16 Using RealMon... 17 The RealMon Main Window... 17 Configuring a Connection in RealMon... 19 Creating a New Connection... 19 Global Options... 20 Dials and Graphs... 21 About Dials... 21 RealTime Graphs... 22 Appendix A - Role-Based Access Control... i Appendix B References... ii Index... iii Contents i
System Requirements Windows Requirements Refer to the appropriate Locum Release Letter for a list of Windows versions that are supported. MCP Requirements Refer to the Compatibility Matrix for a list of MCP levels that are qualified to run RealTime Monitor. This can be found at our website: http://www.locumsoftware.com/matrix.html Network Requirements TCP/IP is the required method of communication between RealTime Monitor and the MCP host. RealTime Monitor expects the following port numbers to be available to the MCP host through any local firewalls: 139 NetBios 445 SMB 56287 RealTime Monitor non-ssl connection 56288 RealTime Monitor SSL connection License Requirements To use RealTime Monitor in full feature mode, you must have a Unisys-supplied license key (style xxx-lrm-lrm) that is compatible with the version of LOCUM/SAFELIB that is installed. For example, if the version of LOCUM/SAFELIB is 17.40.0902, key 581-LRM-LRM is required. This key will be valid on any MCP level between 571 and 591 providing it is used with the 17.0 level of LOCUM/SAFELIB. To order license keys and to obtain pricing information, contact your system supplier or Unisys representative. For a full explanation of the Unisys License Key mechanism, refer to the Guide to Unisys Licensing document, available in the Support section of the Locum website at www.locumsoftware.com. Locum RealTime Monitor comes ready to use out-of-the-box, with pre-configured alerts and activity codes. Without a license key you are restricted to using Locum RealTime Monitor with its out-of-the-box settings. Trial Licenses Note that Try & Buy keys are available to allow a short evaluation period for the software. Try & Buy keys offer full functionality for a limited time and are available online at www.unisys.com/locum. System Requirements 3
Pre-requisites Have you installed the software? The Locum RealTime Monitor package consists of two components: RealMon (RMon.exe), the collector, and RealTime Config, the configurator snap-in to Security Center. The RealMon executable can simply be installed on any Windows workstation or server of choice by running the setup.exe included with the installation package. By default, RealMon.exe will be installed in your Program Files (x86)\locum\realtime Monitor folder. For customers with Safe & Secure, AdminDesk is capable of performing all of the functions of RealTime Config through identical Windows dialogs, in which case it is not necessary to install Unisys SecurityCenter (and therefore RealTime Config) as detailed in the following paragraphs. For customers without Safe & Secure, the Unisys SecurityCenter must have previously been installed on both the Security Administrator Windows workstation and its MCP component on the MCP server. For information on how to install SecurityCenter, refer to the following Unisys documentation: Simple Installation Operations Guide Installation Center Operations Guide To install SecurityCenter client, access to the SecurityCenter directory of the INSTALLS share of your MCP server is necessary. The INSTALLS share should be visible by browsing the MCP host in the Windows network. For convenience, a local disk drive can also be mapped to the INSTALLS share after browsing to the appropriate location. Please refer to the Unisys Client Access Services User Guide for more information on how to connect to an MCP share. If no current version of SecurityCenter exists on the security administrator s workstation, run the SecurityCntr.msi file in the INSTALLS\SecurityCenter directory. If a current version does exist, and this is an update to the current IC level of the current mark release, then ICUpdate.vbs should be run. If this is an update to a newer mark level, you must remove the current versions, using Windows Add/Remove Programs, before installing the newer version. Refer to the Migration Guide for guidance in this area. Once SecurityCenter has been installed on the Windows workstation, RealTime Config will then be available within the SecurityCenter software. Privilege Requirements To run RealTime Monitor a user must have the usercode attribute SECURITYMSGUSER set. If security administrator status is authorised, only a security administrator (a user marked as SECADMIN) can run RealTime Config. If security administrator status is not authorised, the usercode attribute PU must be set to True. Pre-requisites 4
RealTime Monitor is enabled to use the Unisys RBAC (Role Based Access Control) implementation for applications. This is an alternative mechanism to the traditional privileges and allows the customer to define with fine granularity which users are allowed to use which functions of the software. For more information on this topic, refer to Appendix A: Role Based Access Control of this document. Pre-requisites 5
First Steps Familiarise yourself with RealTime Monitor RealTime Monitor offers a powerful and flexible solution for monitoring one or multiple ClearPath MCP systems. It allows you to designate which events you want to monitor and how you want alert and system messages to be routed and displayed, using a combination of activity codes and alert filters. RealTime Monitor consists of two separately-installed products: RealMon, variously referred to as the collector or dashboard, and RealTime Config, the configurator and snap-in to Security Center. This Getting Started guide explains the features of both. Note that if you have a Safe & Secure license, you may use AdminDesk to accomplish the functions of RealTime Config that are documented in the following section. RealTime Config communicates with LOCUM/SAFELIB on the appropriate MCP host. LOCUM/SAFELIB is the engine for Locum RealTime Monitor, and, once configured, will send alerts to one or more RealMon collector applications via its Alert Interface tasks. First Steps 6
Using RealTime Config RealTime Config is initiated by clicking on the Locum RealTime Config entry in Unisys Security Center. The RealTime Config Main Window The RealTime Config Main Window has three panes. The left-hand Console Tree pane shows a connections list view which displays an icon for each defined ClearPath MCP system. The middle Results pane displays more information about an item selected in the Console Tree pane. The right-hand Actions pane offers a list of available actions for items currently selected in the Console Tree and Results panes. The RealTime Config Menu Bar The Menu Bar contains the File, Action, View, Favorites, Window and Help menus. The RealTime Config Toolbar The Toolbar contains a number of shortcut buttons. Consulting the Online Help To access RealTime Config s Online Help, select Help Topics from the Help menu on the Menu Bar. Alternatively, many of RealTime Config s dialog boxes contain either a Help button or icon you can click to view the Help topic specific to the dialog you are viewing. Using RealTime Config 7
Configuring a Connection in RealTime Config About Connections Connection icons represent ClearPath MCP systems to which RealTime Monitor may connect, and appear in the left-hand pane of the Main Window. The Installation process may have created a connection icon for each licensed system. If a connection was not created via the Installation process, you will need to create a connection for each ClearPath MCP system on which you intend to perform administrative functions. It is possible to arrange connections in to logical groups. You can also copy an already created connection. When connecting to a ClearPath MCP system you will be asked to supply your logon details. A successful logon will cause the colour of the connection icon for that system to change from red to green and various menus on the Menu Bar to become available. Creating a New Connection 1. From the Action menu, select New Connection, or in the Console Tree pane, right-click the Connections folder and select New Connection from the contextual menu. The New Connection dialog contains the following fields: Connection Name assign a name to the connection. Either select an existing name from the dropdown list or type in a new name. Group this field allows you to group connections together in the list pane of the Main Window. For example, you could group connections by machine type or function. Either select an existing name from the dropdown list or type in a new name. IP Address or Domain Name of Server enter the host s IP address or the host s domain name or select an existing address or name from the dropdown list. Socket Number this field is pre-populated with 0 and should usually only be changed if the program is in conflict with existing software. You may also wish to change the socket number if you have multiple connections to the same ClearPath MCP system from the same PC. Automatically logon as RemoteUser if this option is selected, the program will attempt to log on to this host as a Remoteuser. You will not need to use the log on dialog that you would otherwise have to when connecting to a ClearPath system from RealTime Config. 2. Complete the fields as required and then click OK to create the connection. Note that connection properties may be modified at any time by selecting the Properties option from the Connection menu on the Menu Bar, or by clicking the Properties icon on the Toolbar: Using RealTime Config 8
The SafeLib Configuration dialog in RealTime Config The SafeLib Configuration dialog, accessed via the Action Menu -> Host Configuration, allows you to create, reconfigure, suspend, reactivate and terminate SafeLib tasks from RealTime Config. You can also create and edit address pools, check socket defaults and availability, save or recall the config file and import and export the List of tasks in the configuration to a CSV file. From here, you can also access the List of Monitored Events so that you can create or modify alert filters. Using RealTime Config 9
Activity Codes What are Activity Codes? Activity codes are used to control monitoring actions. An activity code is the control structure that allows you to define the severity of each alert and what to do when the alert is received. This includes how the alert is displayed within RealMon, messaging forwarding using Syslog or via email to key members of staff, and/or other escalation actions. Activity codes group alerts which have the same severity, notification, and display requirements. The manipulation of activity codes is dependent on having a full RealTime Monitor licence. See Licensing Locum RealTime Monitor in the Online Help for more information. RealTime Config allows you to create, amend and delete activity codes. You can specify which events on the MCP system you want to monitor and these events can be assigned to activity codes for display within RealMon. Activity codes allow you to specify a configuration of windows, icons and dials to best meet your monitoring requirements. Three activity codes are pre-defined: Information Amber Warning Red Alert These are each displayed in their own alert window by default, although by specifying the same window for more than one activity code, any monitored events assigned to those activity codes can be displayed in the same window. Using RealTime Config 10
The Activity Code Configuration dialog The Activity Code Configuration dialog allows you to create customised activity codes for ease of monitoring. The following options are available: Name the name you wish to call the activity code. Comment enter relevant text in this field to describe the purpose of the activity code. Window(s) when a <Default> window is specified, the name of the alert window shown in RealMon will be the name of the connection, together with the interface number. Icon select the icon which best represents your activity code. This icon will be shown on every alert window specified for the activity code. Foreground/Background Colour these fields allow you to set the foreground and background colour of the messages shown in the Main Window. Message Forwarding and Escalation if desired, select a method; Email forwarding, Syslog forwarding or Output to file. Other this field is not user-editable. It is only populated if the activity code contains options which RealTime Monitor does not have the functionality to process. Using RealTime Config 11
Message Forwarding and Escalation Locum RealTime Monitor allows you to forward and escalate messages for external notification through the use of a variety of methods in the Activity Code Configuration dialog. The following methods are available: Email forward messages to one or more email addresses and set the threshold level of alert messages at which you want email notifications to be sent out. Syslog this is a computer data logging protocol used for forwarding alerts to another collector. Enter the host name or IP address of the machine you wish to be alerted. File specify the location of the file and the maximum number of messages to be written to each file. The Table of Activity Codes The Table of Activity Codes displays a list of all activity codes on the selected ClearPath MCP host. From there you can do the following: View or edit an existing activity code either by double-clicking it or selecting Edit Create a new activity code by clicking New This will open the Activity Code Configuration dialog. Duplicate and activity codes by highlighting it and selecting Duplicate. Delete an activity code by highlighting it and selecting Delete. Export or Import activity codes. This allows you to share activity codes between different installations of RealTime Monitor. The Table of Activity Codes and the Activity Code Configuration dialog are accessed via the SafeLib Configuration dialog. Using RealTime Config 12
Monitored Events The Edit Monitored Events dialog The Edit Monitored Events dialog in RealTime Config allows you to assign the events you want to monitor to a particular activity code. There are two methods of selecting the events you want to monitor: Filter by Function allows you to select events broadly, according to their functions. Filter by Log Record Type allows you to select events far more specifically, by major/minor log type. This is dependent on having a full licence. Refer to the Unisys System Log Programming Reference Manual for more information on major/minor log types. Using RealTime Config 13
List of Monitored Events The List of Monitored Events dialog displays a list of all events currently monitored on the current ClearPath host system, together with the log minor type, if appropriate, security information and the activity code the event is associated with. From the List of Monitored Events, you can do the following: Edit monitored events (via the Edit Monitored Events dialog) View and change additional filtering options Switch activity codes Edit activity codes Delete selected monitored events Delete all monitored events The List of Monitored Events and the Edit Monitored Events dialog are accessed via the SafeLib Configuration dialog. Reassigning monitored events from one activity code to another You can reassign a monitored event from one activity code to another by doubleclicking the event in the List of Monitored Events or by clicking the Switch Activity Codes button. This will open the Select Activity Code dialog which will display a list of all activity codes defined on the ClearPath MCP system. Select the activity code you want to assign the monitored event to and click OK. Using RealTime Config 14
To Delete a Monitored Event 1. Open the List of Monitored Events dialog as described above. 2. From the List of Monitored Events, select the event(s) you want to delete and click Delete Selected. Alternatively, click the Delete All button to delete all monitored Events. The selected event(s) will be deleted. 3. Click OK to apply the changes and close the List of Monitored Events dialog or click Apply to changes without closing the dialog. Using RealTime Config 15
Alert Filters About Alert Filters Alert filters provide a way of monitoring only selected events. When you select one or more events that you want to monitor and assign them to an activity code, the program allows you an unprecedented degree of control over the type and scale of monitoring of your systems and the manner in which the information returned from such monitoring is displayed and delivered. An alert filter is created by selecting events that you want to monitor and assigning them to an activity code. RealTime Monitor s out-of-the-box default settings monitor the following events: Information level alerts o Abnormal Terminations o Unsuccessful Password Changes Amber Warnings o Miscellaneous Events o Privileged Actions o System Commands Red Alerts o Logon violations o Security violations These defaults can be amended or deleted at any time. Advanced filtering is also available in the form of Alert Filter Rules. Alert Filter Rules ensure only alert messages that meet specified criteria are sent to the Alert Interface. For more information, consult the RealTime Monitor Online Help. To Create an Alert Filter 1. Open the Edit Monitored Events dialog as described in the previous section. 2. From the Select Activity Code section at the top of the dialog, select the activity code you want to associate with your alert filter. If necessary, you can create or edit an activity code by clicking the Edit Activity Codes button. 3. Select the events you want to monitor from the Filter by Function and Filter by Log Record type lists. You can select from either or both lists to create your alert filter. 4. Click OK to save the alert filter and close the Edit Monitored Events dialog, or click Apply to save the alert filter without closing the dialog. You can then create or edit an alert filter associated with a different activity code. 5. Once the Edit Monitored Events dialog has been closed, click OK to create the new alert filter and close the List of Monitored Events dialog or click Apply to create the new alert filter without closing the dialog. Using RealTime Config 16
Using RealMon RealMon is initiated by running RealMon.exe, which by default, will be installed in your Program Files (x86)\locum\realtime Monitor folder. The RealMon Main Window The RealMon Main Window has three panes; the left-hand Connections pane shows a connections list view which displays an icon for each defined ClearPath MCP system; the main pane shows all open alert windows, and dials and graphs, if appropriate; the Status Messages pane is docked by default at the bottom of the Main Window and lists status messages such as connections, alert filter updates and emails sent. Alert messages are displayed within alert windows. When a <Default> window is specified, the name of the alert window shown in RealMon will be the name of the connection, together with the interface number; for example, Libra (Interface 1): Connected. It is possible to view the contents of any message in a separate dialog box by double-clicking the message. Using RealMon 17
The RealMon Menu Bar The Menu Bar contains the Connection, Host Actions, Output, View and Help menus. The RealMon Toolbar The Toolbar contains a number of shortcut buttons. The Toolbar can be customized to suit your own requirements by right-clicking anywhere on the Toolbar and selecting Customize from the context menu. Consulting the Online Help To access RealMon s Online Help, either select Help from the Help menu on the Menu Bar, or click the help icon from the Toolbar: Alternatively, many of RealMon s dialog boxes contain either a Help button or icon you can click to view the Help topic specific to the dialog you are viewing. Using RealMon 18
Configuring a Connection in RealMon Creating a New Connection To create a new connection, follow the subsequent steps: 1. From the Connection menu, select New, or click the New Connection icon on the Toolbar: The Create new connection dialog box will appear. This dialog displays the following fields: Connection Name assign a name to the connection. Either select an existing name from the dropdown list or type in a new name. Group this field allows you to group connections together in the list pane of the Main Window. For example, you could group connections by machine type or function. Either select an existing name from the dropdown list or type in a new name. IP Address or Domain Name of Server enter the host s IP address or the host s domain name or select an existing address or name from the dropdown list. Socket Number this field is pre-populated with 0 and should usually only be changed if the program is in conflict with existing software. You may also wish to change the socket number if you have multiple connections to the same ClearPath MCP system from the same PC. Foreground/Background Colour for ease in viewing messages in RealMon, these fields allow you to set the foreground and background colour of the messages shown in the Main Window. Connect Automatically at Startup if this option is checked, RealMon will automatically attempt to open the connection when it is initialized. Logon Automatically if this option is checked, the program will attempt to log on to this host as a remoteuser. Reconnect Automatically this option allows for an automatic reconnection to SafeLib if the connection is lost unexpectedly. Reconnection Attempts you can specify the number of times you wish the system to automatically reconnect. Reconnection Delay allows you to specify the amount of time in seconds, between each automatic reconnection. 2. Complete the fields as required and then click OK to create the connection. Note that connection properties may be modified at any time by selecting the Properties option from the Connection menu on the Menu Bar, or by clicking the Properties icon on the Toolbar: Establishing Multiple Connections You do not need to disconnect from one ClearPath MCP system before connecting to another. If you wish to establish multiple connections, repeat the logon procedure for each system you wish to connect to. Using RealMon 19
Global Options RealMon s Global Options apply to all connections, whether open or not. The Global Options dialog can be accessed by selecting Global Options from the Connections menu on the Menu Bar. The dialog consists of two property pages- Output and General. The Output Property Page The Output property page allows you to set the following options: Wrap message over multiple lines Show continuation icon Font Include Date and Time on all Printouts Print in Landscape Mode Hide Graph tab The General Property Page The General property page allows you to set the following options: Don t use Unisys Authentication Support Language Don t Ask Me Again Questions Diagnostic Options Restore to Factory Defaults Using RealMon 20
Dials and Graphs About Dials Dials are a useful graphical representation of the state of the ClearPath MCP system you are monitoring within RealMon. They allow you to see at a glance if the rate of alerts generated is higher than expected, a possible indication of an unfolding issue. The Dial Configuration dialog The Dial Configuration dialog allows you to set the following options: Refresh rate set the interval time at which RealMon refreshes the dials, between 1 and 60 seconds. Time Period (minutes) choose from the dropdown list an amount of time in minutes Maximum alerts per dial type the maximum number of alerts (up to a maximum of 100,000) you wish to be reported in the specified time period. Note that if you set the maximum alerts to a very high figure and the system(s) you are monitoring produces only a low number of alerts, you may not see much movement in the dials as the alerts received will only be a very low percentage of the maximum alerts. By default, the dials are set to: Low Severity a maximum of 1,000 alerts per 60 minutes Using RealMon 21
Medium Severity a maximum of 100 alerts per 60 minutes High Severity a maximum of 10 alerts per 60 minutes To display or hide the dials, from the View menu on the Menu Bar, select Split. A horizontal lime will be displayed across the alert widow. Move it up or down using your mouse, and when it is in the desired position, click the left mouse button. RealTime Graphs RealTime Monitor gives you the option to display the RealTime Graphs tab within the RealMon Main Window. The RealTime Graphs tab contains moving timeline graphs showing the rate of alerts per minute over a specified time period. The RealTime Graphs window is loaded automatically upon connection to a host providing that the host has one or more windows defined. There is one graph per window, each showing the rate of alerts being sent to that window. Graphs are managed automatically when the state of a window changes. The graph will scale the Y axis automatically depending on the rate of alerts being displayed and the plot is updated once a minute. Each graph has a set of radio buttons which can adjust the scale to show a greater time period. The available options are: 1 Hour 2 Hours 4 Hours 12 Hours Each graph can be independently set. From the Global Options dialog, you can choose to prevent the RealTime Graphs tab from loading automatically by checking the Hide Graph tab option. Alternatively, from the Menu Bar, within the View menu, there is an option to display or hide RealTime Graphs. Using RealMon 22
Appendix A - Role-Based Access Control Role-Based Access Control (RBAC) is available with RealTime Monitor. RBAC is an effective approach to authorising access for users based on their roles within the organisation. The model is based on the concept of users, roles and permissions. RealTime Monitor is a member of the Locum realm. The realm may be enabled by the definition of a single role and user within the realm. Note that once the realm is enabled, the traditional MCP privileges of PU and SECADMIN are ignored and the permissions allocated to the user s role are the only determining factor used for authorisation. If a user does not hold a particular permission, the functions associated with that permission are unavailable to the user. Within the Client, these functions will be greyed out. The administration of RBAC, such as the setting up of roles, associating users with roles and allocating permissions to roles, is accomplished through Unisys SecurityCenter Client. The Locum realm and list of permissions within the realm are pre-defined, and established during installation of SecurityCenter. If you have multiple roles, once you are connected to RealTime you will be prompted to select an appropriate role. Appendix A - Role-Based Access Control i
Appendix B References RealTime Monitor Online Help RealTime Config Online Help RealTime Monitor White Paper (www.locumsoftware.com/software.html) Unisys Simple Installation Operations Guide (form number 8807 6260) Unisys Installation Center Operations Guide (form number 8807 8555) Unisys Client Access Services User Guide (form number 4310 3324) Unisys Migration Guide (form number 8829 8639) Unisys System Log Programming Reference Manual (form number 8600 1807) Appendix B - References ii
Index Activity Codes...10 About...10 Message Forwarding and Escalation.12 The Activity Code Configuration dialog...11 The Table of Activity Codes...12 Alert Filters...16 About...16 To Create an Alert Filter...16 Dials...21 About...21 The Dial Configuration dialog...21 First Steps... 6 Graphs...21 RealTime Graphs...22 Monitored Events...13 List of Monitored Events...14 Reassigning Monitored Events...14 The Edit Monitored Events dialog...13 To Delete a Monitored Event...15 Online Help... 7, 18 Pre-requisites... 4 Privilege Requirements... 4 RealMon Connections...19 Creating...19 Multiple... 19 Global Options... 20 The General Property Page... 20 The Output Property Page... 20 RealMon Main Window... 17 RealMon Menu Bar... 18 RealMon Toolbar... 18 RealTime Config Connections... 8 About... 8 Creating... 8 RealTime Config Main Window... 7 RealTime Config Menu Bar... 7 RealTime Config Toolbar... 7 References... ii Role-Based Access Control... i SafeLib Configuration dialog... 9 System Requirements... 3 License Requirements... 3 MCP Requirements... 3 Network Requirements... 3 Windows Requirements... 3 Trial Licenses... 3 Using RealMon... 17 Using RealTime Config... 7 Index iii