scc-rules(1)



NAME


	scc-rules - check rules for snapshots and log files

RELEASE


	scc-srv	1.19.44

SYNOPSIS


	scc-rules [ -d|--directory <scc_web_path> ] [ -f|--file <rule> ] [ -h|--host <host> ] <realm>

DESCRIPTION


	This program reads file custom/scc-rules.conf or <rule> for 
	realm <realm> and performs all the checks in this file.

	Possible checks are:
	- check for saved snapshots and log files
	- check max. age of snapshots
	- signal changes in log files
	- check systems for identical parts of the snapshots
	- check snapshots for certain patterns
	- check snapshots for unique text
	Refer to the EXAMPLES for a full list of the keywords.

	All output of the checks is stored in the files scc-rules.data.
	The format of this file is: <keyword> <system> <message>. 
	Lines starting with "#" contain the original lines of the rules.conf.
	The data can have an additional destination, which can be altered by 
	editing the scc-rules.conf. Uncomment and change the value of the 
	keywords: SIGNAL_PROG and SIGNAL_DEST.

	When you change the configuration file, it will be used after new
	scc-data has arrived for the realm. When a realm does not receive new
	scc-data, scc-update does not run any command for the realm.
	Force immediate update by using: scc-update -f

	Note that a new config file is not used to avoid loosing your changes.
	You have to add new features by hand to an existing rules config file.

	Note that this program can take quite some time. It can take up to
	40% of the time scc-update. When you are not interested in the data,
	you better remove the configuration file. 

OPTIONS


	-d|--directory <scc_web_path>   Path for SCC-data under DocumentRoot,
	                                Default is: "", meaning SCC-data resides
	                                in the document-root of the web server.
	-f|--file <conf>                Use non-default rule file.
	-h|--host <host>                Format html, stdin contains rules.data 
	                                for system <host>

ARGUMENTS


	<realm>   The sub-directory with collected snapshots, where the
	          summaries are produced.

DIAGNOSTICS


	This program writes the following messages to stderr:

	Syntax error, use: scc-rules [ -d|--directory <scc_web_path> ] [ -f|--file <rule>]
		[ -h|--host <host> ] <realm>
	A syntax error has been detected.

	scc-rules: Syntax error, missing argument for option: <option>
	The argument for <option> is missing.

	scc-rules: unknown check: <check>
	An unknown check was used in the scc-rules.conf.

	scc-rules: reducing limit for max age of snapshots from <max_age> to 28
	The limit for the max age of a snapshot for the rules.conf is 28 days.

EXTERNAL INFLUENCES


	This program should be called after scc-transfer has put new scc-data
	in a realm and before scc-summary.

EXAMPLES


	Use the following contents for the scc-rules.conf:

	- CheckSavedFiles:all_systems
	check for saved snapshots and log files, these files are generated
	when the new log file of a system does not contain the run date of
	the snapshot. This could indicate that the snapshot is from a restored
	backup or that transferred scc data is lost. Compare the current and
	saved snapshot of the system and optionally take corrective actions.

	- CheckSnapAge:all_systems:14
	check all systems and report snapshots older than 14 days
	- CheckSnapAge:c01,c02:7
	check systems c01 and c02 and report snapshots older than 7 days

	- CheckLogEntries:all_systems:
	check all systems and report systems with changes in last run
	- CheckLogEntries:c01,c02:
	check systems c01 and c02 to report systems with changes in last run
	- CheckLogEntries:all_systems:fix:kernel:
	check all systems and report changes of last run in kernel config
	- CheckLogEntries:all_systems:kernel.cfg
	check all systems and report changes of last run matching expressions
	in file <realm>/custom/kernel.cfg

	- CheckSnapData:all_systems:fix:messages::
	check snapshots of all systems for messages
	- CheckSnapData:c01,c02:fix:messages::
	check snapshots of systems c01 and c02 for messages

	- CompareSnapData:c01,c02,c03:<class_file>
	extract data according to <class_file> for systems c01, c02 and c03
	and compare resulting data from c02 and c03 with resulting data from 
	c01. For a single classification, replace <class_file> with the literal
	text of the classification
	- CompareSnapData:c03:<class_file>
	extract data according to <class_file> for all systems in a realm
	and compare resulting data with data resulting from c03
	- CompareSnapData:all_systems:<class_file>
	extract data according to <class_file> for all systems in a realm
	and compare resulting data with data resulting from first, alphabetical
	system
	Note: use this option with care as it might take quite some time.

	- Unique:c01,c02,c03:<text>
	search snapshots of c01, c02 and c03 for <text> and report when this text appears in more than one snapshot
	- Unique:all_systems:<text>
	search all snapshots of <text> and report when this text appears in more than one snapshot
	To check for the requirement that all mail-servers serve a different domain:
	Unique:all_systems:fix:software:sendmail:options::  (canonical domain name)

COPYRIGHT


	scc-rules is free software under the terms of the GNU General Public 
	License. Copyright (C) 2001-2004 Open Challenge B.V.,
	2004-2005 OpenEyeT Professional Services, 2005-2018 QNH, 2019 Siem Korteweg.

FILES


	/var/opt/scc-srv/tmp - directory for temporary files
	<realm> - directory for snapshots and log files
		scc.<hostname>.cur - snapshots
		scc.<hostname>.log - logbooks
		scc-rules.data - output from scc-rules
		scc-rules-index.html - HTML version of scc-rules.data
		scc-rules-config.html - HTML version of scc-rules.conf
	<realm>/custom/scc-rules.conf - default rules for realm <realm>

SEE ALSO


	scc-baseline(1), scc-changes(1), scc-debug(1), scc-pull(1), scc-realm(1),
	scc-receive-mail(1), scc-rules(1), scc-setup(1), scc-smt(1), scc-summary(1),
	scc-syscmp(1), scc-transfer(1), scc-update(1), scc-wrapper.cgi(1), scc.cgi(1),
	scc-srv(5)

VERSION


	$Revision: 6217 $