How to enable the nas Activity Log for auditing of nas AO profiles
search cancel

How to enable the nas Activity Log for auditing of nas AO profiles

book

Article ID: 67590

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

The process below explains how to monitor the nas Activity log, for example for testing of nas AO Profiles that run scripts, send email notifications, etc.

Environment

Release: UIM, any version
Component: UIMNAS, Any version

Cause

- Guidance

- Testing

Resolution

Follow these steps:

  1. Click on the Status tab
  2. Click on the Show Activity Log

3. On the resulting dialog, click the preferences icon and then from the Select drop-down choose the time period for which you would like to see the activity.

4. Enable logging by checking the Enable Activity Log checkbox, then all alarm activities that you wish to see the log entries for your specified period of time:

5. Then click OK.

6. Make sure to click on Apply from the main nas GUI dialog, then OK.

7. Check the 'Show Activity Log' icon on the nas Status Tab to view activities.

Additional Information

For nas and emailgtw testing purposes, you may want to set the loglevel to 15 but note that the log files will grow without limitation and will eventually fill up the file system if you leave it set to 15.

The nas Activity Log can be configured to show whether or not EMAIL actions were triggered. You can limit it to just EMAIL actions.

In the nas.log, if and when the EMAIL is sent, you will see a log entry like this which contains the alarm NIMID:

Sep 21 14:27:59:313 [12228] 3 nas: ExecEvent: Rule='test nas AO Profile' on nimid='XL34914280-56521' with ACTION:EMAIL, age:0s, status:OK 

Sep 21 14:27:59:312 [12228] 2 nas: ExecEvent: IMMEDIATE rule='test nas AO Profile', nimid=XL34914280-56521, ACTION:EMAIL 
Sep 21 14:27:59:312 [12228] 4 nas: CONNECT: 000001BA4855DFB0(1296) ###.###.##.##/51157->##.##.###.##/48001 
Sep 21 14:27:59:312 [12228] 5 nas: SREQUEST: post ->###.###.##.##48001 
Sep 21 14:27:59:313 [12228] 5 nas: RREPLY: status=OK(0) <-###.###.##.##/48001  h=37 d=28 fd=1296 
Sep 21 14:27:59:313 [12228] 5 nas: SREQUEST: _close ->###.###.##.##/48001 
Sep 21 14:27:59:313 [12228] 3 nas: ExecEvent: Rule='test nas AO Profile' on nimid='XL34914280-56521' with ACTION:EMAIL, age:0s, status:OK

Then in the emailgtw.log around that same time frame, you will see that the email was sent and shows-> smtp_send returns ok

Sep 21 14:27:59:641 emailgtw: RREQUEST: hubpost <-##.##.###.##/48002  h=243 d=976
Sep 21 14:27:59:641 emailgtw: pdsUserData Size=617
Sep 21 14:27:59:641 emailgtw: rowid           PDS_I             2 2
Sep 21 14:27:59:641 emailgtw: event_type      PDS_I             2 2
Sep 21 14:27:59:641 emailgtw: nimid           PDS_PCH          17 XL34914280-56521
Sep 21 14:27:59:641 emailgtw: nimts           PDS_I            11 1663768439
Sep 21 14:27:59:641 emailgtw: arrival         PDS_I            11 1663793635
Sep 21 14:27:59:641 emailgtw: severity        PDS_PCH           9 critical
Sep 21 14:27:59:641 emailgtw: level           PDS_I             2 5
Sep 21 14:27:59:641 emailgtw: prevlevel       PDS_I             2 4
Sep 21 14:27:59:641 emailgtw: subsys          PDS_PCH           6 Alarm
Sep 21 14:27:59:641 emailgtw: message         PDS_PCH          13 test message
Sep 21 14:27:59:641 emailgtw: source          PDS_PCH          14 ###.###.##.##
Sep 21 14:27:59:641 emailgtw: hostname        PDS_PCH          14 <hostname>
Sep 21 14:27:59:641 emailgtw: sid             PDS_PCH           4 1.1
Sep 21 14:27:59:642 emailgtw: domain          PDS_PCH          21 <domain>
Sep 21 14:27:59:642 emailgtw: hub             PDS_PCH          18 <hub_hostname>
Sep 21 14:27:59:642 emailgtw: nas             PDS_PCH          18 <hub_hostname
Sep 21 14:27:59:642 emailgtw: robot           PDS_PCH          14 <robot_hostname>
Sep 21 14:27:59:642 emailgtw: origin          PDS_PCH          18<hub_hostname
Sep 21 14:27:59:642 emailgtw: prid            PDS_PCH          15 TestAlarmProbe
Sep 21 14:27:59:642 emailgtw: suppcount       PDS_I             2 1
Sep 21 14:27:59:642 emailgtw: supptime        PDS_I            11 1663795677
Sep 21 14:27:59:642 emailgtw: tz_offset       PDS_I             2 0
Sep 21 14:27:59:642 emailgtw: visible         PDS_I             2 1
Sep 21 14:27:59:642 emailgtw: i18n_dsize      PDS_I             2 0
Sep 21 14:27:59:642 emailgtw: profile         PDS_PCH          20 test nas AO Profile
Sep 21 14:27:59:642 emailgtw: aots            PDS_I            11 1663795679
Sep 21 14:27:59:642 emailgtw: ao_argument     PDS_PCH          29 <email_address>
Sep 21 14:27:59:642 emailgtw: Looks like an alarm message
Sep 21 14:27:59:642 emailgtw: Failed to expand assigned_at from PDS
Sep 21 14:27:59:642 emailgtw: (pds_strip_hostname) hostname is <robot_hostname>
Sep 21 14:27:59:642 emailgtw: (pds_strip_hostname) hostname does not look like an ip address
Sep 21 14:27:59:642 emailgtw: (pds_strip_hostname) stripped hostname is <robot_hostname>
Sep 21 14:27:59:642 emailgtw: (parse_to) created address list
Sep 21 14:27:59:642 emailgtw: (ht_find_profile) did not find '<[email protected]>
Sep 21 14:27:59:642 emailgtw: (get_profile_addr) profile <[email protected]> not found
Sep 21 14:27:59:642 emailgtw: (get_nimuser_addr) looking up <[email protected]>
Sep 21 14:27:59:642 emailgtw: (ht_find_profile) did not find '<[email protected]>
Sep 21 14:27:59:642 emailgtw: (get_nimuser_addr) did not find <[email protected]>, checking hub
Sep 21 14:27:59:643 emailgtw: SREQUEST: gethub ->##.##.###.##/48000
Sep 21 14:27:59:643 emailgtw: RREPLY: status=OK(0) <-##.##.###.##/48000  h=37 d=356
Sep 21 14:27:59:643 emailgtw: sockClose:0139FE38:##.##.###.##/51158
Sep 21 14:27:59:643 emailgtw: SREQUEST: _close ->##.##.###.##/48000
Sep 21 14:27:59:643 emailgtw: SREQUEST: nametoip ->##.##.###.##/48000
Sep 21 14:27:59:644 emailgtw: RREPLY: status=OK(0) <-##.##.###.##/48000  h=37 d=37
Sep 21 14:27:59:644 emailgtw: sockClose:013A52B0:##.##.###.##/51159
Sep 21 14:27:59:644 emailgtw: SREQUEST: _close ->##.##.###.##/48000
Sep 21 14:27:59:644 emailgtw: SREQUEST: user_info ->##.##.###.##/48002
Sep 21 14:27:59:645 emailgtw: RREPLY: status=not found(4) <-##.##.###.##/48002  h=37 d=0
Sep 21 14:27:59:645 emailgtw: sockClose:0139FE38:##.##.###.##/51160
Sep 21 14:27:59:645 emailgtw: SREQUEST: _close ->##.##.###.##/48002
Sep 21 14:27:59:645 emailgtw: (get_nimuser_addr) error from hub is: not found, retry count is 1
Sep 21 14:27:59:645 emailgtw: (get_nimuser_addr) user <[email protected]> not a NimBUS user or does not have an email address set
Sep 21 14:27:59:645 emailgtw: (read_file)Currnet working directory is = C:\Program Files (x86)\Nimsoft\probes\gateway\emailgtw
Sep 21 14:27:59:645 emailgtw: message before replacing html tags = test message 
Sep 21 14:27:59:645 emailgtw: message after replacing html tags = test message 
Sep 21 14:27:59:645 emailgtw: (send_it) parsing addresses: <[email protected]>
Sep 21 14:27:59:645 emailgtw: (send_it) subject: Nimsoft Message: Alarm from <robot_hostname> test nas AO Profile
Sep 21 14:27:59:645 emailgtw: (send_it) locale[0]
Sep 21 14:27:59:645 emailgtw: Sending...
Sep 21 14:27:59:648 emailgtw: [Trying IP address [###.##.##.##]
Sep 21 14:27:59:784 emailgtw: 220 <[email protected]> ESMTP Postfix
Sep 21 14:27:59:784 emailgtw: EHLO <robot_FQDN>
Sep 21 14:27:59:851 emailgtw: 250-<[email protected]>
Sep 21 14:27:59:851 emailgtw: 250-PIPELINING
Sep 21 14:27:59:851 emailgtw: 250-SIZE
Sep 21 14:27:59:851 emailgtw: 250-VRFY
Sep 21 14:27:59:851 emailgtw: 250-ETRN
Sep 21 14:27:59:851 emailgtw: 250-STARTTLS
Sep 21 14:27:59:851 emailgtw: 250-ENHANCEDSTATUSCODES
Sep 21 14:27:59:851 emailgtw: 250-8BITMIME
Sep 21 14:27:59:851 emailgtw: 250 DSN
Sep 21 14:27:59:851 emailgtw: (send_it) smtp_open succeeded
Sep 21 14:27:59:851 emailgtw: RSET
Sep 21 14:27:59:917 emailgtw: 250 2.0.0 Ok
Sep 21 14:27:59:917 emailgtw: MAIL FROM:<example_mail_gateway>
Sep 21 14:27:59:985 emailgtw: 250 2.1.0 Ok
Sep 21 14:27:59:985 emailgtw: RCPT TO:<<[email protected]>>
Sep 21 14:28:00:052 emailgtw: 250 2.1.5 Ok
Sep 21 14:28:00:052 emailgtw: DATA
Sep 21 14:28:00:119 emailgtw: 354 End data with <CR><LF>.<CR><LF>
Sep 21 14:28:00:119 emailgtw: .
Sep 21 14:28:00:295 emailgtw: 250 2.0.0 Ok: queued as 6FCCFC0000D7
Sep 21 14:28:00:295 emailgtw: (send_it) smtp_send returns ok
Sep 21 14:28:00:295 emailgtw: QUIT
Sep 21 14:28:00:361 emailgtw: 221 2.0.0 Bye

If you have the NIMID of the alarm generated, and/or some other information such as the exact message, recipient(s) etc., you should be able to track down if and when the nas triggered the nas AO Profile, and whether or not the emailgtw sent the email.

For one or more email messages that may have not been received, add your own INTERNAL email address to see if its received internally, and sent externally, but then not successfully received.

Powered by Wolken Software