Please find below the main system files used in the Entuity environment. These files should not be moved, deleted or modified unless otherwise stated. For help and information on entuity.cfg, please see this article.
Directory names are given in the Linux\Unix format. The names still apply if you are a Windows user - reverse the slashes to enter them in DOS format.
event-engine-cfg-template.properties
eyepoller_overrides_system.cfg
flow-applications-template.txt
flow-exclusions-template.properties
scriptEngine-template.properties
site_specific_nominal_power.cfg
sw_report_system_site_specific.cfg
sw_user_defined_components.cfg
XMLDataCollector-log4j.properties
bin.vendor
Location
entuity_home/etc
Format
Internal use only.
Description
Contains MIB-related information for each networking vendor supported by the Entuity environment. The file is used by various SNMP polling processes, including prole.
This MIB information is also detailed in individual device type vendor files, installed by default to entuity_home/etc. Additional device type definitions, not detailed in bin.vendor are held in entuity_home/etc/exotica. Device definitions held in these folders are only used by Entuity, when you copy them to entuity_home/etc. Also proliferate can generate new device types, called Unclassified, and these are held in entuity_home\etc\uncertified.
Through vendinfo, you can check the current status of your device vendor files. vendinfo identifies the vendor device support datasets available to Entuity and the decisions made when more than one vendor file is available for a particular sysoid; which device support dataset Entuity uses to manage that device type (as identified through its sysoid).
Status
Read-only
cecfg.properties
Location
entuity_home/etc/CollectionEngine
Format
Maintained by Entuity
Description
Configuration settings for Collection Engine. Commented out settings are internal defaults.
A commonly-changed setting in this file is host_verification_policy, which controls the behavior of the Entuity server when monitoring systems via SSH (e.g. Linux, Unix, AIX). To change the behavior from the default, you must uncomment the host_verification_policy line in the file and modify the setting to PERMISSIVE or ENFORCED.
The possible settings for host_verification_policy are as follows:
- RELAXED (default): A connection is accepted only if there is no entry in the known hosts file corresponding to the peer, or there is an entry and its fingerprint matches the fingerprint sent by the remote host. If there was no entry, then a new entry with the received fingerprint will be created. The known hosts file is required and it will be updated with new host entries upon successful termination of the program.
- ENFORCED: A connection is made only if the corresponding entry is found in the known hosts file and it is valid (i.e. the fingerprint of the entry matches the one sent by the remote host). The "known_hosts" configuration variable is required, but no changes are made to the file.
- PERMISSIVE: Any connection is accepted and no updates to the known hosts file are made. The "known_hosts" configuration variable is ignored.
Status
Entuity does not maintain user changes to this file during Entuity upgrades.
Device File (Seed File)
Location
User defined location and name. Historically this import device file was known as dev.txt and was expected in entuity_home\etc.
Format
Text file containing lines in two possible formats. The older format which only applies when adding SNMPv1 and SNMPv2 devices is:
# comment line
device-name community-string #optional comment
The recommended format supports SNMP1v1/v2 and SNMPv3 devices, for example:
- SNMP1v1/v2:
-d jupiter -D jupiter -l full -c public
- SNMPv3:
-d 10.44.2.44 -u paul -a MD5 -A xyy1232h -x DES -X fgdgg34g
Description
The device file is also known as the seed file, it contains instructions used by proliferate when adding devices to Entuity, e.g. device identifiers, authentication details, SNMP version.
A device file can be created by:
- System Administrators who specify in it the list of devices they want to import to Entuity through the Inventory Administration Import Devices function. Historically this import device file was known as dev.txt and was expected in entuity_home\etc, however both name and location are user definable.
- Entuity, specifically as part of autoDiscovery. It is then used by proliferate to add devices to the Entuity database, i.e. it contains the same list of devices and options as displayed through the Inventory Administration Inventory Candidates page. This file is called autodisc.txt and is located in entuity_home/etc/deviceFiles.
Devices can either be referred to by an IP address or a host name. Host names should either be added to the local /etc/hosts file, or be present within the DNS (Domain Name System). Once a device is added to the Entuity management environment, it continues to be referenced by the name specified in the device file.This is an example extract from a device file using the new format for an SNMPv1c/v2 device:
-d 10.44.1.40 -c public # sysoid ".1.3.6.1.4.1.9.1.716" sysDescr
"Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version
12.2(25)FX, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by Cisco
Systems, Inc. Compiled Wed 12-Oct-05 22:05 by yenanh".
where:
- #, indicates the subsequent text on that line is a comment. Comments can inform you:
- That the device is already managed by Entuity using another interface.
- Of the current device’s IP address, sysoid and system description.
- Of a device that could not be managed.
- -d, indicates the following value is the device name.
- -c, indicates the following value is the device community string.
This is an example extract from a device file, using the new format for an SNMPv3 device:
-d 10.44.2.44 -u paul -a MD5 -A xyy1232h -x DES -X fgdgg34g
For SNMPv3 devices the format is:
-d <deviceIdentifier> -u <UserName> -a MD5 -A <Auth passwd> -x DES -X <Privacy passwd>
where:
- -d, indicates the following value is the device name.
- deviceIdentifier is the management interface on hubs and switches, and a single interface on a router.
You should be able to resolve each of the device names into an IP address on the Entuity server using one of the following methods:- Static hosts file (e.g. \etc\hosts).
- NIS (Network Information System) or NIS+ .
- DNS (Domain Name System). This resolution is not required if the device identifier is itself the IP address of the device. The choice of identifier is important as it is the primary method of identifying devices in Entuity.
- -u <UserName>, requires a valid user name to access the device.
- -a MD5, sets the authentication protocol, valid values are MD5 (Message-Digest algorithm 5), SHA (Secure Hash Algorithm).
- -A <Auth passwd>, sets the authentication password, valid values must be between eight and thirty-two characters long. If the password contains spaces double quotes must be placed around the password.
- -x DES, sets the privacy protocol, valid values are DES (Data Encryption Standard), AES.
- -X <Privacy passwd>, sets the privacy password, valid values must be between eight and thirty-two characters long. If the password contains spaces double quotes must be placed around the password.
It is proliferate that adds devices to Entuity and so the switches used within the device file configure proliferate.
Adding VM Platforms
Entuity manages VM platforms through their SDK which necessitates a different set of connection attributes to other device types. To specify a VM platform the format is:
-d ipAddress -l manLevel -w type,url,user,password -T deviceType
where:
- -d ipAddress, identifies the device name or IP address.
- -l manLevel, must be set to the management level web.
- -w sets the web connection details, which must be comma delimited and entered in this order:
- type, enter 2 for a VMware ESXi or 3 for an Oracle VM platform.
- url, the url to the VM platform’s SDK.
- user, user account Entuity uses to access the SDK.
- password, user account password.
- -T, sets the device to the internal Entuity identifier for a VM platform, i.e. 1144.
For example, to add the VM platform blade to Entuity you can enter:
-d blade -l web -w 2,https://blade/sdk,devuser,232neree -T 1144
Status
Created and maintained by the System Administrator, name and location are user definable. Also created each time autoDiscovery runs, being saved to entuity_home/etc/deviceFiles as autodisc.txt.
entuity.cfg
Location
entuity_home/etc
Format
Text file containing lines in the format: systemVariable=value, under headings denoted by square brackets [].
Description
This file holds the key information about the Entuity configuration. You must only use the configuration procedure described in the Operating system and hardware requirements article to reconfigure the software.
Note, do not directly modify the parameters in entuity.cfg, Entuity cannot be held responsible for the consequences. If you want to further amend these settings contact your Entuity Support representative.
Status
Maintained by the System Administrator.
entuity.cfg Sections
Please see this article for further help and information on the sections in entuity.cfg.
eventEngine.bat
Location
entuity_home/bin
Format
Maintained by Entuity.
Description
A Windows batch file (Linux shell script is eventEngine) which when run configures the eventEngine according to settings in event-engine-cfg.properties. The eventEngine does not require restarting for the configuration changes to be applied, for example when run from the entuity_home/etc directory enter:
bin/eventEngine.bat -reloadCfg
Status
Read-only.
event-engine-cfg-template.properties
Location
entuity_home/etc
Format
Maintained by Entuity.
Description
This is a template file and may be overridden. To make persistent changes, copy this file to the event-engine-cfg.properties file and edit it. You can apply changes by running the batch file eventEngine.bat (in Linux the shell script eventEngine).
You should contact your Entuity representative before amending these configurations.
# Indicates if tracing is switched on for every incoming event: useful
for debugging rules
traceAllEvents = false
# Queue sizes for the events originating from external systems:
# - initial: the initial size of the queue per worker
# - max: the maximum size of the queue per worker
# - total: total size of queues across all workers
initialRawEventQueueSize = 100
maxRawEventQueueSize = 10000
totalMaxRawEventQueue = 50000
# Queue sizes for the events originating from the event engine itself
initialDerivedEventQueueSize = 10
maxDerivedEventQueueSize = 1000
totalMaxDerivedEventQueue = 5000
# Maximum number of states available to rules
maxRuleStates = 50000
# The duration since the last update to the NofM rule state after which the state can be discarded
nmRuleStateTimeoutSec = 172800
# Number of events stored in the event cache
maxEventCacheSize = 20000
# The time period for flushing events from the event cache to the database
eventFlusherFlushPeriodMs = 1000
# The time between archive cleanup jobs
archiveClenupPeriodSec = 1700
# The number of records to delete in a single batch
archiveDeleteBatchSize = 20000
# The number of events which can be stored in the archive per situation
archiveMaxSituationEvents = 100
# Maximum number of incidents: including open, closed and expired
maxSituationCount = 50000
# The maximum number of events returned per incident
maxReturnedEventsPerSituation = 100
# The duration for which expired incidents should be kept
situationEvictionPeriodSec = 604800
# The duration for which deleted incidents should remain in memory
situationExtraEvictionPeriodSec = 600
# The name for the default incident
defaultSituationName = Unclassified
# Age out for the default incident
defaultSituationAgeOutSec = 3600
# Expiry window for the default incident
defaultSituationReopenWindowSec = 10800
# Opening window for the default incident
defaultSituationOpeningWindowSec = 300
# Indicates if incident needs to be created for the event with
severity = info
informationalEventCausesDefaultSituation = false
# The minimum duration, which may pass before system event's cache can be reloaded
minSystemEventReloadPeriodSec = 300
# The View event/incident filter reload period
viewEFilterRefreshPeriodSec = 300
# Positive and negative caching durations for compId to swId
keepTimeForCompIdToSwIdSec = 7200
keepTimeForCompIdToSwIdNegSec = 5
# Positive and negative caching durations for swId to object description
keepTimeForSwIdToObjectDescriptorSec = 300
keepTimeForSwIdToObjectDescriptorNegSec = 5
# Positive and negative caching durations for swId to object details
keepTimeForSwIdToObjectDetailsSec = 20
keepTimeForSwIdToObjectDetailsNegSec = 20
# Positive and negative caching durations for swId reference to swId[]
keepTimeForSwIdRefToObjectIdsSec = 20
keepTimeForSwIdRefToObjectIdsNegSec = 20
# Positive and negative caching durations for serverId to deviceId
keepTimeForServerIdToDeviceIdSec = 3600
keepTimeForServerIdToDeviceIdNegSec = 5
Status
Read only.
eventProject.xml
Location
entuity_home/etc
Format
Maintained by Entuity.
Description
This file configures the event system, for example its incidents, rules, actions. Entuity is shipped with a default project file. When you save and deploy a project, Entuity updates the XML file.
Status
Read-only.
eyepoller_overrides.cfg
Location
entuity_home/etc
Format
Text file.
Description
Entuity's default behavior is to poll a device using a port with MIB2 support. When a device does not include a port with MIB2 support and uses its own enterprise MIB to collect device data, Entuity’s default behavior would not return data. Through eyepoller_overrides.cfg you can configure Entuity to poll the enterprise MIB. The polling definitions are held in separate configuration files which would be developed by Entuity Professional Services.
On Entuity startup, eyepoller checks for eyepoller_overrides.cfg and when it is available reads its configuration. eyepoller only checks eyepoller_overrides.cfg when it starts, it does not reread the file again until it is restarted.
eyepoller configuration has the format:
sysoid> status <admin-status-oid:indexing> <oper-status-oid:indexing> <time-of-last-change-oid:indexing> {<sysuptime-oid}
<sysoid> util64 <in-octets-64:indexing> <out-octets-64:indexing>
where:
- Indexing should be either M2 or ES to indicate use of ifIndex or entIndex respectively.
- SNMPv1 polling is used for status.
- SNMPv2 for util64, SNMPv3 for SNMPv3 devices.
- Status sysuptime-oid is optional, and if not present the default of 1.3.6.1.2.1.1.3 is used.
If there is an error in the formatting of any line, the line’s instructions are ignored and a warning of the failure is entered in eyepoller.log. An information message is also added to eyepoller.log for each successful override read from the file. Comment lines starting with # and blank lines are silently ignored.
Status
Maintained by Entuity and used with configuration produced by Professional Services. Changes to this file are maintained during Entuity upgrades.
eyepoller_overrides_system.cfg
Location
entuity_home/etc
Format
Text file.
Description
Entuity's default behavior is to poll a device using a port with MIB2 support. When a device does not include a port with MIB2 support and uses its own enterprise MIB to collect device data, Entuity's default behavior would not return data. Through eyepoller_overrides.cfg you can configure Entuity to poll the enterprise MIB. The polling definitions are held in separate configuration files which would be developed by Entuity Professional Services.
On Entuity startup, eyepoller checks for eyepoller_overrides.cfg and when it is available reads its configuration. eyepoller only checks eyepoller_overrides.cfg when it starts, it does not reread the file again until it is restarted.
eyepoller configuration has the format:
sysoid> status <admin-status-oid:indexing> <oper-status-oid:indexing> <time-of-last-change-oid:indexing> {<sysuptime-oid>}
<sysoid> util64 <in-octets-64:indexing> <out-octets-64:indexing>
where:
- Indexing should be either M2 or ES to indicate use of ifIndex or entIndex respectively.
- SNMPv1 polling is used for status.
- SNMPv2 for util64, SNMPv3 for SNMPv3 devices.
- Status sysuptime-oid is optional, and if not present the default of 1.3.6.1.2.1.1.3 is used.
If there is an error in the formatting of any line, the line’s instructions are ignored and a warning of the failure is entered in eyepoller.log. An information message is also added to eyepoller.log for each successful override read from the file. Comment lines starting with # and blank lines are silently ignored.
Status
Maintained by Entuity and used with configuration produced by Professional Services. Changes to this file are maintained during Entuity upgrades.
flowcfg-template.properties
Location
entuity_home/etc
Format
Text file containing commented out examples of how to customize the configuration of Entuity IFA flow collectors.
Description
Entuity IFA flow collectors are shipped with a factory configuration suitable for most network environments. You can amend this configuration, for example specify more than one port for Entuity to accept flow data, increase the size of the buffer handling incoming flow packets.
Default configuration:
receiver1_port = 9996
receive_buffer_size = 0
jmxserver_port = 12121
jmxFile = C:/Entuity/log/flowJmxUrl.jmx
packet_queue_limit = 10000
packet_sequence_check = 0
perform_inventory_filtering = 0
permanent_flows_capacity=10000000
dbDriver = com.mysql.jdbc.Driver
dbUrl = jdbc:mysql://127.0.0.1:3306/flowdb
dbUser = root
dbPwd =
partition1_maxCount = 1000000
ageOutFlows1 = 65
ageOutRuns = 1500
ageOutStats = 1500
trace=0
packetLogging=off
where:
- receiver1_port, by default there is only one receiver, but multiple can be specified, for example:
receiver1_port = 9996
receiver2_port = 9998The receiver port setting only applies to the receiving of NetFlow data, IFA only receives IPFIX data on port 2055 and sFlow data on port 6343 of the Entuity server. - receive_buffer_size, the size of the datagram socket receive buffer size in bytes. This is a suggested value and does not reflect actual buffer size. If there are a lot of missed packets observed then this value should be increased. Set it to zero to use OS default settings.
- jmxserver_port, the port Entuity uses to manage, e.g. stop, the flow collector process. You can also set Flow Management Port during configure, by default to 12121.
- jmxFile, the URL to the JMX agent
- packet_queue_limit, the limit of the packet queue, by default 10000. Receivers write to the queue and packet processor reads from that. If packet queue becomes full then packets get dropped.
- packet_sequence_check, indicates whether to check packet sequence numbers. When set to:
- 1 packet processor calculates the number of missed packets and rejects out-of-sequence packets.
- 0 (default) is off.
- perform_inventory_filtering, indicates whether to filter out the flows. When set to:
- 1, IFA only accepts flow from known interfaces, i.e. interfaces under Entuity management
- 0 (default), IFA accepts flows from all interfaces on known devices, i.e. devices under Entuity management.
- permanent_flows_capacity sets the size of the cache that retains the current and previous values of the inbound and outbound counters. By default it is set to one million entries (each entry/record has at least 50 - 100 bytes).
Some devices, for example Cisco ASA firewalls, send absolute transfer values (bytes/ packets) instead of relative values. The NetFlow template contains IN_PERMANENT_BYTES(85) instead of IN_BYTES(1) and IN_PERMANENT_PKTS(86) instead of IN_PKTS(2). In these cases Entuity IFA compares the current absolute value with the previous value and calculates the difference to return the relative value. Therefore the first sample is always set to 0 and discounted. - dbDriver, identifies the database driver.
- dbUrl, specifies the flow database.
- dbUser, name of the root database account.
- dbPwd, password for the root database account.
- partition1_maxCount, maximum number of flows allowed in the buffer before they get written to the disk, if partition gets full, then flows get dropped. Set by default to 1000000.
- ageOutFlows1, the number of minutes to keep flows in the database, by default 65.
- ageOutRuns, the number of minutes to keep flow collector operational times in the
database, set by default to 1500. - ageOutStats, number of minutes to keep flow collector statistics in the database, set by default to 1500.
- trace, indicates whether to log the details of flow records as they are parsed and distributed. When set to:
- 0 (default), disable tracing
- 1, enable tracing.
- packetLogging, indicates of whether to dump binary flow packets to file. This file can later be used to replay the packets back to the flow collector, replay packets are never logged. When set to:
- off (the default), packets are not logged.
- all, all incoming packets are logged.
- unknown, log only packets which are not recognized by the flow collector.
From ENA v18.0 P06 onwards, there is a new configuration setting that disables filtering of V9/V10 flow records.
# Indicates how to treat flow records having firewallEvent field (field id = 233):
# 0: keep only records with firewallEvent = UPDATED (this handles devices which send totals in their DELETED record)
# 1: keep all records regardless of the value (this works for devices which send deltas for any event)
keep_fw_events=0
Status
Changes made to this file are included to the server configuration, however changes to this file are not maintained during Entuity upgrades. You should specify your flow configuration customizations in entuity_home\etc\flowcfg.properties.
Maintained by Entuity.
flowcfg.properties
Location
entuity_home/etc
Format
Text file containing customizations to the configuration of Entuity IFA flow collectors.
Description
Entuity IFA flow collectors are shipped with a factory configuration suitable for most network environments. You can amend this configuration, for example specify more than one port for Entuity to accept flow data, increase the size of the buffer handling incoming flow packets.
You should create flowcfg.properties by making a copy of the template file flowcfg-template.properties. The template file contains descriptions and examples of configuration options which you can edit.
Status
Changes made to this file are included to the server configuration, and are maintained during Entuity upgrades. Entuity automatically discovers changes in flowcfg.properties, you do not have to run configure to apply updates.
flow-applications-template.txt
Location
entuity_home/etc
Format
Text file derived from a version of the application to port mapping file retrieved from http://www.iana.org/assignments/port-numbers.
Description
This file maps port numbers and network protocol to application names and descriptions. These port to application mappings are only used by the Entuity Integrated Flow Analyzer (IFA). When a connection is made from a client to a server the TCP/UDP port on the server end of the connection determines the application in use. The port number allocated to the client end of the connection is referred to as an ephemeral port and has no meaning. Entuity determines which end of a connection is the server end so that its port number can be used to identify the application, by:
- Considering ports < 1024 as having the highest priority, regardless of whether the other port is in the mapping file or not.
Ports below 1024 are reserved port numbers, and so only one port (either the source or the destination port) should be in the range. - Where both ports are greater than 1023, or, more unlikely, both are below 1024, Entuity uses the first port mapping in flow-applications-template.txt.
System Administrators can amend and add new mappings to this file, and then include them to the Entuity database using flowCollector.bat.
This extract shows the port to application mapping for port 80:
ttp 80/tcp World Wide Web HTTP
http 80/udp World Wide Web HTTP
www 80/tcp World Wide Web HTTP
www 80/udp World Wide Web HTTP
www-http 80/tcp World Wide Web HTTP
www-http 80/udp World Wide Web HTTP
where:
- www-http, is the last entry for the port 80 and TCP combination, and is therefore the name Entuity uses for the application.
- 80/tcp, identifies the port number and protocol. Entuity Integrated Flow Analyzer supports UDP and TCP protocols.
- World Wide Web HTTP, is the application description. Entuity Integrated Flow Analyzer does not use the application description.
Status
Maintained by the System Administrator.
flow-exclusions.properties
Location
entuity_home/etc
Format
Text file containing configurations to exclude flow data from Entuity IFA flow collectors.
Description
Exclusion filters allow you to exclude data based on source and destination IP addresses and/or source and destination ports. You can enter exact values, or use wild cards to create more extensive filters.
You should specify your exclusion filters in entuity_home\etc\flow-exclusions.properties, on each server acting as a flow collector. An example configuration definition is included in entuity_home\etc\flow-exclusions-template.properties.
You specify exclusion filters:
- On the endpoint, so flows outgoing from or incoming to the specified endpoint are filtered out.
ipAddressPattern : portPattern
- that are unidirectional, so flows which originate from the specified source endpoint and end at the specified destination endpoint are filtered out.
srcIpAddressPattern : srcPortPattern > dstIPAddressPattern : dstPortPattern
- that are bidirectional, so flows in both directions between two endpoints are filtered out:
ipAddressPattern1 : PortPattern1 = ipAddressPattern2 : portPattern2
An ipAddressPattern can be one or more IP address or range of IP addresses. These are examples of valid patterns:
- matches a single IP address:
10.44.1.101
- matches all IP addresses within the range:
10.44.1/24
- an asterisk matches all IP addresses:
*
A PortPattern can be one or more port numbers, or range of port numbers. These are examples of valid patterns:
- matches a single port:
3066
- matches all ports within the range:
2048-2099
- an asterisk matches all ports, equivalent to 0 to 65535:
*
These are example exclusion filters:
- Filter all flows going from or to applications on port 3306 on 10.44.1.101 host
10.44.1.101:3306
- Filter all flows going from or to applications (ports 3306, 1433) on any of listed hosts
10.44.1.101, 10.44.1.102 : 1433, 3306
- Filter all flows going from host 10.44.1.101 to host 10.44.1.10
10.44.1.101:* > 10.44.1.10:*
- Filter all flows between host 10.44.1.101 and host 10.44.1.10
10.44.1.101:* = 10.44.1.10:*
Status
Created and maintained by System Administrator
flow-exclusions-template.properties
Location
entuity_home/etc
Format
Text file containing commented out examples of how to exclude flow data from Entuity Integrated Flow Analyzer collectors.
Description
Exclusion filters allow you to exclude data based on source and destination IP addresses and/or source and destination ports. You can enter exact values, or use wild cards to create more extensive filters.
Status
Changes made to this file are included to the server configuration, however changes to this file are not maintained during Entuity upgrades. You should specify your exclusion filters in entuity_home\etc\flow-exclusions.properties.
Maintained by Entuity.
flowUserDefGroups.xml
Location
entuity_home/etc
Format
Text file containing a commented out example of how to define user defined groups for flows managed by IFA.
Description
This file contains an example of how you can define user defined groups for flows managed by IFA. Definition of custom data types, for example Location, Department, Customer, whose members, for example UK, US, Dev, Sales, Customer A, Customer B are defined in terms of the available raw data types. This example is synonymous with custom groups and group based analysis.
Each user defined group is structured as a bean definition, with these properties:
- name, a unique name for each group definition. Duplicate names will result in an error.
- displayName, the textual description shown to user for the group.
- unmatchedName, an optional set name where it will be mapped to this name if any of the filter criteria is not met.
- unmatchedDisplayName, an optional set display name which is shown to the user for an unsatisfied match.
- userSets, a list of set definitions where matching need to be done. Each set in the list is structured as bean definition. The set has these properties:
- name, a unique name for each set that is defined in a group. Duplicate names will result in an error.
- displayName, a textual description shown to user for the set.
- expression, an SQL type expression which flows must meet to be included in the set.
This sample configuration includes custom group definitions:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
<bean class="com.entuity.flows.UserDefinedGroup">
<property name="name" value="My_Apps" />
<property name="displayName" value="My Applications" />
<property name="unmatchedName" value="Not_Web" />
<property name="unmatchedDisplayName" value="Not Web" />
<property name="userSets">
<list>
<bean class="com.entuity.flows.UserDefinedSet">
<property name="name" value="Web_Requests" />
<property name="displayName" value="Web Requests" />
<property name="expression" value="dstPort in (80,443,8080)" />
</bean>
<bean class="com.entuity.flows.UserDefinedSet">
<property name="name" value="Web_Responses" />
<property name="displayName" value="Web Responses" />
<property name="expression" value="srcPort in (80,443,8080)" />
</bean>
<bean class="com.entuity.flows.UserDefinedSet">
<property name="name" value="Web_Traffic" />
<property name="displayName" value="Web Traffic" />
<property name="expression" value="dstPort in (80,443,8080) orbsrcPort in (80,443,8080)" />
</bean>
</list>
</property>
</bean>
<bean class="com.entuity.flows.UserDefinedGroup">
<property name="name" value="IFS" />
<property name="displayName" value="All Interfaces" />
<property name="userSets">
<list>
<bean class="com.entuity.flows.UserDefinedSet">
<property name="name" value="IF_3" />
<property name="displayName" value="if 3" />
<property name="expression" value="ifIn eq 3 or ifOut eq 3" />
</bean>
<bean class="com.entuity.flows.UserDefinedSet">
<property name="name" value="IF_4" />
<property name="displayName" value="if 4" />
<property name="expression" value="ifIn eq 4 or ifOut eq 4" />
</bean>
<bean class="com.entuity.flows.UserDefinedSet">
<property name="name" value="IFS_OTHER" />
<property name="displayName" value="if not 3 or 4" />
<property name="expression" value="not (ifIn in (3, 4) or ifOut in (3, 4))" />
</bean>
</list>
</property>
</bean>
</beans>
Status
Maintained by the System Administrator. Only an example is shipped with Entuity.
forkEvent.cfg
Location
entuity_home/etc
Format
Text file containing configuration information for Entuity Event Forwarding.
Description
forkEvent.cfg is the event forwarding configuration file. It includes sample configurations and instructions for their activation.
Event Forwarding functionality is included with the standard Entuity installation, and is installed but not activated, on the Entuity server. Event Forwarding requires Entuity and the receiving third party software are installed and running, with permitted communication between the two.
forkEvent is an Event Forwarding executable, and is installed to:
entuity_home/integ/ForkEvent/
[connection]
[connection]
username=admin
view=All Objects
eventsPerBatch=100
extendedEvents=0
where:
- [connection] is the name of the section that contains the details required to access Entuity event data.
- username is the Entuity login name.
- view is the Entuity View from which events are collected. Only when an event occurs on a device within the defined view is it forwarded by forkEvent.
- extendedEvents sets the maximum number of characters that forkEvent forwards for the event description. Event descriptions greater than this setting are truncated. When set to:
- 0 (default), forwards event descriptions to a maximum of 127 characters.
- 1, forwards event descriptions to a maximum of 4095 characters. Extended event descriptions are not currently stored in the Entuity database.
Status
Maintained by the System Administrator. Entuity does not maintain user changes to this file during Entuity upgrades.
hostFiles
Attempt to use a hosts file. these live in ENTUITY_HOME\etc\hostFiles directory.
httpd_eye.conf
Location
entuity_home/lib/apache/conf/
entuity_home/install/template/lib/apache/conf
Format
Text file containing configuration information for the Apache web server. For further information on this type of configuration file (default name httpd.conf) refer to the Apache documentation which is available from the Apache website:
http://www.apache.org/
Description
httpd_eye.conf includes all of the information required by the Apache web server to deliver the Entuity web UI and the RESTful API.
entuity_home/lib/apache/conf/httpd_eye.conf is generated when you run configure from the template file, entuity_home/install/template/lib/apache/conf/httpd_eye.conf.
If you want to amend the HTTPD configuration of the Apache webserver, for example to reconfigure port numbers or amend log file settings, you should:
- Not amend entuity_home/lib/apache/conf/httpd_eye.conf as the next time you run configure a new version of this file is generated from the template file and all of your changes would be lost.
- Amend entuity_home/install/template/lib/apache/conf/httpd_eye.conf. You will then have to stop Entuity and run configure to generate a new version of entuity_home/lib/apache/conf/httpd_eye.conf. When you start Entuity then Apache will run using the updated version of httpd_eye.conf.
Status
Maintained by the System Administrator. Entuity does not maintain user changes to either
versions of this file during Entuity upgrades.
installed_modules.cfg
Text file containing a record of installed modules and their current enabled and visibility states. The default states for each module is initially inherited from module_definitions.cfg via configure, however when you amend these default states the changes are held here. Where there is a conflict between settings in installed_modules.cfg and module_definitions.cfg, installed_modules.cfg settings take precedence.
Entuity configure references this file when reconfiguring an existing Entuity installation, so the Modules Configuration page displays the current active/inactive status for each module. configure also updates installed_modules.cfg.
Each Entuity module installed status is defined through its own section:
[moduleDefinition autonomous_WAP]
isEnabled=1
isHidden=0
[moduleDefinition Global_Search]
isEnabled=0
isHidden=1
[moduleDefinition Auto_Device_Renaming]
isEnabled=0
isHidden=1
where:
- [moduleDefinition autonomous_WAP], is the internal module section name. This section name must match that of the module defined in module_definitions.cfg.
- isEnabled when set to:
- 0, indicates the module is not enabled
- 1, is enabled.
A module can be enabled but Entuity only activates that module when its license supports that module. During configure, the Module Configuration page indicates the license status for each module, you can also check license status through checkLicense.
- isHidden when set to:
- 0, indicates the module is listed in the Modules Configuration page during Entuity configure.
- 1, indicates the module is not listed in the Modules Configuration page during Entuity configure.
Status
Maintained by configure and the Entuity System Administrator.
known_hosts.txt
Location
entuity_home/etc
Format
Setup for SSH use with Entuity Configuration Management.
Description
Contains all of the host public keys. Each line comprises of a:
- host, resolved name or IP address that Entuity uses to access the device.
- algorithm, used to derive the signing and verification encryption key, i.e. DSS, RSA.
- host fingerprint, host fingerprint.
For example:
10.44.5.157 ssh-rsa 0e:18:a1:03:53:ed:22:e3:b7:ce:2c:bf:3a:49:c9:7a
10.44.5.156 ssh-dss 10:cb:0f:2b:f5:ce:3d:78:da:92:f1:3a:63:ce:5e:56
How Entuity Configuration Management enforces SSH security is dependent upon the policy applied to the Entuity Script Engine. (See scriptEngine-template.properties.)
Status
Maintained by the System Administrator.
license.dat (license file)
Location
entuity_home/etc
Format
Internal use only.
Description
Contains coded information about the Entuity managed object credits and expiry dates. The license file, by default license.dat, is used by licenseSrvr and can be checked using checkLicense.
Entuity is shipped with an evaluation license which can only be used for a limited period and should only be used in a test environment.
Status
Provided by an Entuity representative.
Maintained by the System Administrator.
mib.txt
Location
entuity_home/etc
Format
Internal use only.
Description
Contains information relating to ASN (Abstract Syntax Notation). The file is used by various SNMP polling processes, including prole, as well as by snmpget and snmpwalk.
Status
Read only.
module_definitions.cfg
Location
entuity_home/etc
Format
Internal use only.
Description
Module definition file provides a central location for the definition of modules available with Entuity. Entuity configure references this file when listing available modules and during configuration.
Where there is a conflict between settings in installed_modules.cfg and module_definitions.cfg, installed_modules.cfg settings take precedence. During an upgrade, module_definitions.cfg is overwritten.
[moduleDefinition autonomous_WAP]
displayName=Autonomous WAP
typeLicenses=
=autonomousWap,
=awapHostCountHiThreshold,
=awapHostCountLoThreshold,
=wirelessPort,
=wlan,
productLicenses=
configFiles=
=sw_device_awap.cfg,
=sw_port_wireless.cfg,
reportSystemConfigFiles=
=sw_report_system_wireless_access_point.cfg
menuDefConfigFiles=
exoticaFiles=
=Cisco-c1130+AWAP.vendor,
=c1200+AWAP.vendor,
deprecatedConfig=
dataLossWhenDisabled=1
isEnabledByDefault=0
isHidden=0
where
- [moduleDefinition autonomous_WAP], is the internal module section name
- displayName, module name used within Entuity, e.g. on the Module Configuration panel during configuration.
- typeLicenses, the StormWorks types that must be licensed for successful module activation.
- productLicenses, the product license required to run the module.
- configFiles, the StormWorks configuration files through which module functionality is defined.
- reportSystemConfigFiles, the StormWorks configuration files through which any module Flex reports are defined.
- menuDefConfigFiles, the StormWorks configuration file(s) through which any module user actions are defined.
- exoticaFiles, the vendor device definition files associated with the module.
When a module is enabled, configure copies these files from their reference folder, entuity_home\etc\exotica to entuity_home\etc, if subsequently disabled configure deletes these files from entuity_home\etc.
You can use exotica files without activating the module, although you must rename them to prevent configure automatically deleting them the next time it is run. Entuity recommend replacing the plus sign (+) in exotica file names with an underscore (_), for example Cisco-c1130+AWAP.vendor, to Cisco-c1130_AWAP.vendor. - deprecatedConfig, references to deprecated files that are still being used to include this module to Entuity. These files should not be included to the configuration.
- dataLossWhenDisabled, when set to:
- 0, prevents configure from displaying a warning that disabling of the module will result in loss of data already collected by that module.
- 1 (default), sets configure to display a warning that disabling of the module will result in loss of data already collected by that module.
- isEnabledByDefault, when set to:
- 0, indicates the module is not enabled
- 1, indicates the module is enabled.
This setting can be overridden by IsEnabled in installed_modules.cfg.
A module can be enabled but Entuity only activates that module when its license supports that module. During configure, the Module Configuration page indicates the license status for each module, you can also check license status through checkLicense.
- isHidden when set to:
- 0, indicates the module is listed in the Modules Configuration page during Entuity configure.
- 1, indicates the module is not listed in the Modules Configuration page during Entuity configure.
- This setting can be overridden by IsEnabled in installed_modules.cfg.
Status
Read only.
newbin.vendor
Location
entuity_home/etc
Format
Internal use only.
Description
Deprecated, retained for backward compatibility.
Status
Deprecated. Read-only.
nominal_power.cfg
Location
entuity_home/etc
Format
[device Cisco 5505]
sysOID=.1.3.6.1.4.1.9.5.34
nominalPowerWatts=800
reference=005, 006
where:
- device is a unique name identifying the device.
- sysOID is the device system OID.
- nominalPowerWatts is the estimated power consumption of the object.
- reference identifies the device. It is also used by modules to make the device - module association.
[module WX-X5530]
nominalPowerWatts=376
reference=006 - module is a unique name identifying the module.
- nominalPowerWatts is the estimated power consumption of the object.
- reference, associated the module with its device.
Description
Identifies a device or module through their system OID, and then maps the object to a nominal power consumption value. Nominal power values are used with the Entuity Green IT Perspective functionality, for example the Green IT Perspective dashboard includes estimates of power consumption in your network and potential for savings.
Status
Read only. When you want add your own power configurations include them to site_specific_nominal_power.cfg.
provost.conf
Location
entuity_home/etc
Format
Internal use only.
Description
Configuration file for the main scheduling process, provost.
Status
Read only.
scriptEngine-template.properties
Location
entuity_home/etc
Format
This is a template file. When changing the default behavior of the Script Engine you should copy this file and rename it to script_engine.properties. You can then amend the settings in script_engine.properties. You must restart Entuity to apply any changes in script_engine.properties to the Script Engine.
This is an example extract:
jmxFile=C:/Entuity/log/scriptEngineURL.jmx
host_verification_policy=RELAXED
known_hosts=C:/Entuity/etc/known_hosts.txt
thread_pool_size=10
output_buffer_size=100000
script_cache_size=400
where:
- jmxFile, is the file where the URL to the JMX agent can be found.
- host_verification_policy which can be:
- RELAXED, a connection is accepted only if there is no entry in the known hosts file corresponding to the peer or there is an entry and its fingerprint matches the fingerprint sent by the remote host. If there was no entry then a new entry with the received fingerprint will be created. The known hosts file is required and it will be updated with new host entries upon successful termination of the program.
- ENFORCING, a connection is made only if a corresponding valid entry is found in the known hosts file.
- PERMISSIVE, any connection is accepted.
- known_hosts is the name and location of the known hosts file.
- thread_pool_size is the maximum number of script processing threads, i.e. the Script Engine can only concurrently process as many scripts as there are threads. This count is shared by all users on the local server and is by default set to 10. When the limit is reached TomCat queues tasks until a thread becomes available.
- output_buffer_size is the maximum length of the script output. If the output is longer than 100000 characters then the initial characters are truncated.
- script_cache_size size of the cache used to hold scripts. It should only be amended after consultation with your Entuity representative.
Description
An example configuration file for the Script Engine.
Status
Read only.
security.cfg.xml
Location
entuity_home/etc
Format
Entuity System Administrator can create this file from the supplied template file, security_template.cfg.xml. The template file includes extensive notes to aid successful configuration. Entuity recommend updating this internal documentation when implementing authentication.
Description
Main configuration file for Entuity authentication. Each section within the file configures a module.
Authentication module
This section configures the main authentication service behavior.
<module name="Authentication">
<authentication internal="true" sso="memory" externalAuthHandler="com.entuity.security.external.ldap.LdapLogon" allowSuperUserAccess="true" />
</module>
where:
- internal, is a mandatory attribute which specifies that kind of authentication that must be used. When set to:
- true, Entuity uses its internal authentication mechanism (default value)
- false, Entuity uses its external authentication mechanism. When authentication service is configured to use external authentication, then externalAuthHandler attribute must also be set and externalAttributesMapping, ldap-config and serverAccess sections must also be configured.
- externalAuthHandler, specifies authentication module implementation. It must be present when authentication service is configured to use external authentication, otherwise this value is ignored.
Default value is com.entuity.security.external.ldap.LdapLogon - allowSuperUserAccess, controls whether access to a server should be allowed in an emergency situation. An emergency situation occurs if a security database could not be accessed or if a service is configured to use external authentication and the external authentication server is not accessible.
When set to:
- true, super users can to access this server in emergency situation (default value)
- false, super user access to this server is disabled.
CentralDBModule
Connection properties for central security database.
<module name="CentralDB">
<database host="localhost" port="3306" username="root" password="5742888A8EBD135553E6001F6442873B" />
</module>
where:
- host, host name or IP address of the host on which the Entuity database is running. When not specified localhost is used.
- port, the port number on which the Entuity database is listening. Optional parameter, with a default value of 3306.
- username, name of the user to connect to the Entuity database server. Database server must be configured to accept connections for that user from this host. This is a mandatory parameter.
- password, password for the user specified in username. If not present, then empty password is used. However, Entuity strongly recommend user accounts are set up with passwords.
LocalDB Module
Connection properties for a local Entuity database. This connection is used to locate and administer super users.
<module name="LocalDB">
<database host="localhost" port="3306" username="root"
password="5742888A8EBD135553E6001F6442873B" />
</module>
where:
- host, host name or IP address of the host on which the Entuity database is running. When not specified localhost is used.
- port, the port number on which the Entuity database is listening. Optional parameter, with a default value of 3306.
- username, name of the user to connect to the Entuity database server. Database server must be configured to accept connections for that user from this host. This is a
mandatory parameter. - password, password for the user specified in username. If not present, then empty password is used. However, Entuity strongly recommend user accounts are set up with passwords.
externalAttributesMapping
This section specifies how different attributes returned from an external authentication system map to Entuity groups. These groups will be assigned to the authenticated user, with permission being set through grant and revoke rules.
Each rule:
- May have a list of groups to grant or revoke access.
- May include conditions, which control when the rule is applied. When a condition is not specified or is empty, then the rule is applied unconditionally.
- Is applied in the order specified in the configuration. You can order grant and revoke rules as required to suite specific needs.
This example configuration grants members of the network domain user group Technical Support, membership of the Entuity user group Administrators.
<module ignorecase="true" name="externalAttributesMapping">
<grant name="Admin groups">
<group name="Administrators" />
<condition>
<attr name="groups" contains="Technical Support" />
</condition>
</grant>
where:
- ignorecase when set to
- true, external authentication service is case insensitive, and so is recommended for Windows environments.
- false, external authentication service is case sensitive.
This flag also affects condition evaluation, as text equality tests are done with reference to this flag. So if you set this flag to false, then be careful to enter condition values in exactly the same casing as returned from your external authentication server.
- grant is the rule type, it can also be revoke.
- group name is the an Entuity user group name, e.g. Administrators, that members of the subsequently named network domain groups will be a member of.
- condition specifies the rule condition, this can include one or more attributes:
- attr name is the attribute name, e.g. groups refers to the network domain user group.
- attr contains specifies the network user group name.
ldap-config Module
This section is only required when configuring Entuity to use Active Directory as an external
authentication service.
Entuity includes to the template file, security_template.cfg.xml, a number of example ldap configurations. Entuity recommend that when you create security.cfg.xml you delete from security.cfg.xml most of the example configurations and only retain those you want to amend for your installation. This will improve the readability of the file.
The example ldap-config module is for use with Active Directory external authentication that does not require the user to enter a domain name in the logon screen.
<module name="ldap-config">
<ldap>
<userBindNameIsDN>false</userBindNameIsDN>
<userBindName>{1}@ENT</userBindName>
<userSearchBaseCtxDN>ou=Subset, ou=Users, ou=Live, ou=Migration, dc=entuity, dc=local</userSearchBaseCtxDN>
<userMatchFilter>(sAMAccountName={1})</userMatchFilter>
<property name="java.naming.provider.url" value="ldap://entlondc01" />
</ldap>
</module>
where:
- userBindNameIsDN, bind name for the user is not distinguished name.
- userBindName, bind name for the user will be in format <username>@ENT, where:
- <username> is entered by user at logon.
- ENT, must be changed to your domain name.
- userSearchBaseCtxDN, specifies location in the directory where to search for the user. User entry must reside below this path.
- userMatchFilter, if a user's bind name is not specified as a distinguished name, then this element must be present and with a search criteria to find the user. You may use placeholders in the criteria.
- property value, the address of the LDAP server. You can use LDAPs scheme instead of ldap to establish SLL secure connections. You can also specify the port, for example ldap://myserver:1233.
- Placed values, numbers in curly brackets {}, are replaced with values entered by the user. These are valid numbers and corresponding replacement values:
- {0}, replaced by value user enters in logon screen. It could be just simple name or user name and domain name in UNC (\\domain\username) or UPN (username@domain) format.
- {1}, replaced by username only without domain.
- {2}, replaced by domain name - may be empty if not entered by user.
- {3}, replaced by user's distinguished name and available only in user's group search.
Example Configuration: ldap-config-domain
This example configures Entuity to use Active Directory as an external authentication service, and you require the user to enter the domain name in the logon screen.
<module name="ldap-config-domain">
<ldap>
<userBindNameIsDN>false</userBindNameIsDN>
<userBindName>{1}@{2}</userBindName>
<userSearchBaseCtxDN>ou=Subset, ou=Users, ou=Live, ou=Migration, dc=entuity, dc=local</userSearchBaseCtxDN>
<userMatchFilter>(userPrincipalName={1}@{2})</userMatchFilter>
<property name="java.naming.provider.url" value="ldap://entlondc01" />
</ldap>
</module>
Example Configuration: ldap-config-sun
This example configuration is a minimal configuration for use with Sun ONE Directory Server as an authentication service. Module configuration requires a user to enter a domain name at the logon screen
<module name="ldap-config-sun">
<ldap>
<userBindNameIsDN>true</userBindNameIsDN>
<userBindName>uid={1}, ou=People, dc=example, dc=com</userBindName>
<groupSearchBaseCtxDN>ou=Groups,dc=example,dc=com</groupSearchBaseCtxDN>
<groupMatchFilter>(uniquemember={3})</groupMatchFilter>
<property name="java.naming.provider.url" value="ldap://localhost:55495" />
</ldap>
</module>
where
- userBindNameIsDN, bind name for the user is in distinguished name format.
- userBindName, bind name for the user, in the format uid=<username>, ou=People, dc=example, dc=com where <username> is value entered by user at logon.
- userRefersToGroup, indicates the user entry in the directory does not refer to groups, instead group entries refer to user entries. Therefore, an additional search is required to find groups that refer to our user.
- <username> and <domain> are entered by user at logon.
- groupSearchBaseCtxDN, specifies location in the directory where to search for the group. Group entry must reside below this path.
- groupMatchFilter, specifies the search criteria for the groups, when a user entry matches the filter then the user is a member of the group.
Example Configuration: ldap-config-template
This section includes a configuration that includes all of the ldap-config options, one which is not tailored to a particular external authentication solution, unlike the other ldap-config examples.
<module name="ldap-config-template">
<ldap>
<userBindNameIsDN>false</userBindNameIsDN>
<userBindName>{1}@{2}</userBindName>
<lookupUserBindDNAsSystemUser>false</lookupUserBindDNAsSystemUser>
<userSearchBaseCtxDN>ou=Users, ou=Live, ou=Migration, dc=entuity, dc=local</userSearchBaseCtxDN>
<searchGroupsAsSystemUser>false</searchGroupsAsSystemUser>
<systemUserName>cn=userwithsearchpriveleges, dc=example, dc=com</systemUserName>
<systemUserPwd>password</systemUserPwd>
<userRefersToGroup>true</userRefersToGroup>
<userMemberOfAttrID>memberOf</userMemberOfAttrID>
<groupSearchBaseCtxDN>OU=Distribution Groups,OU=Company Data,DC=entuity,DC=local</groupSearchBaseCtxDN>
<groupMatchFilter>(member={3})</groupMatchFilter>
<groupSearchDepth>5</groupSearchDepth>
<groupNameAttrID>cn</groupNameAttrID>
<property name="java.naming.provider.url" value="ldap://entlondc01" />
<property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
<property name="java.naming.security.authentication" value="simple"/>
<attemptAfterAuthError>false</attemptAfterAuthError>
</ldap>
</module>
where:
- userBindNameIsDN, indicates whether userBindName element is specified as a distinguished name or not. This is not always possible having username and domain name to construct distinguished name of the user's entry. For example, your server may be configured in such a way, that user's DN looks like:
CN=FirstName LastName, DC=mydomain
Values are false or true. - userBindName, bind name for the user, in the format uid=<username>, ou=People, dc=example, dc=com where <username> is value entered by user at logon.
- lookupUserBindDNAsSystemUser, if a user's bind name is not specified as a distinguished name, then the authentication service must lookup the distinguished name. Lookup can be for the authenticating user, or the system user when using a secured directory. When set to:
- true, then you need to specify systemUserName and systemUserPwd elements.
- false, the default, the authentication service does not lookup the DN.
- userSearchBaseCtxDN, if a user's bind name is not specified as a distinguished name, then you must use this element to specify the directory under which search for the user should be done.
- userMatchFilter, if a user's bind name is not specified as a distinguished name, then this element must be present and with a search criteria to find the user. You may use placeholders in the criteria
- searchGroupsAsSystemUser, during a user's group search you may specify whether the search should be performed on behalf of an authenticated user or where there is a secured directory on behalf of the system user. When set to:
- false, the default, the authentication service does not lookup the DN.
- true, you must also specify systemUserName and systemUserPwd.
- systemUserName and systemUserPwd, specify system user name and passwords. These only require setting when lookupUserBindDNAsSystemUser and/or searchGroupsAsSystemUser are set to true.
- userRefersToGroup, indicates the user entry in the directory does not refer to groups, instead group entries refer to user entries. Therefore, an additional search is required to find groups that refer to our user. When set to:
- true, the default, an additional search is required to find the groups that refer to users.
- false, indicates user entry refers to groups.
- userMemberOfAttrID, if userRefersToGroup is true, then this element specifies the name of the attribute in the user or group entry which refers to the group. If this element is absent, than an assumed value of "memberOf" is taken. Defaults are Active Directory friendly.
- groupSearchBaseCtxDN, specifies the directory where a search for groups should be performed. This element must be present if userRefersToGroup element is false.
- groupMatchFilter, specifies the search criteria for a group search. This element must be present if userRefersToGroup element is false. You can use placeholders in this filter.
- groupSearchDepth, specifies the recursion level of the group search. This element is used if userRefersToGroup is false. The default value is 5.
- groupNameAttrID, specifies the name of the attribute on the group entry, which has value of the group name. Default value is cn, applicable for most LDAP schemas.
- property, specifies the address of the LDAP server. The format of the value is:
<scheme>://<host>[:<port>]
where:- <scheme> is ldap or ldaps (for SSL),
- <host> is name or IP address of the LDAP server host,
- [:<port>] is the IP port for the LDAP server.
For example:
ldaps://myhost
- property, this element is optional and its value should not be changed.
- attemptAfterAuthError, this element is for use when multiple LDAP servers are providing authentication services. You should:
- create an ldap configuration section for each set ldap server. These configurations should be numbered sequentially, i.e. ldap-config-1, ldap-config-2.
- set attemptAfterAuthError from its default value of false to true:
<attemptAfterAuthError>true</attemptAfterAuthError>
Entuity attempts to connect to the first server using the first configuration, ldap-config-1. When there is an authentication error, not a connection error, Entuity attempts to connect to the next server using the next configuration, ldap-config-2. You can define as many servers as required.
ServerAccess
ServerAccess restricts access to Entuity server. You can deny access through the user's logon name, domain name or by Entuity user group membership. Server access is calculated by applying allow or deny rules, where the order of these rules is important. By default any authenticated user is allowed. This example section denies access to the server to members of the Entuity Test Group user group:
<module name="ServerAccess">
<serverAccess ignorecase="true">
<denyGroup name="Test Group"/>
</serverAccess>
</module>
These rule examples illustrate how you can control server access:
- only accepts users who are members of Administrators group, except user named oldAdmin
<denyUser name="*" domain="*/># deny all users
<allowGroup name="Administrators"/># allow admins
<denyUser name="oldAdmin"/># deny specific user - allows access to all users:
<allowUser name="*" domain="*"/>
- allows access to all users by group:
<allowGroup name="*"/>
- denies access to a specific user from any domain:
<denyUser name="test"/>
- denies access to a specific user from a specific domain:
<denyUser name="test" domain="test2"/>
<denyUser name="test" domain="test2.*"/> - denies access to all users from specific domains:
<denyUser domain="test2"/>
<denyUser domain="test2.*"/> - denies access to all users who are members of specific group:
<denyGroup name="Test Group"/>
AuthenticationService
This module defines Entuity's authentication service and must not be amended.
<module name="AuthenticationService">
<securedService>
<keyStoreName>auth_cert_store.jks</keyStoreName>
<keyStoreType>jks</keyStoreType>
<keyStorePwd>entuity</keyStorePwd>
<entryAlias>AuthenticationService</entryAlias>
<entryPwd>entuity</entryPwd>
</securedService>
</module>
PreferenceService
This module defines Entuity's preference service and must not be amended.
<module name="PreferenceService">
<securedService>
<keyStoreName>auth_cert_store.jks</keyStoreName>
<keyStoreType>jks</keyStoreType>
<keyStorePwd>entuity</keyStorePwd>
<entryAlias>PreferenceService</entryAlias>
<entryPwd>entuity</entryPwd>
</securedService>
</module>
UserManagementService
This module defines Entuity's user management service and must not be amended.
<module name="UserManagementService">
<securedService>
<keyStoreName>auth_cert_store.jks</keyStoreName>
<keyStoreType>jks</keyStoreType>
<keyStorePwd>entuity</keyStorePwd>
<entryAlias>UserManagementService</entryAlias>
<entryPwd>entuity</entryPwd>
</securedService>
</module>
TicketGrantingService
This module defines Entuity’s ticket granting service and must not be amended.
<module name="TicketGrantingService">
<securedService>
<keyStoreName>auth_cert_store.jks</keyStoreName>
<keyStoreType>jks</keyStoreType>
<keyStorePwd>entuity</keyStorePwd>
<entryAlias>TicketGrantingService</entryAlias>
<entryPwd>entuity</entryPwd>
</securedService>
</module>
TGSConfig
This module defines Entuity’s TGS configuration and must not be amended.
<module name="TGSConfig">
<tgsConfig>
<servicesKeyStoreName>auth_cert_store.jks</servicesKeyStoreName>
<servicesKeyStoreType>jks</servicesKeyStoreType>
<servicesKeyStorePwd>entuity</servicesKeyStorePwd>
<tgsHostAddr>localhost</tgsHostAddr>
</tgsConfig>
</module>
</application>
serverid.xml
Location
entuity_home/etc
Format
This file includes details that are used when identifying the Entuity server identity, this is most applicable when distinguishing between multiple Entuity servers.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:serverIdentity xmlns:ns2="http://www.entutity.com/webrpc">
<id>ce333d40-fc09-42b6-a4dd-a0315ed3da20</id>
<version>6.0.0.p0</version>
<versionDisplay>Entuity 16.0</versionDisplay>
<hostAddress>COMPRESSOR</hostAddress>
<web port>80</webport>
<ss1Access>false</ss1Access>
<certificate>MIIChzCCAfCgAwIBAgIGARUD8xxFMA0GCSqGSIb3DQEBBQUAMIGHMS 0wKwYDVQQhMDMxNWRhM2VkMjAxFDASBgNVBAsMC0RldmVsb3BtZW50MRAwDgYDVQQKD AdFbnR1a0NVoXDTE3MDkxMTEyMTY0NVowgYcxLTArBgNVBAMMJGNlNDg0ZDQwLWZjMD gtNDhiNi1hMWRkLWEwMzE1ZGEzZWQyMDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEDAOB gNVBAoMB0VudHVpdHkxDzANBgNVBAcMBkxvbmRvbjEQMA4GA1UECAwHRW5nbGFuZDEL MAkGA1UEBhMCVUswgZ0wDQYJKoZIhvcNAQEBBQADgYsAMIGHAoGBAJCHNZjkkyWKl0H sGs72mfU44xoiKiOddCzkSIS2Bj2NL3Qs4tfWslVXaz+Q2PuF4/ i3i5o8E4jJmZqHqTHaWK8KfGsE6y8eB470oh9ONnMxoFsd4YrUCntrd1X4mbVwvaa6E mbQVZgEDZXTZoo2BbfVyhJzA9ey4k2jKSkVLPuTAgEDMA0GCSqGSIb3DQEBBQUAA4GB AI2ykCawwzAZ2gfpjPCLymS0DMTDkhXgwc86trG6KnbRdpEpYpApx5I+N5eIaTEVj/ tH0xBnrKPWnhCMiXqiLgqAsCZ80aPRNc9wPnxIMXdTIwUfeK0wPa+pNe5GyofUYZala8T4IpBqZy+JhGyLzF+0rSEuwVRoKzLeJQjO87gM</certificate>
</ns2:serverIdentity>
where:
- serverIdentity, web RPC of the Entuity server.
- id, unique Entuity server identifier.
- version, internal Entuity server version number.
- versionDisplay, Entuity server version number displayed through the Help About dialog in the Entuity client.
- hostAddress, Entuity server host name.
- webPort, Entuity server web port, by default 80.
- sslAccess, indicates whether the Entuity server is using SSL, true, or not, false.
- certificate, Entuity server certificate.
Description
This file includes details that are used when identifying the Entuity server identity, this is most applicable when distinguishing between multiple Entuity servers.
Status
Automatically generated by Entuity install and configure. System administrators can identify and change the id used with an Entuity server through configure serverid. Entuity maintains changes to this file during Entuity upgrades.
shutdown_policies.cfg
Location
entuity_home/etc
Format
[shutdownPolicyGroup All Hosts]
ipAddressRange=0.0.0.0-255.255.255.255
description=All Hosts
[shutdownPolicyGroup London Office]
ipAddressRange=10.44.1.1-10.44.1.50, 10.44.1.60-10.44.1.90,
= 1.2.3.4-1.2.3.5, 10.44.1.98-10.44.1.123, 10.44.1.140-10.44.1.247
Description=Workstations in London Office
[shutdownPolicyExclusion London Security Cameras]
ipAddressRange=10.44.1.10-10.44.1.12
description=IP CCTV
where
- section header defines the:
- type, shutdownPolicyGroup for a policy group and shutdownPolicyExclusion to specify devices and modules by IP address, that should be excluded from the policy
group. - Name, name of the policy group, e.g. London Security Cameras.
- type, shutdownPolicyGroup for a policy group and shutdownPolicyExclusion to specify devices and modules by IP address, that should be excluded from the policy
- ipAddressRange, specifies the IP addresses to include to, or exclude from, the policy group. For a contiguous IP address range enter the start and end addresses of the range separated by a dash. Where you want the range to be constructed from a number of component IP address ranges, comma separate each component.
- description, name of the policy group that appears in Entuity, e.g. as a group to report on.
Description
Entuity Green IT allows you to group together devices and modules for which you want to apply the same energy policy. Policy group membership is determined by IP addresses, as are the exclusion groups.
Entuity recommend you configure policy groups and their exclusions through this file, where you have full add, amend and delete control.
Status
Maintained by the System Administrator. Entuity maintains changes to this file during Entuity upgrades.
site_specific_nominal_power.cfg
Location
entuity_home/etc
Format
[Device Cisco 5505]
SysOID=.1.3.6.1.4.1.9.5.34
NominalPowerWatts=800
Reference=005, 006
where:
- device is a unique name identifying the device.
- sysOID is the device system OID.
- nominalPowerWatts is the estimated power consumption of the object.
- reference, identifies the device. It is also used by modules to make the device - module association.
[module WX-X5530]
nominalPowerWatts=376
reference=006
where:
- module is a unique name identifying the module.
- nominalPowerWatts is the estimated power consumption of the object.
- reference, associated the module with its device.
Description
Identifies a device or module through their system OID, and then maps the object to a nominal power consumption value. Nominal power values are used with the Entuity Green IT Perspective functionality, for example the Green IT Perspective dashboard includes estimates of power consumption in your network and potential for savings.
This file is included to nominal_power.cfg, and so its configuration is included to Entuity. You can use this file to amend power configurations defined in nominal_power.cfg.
Status
Administrator maintained.
sn-example.cfg
Location
entuity_home/etc
Format
Maintained by Entuity.
Description
Example file for making connections to ServiceNow. You can copy this file and rename it to sn.cfg, and enter connection details for ServiceNow. The section name is used by the Send to ServiceNow action to call the connection details.
[default]
port = 443
host = myhost1.service-now.com
path = /api/now/table/em_event
user = Entuity
pass = ServiceNow
Where:
- [default] is the name of the connection. When setting up the Send to ServiceNow action you set cname to the name of the connection that you want to use.
- port is the port used by ServiceNow.
- host is the hostname of the ServiceNow instance.
- path is the location of the ServiceNow event table.
- user is the ServiceNow user name. The account must have the appropriate permission level, i.e. Event Management Administrator (evt_mgmt_admin), Event Management User (evt_mgmt_user), Event Management Integrator (evt_mgmt_integration).
- pass is the password to the ServiceNow user account.
snmpforward_oem.cfg
snmpforward is the utility for forwarding Entuity events. snmpforward_oem.cfg is the sample configuration file that defines the events to be forwarded to Oracle Enterprise Manager.
Location
entuity_home/etc
Format
Please see this article for help and information on the format used by this utility.
snmpMaxPduOverrides.cfg
snmpMaxPDUoverrides.cfg includes a set of individual maximum PDU sizes for sysOids identified by Entuity Support as having a problem handling larger PDUs.
Location
entuity_home/etc
Format
Text file with each line identifying a sysOid and its maximum PDU size.
Description
Users can also enter individual max PDU size for specified sysOids. The format is:
<sysoid>=<Maximum PDU size>
For example:
.1.3.6.1.4.1.9.1.669=512 # Cisco ASA5510
.1.3.6.1.4.1.9.1.670=512 # Cisco ASA5520
.1.3.6.1.4.1.9.1.671=512 # Cisco ASA5520sc
.1.3.6.1.4.1.9.1.672=512 # Cisco ASA5540
.1.3.6.1.4.1.9.1.673=512 # Cisco ASA5540sc
.1.3.6.1.4.1.9.1.745=512 # Cisco ASA5505
.1.3.6.1.4.1.9.1.753=512 # Cisco ASA5550
.1.3.6.1.4.1.9.1.763=512 # Cisco ASA5550sc
.1.3.6.1.4.1.9.1.764=512 # Cisco ASA5520sy
Status
Maintained by Entuity.
When upgrading Entuity, this file is overwritten. When wanting to amend or add to these PDU size definitions you should create your own copy of this file and include it to Entuity through entuity.cfg. For example:
snmpMaxPduSizeOverridesfile=snmpMaxPDUoveride.cfg
snmpV3.cfg
For Entuity to handle SNMPv3 traps from devices it must, as a minimum, know device name and user details. For devices Entuity manages, Entuity can retrieve the required information from its database. For devices Entuity does not manage you should enter identifying details in snmpV3.cfg.
Devices with duplicate engineIDs are not compliant with the SNMPv3 standard. However, some manufacturers do repeat engineIDs and Entuity supports this behavior. If devices have duplicate engineIDs and are sending DNMPv3 traps with privacy and/or authentication enabled they must use either the same credentials (passwords) or different user names.
Location
entuity_home/etc
Format
Text file, with each line defining information required to handle traps from a particular device.
Description
When you require Entuity to handle SNMPv3 traps from devices it does not manage, use this configuration file to specify how Entuity should handle these traps.
Each line details one device, and must include the device name and user and optionally engineID, authentication and privacy password.
For example:
-d 10.66.1.13 -u mark
-d 10.66.1.14 -e 0x80000312010A42010E -u mark -a MD5 -A "Auth Password"
-d 10.66.1.15 -e 0x80000312010A42010F -u mark -a MD5 -A "Auth Password" -x DES -X "Priv Password"
where:
- -d specifies the device name, e.g. 10.66.1.15.
- -u specifies the user name, e.g. mark.
- -e specifies the device engine, e.g. 0x80000312010A42010F.
- -a specifies the authentication protocol, i.e. MD5, SHA.
- -A specifies the authentication password, "Auth Password".
- -x specifies the privacy protocol, i.e. AES, DES.
- -X specifies the privacy password, e.g. "Priv Password".
startup_o/s.cfg
The startup configuration file; for Windows named startup_WIN32.cfg and for Linux systems startup_UNIX.cfg.
Location
entuity_home/etc
Format
Text file containing lines in the format: systemVariable=value, under headings denoted by square brackets [].
Description
Configuration file used by starteots when starting Entuity to determine which processes to start. For Windows implementations Entuity services are also configured here. Each process has its own section. Through the Entuity Health web page you can view the state and criticality of each process, this report identifies each process through its section name. This is an example section:
[syslogger]
state=normal
type=command
start=${ENTUITY_HOME}${FPS}bin${FPS}syslogger
directory=${LOGDIR}
memoryLimitMb=4000
is_critical=n
These are the available options:
- [syslogger], is the section name enclosed in square brackets. Through the Entuity Health web page, you can view the state of each process, this report identifies each process through its section name.
- state which sets the state(s) of the module. This label allows you to group modules by associating them with the same state. In the control_system section of entuity.cfg you can set defaultState, to your chosen state. When Entuity starts, all of those modules start.
For example, by default Entuity starts all those sections with state set to normal. However, when reviewing collected data but not wanting to poll a network, e.g. when using Entuity for due diligence, you would use those sections that have state set to maint.
A section can have more than one state, each state separated by a comma, e.g.:
state=maint,normal
state is the only value you can amend. When state is set to none, the function always starts. - type indicates the type of function to start:
- command, indicates start includes an instruction to run an executable.
- service, indicates start includes an instruction to start a Windows service.
- servicename is the name of the Windows service to start.
- start includes the instruction used to start the process.
- directory indicates the location of the log file, which when set to ${LOGDIR} is the log
directory specified through logdir in entuity.cfg. - memoryLimitMb a Unix and Linux specific configuration setting. By default all processes are set to 4000 (4GB), except dsKernelStatic which is set to 8000 (8GB).
- is_critical, identifies whether the function is critical to Entuity core functionality, Y, yes and N, no. is_critical is displayed through the Entuity Health page.
The last line of the file must always be a reference to the site specific startup file:
!startup_WIN32_site_specific.cfg
Status
Maintained by Entuity.
When upgrading Entuity, this file is overwritten. You should make any site specific changes to startup_o/s_site_specifc.cfg.
startup_o/s_site_specific.cfg
The site specific startup configuration file; for Windows named startup_WIN32.cfg and for Linux systems startup_UNIX.cfg.
Location
entuity_home/etc
Format
Text file containing lines in the format: systemVariable=value, under headings denoted by square brackets [].
Description
This file is referenced by startup_o/s.cfg. It is where you should enter site specific configuration settings for your installation startup. Values entered here override values for the same settings entered in by startup_o/s.cfg.
You can copy an entire section from startup_o/s.cfg to this file and amend its settings.
When you only want to amend a small part of an existing startup section, then you can add the section name and just the required attribute(s). This makes it easier to identify your changes. For example when you want to amend the state of Remedy, in startup_o/s.cfg the full section is:
[remedy]
state=none
type=command
start=${ENTUITY_HOME}\integ\ForkEvent\forkevent
${ENTUITY_HOME}\etc\remedyforkevent.cfg pipe_remedy
directory=${LOGDIR}
is_critical=n
In startup_o/s_site_specific.cfg you can enter:
[remedy]
state=normal
Please see this article for the section required for this file to ensure that the Entuity integration with Oracle Enterprise Manager runs.
Status
Maintained by the System Administrator. When upgrading Entuity, this file is preserved.
start_run_manufacturer.expect
Location
entuity_home/integ/SCRAPE
Format
A text file containing an Expect script that specifies the transfer of device configurations.
Description
Entuity Configuration Management includes these example scripts:
- start_run_cisco.expect
- start_run_hp.expect
- start_run_juniper.expect
Scripts can be associated with individual devices through the web UI.
Status
Examples are created and maintained by Entuity. System administrators can develop their own scripts.
sw.cfg
Location
entuity_home/etc
Format
Text file containing lines in the format: systemVariable=value, under headings denoted by square brackets [].
Description
This is the main StormWorks configuration file and must not be edited. It also contains references to secondary configuration files, particularly sw_common.cfg. sw_common.cfg also contains secondary files all pre-fixed by sw_, that contain details regarding specific Entuity StormWorks services, e.g. events, ip peering. These files also must not be edited.
When Entuity configure is run, sw.cfg (and through it the secondary files) is referenced and the StormWorks services are configured.
Status
Created and maintained by Entuity.
sw_common.cfg
Location
entuity_home/etc
Format
Text file containing lines in the format: systemVariable=value, under headings denoted by square brackets [].
Description
This is the main StormWorks configuration file included to sw.cfg and must not be edited. It also contains references to secondary configuration files, all pre-fixed by sw_, that contain details regarding specific Entuity StormWorks services, e.g. events, ip peering. These files also must not be edited.
Status
Created and maintained by Entuity.
sw_iptosysname.cfg
Location
entuity_home/etc
Format
Text file containing lines in the format: systemVariable=value, under a heading denoted by square brackets [].
Description
This is the scheduling definition for running ipToSysName, which changes within Entuity device names to system names.
The default configuration is:
[job jobIpToSysName]
description=Job to change device names to be sysNames
interval=86400
offset=10800
clientData=
modes=normal
method=simple;variable workdir=concat(get_config_var("entuity_home"), "\\lib\\tools"); =logMessage(concat(piped_exec("ipToSysName",
workdir,0,7200000,""),"\n"))
where:
- job, identifies the section as one that defines a job to change device names within Entuity from IP address to sysname.
- interval, time in seconds between running of the job. The default is 86400, one day.
- offset, defines when the job runs as an offset from 00:00. the default is 10800, equivalent to 03:00.
- clientData and modes should not be amended.
- method, defines the job and should not be amended.
Status
Created and maintained by Entuity. This file is only enabled when included to sw_site_specific.cfg and configure is then run.
sw_menu_def_site_specific.cfg
Location
entuity_home/etc
Format
Text file containing references to files that specify Extensible Menus. Files with a hash before their name are not included to the Entuity configuration, for example:
#!sw_menu_discover_all.cfg
File names that prefixed with an exclamation mark are included to the Entuity configuration:
!sw_menu_discover_all.cfg
!sw_menu_example.cfg
Currently you can include these menu definitions to Entuity:
- sw_menu_discover_all.cfg, should be included to the configuration Entuity options for acting on Discovered Devices.
- sw_menu_example.cfg, these are a set of useful example user actions that can also provide the basis for more advanced customizations.
Description
This is the StormWorks configuration file to which the configuration files of user specific Extensible Menus are included.
When Entuity configure is run, sw.cfg (and through it the secondary files, including sw_menu_def.cfg) is referenced and the StormWorks services are configured.
Status
Created and maintained by Entuity. Administrators may be asked to include and exclude references to files when adding and removing modules and other functionality.
When upgrading Entuity, this file is overwritten. You should ensure you have taken a backup so that can you refer to it when re-applying your site specific configuration.
sw_module_file_list.cfg
Location
entuity_home/etc
Format
Text file containing references to files that specify activated Entuity modules. This file is created and maintained during configure. File names that prefixed with an exclamation mark are included to the Entuity configuration, for example:
!sw_green.cfg
!sw_swport_matrix.cfg
!sw_swport.cfg
!sw_swport_status.cfg
Description
This is the StormWorks configuration file to which the configuration files of Entuity modules are included. When Entuity configure is run, sw.cfg (and through it the secondary files, including sw_module_file_list.cfg) is referenced and the StormWorks services are configured.
Status
Created and maintained by configure. When re-configuring or upgrading Entuity, this file is overwritten.
sw_ph.cfg
Location
entuity_home/etc
Description
Controls parsing of the StormWorks configuration files and must not be edited.
Status
Created and maintained by Entuity.
sw_report_system_site_specific.cfg
Location
entuity_home/etc
Format
Text file containing references to files that specify extra reporting functionality, e.g. delivered with Entuity modules, customer specific modifications. Files with a hash before their name are not included to the Entuity configuration, for example:
#!sw_report_site_specific.cfg
File names that are only prefixed with an exclamation mark are included to the Entuity configuration:
!sw_report_site_specific.cfg
Description
This is the StormWorks configuration file to which extra reports are included, or more specifically their configuration files.
When Entuity configure is run, sw.cfg (and through it the secondary files, including sw_report_system_site_specific.cfg) is referenced and the StormWorks services are configured.
Status
Created and maintained by Entuity. Administrators may be asked to include and exclude references to files when adding and removing site specific functionality.
When upgrading Entuity, this file is overwritten. You should ensure you have taken a backup so that can you refer to it when re-applying your site specific configuration.
sw_site_specific.cfg
Location
entuity_home/etc
Format
Text file containing references to files that specify extra functionality, i.e. customer specific modifications. Files with a hash before their name are not included to the Entuity configuration, e.g.
#!sw_user_specific_function.cfg
File names that are prefixed with an exclamation mark are included to the Entuity configuration:
!sw_user_specific_function.cfg
Description
This is the StormWorks configuration file to which site specific functionality, specifically their configuration files are included.
When Entuity configure is run, sw.cfg (and through it the secondary files, including sw_site_specific.cfg) is referenced and the StormWorks services are configured.
Status
Created and maintained by Entuity. Administrators may be asked to include and exclude references to files when adding and removing site specific functionality.
When upgrading Entuity, this file is not updated, as you would lose your site specific settings. You should check the release notes as to whether the latest version of this file includes new functionality, or examine the file directly
sw_user_defined_components.cfg
Location
entuity_home/etc
Format
Text file containing the definition of 20 pre-configured object types for use with User Defined Polling. It also includes an object configuration template.
[Type UDComponent1]
clientData+=displayName=UD Component 1\n
[Attribute uDComponents1]
clientData+=displayName=UDComponents1\n
[Type UDComponent2]
clientData+=displayName=UD Component 2\n
[Attribute uDComponents2]
clientData+=displayName=UDComponents2\n
[Type UDComponent3]
clientData+=displayName=UD Component 3\n
[Attribute uDComponents3]
clientData+=displayName=UDComponents3\n
[Type UDComponent4]
clientData+=displayName=UD Component 4\n
[Attribute uDComponents4]
clientData+=displayName=UDComponents4\n
[Type UDComponent5]
clientData+=displayName=UD Component 5\n
[Attribute uDComponents5]
clientData+=displayName=UDComponents5\n
Description
User Defined Polling allows you to define your own object types and attributes. This file defines the 20 pre-configured objects together with their attributes shipped with Entuity.
You should not amend this file because any changes to it are overwritten by subsequent Entuity upgrades. Instead create a new configuration file, for example sw_user_defined_components_site_specific.cfg, add your configuration to it and include that configuration file to sw_site_specific.cfg. When you next run configure, Entuity includes your new configuration.
Status
Created and maintained by Entuity. When upgrading Entuity, this file is updated and any user customizations are not maintained.
systemcontrol.log
Location
entuity_home/log
Description
Log file recording the behavior and state of system processes. If the Process Health page indicates an error in one or more processes you may review this file when troubleshooting the cause.
Status
Created and maintained by Entuity.
system_menus.xml
This file specifies the system menus used in the Entuity web interface. The available web interface menus are a combination of menus defined in this file and in user_menus.xml. Menus are added to Entuity during Entuity configure.
system_menus.xml is managed by Entuity and should only be amended by Entuity.
user_menus.xml
This file specifies all user menus used in the Entuity web interface. The available web interface menus are a combination of menus defined in this file and in system_menus.xml. Menus are added to Entuity during Entuity configure.
user_menus.xml is user maintained. It is not overwritten during Entuity updates.
xmlDataCollector.xml
Specifies how to identify a device, apply the appropriate XML query to the device and interpret its XML reply. For example for Nexus, XML Data Collector identifies a device through its chassis identifier and system version. It can then perform the GET_MAC action with the appropriate XML configuration.
This extract includes the XML for the MAC address implementation. There are 2:
- Match sets with evaluation occurring in the order specified.
- GET_MAC actions called by the version match set. Both actions write to the same table in
the XMLAPIDB.
Location
entuity_home/etc
Format
XML text file defining data collection.
<?xml version="1.0"?>
<XMLAPIRoot>
<version-match-sets>
<version-match-set version-match-set-id"Nexus-1000v-001" >
<version-match-set-test field="chassis_id" value="Nexus 1000V Chassis" />
<version-match-set-test field="sys_ver_str" value="4.2\(1\)SV.*" />
</version-match-set>
<version-match-set version-match-set-id="Nexus-Default">
<version-match-set-test field="chassis_id" value=".*" />
</version-match-set>
</version-match-sets>
<!-- ********************* ACTIONS ********************* -->
<actions>
<action actionName = "GET_MAC" version-match-set-id="Nexus-1000v001">
<command>
<show>
<mac>
<address-table>
<static/>
</address-table>
</mac>
</show>
</command>
<rowDelimiter delimiter="ROW_mac_address" />
<resultTable databaseAndTable="XMLAPIDB.MacToPort" />
<resultTable databaseAndTable="XMLAPIDB.MacToPort" />
<resultField field="disp_port" column="Interface" />
<resultField field="disp_mac_addr" column="MACAddr" />
</resultFields>
</action>
<action actionName = "GET_MAC" version-match-set-id="NexusDefault">
<command>
<show>
<mac>
<address-table>
<static/>
</address-table>
</mac>
</show>
</command>
<rowDelimiter delimiter="ROW_mac_address" />
<resultTable databaseAndTable="XMLAPIDB.MacToPort" />
<resultFields>
<resultField field="disp_port" column="Interface" />
<resultField field="disp_mac_addr" column="MACAddr" />
</resultFields>
</action>
</actions>
</XMLAPIRoot>
xmlDataCollector-log4j.properties
Location
entuity_home/etc/XMLDataCollector-log4j.properties
Description
Sets the level of logging applied to EYEXMLDataCollector.jar.
Status
Created and maintained by Entuity.
Comments
0 comments
Please sign in to leave a comment.