| WDR Developer's Guide |    
|
| WDR Developer's Guide |
|
| C H A P T E R 2 |
|
Using Solaris WBEM Services in WDR |
Solaris WBEM Services provide the WDR application developer with a variety of WBEM services on domains that are running either the Solaris 8 2/02 or Solaris 9 operating environment. Solaris WBEM Services, which are included with the Solaris software, make it easier for developers to create applications that use WBEM to manage systems running Solaris software.
This developer's guide provides information about only those Solaris WBEM Services with which a WDR application developer needs to become familiar. Complete information about Solaris WBEM Services is available at the following Web site:
http://www.sun.com/solaris/wbem
Solaris WBEM Services provide secure access to information about managed resources, which in turn enable applications that use WDR to get information about, and manage, system resources. A built-in Solaris Provider allows access to information about managed resources such as hardware and software state information, performance metrics, and other data that are needed by management applications to perform load balancing and to respond to device failovers.
Solaris WBEM Services uses the Common Information Model (CIM) to create a schema that represents managed objects in a system running Solaris software. CIM objects are specified in a Managed Object Format (MOF) file, which is provided with WDR and compiled when WDR is installed.
Solaris WBEM Services is a software package that resides at three layers. At each layer reside software components that are important to WDR application developers:
The following Solaris WBEM Services Application Layer software programs, which are especially useful to WDR application developers, are described in detail in this chapter:
The Sun WBEM User Manager and SMC Users Tool applications enable systems administrators to add and remove authorized users and to set their access privileges to managed resources.
There are two separate mechanisms for administering security with domains running the Solaris software: WBEM access control list (ACL) and Solaris role-based access control (RBAC).
You use the WBEM User Manager to add users to existing ACLs and to grant them either read or read-write access privileges.
You use the Users Tool in the Solaris Management Console (SMC) to add users, and to grant user roles and privileges, using RBAC.
See the section WBEM Security Services for more information about administering WBEM security, including details of ACL- and RBAC-based system security.
The SMC WBEM Log Viewer displays log files that include information such as the names of users who issued logged commands, and the client computers on which the logged commands were issued.
Solaris WBEM Services includes APIs to enable logging of system events. See the section Solaris WBEM Logging Services (and subsequent sections) for complete information about log files; rules associated with log files; log file formats; classes that developers can use to record system events; and using APIs to enable logging services.
The MOF Compiler is used to compile MOF files, which are ASCII text files that specify objects in a CIM schema that represent managed objects in a system running Solaris software.
WDR includes three MOF files that define schema comprised of objects that represent managed resources. One MOF file is used for all Sun Fire systems; another is used only on Sun Fire 15K and 12K systems; and the third is used for Sun Fire 6800, 4810, 4800, or 3800 systems.
The MOF compiler reads statements in a MOF file that define classes and instances, and then adds them to the CIM Object Manager Repository, which is a central storage area for information about management data.
To start the MOF compiler and compile a MOF file, use the mofcomp command:
/usr/sadm/bin/mofcomp [-help] [-v] [-sc] [-si] [-sq] [-version] [-c cimom_hostname] [-u username] [-p password] filename
|
Runs the compiler in verbose mode, which displays all compiler messages. |
|
|
Runs the compiler with the "set class" option, which updates a class if it already exists and contains no instances, and returns an error if the class does not already exist. If you do not specify the -sc option, the compiler adds a CIM class to the connected namespace, and returns an error if the class already exists. |
|
|
Runs the compiler with the "set instance" option, which updates an instance if it already exists, and returns an error message if it does not. If you do not specify the -si option, the compiler adds a CIM instance to the connected namespace, and returns an error if the instance already exists. |
|
|
Runs the compiler with the "set qualifier types" option, which updates a qualifier if it already exists, and returns an error message if it does not. If you do not specify the -sq option, the compiler adds a CIM qualifier type to the connected namespace, and returns an error if the qualifier type already exists. |
|
|
Specifies the user name for connecting to the CIM Object Manager. Use the -u username option for compilations that require privileged access to the CIM Object Manager. If you specify both -p and -u, you must type the password on the command line, which can pose a security risk. A more secure way to specify a password is to specify -u but not -p, so that the compiler will prompt you for the password. See the section The mofcomp Password Security Advisory below. |
|
|
Specifies a password for connecting to the CIM Object Manager. Use this option for compilations that require privileged access to the CIM Object Manager. If you specify both -p and -u, you must type the password on the command line, which can pose a security risk. A more secure way to specify a password is to specify -u but not -p, so that the compiler will prompt you for the password. See the section The mofcomp Password Security Advisory below. |
|
You can compile a MOF file whether its filename contains or does not contain a.mof extension. The MOF files that describe the CIM and Solaris Schemas are located in
/usr/sadm/mof.
To run the MOF Compiler with no options, type the following:
# mofcomp /usr/sadm/mof/Solaris_Application1.0.mof
The MOF file named Solaris_Application1.0.mof is compiled into the CIM Object Manager Repository.
If you run the mofcomp command with the -p option, or with the -p and -u options, and you include a password on the command line, another user can subsequently run the ps command or the history command to display your password. The system does not display a security warning.
The following examples show unsafe (insecure) usage:
If you use the mofcomp command in either of the preceding ways, make sure to change your password immediately after running the command.
The Solaris WBEM Services Management Layer software program that is useful to WDR application developers is the Common Information Model (CIM) Object Manager.
Solaris WBEM Services includes the CIM Object Manager, which manages objects in a WBEM-enabled system. Each CIM object represents a managed system object, such as a CPU, an I/O board, or an attachment point.
The CIM Object Manager first accepts connections to management applications using either the RMI or XML/HTTP protocol; sets up a connection to the CIM Object Repository; and then awaits requests from client applications for services, which include:
After WBEM clients are connected to a WBEM-enabled system, they can request WBEM operations such as creating, viewing, and deleting CIM classes and instances; retrieving the values of properties; and enumerating instances of classes, or classes within a specified class hierarchy.
Normally, the CIM Object Manager is started automatically during installation and whenever you boot a domain by a utility called /etc/init.d/init.wbem. In addition to the CIM Object Manager, the command starts the Solaris Management Console (SMC); both run as a single process.
You should not need to start and stop the CIM Object Manager manually, but you can do so if the need should arise. The init.wbem utility has the following syntax:
/etc/init.d/init.wbem start|stop|status
The start option starts the CIM Object Manager on the domain from which it is invoked. The stop option stops the CIM Object Manager on the domain. The status option gets the status of the CIM Object Manager on the domain.
1. Enter the following command at the system prompt to become a root user:
2. At the root system prompt (#) type the root password for the domain when prompted to do so.
3. Start the CIM Object Manager by typing the following command:
1. Enter the following command at the system prompt to become a root user:
2. When prompted, enter the root password for the domain at the root system prompt (#).
3. Stop the CIM Object Manager by entering the following command:
The Solaris WBEM Services Provider Layer includes the Solaris Provider software program, which is especially useful to WDR application developers.
A Solaris Provider is a class that communicates with managed objects. Providers provide the CIM Object Manager with instances of managed resources on systems running the Solaris operating environment, and retrieve and set information on managed devices.
When a WDR application attempts to access CIM data about managed resources, WBEM first validates the user login information on the domain. Users are granted Read Only access by default. See the section WBEM Security Services for more information about WBEM system security.
The CIM Object Manager uses object provider APIs to communicate with providers. After an application requests dynamic data from the CIM Object Manager, the CIM Object Manager responds via the provider APIs to pass the requested information to the provider.
Providers can be either native providers, which are machine-specific, or they can be written using the portable, machine-independent Java Native Interface (JNI), which is part of the Java
Development Kit (JDK).
There are three principal security features that protect CIM objects from intrusion on a WBEM-enabled system:
Authentication is the process of verifying the identity of a user, device, or other entity in a Sun Fire system. Authentication is frequently used to give valid users access to system resources; and to deny access to users who cannot be authenticated.
When a user logs in and enters a user name and password, the client uses the password to generate an encrypted digest that the server verifies. When the user is authenticated, the CIM Object Manager grants a MAC token and establishes a client session. All subsequent operations occur within that secure client session, and contain a MAC token that uses the session key that was negotiated during the authentication process. (A MAC is a token parameter added to a remote call which contains security information used to authenticate that message.)
Authorization is the process of granting to a user, program, or process the right to access system resources. Authorization occurs after authentication.
After the CIM Object Manager has authenticated the user's identity, that identity can be used to verify whether the user should be allowed to execute an application or any of its related tasks. The CIM Object Manager supports capability-based authorization, which allows a privileged user to assign read and write access to other users. Such authorizations are added to existing Solaris user accounts.
Replay protection prevents an unauthorized client picking up and sending another client's message to the server by validating a session key.
A client cannot copy another client's last message that was sent to the CIM Object Manager. The CIM Object Manager uses a MAC for each message, based on the session key that was negotiated during authentication, to guarantee that all communications in the client-server session is indeed with the same client that initiated the session and participated in client-server authentication.
The MAC is used to confirm that each message actually came from the client that was originally authenticated for the session, and that the message was not being replayed by another client. This type of mechanism is used in WBEM to verify RMI messages. The session key that was negotiated during the user authentication exchange is used to encrypt the security information in the message's MAC token.
WBEM Security Services does not perform digital signing of messages.
You use WBEM Access Control Lists to administer security within the Solaris operating environment.
Access Control List-based security is implemented using classes that are defined in the Solaris_Acl1.0.mof file. Access Control List-based security, which is specific to Solaris WBEM Services, provides a default authorization scheme for Solaris WBEM Services, and applies to all CIM operations. Instances of these classes determine the default authorizations that are assigned to WBEM users and/or namespaces.
To add users to existing Access Control Lists and assign to them either read or read-write access privileges, use the Sun WBEM User Manager, which is described in the section Sun WBEM User Manager. The Sun WBEM User Manager is located at
/usr/sadm/bin/wbemadmin.
For more information, see the section Using the Sun WBEM User Manager.
The Sun WBEM User Manager allows privileged users to add and delete authorized users and to set their access privileges to CIM objects on a WBEM-enabled system. Each user must have a Solaris user account.
You can use the Sun WBEM User Manager to set access privileges on individual namespaces or on a user/namespace combination. When you add a user and select a namespace, the user has default read access to the CIM objects within the specified namespace.
You can restrict access by all users to a namespace, and then grant individual users read, read-write, or write access to that namespace.
You cannot set access rights to individual managed objects. However, you can set access rights for all managed objects within a namespace and on a per-user basis.
If you log in as root, you can use the WBEM User Manager to set the following types of access to CIM objects:
1. Enter the following command on the command line as root:
The Sun WBEM User Manager is loaded, and the Login dialog is displayed. To use context-sensitive help, click on fields in the dialog to display the Context Help panel.
2. In the Login dialog, enter the user name in the User Name field.
You must have Read access to the root\security namespace to log in. By default, Solaris users have guest privileges, which grant them Read access to the default namespaces. Users with Read access can view, but not change, user privileges.
To grant access rights to users, you must log in either as root or as a user with Write access to the root\security namespace.
3. In the Login dialog, enter the password for the user account in the Password field.
The User Manager dialog is displayed. It contains a list of users and their access rights to WBEM objects within the namespaces on the current domain.
1. Start the Sun WBEM User Manager.
2. Click Add in the Users Access portion of the User Manager dialog.
A dialog is displayed that lists all available namespaces on the domain.
3. Type the Solaris user's account name in the User Name field.
4. Select a namespace from the list of available namespaces.
The user name is added to the list of users shown in the User Manager dialog.
6. Click OK to save the changes and close the User Manager dialog. Or, click Apply to save the changes and leave the dialog open.
The user now has Read Only access to CIM objects in the selected namespaces.
1. Start the Sun WBEM User Manager.
2. Select the user from the list whose access rights you want to change.
3. To grant Read Only access to the user, click the Read check box. To grant the user Write access, click the Write check box.
4. Click OK to save the changes and close the User Manager dialog. Or, click Apply to save the changes and leave the dialog open.
1. Start the Sun WBEM User Manager.
2. In the Users Access portion of the User Manager dialog, select the user from the list whose access rights you want to remove.
3. Click Delete to revoke the user's access rights to the namespace.
A confirmation dialog prompts you to confirm that you want to revoke the user's access rights. Click OK to proceed.
4. Click OK to save the changes and close the User Manager dialog. Or, click Apply to save the changes and leave the dialog open.
1. Start the Sun WBEM User Manager.
2. In the Namespace Access portion of the User Manager dialog, click Add.
A dialog is displayed that lists all the namespaces that are available in the domain.
3. Select the namespace for which you want to set access rights.
By default users have Read Only access to namespaces, and the Read check box is checked. To allow Write access, click the Write check box. To allow Read/Write access click both the Read and Write check boxes. To allow no access to the namespace, make sure both the Read and Write check boxes are not checked.
4. Click OK to save the changes and close the User Manager dialog. Or, click Apply to save the changes and leave the dialog open.
1. Start the Sun WBEM User Manager.
2. In the Namespace Access portion of the User Manager dialog, select the namespace whose access rights you want to remove and click Delete.
This removes access control from the namespace, and removes the namespace from the list of namespaces displayed in the User Manager dialog box.
3. Click OK to save the changes and close the User Manager dialog. Or, click Apply to save the changes and leave the dialog open.
You can use the Sun WBEM SDK APIs to set access control on a namespace or on a per-user basis. The following security classes are stored in the root\security namespace:
You can set access control on individual users to the CIM objects within a namespace by creating an instance of the Solaris_UserACL class and then using the APIs to change the access rights for that instance. Similarly, you can set access control on namespaces by creating an instance of the Solaris_NameSpaceACL class and then using APIs, such as the setInstance method, to set the access rights for that instance.
An effective way to combine the use of these two classes is to first use the Solaris_NameSpaceACL class to restrict access to all users to the objects in a namespace. Then use the Solaris_UserACL class to grant selected users access to the namespace.
The Solaris_UserAcl class extends the Solaris_Acl base class, from which it inherits the string property capability that has a default value of "r" (Read Only).
You can set access privileges by setting the capability property of the Solaris_UserAcl class to one of the following values:
In addition to the capability property, the Solaris_UserAcl class defines the following two key properties. Only one instance of the namespace-username ACL pair can exist in a namespace.
1. Create an instance of the Solaris_UserAcl class, using code such as the following:
/* Create a namespace object initialized with root\security (name of namespace) on the local host. */
CIMNameSpace cns = new CIMNameSpace("", "root\security");
// Connect to the root\security namespace as root.
cc = new CIMClient(cns, "root", "root_password");
// Get the Solaris_UserAcl class
cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl");
// Create a new instance of the Solaris_UserAcl
class ci = cimclass.newInstance(); ...
2. Set the capability property to the desired access rights, using code such as the following:
/* Change the access rights (capability) to read/write for user Guest
on objects in the root\molly namespace.*/
ci.setProperty("capability", new CIMValue(new String("rw"));
ci.setProperty("nspace", new CIMValue(new String("root\molly"));
ci.setProperty("username", new CIMValue(new String("guest"));
3. Update the newly created instance using code such as the following:
// Pass the updated instance to the CIM Object Manager
cc.setInstance(new CIMObjectPath(), ci);
The Solaris_NamespaceAcl class extends the Solaris_Acl base class, from which it inherits the string property capability whose default value is "r" (Read Only for GUEST and all users). The Solaris_NamespaceAcl class defines the following key property:
|
Identifies the namespace to which this access control list (ACL) applies. Only one instance of the namespace ACL can exist in a namespace. |
1. Create an instance of the Solaris_namespaceACL class, using code such as the following:
/* Create a namespace object initialized with root\security (name of namespace) on the local host. */
CIMNameSpace cns = new CIMNameSpace("", "root\security");
// Connect to the root\security namespace as root.
cc = new CIMClient(cns, "root", "root_password");
// Get the Solaris_namespaceAcl class
cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl");
// Create a new instance of the Solaris_namespaceAcl
class ci = cimclass.newInstance();
2. Set the capability property to grant the desired access rights, using code such as the following:
/* Create a namespace object initialized with root\security (name of namespace) on the local host. */
CIMNameSpace cns = new CIMNameSpace("", "root\security");
// Connect to the root\security namespace as root.
cc = new CIMClient(cns, "root", "root_password");
// Get the Solaris_namespaceAcl class
cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl");
// Create a new instance of the Solaris_namespaceAcl
class ci = cimclass.newInstance();
3. Update the newly created instance, using code such as the following:
// Pass the updated instance to the CIM Object Manager
cc.setInstance(new CIMObjectPath(), ci);
The SMC Users tool lets you add users to existing roles and grant RBAC rights to existing users. RBAC rights are managed in the Rights portion of the SMC Users tool.
1. Enter the following command to change to the location of the SMC invocation command:
2. Type the following command to start the SMC:
3. After the application is loaded and the user interface is displayed, double-click "This Computer" (or single-click the expand/compress icon next to "This Computer") in the left-hand Navigation panel to expand the tree beneath "This Computer."
4. Double-click "System Configuration" (or single-click the expand/compress icon next to "System Configuration") in the left-hand Navigation panel to expand the tree beneath "System Configuration." The Users icon is displayed.
5. Click the Users icon to start the Users Tool.
|
Note - For more information about using the Solaris Management Console, see the smc(1m) man page. |
WBEM Logging services enable systems administrators to monitor system events and to determine how they occurred.
The logging service records all those actions that the service provider has been programmed to return, and that are completed by Solaris WBEM Services components. In addition, informational and error content can be recorded to a log.
For example, if a user disables a serial port, this information can be logged automatically by a serial port provider. Or, if a system error or other failure occurs, the administrator can check the log record to trace the cause of the occurrence.
All components, applications, and providers start logging automatically, in response to events. For example, the CIM Object Manager automatically logs events after it is installed and started.
You can set up logging for applications and providers that you develop for the WBEM environment. For information, see the section Using the APIs to Enable Solaris WBEM Logging.
You can view log data in the Solaris Management Console (SMC) Log Viewer to debug the logging functionality that you have set up. For more information about viewing log files, see the section Solaris WBEM Log Viewer, and the smc(1m) man page.
When you set up an application or a provider to log events, its events are recorded in log files. All log records are stored in the path: /var/sadm/wbem/log. Log files use the following naming convention:
where # is a number appended to indicate the version of the log file.
A log file appended with a ".1" is the most recently-saved version, such as wbem_log.1. A log file appended with a ".2" is the next oldest version, and so on. All versions of the log file co-exist as an archive in /var/sadm/wbem/log.
Log files are renamed with a .1 file extension, and saved when one of the following two conditions are met:
For information about how the properties of the Solaris_LogServiceProperties class control how a log file is used, see the section Solaris WBEM Services Log File Rules.
For information about the Solaris_LogService class and its methods, see the section Solaris_LogService Class.
The Solaris_LogServiceProperties class is defined in Solaris_Core1.0.mof. The Solaris_LogServiceProperties class has properties that control the following attributes of a log file:
To specify any of these attributes for an application that writes data to a log file, create a new instance of the Solaris_LogServiceProperties class and set the values of its associated properties. See the section Setting Solaris WBEM Logging Properties for detailed information about how to set property values of the new instance.
The logging service provides three categories of log records: application, system, and security. Log records may be informational, or may record data derived from errors or warnings. A standard set of fields is defined for the data that can be presented in logs; however, logs do not necessarily use all fields. For example, an informational log may provide a brief message describing an event. An error log may provide a more detailed message.
Some log data fields are required to identify data in the CIM Repository. These fields are properties flagged with a read-only key qualifier in the Solaris_LogRecord class. You cannot set the values of these fields. You can, however, set the values of any of the following fields in your log files:
Solaris WBEM Logging Services uses two Solaris Schema classes: Solaris_LogRecord and Solaris_LogService.
The Solaris_LogRecord class is defined in the Solaris_Core1.0.mof file to model an entry in a log file. When an application or provider calls the Solaris_LogRecord class in response to an event, the Solaris_LogRecord class causes all data generated by the event to be written to a log file. To see the definition of the Solaris_LogRecord class as part of the Solaris Provider, view the Solaris_Core1.0.mof file in a text editor. The Solaris_Core1.0.mof file is located in /usr/sadm/mof.
The Solaris_LogRecord class uses a vector of properties and key qualifiers to specify attributes of the events, system, user, and application or provider that generate data. Read-only qualifier values are generated transparently for use between the application and the CIM Repository. For example, the value RecordID uniquely identifies the log entry but is not displayed as part of the log format when you view generated data.
You can set the values of writable qualifier values. For example, you can set the qualifier values of properties such as ClientMachineName and ServerMachineName, which identify the system on which an event occurs.
When the SysLogFlag property is set to true, then a detailed message of the log record is automatically sent to the syslog daemon on UNIX systems.
The Solaris_LogService class controls the operation of the logging service and defines the ways in which log data is handled. This class has a set of methods that an application can use to distribute data about a particular event to the CIM Object Manager from the issuing application. The data becomes a trigger that generates a response from the CIM Object Manager, such as a retrieval of data from the CIM Repository.
The Solaris_LogService class uses the following methods:
The Solaris_LogServiceProperties class lets you set logging properties. See the section Setting Solaris WBEM Logging Properties.
You can view the definition of the Solaris_LogService class in the Solaris_Core1.0.mof file, which is located in /usr/sadm/mof.
Currently, you can view log file content in Log Viewer. However, you can develop your own log viewer if you prefer to view log files in a customized manner. You can use the logging application programming interfaces (APIs) to develop a log viewer. The APIs enable you to:
Enabling an application to write data to a log file involves the following main tasks:
1. Import all the necessary Java classes. The minimum classes are:
import java.rmi.*;
import com.sun.wbem.client.CIMClient;
import com.sun.wbem.cim.CIMInstance;
import com.sun.wbem.cim.CIMValue;
import com.sun.wbem.cim.CIMProperty;
import com.sun.wbem.cim.CIMNameSpace;
import com.sun.wbem.cim.CIMObjectPath;
import com.sun.wbem.cim.CIMClass;
import com.sun.wbem.cim.CIMException;
import com.sun.wbem.solarisprovider.*;
import java.util.*;
2. Declare the public class CreateLog and create instances of the following classes: CIMClient, CIMObjectPath, and CIMNameSpace:
public class CreateLog {
public static void main(String args[]) throws CIMException {
if ( args.length != 3) {
System.out.println("Usage: CreateLog host username password");
System.exit(1);
}
CIMClient cc = null;
CIMObjectPath cop = null;
try {
CIMNameSpace cns = new CIMNameSpace(args[0]);
cc = new CIMClient(cns, args[1], args[2]);
3. Specify the vector of properties to be returned. Set values for the properties of the qualifiers.
Vector keys = new Vector();
CIMProperty logsvcKey;
logsvcKey = new CIMProperty("category");
logsvcKey.setValue(new CIMValue(new Integer(2)));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("severity");
logsvcKey.setValue(new CIMValue(new Integer(2)));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("AppName");
logsvcKey.setValue(new CIMValue("SomeApp"));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("UserName");
logsvcKey.setValue(new CIMValue("molly"));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("ClientMachineName");
logsvcKey.setValue(new CIMValue("dragonfly"));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("ServerMachineName");
logsvcKey.setValue(new CIMValue("spider"));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("SummaryMessage");
logsvcKey.setValue(new CIMValue("brief_description"));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("DetailedMessage");
logsvcKey.setValue(new CIMValue("detailed_description"));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("data");
logsvcKey.setValue(new CIMValue("0xfe 0x45 0xae 0xda"));
keys.addElement(logsvcKey);
logsvcKey = new CIMProperty("SyslogFlag");
logsvcKey.setValue(new CIMValue(new Boolean(true)));
keys.addElement(logsvcKey);
4. Declare the new instance of the CIMObjectPath class for the log record.
CIMObjectPath logreccop = new CIMObjectPath("Solaris_LogRecord", keys);
5. Declare the new instance of Solaris_LogRecord. Set the vector of properties to write to a file.
CIMInstance ci = new CIMInstance();
ci.setClassName("Solaris_LogRecord");
ci.setProperties(keys);
//System.out.println(ci.toString());
cc.setInstance(logreccop,ci);
}
catch (Exception e) {
System.out.println("Exception: "+e);
e.printStackTrace();
}
6. Close the session after data has been written to the log file.
// close session.
if(cc != null) {
cc.close();
}
Enabling an application to read data from a log file to a log viewer involves the following tasks:
|
|
1. Import all the necessary Java classes. The classes listed below are the minimum required:
import java.rmi.*;
import com.sun.wbem.client.CIMClient;
import com.sun.wbem.cim.CIMInstance;
import com.sun.wbem.cim.CIMValue;
import com.sun.wbem.cim.CIMProperty;
import com.sun.wbem.cim.CIMNameSpace;
import com.sun.wbem.cim.CIMObjectPath;
import com.sun.wbem.cim.CIMClass;
import com.sun.wbem.cim.CIMException;
import com.sun.wbem.solarisprovider.*;
import java.util.*;
import java.util.Enumeration;
public class ReadLog
{
public static void main(String args[]) throws
CIMException
{
if ( args.length != 3)
{
System.out.println("Usage: ReadLog host username password");
System.exit(1);
}
3. Set the CIMClient, CIMObjectPath, and CIMNameSpace values of the ReadLog class.
CIMClient cc = null;
CIMObjectPath cop = null;
try { CIMNameSpace cns = new CIMNameSpace(args[0]);
cc = new CIMClient(cns, args[1], args[2]);
cop = new CIMObjectPath("Solaris_LogRecord");
4. Enumerate the instances of Solaris_LogRecord.
Enumeration e = cc.enumInstances(cop, true);
for (; e.hasMoreElements(); ) {
5. Send the property values to an output device.
System.out.println("---------------------------------");
CIMObjectPath op = (CIMObjectPath)e.nextElement();
CIMInstance ci = cc.getInstance(op);
System.out.println("Record ID : " +
(((Long)ci.getProperty("RecordID").getValue().getValue()).longValue()));
System.out.println("Log filename : " + ((String)ci.getProperty("FileName").getValue().getValue()));
int categ = 0 (((Integer)ci.getProperty("category").getValue().getValue()).intValue());
if (categ == 0)
System.out.println("Category : Application Log");
else if (categ == 1)
System.out.println("Category : Security Log");
else if (categ == 2)
System.out.println("Category : System Log");
int severity = (((Integer)ci.getProperty("severity").getValue().getValue()).intValue());
if (severity == 0)
System.out.println("Severity : Informational");
else if (severity == 1)
System.out.println("Severity : Warning Log!");
else if (severity == 2)
System.out.println("Severity : Error!!");
System.out.println("Log Record written by :" + ((String)ci.getProperty("AppName").getValue().getValue()));
System.out.println("User : " + ((String)ci.getProperty("UserName").getValue().getValue()));
System.out.println("Client Machine : " + ((String)ci.getProperty("ClientMachineName").getValue().getValue()));
System.out.println("Server Machine : " + ((String)ci.getProperty("ServerMachineName").getValue().getValue()));
System.out.println("Summary Message : " + ((String)ci.getProperty("SummaryMessage").getValue().getValue()));
System.out.println("Detailed Message : " + ((String)ci.getProperty("DetailedMessage").getValue().getValue()));
System.out.println("Additional data : " + ((String)ci.getProperty("data").getValue().getValue()));
boolean syslogflag =((Boolean)ci.getProperty("syslogflag").getValue().getValue()). booleanValue();
if (syslogflag == true) {
System.out.println("Record was written to syslog as well");
} else {
System.out.println("Record was not written to syslog");
}
System.out.println("---------------------------------");
6. Return an error message to the user if an error condition occurs.
...
catch (Exception e) {
System.out.println("Exception: "+e);
e.printStackTrace(); }
...
7. Close the session when the data has been read from the file.
// close session.
if(cc != null) {
cc.close();
}
}
}
You can create an instance of the Solaris_LogServiceProperties class and set property values for the instance to control how your application or provider handles logging.
The following code example shows how to set logging properties. Properties are stored in the /var/sadm/lib/wbem/WbemServices.properties file.
public class SetProps {
public static void main(String args[]) throws CIMException {
if ( args.length != 3) {
System.out.println("Usage: SetProps host username password");
System.exit(1);
}
CIMClient cc = null;
try {
CIMNameSpace cns = new CIMNameSpace(args[0]);
cc = new CIMClient(cns, args[1], args[2]);
CIMObjectPath logpropcop = new CIMObjectPath("Solaris_LogServiceProperties");
Enumeration e = cc.enumInstances(logpropcop, true);
for (; e.hasMoreElements(); ) {
CIMObjectPath op = (CIMObjectPath)e.nextElement();
CIMInstance ci = cc.getInstance(op);
ci.setProperty("Directory", new CIMValue("/tmp/bar1/"));
ci.setProperty("FileSize", new CIMValue("10"));
ci.setProperty("NumFiles", new CIMValue("2"));
ci.setProperty("SyslogSwitch", new CIMValue("off"));
cc.setInstance(logpropcop,ci);
}
}
catch (Exception e) {
System.out.println("Exception: "+e);
e.printStackTrace();
}
// close session.
if(cc != null) {
cc.close();
}
}
You can view all details of a log record in the Solaris Management Console (SMC) Log Viewer, an application that provides a graphical user interface for viewing recorded data. For more information on the SMC, see the man page smc(1M).
After you have created a log record, you can start the SMC and then its Log Viewer.
1. Change to the location of the SMC invocation command by typing the following:
# cd /usr/sbin
2. Start SMC by typing the following command:
# smc
3. In the Navigation panel, double-click This Computer (or single-click the expand/compress icon next to it) to expand the tree beneath it. Double-click System Status and the Log Viewer icon will be displayed.
| WDR Developer's Guide | 816-1984-11 |
|
Copyright © 2002, Sun Microsystems, Inc. All rights reserved.
