Path: utzoo!attcan!telly!eci386!jmm From: jmm@eci386.uucp (John Macdonald) Newsgroups: comp.unix.admin Subject: Re: System management tools for unix systems? Keywords: unix management Message-ID: <1990Dec7.194437.5289@eci386.uucp> Date: 7 Dec 90 19:44:37 GMT References: <15872@ists.ists.ca> <1990Dec5.171245.7561@eci386.uucp> Reply-To: jmm@eci386.UUCP (John Macdonald) Organization: Elegant Communications Inc. Lines: 115 In article <15872@ists.ists.ca> aronb@gkcl.UUCP (Aron Burns) wrote: |We saw a product called ERSA ( Expert Remote Systems Assurance ) that |gathered stats on a unix system, made some intelligent guesses about |problems and attempts to make suggestions about how to solve them |, at which point it uploads a file to a supervisor machine where a |human decides what to do. The product looked at kernel tuning, |security violations, disk space, etc. While I haven't seen it |run you might call these people to find out more: In article <1990Dec5.171245.7561@eci386.uucp> I, jmm@eci386.UUCP (John Macdonald), followed up: |Thanks for the plug Aaron, I was just about to risk the wrath |of the commercialism haters and follow up myself. | |If requested, I can provide additional technical details in this |newsgroup (but I will try to avoid blatant advertisms). All right, I got enough requests for further info and no requests to not do so ("Full power to flame shields, Mr. Scott. Warp factor 9, Mr. Sulu. Prepare evasive maneuvers, Mr. Spock", take a deep breath, insert smiley for good luck :-) (Minor aside - for ease of registering trademarks, we have had to change our official acronym to XRSA - eXpert Remote Systems Assurance - instead of ERSA. We still pronounce it the same. :-) XRSA does a great deal of automation of administration of Unix systems. It consists of two suites of programs. The "Monitor" runs on each administered system. It does many admin activities (prune log files; run backups; clean out junk files; compress unused files) and auditing activities (validate against a database describing important characteristics of significant system files; changes in setuid and setgid programs; security problems in passwords, accounts, login activity, remote access activity, etc; list communication activity; collect sar or similar info; file system, file, and directory size information). The results of these activities are bundled into a log that is sent to a central "Expert" site. There are lots of local configuration options, but everything is set up to act in a reasonable, safe, manner without local control. The "Expert" runs at a central site that co-ordinates responsibility for administrating systems. It accepts the Monitor logs and processes them into various reports - general information of various types, as well as an Urgent report which lists all indications of potential problems using potent correlation and analysis heuristics (I hesitate to call this an expert system for fear of catching buzzword syndrome). These reports can be distributed using email, news, or any other appropriate mechanism. The central site could be an internal MIS department or an outside service bureau or facilities management operation. Because of the report distribution flexibility, the responsibility for acting on the reports need not fall on the staff of the "Expert" site. Monitor requires basic V7 functionality (sh, sed, awk, etc) but avoids using more recent features (sh functions, awk functions, inconsistently provided programs). If more recent features are present, then they will be used to generate information (e.g. sar). This, it runs on essentially all varieties of Unix (and attempts to provide a consistent appearance to all - for example there is a shell script that contains a large number of awk scripts to provide a consistently formatted "df" for all systems). Adding new modules to the package is straightforward. This allows customisation for local environments, as well as for direct support of specific applications. Expert is extremely portable too - it basically does a lot of text processing and communication which is a common capability of most Unix systems. The other important thing to mention about XRSA is that it is not so much a product as a software supported consulting tool. The customer of the service bureau will see it as a product, but the service bureau itself, or a large organisation, would often benefit from a significant amount of consulting activity customising XRSA to fit more precisely into the framework of their business. A general philosophy point. XRSA is not intended to allow anyone to do system administration. It is aimed at competent, expert, professional people who will be able to understand and act on the information it provides (and appreciate the huge quantity of information that XRSA can analyse to the point of determining that it need not be examined by the human expert today). It is intended to allow administration not require the constant physical presense of the human expert at every system. There are some reports that are intended to be clear to non-experts, but these are normally produced to address a known problem (e.g. a chart of file system usage helps the expert to show why it is time to add a new disk). OK. In reading back, I see that there is a lot of stuff that could be interpreted either as "design justification" or "hornblowing". I hope most readers view this as the former rather than the latter. Too, I have only described an overview of how XRSA works, without much in the way of specific details. However, this has gotten long enough already. I'll leave discussion of specifics for my response to any future discussion (and drop it if there is no interest or too much objection). If anyone wants an email copy of our "benefits summary", or a surface mail copy of our full info package, let me know. John Macdonald Elegant Communications Inc. 481 University Ave., Suite 602, Toronto Ontario M5G 2E9 voice - (416) 595-5425 fax - (416) 595-5439 (business hours only) -- Cure the common code... | John Macdonald ...Ban Basic - Christine Linge | jmm@eci386