Idle User Session Example
Several Monitoring Examples
It should be emphasized that the examples following are not an intrinsic part of PIKT. They are solutions that you might implement, not that you are forced to adopt.
Case Study 1: IdleUserSession
IdleUserSession is a short Pikt script to kill abandoned user sessions.
Listing 1 is the source version on the master control machine as it would
appear in the alarms.cfg file:
Listing 1: IdleUserSession (source version)
IdleUserSession
init
status active
level critical
task "Terminate idle user sessions."
input proc "=w | =nawk '/[1-9]day/ {gsub("\\/","\\\\/"); \
print $1 " " $2}'"
dat $user 1
dat $tty 2
rule
=execwait "=kill `=ps -ef | =nawk '/$user.+$tty/ {print \$2}'`"
We have decided that this needs to be run every other hour or so, so we group it with other "critical" alerts in the alerts.cfg file:
Critical
timing 30 0-22/2 * * *
drift 5
#if moscow | munich
priority 10
#else
priority 0
#endif
mailcmd "=mailx -s 'PIKT \
Alert on \
=pikthostname: \
Critical' \
=piktcritical"
alarms
...
IdleUserSession
...
We would install this alarm, along with the other alarms in the Critical alerts group, with the command
# piktc -iv +A Critical -H downsys processing madrid2... installing file(s)... Critical.alt installed ...
We have defined macro command paths in macros.cfg like so:
#if solaris ... kill /usr/bin/kill ... nawk /usr/bin/nawk ... #endif
If the current client were defined as a solaris system in the PIKT
systems.cfg file, the piktc preprocessor installs this script on the client
(in the Critical.alt file) with the macros resolving to the appropriate
solaris command paths, as in Listing 2, for example.
Listing 2: IdleUserSession (target version)
IdleUserSession
init
status active
level critical
task "Terminate idle user sessions."
input proc "/usr/bin/w | /usr/bin/nawk '/[1-9]day/ \
{gsub("\\/","\\\\/"); print $1 " " $2}'"
dat $user 1
dat $tty 2
rule
exec wait "/usr/bin/kill `/usr/bin/ps -ef | \
/usr/bin/nawk '/$user.+$tty/ {print \$2}'`"
Note how macro substitutions have inserted the appropriate paths for the w, nawk, ps, and kill commands. If this were for one of the other supported operating systems, different paths would be inserted.
You no longer have to concern yourself with specifying the correct path for this or that command in your scripts, either by maintaining separate script versions or by inserting per-OS case statements into your code. Simply define the path once and for all in the macros.cfg file, then use the =nawk macro (for example) ever after in all of your scripts (including scripts written in other languages, such as Perl, AWK, etc.). PIKT will automatically substitute the correct version for you.
Input data results from the command "=w", i.e., "/usr/bin/w". Here is a sample input line:
bach pts/4 29Jun98 3days 3:25 2 zsh
We pass this input along to nawk with the instructions: match lines showing idle time in days; transform, for example, "pts/4" into "pts\/4"; output just the first and second fields.
Pikt maps the nawk output "bach pts\/4", setting $user to the first field and $tty to the second.
This alarm has but one rule: We exec a kill command to terminate the idle session in question. (The exec is automatically logged for auditing and debugging purposes.)
You could, if you want, add rules to kill root sessions only, or to
kill after midnight and on weekends, or if certain other conditions are
met. Instead of killing, you could send e-mail alerts to the system
administrators, who could then decide if manual session kills are required.
 prev page | 1st page | next page  |
