Hello Scott,
issforum-bounces@iss.net schrieb am 22.08.2006 23:08:43:
Anyone out there using component rules in Site Protector? The process to
get alerts on the status change of a component seems simple but I am
having no luck getting component rules to trigger.
Are you using user defined response objects?
If yes: does the command contain a whitespace character?
I haven't been using component rules so far (in fact I didn't know they
exist)
but I was looking for something to monitor the status of our sensors.
We're using "Event rules", though and noticed a lack of debugging
mechanisms.
There was one major catch we discovered when using user defined response
objects:
The command is not being executed if it contains a whitespace character.
I was going to process the output with a bash shell script (using cygwin);
calling
c:\cygwin\bin\bash.exe <path-to-shell-script>
did therefore not work.
Our work-around was to write a batch file wrapper:
$ cat ../bin/foo.bat
@c:\cygwin\bin\bash.exe /usr/local/bin/foo.sh %*
and call that instead. This works fine.
As mentioned above: I am not aware of any debugging information when trying
to
find out /whether/ the command has been executed or /why not/.
On top of that: there is no error message (or bubble help) when entering
and saving
a command string containing a whitespace. There is no indication /what/ you
did
wrong. The only thing you realize: I doesn't work.
I just did a quick test with a component rule (with a user defined response
object)
and it works for me.
Regards, K.
Klaus J. Müller
Systemadministrator / System administrator
ITS2 Competence Center Sicherheit und Internettechnologien
entory AG
PIKS Porsche-Information-Kommunikation-Services GmbH
Porschestrasse - 71287 Weissach
Tel.: +49 (0)711/911-83715 Fax: +49 (0)711/911-83188
Email: klaus.j.mueller@porsche.de
Sitz Stuttgart Reg. Gericht: Amtsgericht Stuttgart, HRB Nr. 16173
Geschaeftsfuehrer: Dipl. Kffr. Heike K. Burst / Dipl. Ing. Dettmar Leu
Beiratsvorsitzender: Holger P. Haerter
Diese Email und eventuelle Anlagen hierzu sind allein fuer den bezeichneten
Adressaten bestimmt. Sie koennen vertrauliche oder anderweitig rechtlich
geschuetzte Informationen enthalten. Wenn Sie diese Email irrtuemlich
erhalten haben, informieren Sie bitte unverzueglich den Absender
telefonisch oder per Email und loeschen Sie diese Email von Ihrem
Computersystem, ohne hiervon Kopien anzufertigen, und ohne sie anderweitig
Dritten zugaenglich zu machen oder zu verwerten. Vielen Dank!
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone or email the sender and delete this message and any
attachment from your system. If you are not the intended recipient you must
not copy this message or attachment or exploit or disclose the contents to
any other person. Thank you!
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
