ESP(5) ESP(5)
esp - Embedded Support Partner
esp is an infrastructure that is integrated into the operating system for
the purposes of support. This infrastructure contains various components
that perform the following:
Capture and store system level events [Toc] [Back]
Capture and store system configuration
Capture and store system availability information
Provide Electronic Logbook for Activities performed
Provide features of proactive notification
Generate various reports for supportability
Log call to ESP Database at
The Embedded Support Partner consists of a set of daemons that perform
various monitoring activities. These include an event monitoring and
management daemon(eventmond) and database daemon(espdbd). By default, esp
start at boot time on the system unless it's chkconfig(1M) off. The
Embedded Support Partner can be pre-programmed for event monitoring and
provides flexible throttling features for the events. Actions can also
be programmed for each event.
Event sources include kernel, performance monitoring tools, availability
tools, configuration monitoring tools and user applications. Events are
categorized into classes and types. A class can have many types. Example
of a class could be SCSI and the various types under this class could be
SCSI hard error, SCSI Bus reset, etc. The event types are uniquely
sequenced with pre-assigned numbers. The events propagate to the Embedded
Support Partner through syslogd and captured by the eventmond. The
message string contains the unique sequence number with a special tag
which eventmond identifies. The tag and sequence number also show up in
SYSLOG. An example of the message in SYSLOG is:
May 24 23:16:34 6D:starwars esphttpd[5722]: |$(0x200120)started
User defined events can be added using the Embedded Support Partner user
interface. The sequence numbers are automatically generated. User
applications can log user defined events into the Embedded Support
Partner framework by two mechanisms. Applications can include the
EventMonAPI(3X) calls within or could use the command line driven
application esplogger(1M). Both methods would need to use the unique
sequence number generated by the Embedded Support Partner user interface.
The Embedded Support Partner also provides the facility of an electronic
log book for logging various activities performed on the system. The
capability of a logbook has been provided through the graphical user
interface. Entries upto 4K can be made using the logbook capability. A
set of reports are available to view the logbook entries between any
given dates. The logbook entries are also cross referenced by the event
reports on a date basis. This allows to check if any log entries are made
Page 1
ESP(5) ESP(5)
against events.
Each event can have associated actions that can be proactively triggered
by the Embedded Support Partner in reaction to an event. Actions can be
pre-programmed and assigned to events. Examples of actions include:
Graphical posts onto the console, email, chatty paging and numeric
paging. Most of the notification features are incorporated using
espnotify(1) utility. Numeric paging needs the use of modems and uses
QuickPage(1M) software. The option of numeric paging must be
chkconfig(1M) on for use.
The Embedded Support Partner also provides the facility to manage
multiple systems in a group environment. Under this environment, one of
the systems can be designated as the Group Manager. The Group Manager can
then subscribe to various events from the member systems. The member
systems forward the occurrance and associated data of the subscribed
events to the Group Manager for which proactive actions can be set to be
taken. Certain class of events have to be subscribed in full. Examples of
this are Availability, Configuration, etc. The Group Manager also
provides the capability to monitor various services on the member
systems. These include: icmp, rpcbind, dns, smtp, nntp, etc. The services
can be configured using the Embedded Support Partner user interface and
requires that pcp_eoe subsystem be installed. The Group Manager
capabilities are licensed.
The Embedded Support Partner supports a html browser based interface and
for non-graphics systems, a command-line interface called espconfig(1).
The browser interface supports both single systems and multiple systems
(Group Management) environment. At the time of logging in, one must
choose the type from the user interface. The interfaces runs from a http
based server that is started by inetd on connection only. Access to the
esphttpd server is driven by IP address filtering. If the address is not
found in the list of valid IP address configured by the ESP
administrator, the access is denied. Also, if the IP address do not
resolve back to a hostname, access is also denied unless
'ReverseDNSLookup: off's set in /etc/esphttpd.conf configuration file.
Note: If your web browser uses a proxy-server, you must add IP address of
this proxy-server to the "Allow Access" list, because the connection in
this case will be indirect.
The Embedded Support Partner supports a variety of reports. These
include: hardware and software reports, event reports, actions reports
and availability reports. A printable view icon is provided against all
the reports. Clicking the icon will generate a plain text output to the
browser. The browser print capability can be used to print to paper. All
reports are formatted to fit in 80 columns. The same command-line
functionality is offered in espreport(1).
The Embedded Support Partner user interface, by default, is accessible by
localhost only. The user interface can be started by the
launchESPartner(1) or by clicking the icon for Embedded Support Partner
in the icon catalog under the support tools page. The Embedded Support
Page 2
ESP(5) ESP(5)
Partner could then be customized according to the needs at the site. An
online help facility is also provided for reference.
The Embedded Support Partner may also send ESP events to a centralized
database at SGI. An application (espcall) has been introduced that gets
automatically triggered against events if ESP has been configured to send
data back to SGI. The application supports both text and
compressed,encrypted, encoded formats. The format is also selectable both
in the UI and command line applications. Information transmitted back to
SGI depends on the type of event. Information includes customer contact
information, event information, hardware and software installed, crash
analysis and syslog information. The analysis report and syslog messages
are sent only if the system panic'd. Information is mailed out to
esp@sgi.com. Optional mail addresses can be entered to receive copies of
what is mailed to esp@sgi.com .
SECURITY Considerations [Toc] [Back] In order to reduce potential security breaches that ESP may cause, SGI
asked RSA Security, Inc. to perform an evaluation of ESP. Pursuant to the
evaluation, SGI implemented a wide range of recommendations from RSA
Security, including:
o Validating user permissions of process for proactive actions and
disabling actions by root
o Implementing reverse DNS lookup for both the Web server and ESP SGM
o HMAC/MD5 digital signature of all data transfers to the ESP SGM
o Disabling of login attempts with time-out periods
o Implementing a CLI for all ESP configuration/reports, disabling the use
of the ESP Web server
o Restricting all ESP database transactions locally
NOTE:If there are security issues, please contact your customer support
representative or send Email to security-alert@sgi.com.
o If esp is chkconfig off while it's running, eventmond will still log
events in the database and action scripts will still be executed.
However, espconfig(1) and esphttpd won't perform any action. To ensure
that esp is off, please execute '/etc/init.d/esp stop' or reboot the
system.
o To restart esp , execute '/etc/init.d/esp start'.
o If new hardware and/or new software is introduced while the system is
running, esp will recognized new, updated or deleted items by executing
'/usr/sbin/configmon -u'.
Page 3
ESP(5) ESP(5)
o Changes to /etc/eshttpd.conf configuration file require a 'killall
esphttpd'.
o If your web browser uses a proxy-server, you must add IP address of
this proxy-server to the "Allow Access" list, because the connection in
this case will be indirect.
o Not the entire list of feature of availmon(5) are configurable in ESP.
In particular, autoemail, autoemail.list features need to be configured
using amconfig(1M) command-line interface.
amconfig(1M), pcp(1), chkconfig(1M), configmon(1M), espnotify(1M),
esplogger(1M), esparchive(1M), launchESPartner(1), espconfig(1M),
espreport(1M), QuickPage(1M), eventmond(1M), EventMonAPI(3X), availmon(5)
SGI Embedded Support Partner User Guide
PPPPaaaaggggeeee 4444 [ Back ]
|