scc-rules(1)



NAME


	scc-rules - check rules for snapshots and log files

RELEASE


	scc-srv	1.7.5

SYNOPSIS


	scc-rules [ -d <scc_web_path> ] [ -f <rule> ] [ -h <host> ] <realm>

DESCRIPTION


	This program reads file custom/scc-rules.conf or <rule> for 
	realm <realm> and performs all the checks in this file.

	Possible checks are:
	- check max. age of snapshots
	- signal changes in log files
	- check systems for identical parts of the snapshots
	- check snapshots for certain patterns
	Refer to the EXAMPLES for a full list of the keywords.

	All output of the checks is stored in the files scc-rules.data.
	The format of this file is: <keyword> <system> <message>. 
	Lines starting with "#" contain the original lines of the rules.conf.
	The data can have an additional destination, which can be altered by 
	editing the scc-rules.conf. Uncomment and change the value of the 
	keywords: SIGNAL_PROG and SIGNAL_DEST.

	When you change the configuration file, it will be used after new
	scc-data has arrived for the realm. When a realm does not receive new
	scc-data, scc-update does not run any command for the realm.
	Force immediate update by using: scc-update -f

	Note that this program can take quite some time. It can take up to
	40% of the time scc-update. When you are not interested in the data,
	you better remove the configuration file. 

OPTIONS


	-d <scc_web_path>       Path for SCC-data under DocumentRoot,
	                        Default is: "", meaning SCC-data resides
	                        in the document-root of the web server.
	-f <conf>               Use non-default rule file.
	-h <host>               Format html, stdin contains rules.data 
	                        for system <host>

ARGUMENTS


	<realm>   The sub-directory with collected snapshots, where the
	          summaries are produced.

DIAGNOSTICS


	This program writes the following messages to stderr:

	Syntax error, use: scc-rules [ -d <scc_web_path> ] [ -f <rule>]
		[ -h <host> ] <realm>
	A syntax error has been detected.

	scc-rules: Syntax error, missing argument for option: <option>
	The argument for <option> is missing.

	scc-rules: unknown check: <check>
	An unknown check was used in the scc-rules.conf.

	scc-rules: reducing limit for max age of snapshots from <max_age> to 28
	The limit for the max age of a snapshot for the rules.conf is 28 days.

EXTERNAL INFLUENCES


	This program should be called after scc-transfer has put new scc-data
	in a realm and before scc-summary.

EXAMPLES


	Use the following contents for the scc-rules.conf:

	- CheckSnapAge:all_systems:14
	check all systems and report snapshots older than 14 days
	- CheckSnapAge:c01,c02:7
	check systems c01 and c02 and report snapshots older than 7 days

	- CheckLogEntries:all_systems:
	check all systems and report systems with changes in last run
	- CheckLogEntries:c01,c02:
	check systems c01 and c02 to report systems with changes in last run
	- CheckLogEntries:all_systems:fix:kernel:
	check all systems and report changes of last run in kernel config
	- CheckLogEntries:all_systems:kernel.cfg
	check all systems and report changes of last run matching expressions
	in file <realm>/custom/kernel.cfg

	- CheckSnapData:all_systems:fix:messages::
	check snapshots of all systems for messages
	- CheckSnapData:c01,c02:fix:messages::
	check snapshots of systems c01 and c02 for messages

	- CompareSnapData:c01,c02,c03:<class_file>
	extract data according to <class_file> for systems c01, c02 and c03
	and compare resulting data from c02 and c03 with resulting data from 
	c01. For a single classification, replace <class_file> with the literal
	text of the classification
	- CompareSnapData:c03:<class_file>
	extract data according to <class_file> for all systems in a realm
	and compare resulting data with data resulting from c03
	- CompareSnapData:all_systems:<class_file>
	extract data according to <class_file> for all systems in a realm
	and compare resulting data with data resulting from first, alphabetical
	system
	Note: use this option with care as it might take quite some time.

COPYRIGHT


	scc-rules is free software under the terms of the GNU General Public 
	License. Copyright (C) 2001-2004 Open Challenge B.V.,
	2004-2005 OpenEyeT Professional Services, 2005-2009 QNH.

FILES


	/var/opt/scc-srv/tmp - directory for temporary files
	<realm> - directory for snapshots and log files
		scc.<hostname>.cur - snapshots
		scc.<hostname>.log - logbooks
		scc-rules.data - output from scc-rules
		scc-rules-index.html - HTML version of scc-rules.data
	<realm>/custom/scc-rules.conf - default rules for realm <realm>

SEE ALSO


	scc-baseline(1), scc-pull(1), scc-realm(1), scc-receive-mail(1),
	scc-rules(1), scc-smt(1), scc-summary(1), scc-syscmp(1), 
	scc-transfer(1), scc-update(1), scc-wrapper.cgi(1), scc.cgi(1),
	scc-srv(5)

VERSION


	$Revision: 1.57 $