Available Software - Gottfried Rudorfer's HomepageOffizielle Gottfried Rudorfer's Homepagehttps://rudorfer.homedns.org/informatics/available-software2024-03-28T19:50:14+00:00Gottfried Rudorfer's Homepagegottfried@rudorfer.homedns.orgJoomla! - Open Source Content ManagementMini Service Checker and IP Helper2010-09-16T18:04:42+00:002010-09-16T18:04:42+00:00https://rudorfer.homedns.org/informatics/available-software/61-mini-service-checker-and-ip-helperGottfried Rudorfergottfried@rudorfer.homedns.org<p> </p>
<table border="0">
<tbody>
<tr><th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff;">Mini Service Checker and IP Helper Tool for Windows 2000 / XP / 2003</span></div>
</th></tr>
<tr>
<td>Mini Service Checker and IP Helper implements a Windows-service that acts on network changes i.e. due to unplugging the network cable, establishing a modem connection or when a VPN connection is set up. It will allow to run your script which i.e. may check if a file or install-server is available.
<p>The base setup is done with registry-entries.</p>
<p>Windows Registry Editor Version 5.00</p>
<blockquote>
<p>[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\MSrvChk]<br /> "LogDir"="c:\\msrvchk"<br /> "Command1"="C:\\Winnt\\system32\\cmd.exe"<br /> "Command2"=""<br /> "Command3"=""<br /> "Argument1"="cmd /c c:\\msrvchk\\HelloWorld.bat"<br /> "Argument2"=""<br /> "Argument3"=""<br /> "ActionDelay"=dword:00000005<br /> </p>
</blockquote>
<p>HelloWorld.bat</p>
<blockquote>
<p>echo on<br /> echo Test >>C:\msrvchk\HelloWorld.txt</p>
</blockquote>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff;"><strong>Availability</strong></span></td>
</tr>
<tr>
<td>
<p>The tool is available on request from <a href="mailto:gottfried@rudorfer.homedns.org?subject=Mini%20Service%20Checker">gottfried@rudorfer.homedns.org</a> .</p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table><p> </p>
<table border="0">
<tbody>
<tr><th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff;">Mini Service Checker and IP Helper Tool for Windows 2000 / XP / 2003</span></div>
</th></tr>
<tr>
<td>Mini Service Checker and IP Helper implements a Windows-service that acts on network changes i.e. due to unplugging the network cable, establishing a modem connection or when a VPN connection is set up. It will allow to run your script which i.e. may check if a file or install-server is available.
<p>The base setup is done with registry-entries.</p>
<p>Windows Registry Editor Version 5.00</p>
<blockquote>
<p>[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\MSrvChk]<br /> "LogDir"="c:\\msrvchk"<br /> "Command1"="C:\\Winnt\\system32\\cmd.exe"<br /> "Command2"=""<br /> "Command3"=""<br /> "Argument1"="cmd /c c:\\msrvchk\\HelloWorld.bat"<br /> "Argument2"=""<br /> "Argument3"=""<br /> "ActionDelay"=dword:00000005<br /> </p>
</blockquote>
<p>HelloWorld.bat</p>
<blockquote>
<p>echo on<br /> echo Test >>C:\msrvchk\HelloWorld.txt</p>
</blockquote>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff;"><strong>Availability</strong></span></td>
</tr>
<tr>
<td>
<p>The tool is available on request from <a href="mailto:gottfried@rudorfer.homedns.org?subject=Mini%20Service%20Checker">gottfried@rudorfer.homedns.org</a> .</p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table>ITIL v2 Glossary2010-09-16T18:00:05+00:002010-09-16T18:00:05+00:00https://rudorfer.homedns.org/informatics/available-software/60-itil-v2-glossaryGottfried Rudorfergottfried@rudorfer.homedns.org<p> </p>
<ul>
<table border="0">
<tbody>
<tr>
<th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff;">ITIL Glossar 1.0</span></div>
</th>
</tr>
<tr>
<td>
<p>ITIL v2 Glossar mit ca. 120 Akronymen und Begriffen im ITIL Umfeld.</p>
<p>Features: Begriffsuche</p>
<p>Vorraussetzungen: Java-fähiger PDA oder Smartphone.</p>
</td>
</tr>
<tr>
<td><a href="http://rudorfer.homedns.org/itil/glossary.jad">Install</a></td>
</tr>
<tr>
<td>Dokumentation (TODO)</td>
</tr>
</tbody>
</table>
<p> </p>
</ul><p> </p>
<ul>
<table border="0">
<tbody>
<tr>
<th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff;">ITIL Glossar 1.0</span></div>
</th>
</tr>
<tr>
<td>
<p>ITIL v2 Glossar mit ca. 120 Akronymen und Begriffen im ITIL Umfeld.</p>
<p>Features: Begriffsuche</p>
<p>Vorraussetzungen: Java-fähiger PDA oder Smartphone.</p>
</td>
</tr>
<tr>
<td><a href="http://rudorfer.homedns.org/itil/glossary.jad">Install</a></td>
</tr>
<tr>
<td>Dokumentation (TODO)</td>
</tr>
</tbody>
</table>
<p> </p>
</ul>Hide setup on the computer desktop2010-09-16T17:54:17+00:002010-09-16T17:54:17+00:00https://rudorfer.homedns.org/informatics/available-software/59-hide-setup-on-the-computer-desktopGottfried Rudorfergottfried@rudorfer.homedns.org<p> </p>
<table border="0">
<tbody>
<tr><th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff;">Hide setup on the computer desktop i.e. for Unicenter Software Delivery</span></div>
</th></tr>
<tr>
<td>
<p>Please note that all documents were submitted with the following copyright notice:</p>
<p>;# Copyright (C) 2005 by Gottfried Rudorfer<br /> ;#<br /> ;# 3422 Greifenstein, Austria<br /> ;# <a href="mailto:gottfried@rudorfer.homedns.org?subject=Hide%20setup%20on%20the%20computer%20desktop">gottfried@rudorfer.homedns.org</a><br /> ;# <a href="http://rudorfer.homedns.org/hide/"> http://rudorfer.homedns.org/hide/</a> <br /> ;#<br /> ;# Permission to use, copy, modify, and distribute this software and its<br /> ;# documentation for any purpose and without fee is hereby granted, provided<br /> ;# that the above copyright notice appears in all copies and that both that<br /> ;# copyright notice and this permission notice appear in all supporting<br /> ;# documentation. This software is provided "as is" without expressed or<br /> ;# implied warranty.<br /> ;#<br /> ;# Author: Gottfried Rudorfer</p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff;"><strong>Abstract</strong></span></td>
</tr>
<tr>
<td>Hide.exe runs the given command completely hidden from the user desktop. It allows for non-silent software installations without disturbing the logged in user.
<p>Example: hide -command ie6setup.exe When using with USD or SDO use the parameter $#bg together with hide.exe. In the current version -show does not work.</p>
<p>For further details contact the Author Gottfried Rudorfer, <a href="mailto:office@rudorfer.co.at?subject=Mib-2%20Toggle%20Management%20for%20Unicenter%20NSM">office@rudorfer.co.at</a> . <br /> <br /> Download the software <a href="http://rudorfer.homedns.org/hide/hide.zip">hide.zip</a>.</p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table><p> </p>
<table border="0">
<tbody>
<tr><th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff;">Hide setup on the computer desktop i.e. for Unicenter Software Delivery</span></div>
</th></tr>
<tr>
<td>
<p>Please note that all documents were submitted with the following copyright notice:</p>
<p>;# Copyright (C) 2005 by Gottfried Rudorfer<br /> ;#<br /> ;# 3422 Greifenstein, Austria<br /> ;# <a href="mailto:gottfried@rudorfer.homedns.org?subject=Hide%20setup%20on%20the%20computer%20desktop">gottfried@rudorfer.homedns.org</a><br /> ;# <a href="http://rudorfer.homedns.org/hide/"> http://rudorfer.homedns.org/hide/</a> <br /> ;#<br /> ;# Permission to use, copy, modify, and distribute this software and its<br /> ;# documentation for any purpose and without fee is hereby granted, provided<br /> ;# that the above copyright notice appears in all copies and that both that<br /> ;# copyright notice and this permission notice appear in all supporting<br /> ;# documentation. This software is provided "as is" without expressed or<br /> ;# implied warranty.<br /> ;#<br /> ;# Author: Gottfried Rudorfer</p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff;"><strong>Abstract</strong></span></td>
</tr>
<tr>
<td>Hide.exe runs the given command completely hidden from the user desktop. It allows for non-silent software installations without disturbing the logged in user.
<p>Example: hide -command ie6setup.exe When using with USD or SDO use the parameter $#bg together with hide.exe. In the current version -show does not work.</p>
<p>For further details contact the Author Gottfried Rudorfer, <a href="mailto:office@rudorfer.co.at?subject=Mib-2%20Toggle%20Management%20for%20Unicenter%20NSM">office@rudorfer.co.at</a> . <br /> <br /> Download the software <a href="http://rudorfer.homedns.org/hide/hide.zip">hide.zip</a>.</p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table>Generate HTML Index - GenHTML2010-09-16T17:46:56+00:002010-09-16T17:46:56+00:00https://rudorfer.homedns.org/informatics/available-software/58-generate-html-index-genhtmlGottfried Rudorfergottfried@rudorfer.homedns.org<p><big>Download the current version of genhtml here: <a href="http://rudorfer.homedns.org/genhtml/genhtml-current.zip">genhtml-current.zip</a> .<br /> Check for a new version of GenHTML on <a href="http://rudorfer.homedns.org/genhtml/">rudorfer.homedns.org</a></big><big> . </big></p>
<p><big>Please read the attached </big><a href="http://rudorfer.homedns.org/genhtml/Copyright.txt">Copyright</a> <big>to check the permission to use this software.</big></p>
<table>
<tbody>
<tr>
<td>
<h1>genhtml-0001.jpg</h1>
</td>
</tr>
</tbody>
</table>
<p>This document describes a very fast technique to generate installation and customization documentation in projects with customers. Customers are often positivly impressed by a good and detailed documentation. Documentation is one of the key points for the success of a project.</p>
<p>This approach is very fast because<br /> - We use a state of the art screen-shot utility to make pictures of current activities.<br /> - We generate for each activity i.e. Windows NT Network card installation an unique screenshot directory.<br /> - We use genhtml.exe to generate the index.htm for this documentation.<br /> - We use a WEB-Server to publish the documentation in the intranet of the customer and in the intranet of our consulting company.</p>
<p>This documentation was generated with genhtml.exe in just a few minutes!</p>
<h2>First I'd like to start with the configuration of the screen-shot utility to allow fast documentation.</h2>
<table>
<tbody>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0001.jpg" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0002.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0002.jpg" height="315" width="420" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0003.jpg</h1>
<h2>Configure which parts of the window should be captured.</h2>
<p>Active Window and Include Cursor is very often used in our documentation. Select Window for input if you only need some parts of a window to be captured.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0003.jpg" height="315" width="420" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0004.jpg</h1>
<p>Configure output to be sent to a graphics file.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0004.jpg" height="315" width="420" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0005.jpg</h1>
<p>Use JPG or GIF file format. Select a new directory for the screenshots. Use automatic file name generation.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0005.jpg" height="365" width="461" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0006.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0006.jpg" height="331" width="374" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0007.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0007.jpg" height="331" width="374" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0008.jpg</h1>
<p>Install genhtml.exe to your favorite directory i.e. D:\ca_store\bin\genhtml.exe .</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0008.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0009.jpg</h1>
<p>Add genhtml.exe to the context menue of file folders (see genhtml-0009.jpg - genhtml-0012.jpg).</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0009.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0010.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0010.jpg" height="439" width="367" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0011.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0011.jpg" height="410" width="347" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0012.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0012.jpg" height="164" width="347" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0013.jpg</h1>
<p>In explorer go to your documentation and call genhtml.exe on the folder that contains the screenshots.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0013.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0014.jpg</h1>
<p>Open the created index.htm with Internet Explorer or with Netscape.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0014.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0015.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0015.jpg" height="720" width="684" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0016.jpg</h1>
<p>Genhtml.exe supports image files with the following extensions (see genhtml -help):<br /> JPG PDF GIF JPEG<br /> Files with this extension are automatically added to index.htm .</p>
<p>Files with the same name as the image and one of the extensions htm txt (see genhtml -help) will be opened and the contents of these files will be added to index.htm.</p>
<p>This allows you to add comments to images. A WEB index server can be used to add the text-files to make the documentation searchable!</p>
<p>On the opposite you may enter the text into an editor and screen-shot this if you have to be very fast in documentation. But this approach has the disadvantage that an indexing server might not find any keywords.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0016.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0017.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0017.jpg" height="331" width="668" /></td>
</tr>
</tbody>
</table>
<hr />
<h6>This index was generated by <a href="http://rudorfer.homedns.org/genhtml/">GenHTML.</a></h6><p><big>Download the current version of genhtml here: <a href="http://rudorfer.homedns.org/genhtml/genhtml-current.zip">genhtml-current.zip</a> .<br /> Check for a new version of GenHTML on <a href="http://rudorfer.homedns.org/genhtml/">rudorfer.homedns.org</a></big><big> . </big></p>
<p><big>Please read the attached </big><a href="http://rudorfer.homedns.org/genhtml/Copyright.txt">Copyright</a> <big>to check the permission to use this software.</big></p>
<table>
<tbody>
<tr>
<td>
<h1>genhtml-0001.jpg</h1>
</td>
</tr>
</tbody>
</table>
<p>This document describes a very fast technique to generate installation and customization documentation in projects with customers. Customers are often positivly impressed by a good and detailed documentation. Documentation is one of the key points for the success of a project.</p>
<p>This approach is very fast because<br /> - We use a state of the art screen-shot utility to make pictures of current activities.<br /> - We generate for each activity i.e. Windows NT Network card installation an unique screenshot directory.<br /> - We use genhtml.exe to generate the index.htm for this documentation.<br /> - We use a WEB-Server to publish the documentation in the intranet of the customer and in the intranet of our consulting company.</p>
<p>This documentation was generated with genhtml.exe in just a few minutes!</p>
<h2>First I'd like to start with the configuration of the screen-shot utility to allow fast documentation.</h2>
<table>
<tbody>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0001.jpg" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0002.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0002.jpg" height="315" width="420" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0003.jpg</h1>
<h2>Configure which parts of the window should be captured.</h2>
<p>Active Window and Include Cursor is very often used in our documentation. Select Window for input if you only need some parts of a window to be captured.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0003.jpg" height="315" width="420" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0004.jpg</h1>
<p>Configure output to be sent to a graphics file.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0004.jpg" height="315" width="420" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0005.jpg</h1>
<p>Use JPG or GIF file format. Select a new directory for the screenshots. Use automatic file name generation.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0005.jpg" height="365" width="461" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0006.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0006.jpg" height="331" width="374" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0007.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0007.jpg" height="331" width="374" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0008.jpg</h1>
<p>Install genhtml.exe to your favorite directory i.e. D:\ca_store\bin\genhtml.exe .</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0008.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0009.jpg</h1>
<p>Add genhtml.exe to the context menue of file folders (see genhtml-0009.jpg - genhtml-0012.jpg).</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0009.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0010.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0010.jpg" height="439" width="367" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0011.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0011.jpg" height="410" width="347" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0012.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0012.jpg" height="164" width="347" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0013.jpg</h1>
<p>In explorer go to your documentation and call genhtml.exe on the folder that contains the screenshots.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0013.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0014.jpg</h1>
<p>Open the created index.htm with Internet Explorer or with Netscape.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0014.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0015.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0015.jpg" height="720" width="684" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0016.jpg</h1>
<p>Genhtml.exe supports image files with the following extensions (see genhtml -help):<br /> JPG PDF GIF JPEG<br /> Files with this extension are automatically added to index.htm .</p>
<p>Files with the same name as the image and one of the extensions htm txt (see genhtml -help) will be opened and the contents of these files will be added to index.htm.</p>
<p>This allows you to add comments to images. A WEB index server can be used to add the text-files to make the documentation searchable!</p>
<p>On the opposite you may enter the text into an editor and screen-shot this if you have to be very fast in documentation. But this approach has the disadvantage that an indexing server might not find any keywords.</p>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0016.jpg" height="558" width="768" /></td>
</tr>
<tr>
<td>
<h1>genhtml-0017.jpg</h1>
</td>
</tr>
<tr>
<td><img src="http://rudorfer.homedns.org/genhtml/genhtml-0017.jpg" height="331" width="668" /></td>
</tr>
</tbody>
</table>
<hr />
<h6>This index was generated by <a href="http://rudorfer.homedns.org/genhtml/">GenHTML.</a></h6>Example rules for eTrust Audit2010-09-14T15:46:03+00:002010-09-14T15:46:03+00:00https://rudorfer.homedns.org/informatics/available-software/56-example-rules-for-etrust-auditGottfried Rudorfergottfried@rudorfer.homedns.org<p> </p>
<table border="0">
<tbody>
<tr><th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff; font-size: 10pt;">Knowledge articles of Gottfried Rudorfer about eTrust Audit ™</span></div>
</th></tr>
<tr>
<td>
<p><span style="font-size: 10pt;">Please note that all documents were submitted with a copyright notice. Please contact me at <a href="mailto:gottfried@rudorfer.homedns.org?subject=eTrust%20Audit%20Rule">gottfried@rudorfer.homedns.org</a> if you need more information or assistance.</span><br /> </p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff; font-size: 10pt;"><strong>Rule for the correlation of eTrust Antivirus Alert Messages</strong></span></td>
</tr>
<tr>
<td><span style="font-size: 10pt;">Log the message with critical severity when the same virus occurs on more than one computer within a given period of time. </span>
<p><span style="font-size: 10pt;">Message for testing purposes:</span></p>
<div class="O">
<div><span style="font-size: 10pt;">eTSAPISend.exe "AuditRouter" "ATR10412" "Category" "Host Security" "Date" "12/19/2005 16:05:16" "DetectionMethod" "Signature" "Engine" "InoculateIT" "InfectedFile" "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W1A70HER\EICAR[1].COM" "InfectedObject" "" "InfectionStatus" "Cure failed, file renamed." "InfectionType" "Virus" "iSponsorName" "eTrustAV" <strong>"Location" "\\WORKGROUP\ATVISCVM03"</strong> "Log" "eTrust Antivirus" "OS" "MS WinNT5.2 (Server)" "Recorder" "eTrustAV" "RecorderHost" "\\WORKGROUP\ATVISCVM03" "Severity" "2" "Src" "Realtime" "Status" "S" "Taxonomy" "Host Security.AntiVirus.Rename.F.C" "TimeZone" "0" "User" "ATVISCVM03\Administrator" "Version" "8.0.4.040921" <strong>"VirusName" "EICAR_test_file" </strong></span></div>
<div> </div>
</div>
</td>
</tr>
<tr>
<td>
<p><span style="font-size: 10pt;">;# <a href="mailto:rudorfer@a1.net?subject=eTrust%20Audit%20Rule">rudorfer@a1.net</a></span></p>
<p><span style="font-size: 10pt;"></span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff; font-size: 10pt;"><strong>Rule for the correlation of HTTP login attempts recorded by the syslog daemon </strong></span></td>
</tr>
<tr>
<td>
<p><span style="font-size: 10pt;">;# <a href="mailto:rudorfer@a1.net?subject=eTrust%20Audit%20Rule">rudorfer@a1.net</a></span><br /><span style="font-size: 10pt;">;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> ;</span><br /><span style="font-size: 10pt;"> ; For this to work correctly the following SYSLOG.MP-settings before the definition of GENERAL_NO_SRC are necessary:</span><br /><span style="font-size: 10pt;"> ; </span><br /><span style="font-size: 10pt;"> ;; Nov 02 11:33:32 server httpd: PAM_httpd: authentication failure; root(uid=65534) -> admin for httpd service</span><br /><span style="font-size: 10pt;"> ; HTTP_FAILURE_PAM</span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; Name = HTTP_FAILURE_PAM</span><br /><span style="font-size: 10pt;"> ; KeyVal = GENERAL%%httpd</span><br /><span style="font-size: 10pt;"> ; Type = RECORD</span><br /><span style="font-size: 10pt;"> ; Regex = PAM_httpd\: authentication failure\; <Process> -> <User> for httpd service</span><br /><span style="font-size: 10pt;"> ; Key = HTTP_FAILURE_PAM</span><br /><span style="font-size: 10pt;"> ; ReplaceSpace = TRUE</span><br /><span style="font-size: 10pt;"> ; Process </span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; format = .*</span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ; AddToken1 = Info:PAM_httpd: authentication failure\; <Process> -> <User> for httpd service</span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ;</span><br /><span style="font-size: 10pt;"> ;; Nov 02 11:33:32 server httpd: HTTP login from 192.168.0.1 as admin</span><br /><span style="font-size: 10pt;"> ; HTTP_OK_PAM</span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; Name = HTTP_OK_PAM</span><br /><span style="font-size: 10pt;"> ; KeyVal = GENERAL%%httpd</span><br /><span style="font-size: 10pt;"> ; Type = RECORD</span><br /><span style="font-size: 10pt;"> ; Regex = HTTP login from <From> as <User></span><br /><span style="font-size: 10pt;"> ; Key = HTTP_OK_PAM</span><br /><span style="font-size: 10pt;"> ; ReplaceSpace = TRUE</span><br /><span style="font-size: 10pt;"> ; From</span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; format = [a-zA-Z0-9_\.\-]*</span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ; AddToken1 = Info:HTTP login from <From> as <User></span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ;</span><br /> <br /><span style="font-size: 10pt;"> Rule RuleFailed</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDHTTPFailedLogin_%Location%_%User% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "httpd: authentication failure"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDHTTPFailedLogin_%Location%_%User%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% ExpireIn(6) Notify(1)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% SummaryInfo ("Failure")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% RI_Severity (2)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% Severity (2)</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleRetry</span><br /> <br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDHTTPFailedLogin_%Location%_%User% Not exists</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> SummaryInfo Not ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "HTTP login from"</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDHTTPFailedLogin_%Location%_%User% </span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% SummaryInfo ("Retry")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% RI_Severity (1)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% Severity (1)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDHTTPFailedLogin_%Location%_%User%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleLogonOK</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDHTTPFailedLogin_%Location%_%User% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Retry"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> Info Not ~ "HTTP login from"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDHTTPFailedLogin_%Location%_%User%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% SummaryInfo ("Logon ok")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% RI_Severity (26)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% Severity (0)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDHTTPFailedLogin_%Location%_%User%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule Display</span><br /> <br /><span style="font-size: 10pt;"> Include Int</span><br /><span style="font-size: 10pt;"> SummaryInfo exists </span><br /><span style="font-size: 10pt;"> Do Int Delete _$PIDHTTPFailedLogin_%Location%_%User%</span><br /><span style="font-size: 10pt;"> SCRIPT_ACTION</span><br /> <br /><span style="font-size: 10pt;"> Download the rule <a href="http://rudorfer.homedns.org/eaud/http-login.txt" target="_blank">here</a>.</span><span style="font-size: 10pt;"></span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff; font-size: 10pt;"><strong>Rule for the correlation of SSH login attempts recorded by the syslog daemon </strong></span></td>
</tr>
<tr>
<td><span style="font-size: 10pt;">;# Copyright (C) 2005 by Gottfried Rudorfer<br /> ;#<br /> ;# 3422 Greifenstein, Austria<br /> <span style="font-size: 10pt;">;# </span><a href="mailto:rudorfer@a1.net?subject=eTrust%20Audit%20Rule">rudorfer@a1.net</a><a href="mailto:office@rudorfer.co.at"></a><br /> ;# <a href="http://rudorfer.homedns.org/eaud/"> http://rudorfer.homedns.org/eaud/</a> <br /> ;#<br /> ;# Permission to use, copy, modify, and distribute this software and its<br /> ;# documentation for any purpose and without fee is hereby granted, provided<br /> ;# that the above copyright notice appears in all copies and that both that<br /> ;# copyright notice and this permission notice appear in all supporting<br /> ;# documentation. This software is provided "as is" without expressed or<br /> ;# implied warranty.<br /> ;#<br /> ;# Date: Sun, Oct 30 2005<br /> ;# Author: Gottfried Rudorfer</span><br /><span style="font-size: 10pt;"> ;# </span><br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleFailed</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDSSHFailedLogin_%Location%_%Src% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "^Failed password"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDSSHFailedLogin_%Location%_%Src%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% ExpireIn(6) Notify(1)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% SummaryInfo ("Failure")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% RI_Severity (2)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% Severity (2)</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleRetry</span><br /> <br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDSSHFailedLogin_%Location%_%Src% Not exists</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> SummaryInfo Not ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "^Accepted password"</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDSSHFailedLogin_%Location%_%Src% </span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% SummaryInfo ("Retry")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% RI_Severity (25)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% Severity (1)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDSSHFailedLogin_%Location%_%Src%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleLogonOK</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDSSHFailedLogin_%Location%_%Src% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Retry"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> Info Not ~ "^Accepted password"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDSSHFailedLogin_%Location%_%Src%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% SummaryInfo ("Logon ok")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% RI_Severity (26)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% Severity (0)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDSSHFailedLogin_%Location%_%Src%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule Display</span><br /> <br /><span style="font-size: 10pt;"> Include Int</span><br /><span style="font-size: 10pt;"> SummaryInfo exists </span><br /><span style="font-size: 10pt;"> Do Int Delete _$PIDSSHFailedLogin_%Location%_%Src%</span><br /><span style="font-size: 10pt;"> SCRIPT_ACTION</span><br />
<p><span style="font-size: 10pt;">Download the rule <a href="http://rudorfer.homedns.org/eaud/ssh-logins-rec-syslog.txt" target="_blank"> here</a>.</span><a href="http://rudorfer.homedns.org/"><br /></a></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table><p> </p>
<table border="0">
<tbody>
<tr><th scope="col" bgcolor="#000099">
<div align="left"><span style="color: #ffffff; font-size: 10pt;">Knowledge articles of Gottfried Rudorfer about eTrust Audit ™</span></div>
</th></tr>
<tr>
<td>
<p><span style="font-size: 10pt;">Please note that all documents were submitted with a copyright notice. Please contact me at <a href="mailto:gottfried@rudorfer.homedns.org?subject=eTrust%20Audit%20Rule">gottfried@rudorfer.homedns.org</a> if you need more information or assistance.</span><br /> </p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff; font-size: 10pt;"><strong>Rule for the correlation of eTrust Antivirus Alert Messages</strong></span></td>
</tr>
<tr>
<td><span style="font-size: 10pt;">Log the message with critical severity when the same virus occurs on more than one computer within a given period of time. </span>
<p><span style="font-size: 10pt;">Message for testing purposes:</span></p>
<div class="O">
<div><span style="font-size: 10pt;">eTSAPISend.exe "AuditRouter" "ATR10412" "Category" "Host Security" "Date" "12/19/2005 16:05:16" "DetectionMethod" "Signature" "Engine" "InoculateIT" "InfectedFile" "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W1A70HER\EICAR[1].COM" "InfectedObject" "" "InfectionStatus" "Cure failed, file renamed." "InfectionType" "Virus" "iSponsorName" "eTrustAV" <strong>"Location" "\\WORKGROUP\ATVISCVM03"</strong> "Log" "eTrust Antivirus" "OS" "MS WinNT5.2 (Server)" "Recorder" "eTrustAV" "RecorderHost" "\\WORKGROUP\ATVISCVM03" "Severity" "2" "Src" "Realtime" "Status" "S" "Taxonomy" "Host Security.AntiVirus.Rename.F.C" "TimeZone" "0" "User" "ATVISCVM03\Administrator" "Version" "8.0.4.040921" <strong>"VirusName" "EICAR_test_file" </strong></span></div>
<div> </div>
</div>
</td>
</tr>
<tr>
<td>
<p><span style="font-size: 10pt;">;# <a href="mailto:rudorfer@a1.net?subject=eTrust%20Audit%20Rule">rudorfer@a1.net</a></span></p>
<p><span style="font-size: 10pt;"></span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff; font-size: 10pt;"><strong>Rule for the correlation of HTTP login attempts recorded by the syslog daemon </strong></span></td>
</tr>
<tr>
<td>
<p><span style="font-size: 10pt;">;# <a href="mailto:rudorfer@a1.net?subject=eTrust%20Audit%20Rule">rudorfer@a1.net</a></span><br /><span style="font-size: 10pt;">;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> ;</span><br /><span style="font-size: 10pt;"> ; For this to work correctly the following SYSLOG.MP-settings before the definition of GENERAL_NO_SRC are necessary:</span><br /><span style="font-size: 10pt;"> ; </span><br /><span style="font-size: 10pt;"> ;; Nov 02 11:33:32 server httpd: PAM_httpd: authentication failure; root(uid=65534) -> admin for httpd service</span><br /><span style="font-size: 10pt;"> ; HTTP_FAILURE_PAM</span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; Name = HTTP_FAILURE_PAM</span><br /><span style="font-size: 10pt;"> ; KeyVal = GENERAL%%httpd</span><br /><span style="font-size: 10pt;"> ; Type = RECORD</span><br /><span style="font-size: 10pt;"> ; Regex = PAM_httpd\: authentication failure\; <Process> -> <User> for httpd service</span><br /><span style="font-size: 10pt;"> ; Key = HTTP_FAILURE_PAM</span><br /><span style="font-size: 10pt;"> ; ReplaceSpace = TRUE</span><br /><span style="font-size: 10pt;"> ; Process </span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; format = .*</span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ; AddToken1 = Info:PAM_httpd: authentication failure\; <Process> -> <User> for httpd service</span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ;</span><br /><span style="font-size: 10pt;"> ;; Nov 02 11:33:32 server httpd: HTTP login from 192.168.0.1 as admin</span><br /><span style="font-size: 10pt;"> ; HTTP_OK_PAM</span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; Name = HTTP_OK_PAM</span><br /><span style="font-size: 10pt;"> ; KeyVal = GENERAL%%httpd</span><br /><span style="font-size: 10pt;"> ; Type = RECORD</span><br /><span style="font-size: 10pt;"> ; Regex = HTTP login from <From> as <User></span><br /><span style="font-size: 10pt;"> ; Key = HTTP_OK_PAM</span><br /><span style="font-size: 10pt;"> ; ReplaceSpace = TRUE</span><br /><span style="font-size: 10pt;"> ; From</span><br /><span style="font-size: 10pt;"> ; {</span><br /><span style="font-size: 10pt;"> ; format = [a-zA-Z0-9_\.\-]*</span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ; AddToken1 = Info:HTTP login from <From> as <User></span><br /><span style="font-size: 10pt;"> ; }</span><br /><span style="font-size: 10pt;"> ;</span><br /> <br /><span style="font-size: 10pt;"> Rule RuleFailed</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDHTTPFailedLogin_%Location%_%User% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "httpd: authentication failure"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDHTTPFailedLogin_%Location%_%User%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% ExpireIn(6) Notify(1)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% SummaryInfo ("Failure")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% RI_Severity (2)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% Severity (2)</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleRetry</span><br /> <br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDHTTPFailedLogin_%Location%_%User% Not exists</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> SummaryInfo Not ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "HTTP login from"</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDHTTPFailedLogin_%Location%_%User% </span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% SummaryInfo ("Retry")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% RI_Severity (1)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% Severity (1)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDHTTPFailedLogin_%Location%_%User%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleLogonOK</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDHTTPFailedLogin_%Location%_%User% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Retry"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> Info Not ~ "HTTP login from"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDHTTPFailedLogin_%Location%_%User%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% SummaryInfo ("Logon ok")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% RI_Severity (26)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDHTTPFailedLogin_%Location%_%User% Severity (0)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDHTTPFailedLogin_%Location%_%User%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule Display</span><br /> <br /><span style="font-size: 10pt;"> Include Int</span><br /><span style="font-size: 10pt;"> SummaryInfo exists </span><br /><span style="font-size: 10pt;"> Do Int Delete _$PIDHTTPFailedLogin_%Location%_%User%</span><br /><span style="font-size: 10pt;"> SCRIPT_ACTION</span><br /> <br /><span style="font-size: 10pt;"> Download the rule <a href="http://rudorfer.homedns.org/eaud/http-login.txt" target="_blank">here</a>.</span><span style="font-size: 10pt;"></span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
<tr>
<td bgcolor="#000099"><span style="color: #ffffff; font-size: 10pt;"><strong>Rule for the correlation of SSH login attempts recorded by the syslog daemon </strong></span></td>
</tr>
<tr>
<td><span style="font-size: 10pt;">;# Copyright (C) 2005 by Gottfried Rudorfer<br /> ;#<br /> ;# 3422 Greifenstein, Austria<br /> <span style="font-size: 10pt;">;# </span><a href="mailto:rudorfer@a1.net?subject=eTrust%20Audit%20Rule">rudorfer@a1.net</a><a href="mailto:office@rudorfer.co.at"></a><br /> ;# <a href="http://rudorfer.homedns.org/eaud/"> http://rudorfer.homedns.org/eaud/</a> <br /> ;#<br /> ;# Permission to use, copy, modify, and distribute this software and its<br /> ;# documentation for any purpose and without fee is hereby granted, provided<br /> ;# that the above copyright notice appears in all copies and that both that<br /> ;# copyright notice and this permission notice appear in all supporting<br /> ;# documentation. This software is provided "as is" without expressed or<br /> ;# implied warranty.<br /> ;#<br /> ;# Date: Sun, Oct 30 2005<br /> ;# Author: Gottfried Rudorfer</span><br /><span style="font-size: 10pt;"> ;# </span><br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleFailed</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDSSHFailedLogin_%Location%_%Src% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "^Failed password"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDSSHFailedLogin_%Location%_%Src%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% ExpireIn(6) Notify(1)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% SummaryInfo ("Failure")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% RI_Severity (2)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% Severity (2)</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleRetry</span><br /> <br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDSSHFailedLogin_%Location%_%Src% Not exists</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> SummaryInfo Not ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> Info Not ~ "^Accepted password"</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDSSHFailedLogin_%Location%_%Src% </span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% SummaryInfo ("Retry")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% RI_Severity (25)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% Severity (1)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDSSHFailedLogin_%Location%_%Src%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule RuleLogonOK</span><br /> <br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> _$PIDSSHFailedLogin_%Location%_%Src% exists</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Retry"</span><br /><span style="font-size: 10pt;"> Exclude Int</span><br /><span style="font-size: 10pt;"> SummaryInfo ~ "Failure"</span><br /><span style="font-size: 10pt;"> Exclude Int </span><br /><span style="font-size: 10pt;"> Info Not ~ "^Accepted password"</span><br /> <br /><span style="font-size: 10pt;"> Do Int Define _$PIDSSHFailedLogin_%Location%_%Src%</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% SummaryInfo ("Logon ok")</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% RI_Severity (26)</span><br /><span style="font-size: 10pt;"> Do Int Set _$PIDSSHFailedLogin_%Location%_%Src% Severity (0)</span><br /> <br /> <br /><span style="font-size: 10pt;"> Do Int NewEvent _$PIDSSHFailedLogin_%Location%_%Src%</span><br /> <br /><span style="font-size: 10pt;"> ;-------------------------------------------------------------------------------------</span><br /><span style="font-size: 10pt;"> Rule Display</span><br /> <br /><span style="font-size: 10pt;"> Include Int</span><br /><span style="font-size: 10pt;"> SummaryInfo exists </span><br /><span style="font-size: 10pt;"> Do Int Delete _$PIDSSHFailedLogin_%Location%_%Src%</span><br /><span style="font-size: 10pt;"> SCRIPT_ACTION</span><br />
<p><span style="font-size: 10pt;">Download the rule <a href="http://rudorfer.homedns.org/eaud/ssh-logins-rec-syslog.txt" target="_blank"> here</a>.</span><a href="http://rudorfer.homedns.org/"><br /></a></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table>Advanced Event Processor for Unicenter NSM2010-09-04T22:05:13+00:002010-09-04T22:05:13+00:00https://rudorfer.homedns.org/informatics/available-software/49-advanced-event-processor-for-unicenter-nsmGottfried Rudorfergottfried@rudorfer.homedns.org<p> </p>
<table border="0">
<tbody>
<tr>
<td bgcolor="#000099"><span class="style1" style="color: #ffffff;"><strong>Advanced Event Processor for Unicenter NSM</strong></span></td>
</tr>
<tr>
<td>
<p><span style="font-size: 10pt; font-family: arial,helvetica,sans-serif;">Please note that all documents were submitted with the following copyright notice:</span></p>
<p><span style="font-family: Courier New; font-size: x-small;">;# Copyright (C) 2005 by Gottfried Rudorfer<br /> ;#<br /> ;# 3422 Greifenstein, Austria<br /> ;# <a href="mailto:gottfried@rudorfer.homedns.org?subject=Advanced%20Event%20Processor%20for%20Unicenter%20NSM" title="Advanced Event Processor for Unicenter NSM">gottfried@rudorfer.homedns.org</a><br /> ;# <a href="http://rudorfer.homedns.org/aep/"> http://rudorfer.homedns.org/aep/</a> <br /> ;#<br /> ;# Permission to use, copy, modify, and distribute this software and its<br /> ;# documentation for any purpose and without fee is hereby granted, provided<br /> ;# that the above copyright notice appears in all copies and that both that<br /> ;# copyright notice and this permission notice appear in all supporting<br /> ;# documentation. This software is provided "as is" without expressed or<br /> ;# implied warranty.<br /> ;#<br /> ;# Author: Gottfried Rudorfer</span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span class="style1" style="color: #ffffff;"><strong>Abstract</strong></span></td>
</tr>
<tr>
<td><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">This is the TNG Advanced Event Processor (AEP) Kit. Currently only one daemon is included. In future further daemons will be released. </span>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">The kit contains: - cauevt_exit_file.dll an exit DLL for NSM Event Management - RemoveStormExit.exe a program to process storm messages </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>ABSTRACT</strong>: Advanced Event Processing for Unicenter EM </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>INSTALLING</strong>: Find the overview in 20020405_TNG_Advanced_Event_Processor.pdf and Inst-doc\0index.htm . </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>MAIN FEATURES</strong>: API integration with Event Management of Unicenter with EXIT-DLL. Message/Actions are exported to an ASCII-file which is then processed by one or more active event processing daemons. Results are sent back to the Unicenter console. </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>REQUIREMENTS</strong>: Unicenter TNG 2.x or NSM 3.0 </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>TODO</strong>: Write additional daemons i.e. service level reporting. </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>MOTIVATION</strong>: Fast and enhanced processing of mass messages with this architecture. </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">The documenation is available as <a href="https://rudorfer.homedns.org/images/informatics/software/aep/20020405_tng_advanced_event_processor.pdf"> 20020405_TNG_Advanced_Event_Processor.pdf</a></span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">For further details contact the Author Gottfried Rudorfer, <a href="mailto:rudorfer@a1.net?subject=Advanced Event Processor for UnicenterNSM" title="rudorfer@a1.net">rudorfer@a1.net</a> . </span><br /> <br /><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"> Download the software <a href="https://rudorfer.homedns.org/images/informatics/software/aep/TNG-Advanced-Event-Processor.zip"> TNG-Advanced-Event-Processor.zip</a>.</span><br /><span style="font-family: arial,helvetica,sans-serif;"> </span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table>
<p> </p>
<p> </p><p> </p>
<table border="0">
<tbody>
<tr>
<td bgcolor="#000099"><span class="style1" style="color: #ffffff;"><strong>Advanced Event Processor for Unicenter NSM</strong></span></td>
</tr>
<tr>
<td>
<p><span style="font-size: 10pt; font-family: arial,helvetica,sans-serif;">Please note that all documents were submitted with the following copyright notice:</span></p>
<p><span style="font-family: Courier New; font-size: x-small;">;# Copyright (C) 2005 by Gottfried Rudorfer<br /> ;#<br /> ;# 3422 Greifenstein, Austria<br /> ;# <a href="mailto:gottfried@rudorfer.homedns.org?subject=Advanced%20Event%20Processor%20for%20Unicenter%20NSM" title="Advanced Event Processor for Unicenter NSM">gottfried@rudorfer.homedns.org</a><br /> ;# <a href="http://rudorfer.homedns.org/aep/"> http://rudorfer.homedns.org/aep/</a> <br /> ;#<br /> ;# Permission to use, copy, modify, and distribute this software and its<br /> ;# documentation for any purpose and without fee is hereby granted, provided<br /> ;# that the above copyright notice appears in all copies and that both that<br /> ;# copyright notice and this permission notice appear in all supporting<br /> ;# documentation. This software is provided "as is" without expressed or<br /> ;# implied warranty.<br /> ;#<br /> ;# Author: Gottfried Rudorfer</span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"><span class="style1" style="color: #ffffff;"><strong>Abstract</strong></span></td>
</tr>
<tr>
<td><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">This is the TNG Advanced Event Processor (AEP) Kit. Currently only one daemon is included. In future further daemons will be released. </span>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">The kit contains: - cauevt_exit_file.dll an exit DLL for NSM Event Management - RemoveStormExit.exe a program to process storm messages </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>ABSTRACT</strong>: Advanced Event Processing for Unicenter EM </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>INSTALLING</strong>: Find the overview in 20020405_TNG_Advanced_Event_Processor.pdf and Inst-doc\0index.htm . </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>MAIN FEATURES</strong>: API integration with Event Management of Unicenter with EXIT-DLL. Message/Actions are exported to an ASCII-file which is then processed by one or more active event processing daemons. Results are sent back to the Unicenter console. </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>REQUIREMENTS</strong>: Unicenter TNG 2.x or NSM 3.0 </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>TODO</strong>: Write additional daemons i.e. service level reporting. </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><strong>MOTIVATION</strong>: Fast and enhanced processing of mass messages with this architecture. </span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">The documenation is available as <a href="https://rudorfer.homedns.org/images/informatics/software/aep/20020405_tng_advanced_event_processor.pdf"> 20020405_TNG_Advanced_Event_Processor.pdf</a></span></p>
<p><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">For further details contact the Author Gottfried Rudorfer, <a href="mailto:rudorfer@a1.net?subject=Advanced Event Processor for UnicenterNSM" title="rudorfer@a1.net">rudorfer@a1.net</a> . </span><br /> <br /><span style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"> Download the software <a href="https://rudorfer.homedns.org/images/informatics/software/aep/TNG-Advanced-Event-Processor.zip"> TNG-Advanced-Event-Processor.zip</a>.</span><br /><span style="font-family: arial,helvetica,sans-serif;"> </span></p>
</td>
</tr>
<tr>
<td bgcolor="#000099"> </td>
</tr>
</tbody>
</table>
<p> </p>
<p> </p>