9ATR_DAEMON , Utilities, ACMS Audit Trail Logger utilitiesJ ***************************** CAUTION ********************************I This sample program has been tested using ACMS 3.1 and 3.2 on VMS 5.3J to 5.5. However, we cannot guarantee its effectiveness because of theI possibility of error in transmitting or implementing it. It is meantE to be used as a template for writing your own program, and it may1 require modification for use on your system. J ***************************** CAUTION ********************************9 A DAEMON FOR ACMS AUDIT TRAIL LOGGERG VAX ACMS (Application Control and Management System) is part of theK DECtp product offerings from Digital, and layers onto VMS to provide anG Online Transaction Processing environment (OLTP). Applications areE written by a process of defining Tasks by using a Task DefinitionI Language. The Tasks of the application are broken down into a seriesE of steps that displays forms for user interaction, and/or calls a, compiled program to process information.K By using ACMS, applications are built to be multi-threaded so that manyD users will be accessing the application, but fewer processes areK actually on the system. Users do not use their own VMS processes whileG in ACMS, they use the ACMS processes. Users can even be defined asH captive within ACMS so that there is no VMS process ever created forK them at all! These captive users still go through VMS security as wellI as ACMS security before getting access to the system, but ACMS is theG one that controls them so that no VMS user process creation is ever needed.I Due to the complexity of ACMS, Digital provides a number of utilitiesI for the purpose of managing it. These utilities provide for startingJ and stopping the ACMS system, starting and stopping applications, ACMSG User and Terminal authorizations, as well as error reporting tools.I There are two error reporting utilities, SWLUP (SoftWare event LoggerJ Utility Program) and ACMSATR (ACMS Audit Trail Report Utility). SWLUPE allows the reporting of ACMS application software errors that areH logged by the SWL process of ACMS, while the ACMSATR (ATR for short)2 provides the audit trail of all ACMS activity.H Those of you who have used ATR, are probably aware that when you askI for an ATR listing, you get a BIG listing. It becomes very laboriousH to wade through all the information that ATR spits out. Some of theJ information you will see is Application starting, Users Logging in andF out, Tasks starting and ending, and Abnormal terminations of tasksH and/or applications. Even on a small ACMS system, this log can grow rapidly.H ATR provides a few helpful switches to diminish the size, and narrowK the scope of the listing it provides. You can ask for a specific user,G task, application, time, etc. or any combination thereof. There isF also a /TYPE switch which allows the user to get a report based onK certain types of events. Among these events is /TYPE=ERROR, which willI give a report showing ACMS errors such as a server unable to completeH its initialization procedure. Unfortunately, this will not show youH errors such as a task cancellation, or a DECforms error, even thoughG this information is in the log. You have to go back, and resort toG doing a plain LIST, and then digging through the listing for these.G Listing 1 shows an output from my program ATR_ERROR. Note that theJ Type code on these errors are not ERROR, therefore a /TYPE=ERROR would% not list these types of problems.E As an example, you receive a call from a user; this user was in aG certain task when all of a sudden an error flashed at the bottom ofK their screen. The screen then cleared and they were back at their mainG menu. When you ask what the error was, they didn't get a chance toI read it. When you ask for which screen they were in (This task has 9G different ones) they can't remember because this happened yesterdayK morning! You have now limited your scope to one user for four hours andJ one task, but even then, if they were in and out of this task a numberD of times, it is going to take time to find the error within ATR.F ATR_DAEMON is my answer to the above problem. In short ATR_DAEMONI lives on the system as a detached process. It wakes up periodically,H based on a logical, scans the ACMS$AUDIT_LOG (the file ATR uses) forJ errors, and then mails these errors to a distribution list. ATR_DAEMONJ consists of 1 TPU and 2 DCL files. Not only does this isolate errors,J it also may allow you to catch the error before the user even tries toE notify you of it. A word of warning: This may lead some users to5 paranoia and a "Big-Brother-Is-Watching" Complex.C To install ATR_DAEMON on your system, you will need to create aH directory for the ATR_DAEMON files to reside. In this directory youH will place the ATR_DAEMON.COM, ATR_ERROR.COM, and FIND_ATR_ERROR.TPUI files. Next, place START_ATR_DAEMON.COM, and ATR_DAEMON_LOGICALS.COM@ in SYS$STARTUP, and then edit your SYSTARTUP_V5.COM to do anJ @SYS$STARTUP:START_ATR_DAEMON. This will define the ATR_DAEMON systemG logicals and start the daemon at system startup time. You will nowK need to edit the ATR_DAEMON_LOGICALS.COM file to customize the logicalsK to your system. Table 1 gives a breakdown of the logicals and how theyK are used. Once all the files are in place, and the logicals are set toJ your liking, to start the daemon, you can run the START_ATR_DAEMON.COM file.H ATR_DAEMON.COM (program 1) is a DCL command procedure that runs as aI detached process. You should run it on the node the ACMS applicationJ is on to get the task and application error messages. If you are in aJ distributed ACMS environment, you may want to have a daemon running onE each node to get more information, like ACMS networking problems.? There is a separate ACMS$AUDIT_LOG for each node in an ACMS environment.H When an error occurs in ATR_DAEMON.COM, it is trapped by an ON ERRORF statement. This trap will get the error message with a time stamp? attached and write it into a file pointed to by the logicalK ATR_DAEMON_ERRORS. If it gets an error while catching an error, it willF attempt to mail a message that it is dying to a distribution list,7 pointed to by the system logical ATR_DAEMON_ERRDIS.I ATR_DAEMON.COM first sets the privs to SYSPRV and READALL. READALL isF used to get by any protections that might pop up and is not reallyF necessary, but SYSPRV is required to do the ATR LIST command. TheJ process name is then set to give the daemon an identity so when you do2 a SHOW SYSTEM command, you can easily find it.K Next ATR_DAEMON.COM cleans up its old output files and generates a fileI pointed to by ATR_DAEMON_INPUT by doing an ATR LIST with a delta time@ of -SLEEP_TIME (SLEEP_TIME is the translation of the logical< ATR_DAEMON_SLEEP). Next, it will run the TPU procedure,F FIND_ATR_ERROR.TPU, to extract the errors. After executing the TPU> procedure, the daemon checks to see if an error text file,F ATR_DAEMON_OUTPUT, was created. If it was created, ATR_DAEMON.COMJ mails the error file to the distribution list, ATR_DAEMON_DISTRIB. TheA daemon then goes to sleep for the length of time specified in@ ATR_DAEMON_SLEEP, before restarting the whole process again.J FIND_ATR_ERROR.TPU (program 2) is a batch TPU procedure to extract theJ errors from the listing produced by ATR. The procedure looks for signsK of an error (see the ERROR_PATTERN definition in the source) by lookingG for keywords on the TEXT line. These keywords are "Task Canceled",D "Signal by", "Error", "failed", and "Unsuccessful Appl". An ATRF listing separates each log entry by a row of asterisks, so the TPUK procedure merely grabs all of the text found in between the two rows ofJ asterisks when a match is made with the error_pattern. It then checks? to make sure the error is not a message from JBC (Batch jobG successfully submitted, etc.) and if it is not, it writes this to aH buffer of errors. After all of the listing is checked, if any errorsK were detected, it writes out the error buffer as the file pointed to byF the logical ATR_DAEMON_OUTPUT, then exits back to the DCL process.H START_ATR_DAEMON.COM (program 3) is a DCL command procedure to startB the Daemon. This procedure could be placed in the SYS$STARTUPH directory and executed at system startup time. This procedure firstD defines the system logicals by executing ATR_DAEMON_LOGICALS.COMI (program 4), and then creates a detached process for the daemon. TheD username for the daemon's process will be defined by the logicalH ATR_DAEMON_USERNAME (SYSTEM is used if this logical is not defined).I Since the ATR_DAEMON translates all logicals as they are needed, thisI procedure is dynamic. You do not have to stop and restart the daemonB for your logical name changes to take effect. This allows theI flexibility of changing the directories used, the sleep time, and theK distribution lists while the daemon is still running. The only logicalI that is not dynamic is the ATR_DAEMON_USERNAME. You must restart the7 daemon for a change in this logical to take effect.C As a bonus, I modified ATR_DAEMON.COM and created ATR_ERROR.COMJ (program 5). This is an interactive version of the daemon that allowsC you to specify the switches, enclosed in quotes, to pass to ATRJ (default is "/SINCE=TODAY") and it will execute FIND_ATR_ERROR.TPU andK display the errors it finds on your terminal. Since ATR_ERROR uses theH logical ATR_DAEMON_SCRATCH, ATR_DAEMON_INPUT, and ATR_DAEMON_OUTPUT,J the user should redefine these logicals in his/her LOGIN.COM procedureA to point to his/her own directories, rather than the daemon'sC directories. If the ATR_DAEMON_INPUT and ATR_DAEMON_OUTPUT useG ATR_DAEMON_SCRATCH to point to the files, then the user will merelyJ have to redefine ATR_DAEMON_SCRATCH to point to their area. Since theF ATR_DAEMON_OUTPUT file will not be deleted until you run ATR_ERRORK again, you can use it for doing quick scans of a previous day's errors,J creating daily logs of errors for status reports, and you can edit theE error file down so you can MAIL out the errors to the appropriate people for prompt action.C These utilities have been a great help in catching errors, bothB reported and unreported by users. As it is currently written,C ATR_DAEMON can stay active 24 hours a day, even if there are no. applications running, and ACMS is stopped.H If you are currently working in an ACMS application environment, andJ you have never used the ACMS Audit Trail Logger, I challenge you rightH now to pull out the manual on this utility and begin getting to knowG it. As an ACMS System Manager, ATR can really help you out when youK need information about your ACMS system and what all is going on in it.