cancel
Showing results for 
Search instead for 
Did you mean: 

How to tell who logged on and off Java GUI when

Abesama
Level 6
Partner
Hi All,

Anyone knows how to find out which user logged on/off the Java GUI, and how to find when it happened?

Eventually, my goal is to find out who made changes to which backup policies when.

I put cron, ls, bppllist together to detect changes to the class directory every day, but I could not find a way to tell when a user logs on/off Java GUI.

Well, a user logging on to the Java GUI does not necessarily mean policy change, I know, but I need something that I can use to relate the policy change timing to a username, so I thought at least I might try to extract the Java GUI user logon/logoff info.

Tried bpjava-*vc debug logs, I could not find the time users log on or off ...

So NBU gurus, please advise if you have any tips on this, thanks!

Abe
12 REPLIES 12

Nicolai
Moderator
Moderator
Partner    VIP   


Hi Abesama.

Have a look at the technote below. I think this is what you are looking for;:

How to monitor when a NetBackup policy is deleted, or when a schedule or client is deleted from a po...


Have fun !

Regards

Nicolai

Abesama
Level 6
Partner
Thanks for the comment Nicolai, but I already saw that TN.

Reason I don't want to do that is because it only detects "delete" events, not a create event or modify event.

And it'll take even more time and effort to work out notification (email) functions out of this TN's solutioin.

More to that, it does not report on users (who made the change), either ... maybe it does ... but the first reason is the biggest one.

NOM can monotor policy changees too, but this is a multiple network, multiple masters in separate networks, NOM can't talk to them all together, so NOM is out of picture too.

:-)

Abe

LetThereBeZeros
Level 3
Here is mine pasted below.  My counterpart modified the Clients, and schedule on this policy a few min ago, and i got the alert instantly.  We have issues with people having access to NetBackup and we are responsible for the system.  Which is why we needed this policy change monitor thats available with NetBackup Operations Manager.  It's not too much work, and the upside is huge.  It does not give you the USER name but at our place it's a short list of who can change these, so we can usaually pinpoint it down to 1 person pretty easily. 


Date: July 2, 2009 1:40 PM
Master Server: riuxadmin.pitts.us.respironics.com(riuxadmin)
Changed Policy Name: VCB_FC_PRD2
NOM Policy: Policy was changed
NOM Server: useucsfap8
Modified Policy Attributes : Clients, Schedules
Severity: Informational

Abesama
Level 6
Partner
My master servers are in separated networks, one NOM server can't talk to the masters at the same time, nor I want to implement one NOM server per master.

I did not mark this as solution yet I see it's marked as SOLVED with the last comment, something's going funny in this forum web page?

Abe

Stumpr2
Level 6
Why can't NOM work at your sites?
It is designed to be able to serve multiple master servers on multiple networks.

blurb from NOM manual:
NOM lets you view the operational status and health of your distributed data
protection environment. NOM can manage and monitor dozens of
NetBackup installations spread across multiple locations from a single
point.

Abesama
Level 6
Partner

Those multiple masters in multiple networks are in separated networks each.

For example, if we install a NOM server in Symantec (yes, inside a Symantec building) will it be able to see/manage/serve a NetBackup master server in my company's data centre?

That's what I have - all my master servers are in their independent & separated networks, there is no one network (to host NOM server) that can talk to all those master servers at a time.

Of course I can access them all from my laptop, but I open VPN, I don't think NOM is intelligent enough to open a VPN session.

Abe

LetThereBeZeros
Level 3
Whatever script, tool, product you find you will have to run for each network, then have no way to communicate back.   Sounds like system administration would be a nightmare in your shoes.  Good luck with solving it, and let us know how you do.

J_H_Is_gone
Level 6
You must have a really tight security setup on your network.  How do you get any work done?

I have NB masters on different networks - and yes I can get to both networks from my pc WITHOUT vpn  ( I only use vpn from home).  and my NOM server works just fine for both.

Stumpr2
Level 6


Do you know how the firewall settings should be between the networks for NOM access?

J_H_Is_gone
Level 6
I regret that I do not remember what I did to make it work or even what I asked the network group to do.

Abesama
Level 6
Partner
J.Hinchcliffe, my answer is yes and no.

Yes, the networks are really separeted.
No, there are no security /firewall doing it.

I work for a company, hosting many other company's IT resource.

So, although those networks and servers do exist within the same datacentre, they are totally separated each other, that's all, no magic there.

Abesama
Level 6
Partner

Thanks, LetThereBeZeros

Yes, I can't avoid running whatever script/tool/product on each master/network.
Communicate back "is possible" via SMTP protocol - email, I mean.

That's why I'm thinking of running cron'ed script on each master and send email notifications to my work email.
(Again, yes, NOM can send email, bu I explained earlier why I do not want / can not use NOM)

I found standard UNIX "ps -ef" command will reveal the bpjava-susvc session's start time and logon IDs (the line with PPID 1, there's one line per session) so I'm thinking of writing a script to run ps on regular interval and then process the output to keep track of the user logon/off time (roughly)... that's what I have found so far.

Will advise you all once I finish the script and put it in the downloads section.

*EDIT* - yes, I think I'm lucky that I do not need to worry about sys admin or network, only Backup is my job
:-)

Cheers

A