Re: TSM and command logging

Jon,

Why bother with tee-ing the dsmadmc sessions?  I really don't understand
what else you need to see in addition to the ANR2017I's.  Sure, the tee
would give you the output of their commands, but is there any need to see
the output of their QUERY ACTLOG, QUERY VOL F=D, UPD VOL ACC=READW, DEL FI,
UPD NODE, or whatever?

Anyway, the problem isn't with sudo.  If you run dsmadmc from a wrapper
script without sudo, it fails with the |tee and runs fine without it.  It
does, however, have something to do with dsmadmc.  If you replace dsmadmc
with telnet in a test wrapper script, it works.

If absolutely necessary, you might be able to resolve the situation by using
Expect.

Alex Paschal
Freightliner, LLC
(503) 745-6850 phone/vmail


-----Original Message-----
From: Remco Post [mailto:r.post AT SARA DOT NL]
Sent: Thursday, October 02, 2003 8:33 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: TSM and command logging


On Wed, 1 Oct 2003 12:32:37 -0500
"Stanley, Jon" <Jon.Stanley AT SAVVIS DOT NET> wrote:

> Here's the situation:   We are a managed hosting company that uses TSM
> for backup,  and we would like to hand off day to day administration of
> the environement to the operations staff.  There are a number of
> inexperienced (in TSM) staff.  We want a way to audit (beyond the normal
> activity log) what it is these people do.  Therefore, I have written a
> wrapper script to dsmadmc that uses tee to send stdout to the screen and
> to a file.  We use a similar script for logging ssh.
>

<RANT>

Maybe you should just log everything these people type on their PC, monitor
their every move with camera's and have one person secirity staff stay with
them every second of the day.

</RANT>

The problem/challenge you are running into is that dsmadmc likes to know a
lot about the terminal it is running in, and likes to receive even resize
event... maybe that is the problem?


> Once the script is working, dsmadmc on the administrative host will only
> be executable by the user that the wrapper runs as.
>
> But here is what happens when the script runs (I'm passing a username
> and password on the command line, I would also like a way to hide this
> from the process list, i.e. take them out of a file or something):
>
> bookworm:~$ sudo -u svadmin /usr/local/sbin/svadmindsm i01sv0600
> -- --
> -- WARNING: This session is logged. --
> -- --
> Executing command - hostname i01sv0600
> Tivoli Storage Manager
> Command Line Administrative Interface - Version 4, Release 2, Level 3.0
> (C) Copyright IBM Corporation, 1990, 2001, All Rights Reserved.
>
> Session established with server I01SV600: Solaris 7/8
>   Server Version 4, Release 2, Level 4.1
>   Server date/time: 10/01/03   17:24:31  Last access: 10/01/03
> 15:53:43
>
>
> tsm: I01SV600>ANS8025E I/O Error reading command input.
>
> ANS8002I Highest return code was 0.
>
> bookworm:~$
>
> Jon Stanley
> Hosting Systems Engineer
> SAVVIS Communications
> 1 SAVVIS Parkway
> Town & Country, MO 63017
> SAVVIS, The Network That Powers Wall Street(SM)
> 314-628-7570 (direct)
> 314-265-4690 (mobile)
> pagejon AT savvis DOT net (pager)
> 866-234-4678 (Toll Free)
> jon.stanley AT savvis DOT net


--
Met vriendelijke groeten,

Remco Post

SARA - Reken- en Netwerkdiensten                      http://www.sara.nl
High Performance Computing  Tel. +31 20 592 8008    Fax. +31 20 668 3167

"I really didn't foresee the Internet. But then, neither did the computer
industry. Not that that tells us very much of course - the computer industry
didn't even foresee that the century was going to end." -- Douglas Adams