System management tools for unix systems?

[John Macdonald]

In article <15872 at ists.ists.ca> aronb at gkcl.UUCP (Aron Burns) wrote:

|We saw a product called ERSA ( Expert Remote Systems Assurance ) that
|gathered stats on a unix system, made some intelligent guesses about  
|problems and attempts to make suggestions about how to solve them
|, at which point it uploads a file to a supervisor machine where a 
|human decides what to do.  The product looked at kernel tuning, 
|security violations, disk space, etc.  While I haven't seen it
|run you might call these people to find out more:

In article <1990Dec5.171245.7561 at eci386.uucp>
    I, jmm at eci386.UUCP (John Macdonald), followed up:

|Thanks for the plug Aaron, I was just about to risk the wrath
|of the commercialism haters and follow up myself.
|
|If requested, I can provide additional technical details in this
|newsgroup (but I will try to avoid blatant advertisms).


All right, I got enough requests for further info and no requests
to not do so ("Full power to flame shields, Mr. Scott.  Warp
factor 9, Mr. Sulu.  Prepare evasive maneuvers, Mr. Spock", take
a deep breath, insert smiley for good luck :-)

(Minor aside - for ease of registering trademarks, we have had to
change our official acronym to XRSA - eXpert Remote Systems
Assurance - instead of ERSA.  We still pronounce it the same. :-)

XRSA does a great deal of automation of administration of Unix systems.
It consists of two suites of programs.

The "Monitor" runs on each administered system.  It does many admin
activities (prune log files; run backups; clean out junk files;
compress unused files) and auditing activities (validate against a
database describing important characteristics of significant system
files; changes in setuid and setgid programs; security problems in
passwords, accounts, login activity, remote access activity, etc;
list communication activity; collect sar or similar info; file system,
file, and directory size information).  The results of these activities
are bundled into a log that is sent to a central "Expert" site.
There are lots of local configuration options, but everything is set
up to act in a reasonable, safe, manner without local control.

The "Expert" runs at a central site that co-ordinates responsibility
for administrating systems.  It accepts the Monitor logs and processes
them into various reports - general information of various types, as
well as an Urgent report which lists all indications of potential
problems using potent correlation and analysis heuristics (I hesitate
to call this an expert system for fear of catching buzzword syndrome).
These reports can be distributed using email, news, or any other
appropriate mechanism.  The central site could be an internal MIS
department or an outside service bureau or facilities management
operation.  Because of the report distribution flexibility, the
responsibility for acting on the reports need not fall on the staff
of the "Expert" site.

Monitor requires basic V7 functionality (sh, sed, awk, etc) but
avoids using more recent features (sh functions, awk functions,
inconsistently provided programs).  If more recent features are
present, then they will be used to generate information (e.g.
sar).  This, it runs on essentially all varieties of Unix (and
attempts to provide a consistent appearance to all - for example
there is a shell script that contains a large number of awk scripts
to provide a consistently formatted "df" for all systems).  Adding
new modules to the package is straightforward.  This allows
customisation for local environments, as well as for direct support
of specific applications.

Expert is extremely portable too - it basically does a lot of text
processing and communication which is a common capability of most
Unix systems.

The other important thing to mention about XRSA is that it is not
so much a product as a software supported consulting tool.  The
customer of the service bureau will see it as a product, but the
service bureau itself, or a large organisation, would often benefit
from a significant amount of consulting activity customising XRSA
to fit more precisely into the framework of their business.

A general philosophy point.  XRSA is not intended to allow anyone
to do system administration.  It is aimed at competent, expert,
professional people who will be able to understand and act on the
information it provides (and appreciate the huge quantity of
information that XRSA can analyse to the point of determining that
it need not be examined by the human expert today).  It is intended
to allow administration not require the constant physical presense
of the human expert at every system.  There are some reports that
are intended to be clear to non-experts, but these are normally
produced to address a known problem (e.g. a chart of file system
usage helps the expert to show why it is time to add a new disk).

OK.  In reading back, I see that there is a lot of stuff that could
be interpreted either as "design justification" or "hornblowing".
I hope most readers view this as the former rather than the latter.

Too, I have only described an overview of how XRSA works, without
much in the way of specific details.  However, this has gotten
long enough already.  I'll leave discussion of specifics for my
response to any future discussion (and drop it if there is no
interest or too much objection).

If anyone wants an email copy of our "benefits summary", or a
surface mail copy of our full info package, let me know.

John Macdonald <jmm at eci386>
Elegant Communications Inc.
481 University Ave., Suite 602,
Toronto Ontario M5G 2E9

voice - (416) 595-5425
fax   - (416) 595-5439  (business hours only)
-- 
Cure the common code...                      | John Macdonald
...Ban Basic      - Christine Linge          |   jmm at eci386