Scribd
Upload
516 views2 pages

Trace Netbackup User Activity

1) Traces the user who makes changes to policies. 2) Traces deletion of storageunit Groups and Storageunits. 3) Script runs both on Unix and Windows. Please make necessary path changes in windows. Also add verbose level in registry. Prerequisites for this script (All changes to be made on the master server alone): Edit /usr/openv/java/Debug.Properties and make the following changes: Uncomment the following lines: #printcmds=true #printCmdLines=true - Then add the following line: debugMask=2 Edit bp.conf #vi bp.conf VERBOSE = 5 save and exit Runthe following command for changes to take effect. bprdreq -rereadconfig Under /usr/openv/netbackup/logs create the following directories: a) bpjava-susvc b) bpjava-msvc Perl on windows is mandatory. Please download it from http://www.perl.com

Uploaded by

Mahek Arora
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
516 views2 pages

Trace Netbackup User Activity

1) Traces the user who makes changes to policies. 2) Traces deletion of storageunit Groups and Storageunits. 3) Script runs both on Unix and Windows. Please make necessary path changes in windows. Also add verbose level in registry. Prerequisites for this script (All changes to be made on the master server alone): Edit /usr/openv/java/Debug.Properties and make the following changes: Uncomment the following lines: #printcmds=true #printCmdLines=true - Then add the following line: debugMask=2 Edit bp.conf #vi bp.conf VERBOSE = 5 save and exit Runthe following command for changes to take effect. bprdreq -rereadconfig Under /usr/openv/netbackup/logs create the following directories: a) bpjava-susvc b) bpjava-msvc Perl on windows is mandatory. Please download it from http://www.perl.com

Uploaded by

Mahek Arora
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

#!

/usr/bin/env perl

use strict;
use warnings;
use Data::Dumper qw(Dumper);

my $date = `date '+%m%d%y'`;


chomp $date;

my $input_file = "/usr/openv/netbackup/logs/bpjava-susvc/log.".$date;

my $output_file = "/tmp/output.$$";
print "Output file name: $output_file\n";
my @inlist = qw(
bppolicynew bpplinfo bppllist bpplclients
bppldelete bpplinclude bpplcatdrinfo bpplsched
bpplschedrep bpplschedwin bpplvalid bpschedule
bpstuadd bpstudel
);
my $prefix = "/usr/openv/netbackup/bin/admincmd";
my(%info, %final, %users, %commands, %pids);
my($time, $pid, $type, $str);
open(LOG, $input_file) or die "Could not open file $input_file: $!\n";
while (<LOG>) {
chomp;
next if(/^\s*$/);
if(! /^\d\d:\d\d:\d\d\.\d\d\d/) {
my $str = pop(@{$info{$pid}{$type}});
$str .= "\n$_";
push(@{$info{$pid}{$type}}, $str);
next;
}
my(@tmp) = split(/\s+/, $_, 5);
$time = $tmp[0];
$tmp[1] =~ s/\[|\]//g;
$pid = $tmp[1];
$tmp[3] =~ s/:$//;
$type = $tmp[3];
$str = $tmp[4];
#push(@{$info{$pid}{$type}}, $time.",".$str);
push(@{$info{$pid}{$type}}, $str);
if($type eq "mkTmpFile" &&
$str =~ /^temp filename = .*user_ops\/(.*)\/logs.*/) {
$users{$pid} = $1;
$pids{$pid} = 1;
}
if($type eq "command_EXEC" &&
$str =~ /EXEC_RETURN.*buffer = (.*)$/) {
my $cmd = $1;
my $found = 0;
if($cmd =~ /^"$prefix\/(bp.*)" .*$/) {
my($c, @t) = split(/\s+/, $1);
$c =~ s/"//g;
$found = 1 if(grep(/^$c$/, @inlist));
}
if($found) {
$cmd =~ s/"//g;
push(@{$commands{$pid}}, $cmd);
}
}
}
close(LOG);

open(OUT, "> $output_file") or die "Can't open $output_file: $!\n";


foreach $pid(sort keys %pids) {
my $user = $users{$pid};
my @cmds = @{$commands{$pid}} if(exists $commands{$pid});
print OUT "USER NAME: $user (PID: $pid)\n";
if(!scalar @cmds) {
print OUT "\t*** No Commands Executed ***\n\n";
next;
}
print OUT "\tCommands Executed:\n";
my $n = 1;
foreach my $cmd(@cmds) {
print OUT "\t$n. $cmd\n";
$n++;
}
print OUT "\n";
}
close(OUT);
system('mailx -s "User tampering Netbackup policies" <email_address> <
'.$output_file);

You might also like