Timothy
Parker Consulting Incorporated
|
|
|
|
Computronics Logmon Sometimes the simplest tasks can’t easily be done.
Until someone comes up with a way to do it, that is.
One perpetual problem with UNIX systems is logging off users who leave a
terminal inactive. The reasons for
logging people off automatically varies with each network but common reasons are
the simplest: security and licenses. Security
is always compromised when a terminal or client machine like a PC has an active
user login when there is no user in front of it. It’s easy for anyone to sit down and exploit that login.
Licensed software is another common problem.
Large development groups often have floating licenses for expensive
software packages wherein a certain number of usres can use the software at a
time. By leaving a session active,
one license seat is tied up with no one using it. Of course, there’s an important side issue: you
shouldn’t force someone off the UNIX system if they are conducting some
processes, but not using the keyboard. This
is the major problem with many UNIX commands that monitor a terminal for
inactivity and then log off the user. If
the user has a process running but doesn’t interact with the mouse or
keyboard, these utilities still assume there is no activity and kills the
process. On long compilation or
build applications, this is unacceptable. Computronics has a flexible and useful approach to this
problem, called Logmon. Logmon is
designed to monitor inactivity, not just on a terminal basis but also in
processes and users. The software
can be configured with various settings for any of these conditions, and prior
to logging a user out, warning messages can be sent. Installing Logmon doesn’t take much time or trouble.
It’s shipped on floppy, which is extracted using cpio and then
installed with an install script. (There are versions of
Logmon for many UNIX versions, including SCO.) The process takes only a
few minutes. Configuring it is simple through a menu interface.
An administrator sets the conditions for logout, and leaves Logmon to do
its job. The settings for automatic
logout can be varied based on many conditions, including user ID, group, time of
day, and CPU threshold calculations. There’s
a set of rules that control when Logmon activates, and what it does when
activated. It’s a useful approach
to a perpetual problem. We tested Logmon on a SCO OpenServer 5 platform running
several database and order-entry applications.
To provide a floating license approach, we controlled access to the
order-entry application to only five users simultaneously.
A network of thirty clients (Windows PCs running WinRunner and some Wyse
and Qume terminals running shell scripts) provided varying amounts of load.
We configured Logmon to trigger on a wide variety of conditions over a
two week period, and played with the settings continually to try and find
conditions that wouldn’t suit us. A
few really neat features helped out: the ability to use wildcards for user ID
matches (setting different triggers for users in the 100-110 range verses
111-120, for example), monitoring the CPU usage and process count for each user,
and setting many types of idle timers to handle situations during working hours,
lunch, and overnight. Rather than
just perform a kill on any tasks a user has, Logmon can be customized to handle
the termination in several ways. We
particularly liked being able to tell our Informix database to gracefully
terminate the user sessions and update the tables, preventing corruption and
open file errors. There’s no way anyone but a programmer will call a
product like Logmon “neat”, but for those of us who struggled with scripts
and C code to perform this type of task, Computronics’ approach is elegant and
effective. While you may not need
to log users off your system when they are away from their terminal, you just as
easily may want to have tighter access controls. If you do, Logmon is a product that has no rivals we know of.
It’s not too expensive, and a five-week free trial shows off the
utility of the software perfectly for administrators. Logmon Summary: A useful and flexible way to gracefully log users off a system. Definitely the best approach to this task we’ve seen. |
|
Send mail to
tparker@tpci.com with
questions or comments about this web site.
|