Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

OMi Management Pack for Infrastructure2.00

Administer > Configure Change Configuration Monitor Aspect

Configure Change Configuration Monitor Aspect

This section includes overview and configuration for monitoring change in system configuration.

Change Configuration Monitor Aspect monitor files, Windows registry settings, and command outputs for changes.

On deploying the Change Configuration Monitor Aspect, a ccilist.cfg file is created in the <OvDataDir>/ccimon/configuration folder.

The Sys_ChangeConfigurationMonitor policy reads the ccilist.cfg file to monitor the following changes on the system:

Software installed, removed or modified
Patches/service packs/updates installed
Changes to Kernel parameters
Boot configuration
Registry key for Windows only
Kernel image file
All user accounts
System service configuration,
Shared directories, NFS or CIFS (samba) mounts added, modified or removed
System environment variables

CCI and Desired State Monitoring

In both CCI and desired State monitoring method; files, Windows registry settings, and command outputs are monitored for changes. Comparison method in both the process is as following:

CCI Monitoring

During the first polling interval, backup of all the files specified in the ccilist.cfg file. From the consecutive polling, a comparison is performed between current version and backup version of files. Alerts are generated if modification is identified. The backup files are overwritten with fresh backup. Comparison is always between current version and recent backup version of files.

Desired State Monitoring

A gold file (with extension .gold) must be created for every single file that must be monitored and must be available in the same directory as the file. A gold file is a backup or reference file that remains unchanged.

For example, let us consider that you want to monitor the mtab file located in the /etc directory. Take a backup of this file and save it as mtab.gold in the /etc directory. This is your reference file or gold file which does not change. To monitor the mtab file add the following to the configuration file:

/etc/mtab==/etc/mtab.gold,file,Os,,major.

After deploying the Aspect, a check is performed to verify if desired state monitoring is defined in the ccilist.cfg configuration file. A comparison is performed for the files, windows registry settings, and command outputs specified in the configuration file with the corresponding gold file. Alerts are generated whenever there is a difference is identified between the two files.

Note Make sure that you define Desired State Monitoring in ConfigFile only after creating the gold file.

You must tune one of the following policies based on the Operating System of the node to specify CCI or desired state monitoring:

Sys_MSWindowsChangeConfig
Sys_SunSolarisChangeConfig
Sys_LinuxChangeConfig
Sys_HPUXChangeConfig
Sys_AIXChangeConfig

Tuning ConfigFile Policy

Edit and configure ConfigFile policy for defining the change monitoring.

Open the Management Templates & Aspects pane:

Click Administration > Monitoring > Management Templates & Aspects.
In the Configuration pane, expand Configuration Folders > Infrastructure Management > System Infrastructure Aspects.
In the Management Templates & Aspects pane, select the Change Configuration Monitor Aspect and click . The Edit Aspect window opens.
In the Policy Templates tab, double-click the required policy. The Edit ConfigFile Policy window opens.
In the Policy Data tab, specify class, metric and deviation in the following format.
```
change ci key,cci type (file|cmd),msg group,backup filename,alert severity
```
In this instance:
- <change ci key> - Specifies a registry key, a command or a file name with complete path.
- <cci type> - Set this to the following values - cmd, regkey, or file based on the change ci key. Registry key (regkey) type is available only for Windows managed nodes.
- <msg group> - Specifies the OMi message group setting for the change alert. The default message group is Misc.
- <backup filename> - This is the name with which a backup file is created in the backup folder. The backup file created is used for comparisons with the parent file (provide empty value for monitoring CCI type 'file'). (not required for cci type file) Backup folder is located in the<OvDataDir>/tmp file.
- <alert severity> - Specifies the OMi alert severity setting. The default alert severity is Warning.
Click Save and Close.

Examples for CCI and Desired State Monitoring

CCI Monitoring

Scenario	Syntax in ConfigFile
To monitor the hosts file on Windows and send warning alerts with misc message group	c:\Windows\System32\drivers\etc\hosts,file,misc,,warning
To monitor the sys-temp folder on Windows for any changes	dir "%temp%"\| findstr /V bytes,cmd,OS,dirtmpbin,warning
To monitor a registry key and its values on Windows	`HKEY_LOCAL_MACHINE\SOFTWARE\CCIMon,regkey,misc,temp,warning`
On Windows, to monitor if `opcmona.exe` process is running on a node and if it is different from the last run	`wmic process where name='opcmona.exe' get processid,cmd,OS,notepadproc, major,unicode`
To monitor if there are any new files or other changes in /tmp folder on Linux	`ls -1 /tmp \| sort -u,cmd,Misc,ls1tmp.txt,warning`
To monitor if there are any user changes on UNIX/Linux	`/etc/passwd,file,Security,,warning`
To check for new filesystems mounted on UNIX/Linux	`/etc/mtab,file,OS,,minor`

Desired State Monitoring

Scenario Syntax in ConfigFile

To monitor the hosts file on Windows and send warning alerts to a miscellaneous message group

Scenario	Syntax in ConfigFile
To monitor the hosts file on Windows and send warning alerts to a miscellaneous message group	Syntax: `filename==reference file name,ccitype,msg group,[backup filename],alert severity,charset` Example: `/etc/mtab==/etc/mtab.gold,file,misc,,warning`
To monitor a folder on Windows for any changes, use the command type `cmd` for change tracking	Syntax: `command==Path of the file containing command output,ccitype,msg group,[backup filename],severity` Example: `ls /==/root/list.txt,cmd,Misc,,major`
To monitor a registry key and its values on Windows	Syntax: `Registry key=='value of registry key',ccitype,msg group,[backup filename],severity` Example: `HKEY_LOCAL_MACHINE\SOFTWARE\config==config,regkey,misc,,warning`

Syntax: filename==reference file name,ccitype,msg group,[backup filename],alert severity,charset

Example: /etc/mtab==/etc/mtab.gold,file,misc,,warning

To monitor a folder on Windows for any changes, use the command type cmd for change tracking

Syntax: command==Path of the file containing command output,ccitype,msg group,[backup filename],severity

Example: ls /==/root/list.txt,cmd,Misc,,major

To monitor a registry key and its values on Windows

Syntax: Registry key=='value of registry key',ccitype,msg group,[backup filename],severity

Example: HKEY_LOCAL_MACHINE\SOFTWARE\config==config,regkey,misc,,warning

Send Help Center feedback