Anonymous_User Absent Member.
Absent Member.
521 views

Collector Customisation


Okay... Now I understand that to get the reports I want I need to
customise the IDM collector and not the report itself...

Following the guide: http://tinyurl.com/cgvtaab

I just need some help with what I now need to do...


I need to be able to generate a report detailing all workflow requests
as well as who approved / denied the workflow.
My plan is (please correct me if you have a better idea):
Add a Log activity at the end of all my workflows and name it
"workflow_log", this final log message will contain all the info I need
for the report, like who made the request and who the approver was as
well as the comments entered etc.

I want to take the MESSAGE from the event and then split it up and
populate the CustomerVar fields.

As I will only be doing this on some workflows, can I name all final
logging activities the same and then in the custom.js look for the
activity named "workflow_log" and then parse the message field of the
event? Then apply the message parsing logic?

It seems like I will also need to edit the Rec2Evt.map file to add
CustomVar fields?
Or would it be better to create a new map like:
(code from link above)
this.MAPS.Rec2Evt.extend(this.CONFIG.collDir + "/customR2E.map");
That is what this does right?

But then I want to parse the message of the event and set CustomerVal21
, would it be something like:
this.cv21 = rec.message.substr(1,10); (for example)

Thanks in advance for any assistance / guidance.

Regards,
Craig Cikara


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
17 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Hi Craig,
ccikara;227897 Wrote:
> I need to be able to generate a report detailing all workflow requests
> as well as who approved / denied the workflow.
> My plan is (please correct me if you have a better idea):
> Add a Log activity at the end of all my workflows and name it
> "workflow_log", this final log message will contain all the info I need
> for the report, like who made the request and who the approver was as
> well as the comments entered etc.

Sounds good to me.

ccikara;227897 Wrote:
> I want to take the MESSAGE from the event and then split it up and
> populate the CustomerVar fields.
>
> As I will only be doing this on some workflows, can I name all final
> logging activities the same and then in the custom.js look for the
> activity named "workflow_log" and then parse the message field of the
> event? Then apply the message parsing logic?

Yes, you can name them the same. I haven't done this but I imagine the
name will be in the this.s_RXBufferString.
What I always do when altering a collector is turning on the collector
and right-click on it and select Open raw data tap. Generate a few
events and look at what is comming in.
If you select an event you can see what fields are filled with what. For
instance s_RXBufferString.
You can access the fields from within your custom.js with
this.<fieldname>.

ccikara;227897 Wrote:
> It seems like I will also need to edit the Rec2Evt.map file to add
> CustomVar fields?
> Or would it be better to create a new map like:
> (code from link above)
> this.MAPS.Rec2Evt.extend(this.CONFIG.collDir + "/customR2E.map");
> That is what this does right?

You can alter the Rec2Evt.map file but if you install a newer version it
will be gone.
You may use the method with this.MAPS.Rec2Evt.extend or you can use the
e.<fieldname>.
This way you write directly to the event.
For instance if you want to fill the CustomerVar21 use e.CustomerVar21 =
"something" in your code.
By the way a list of names you can use can be found at
http://www.novell.com/developer/plugin-sdk/event_schema.html

ccikara;227897 Wrote:
> But then I want to parse the message of the event and set CustomerVal21
> , would it be something like:
> this.cv21 = rec.message.substr(1,10); (for example)

What I normally do is the following:
this.message = this.s_RXBufferString;
this.cv21 = this.message.substr(1,10);

then put CustomerVar21,cv21 (without the this.) in your customR2E.map
or use
e.CustomerVar21 = this.s_RXBufferString.substr(1,10);

I hope this helps you along a bit.

Good luck,
Anco


--
jcvader1
------------------------------------------------------------------------
jcvader1's Profile: https://forums.netiq.com/member.php?userid=502
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Thanks for the info Anco!

BTW we are using Log Manager

Just a question... I have seen s_RXBufferString been used in quite a few
examples online, but I do not see that field when I do a raw data
tap...

This is an example of what I see in the tap:

>
> 1 0
> 2 0
> 3 0
> A 0003
> Application DirXML
> B System
> C 2013-04-02 07:34:57
> CONNECTION_METHOD AUDIT
> CONNECTION_MODE short_map
> D eyJnaWQiOiJVc2VyQXBwI1VzZXJTdGFydFdvcmtmbG93IzQyYjk4NTRiLWRjZjgtNGVhYy04NjVjLTg3OTdkZDEwZGU4MiJ9
> E
> F
> G 00000000
> H 3
> I 00031522
> i_TrustDeviceTime 1
> L 7
> M 1
> N AFB4A972
> O DirXML\\Workflow\Workflow_Forwarded
> o 1
> Q 155
> R 10.33.20.79
> S Activity4
> s_chainId 1364473925801
> s_chainSequence 20
> s_raw_message2 I=""00031522"" A=""0003"" N=""AFB4A972"" Q=""155""
> O=""DirXML\\Workflow\Workflow_Forwarded"" L=""7"" G=""00000000""
> R=""10.33.20.79"" C=""2013-04-02 07:34:57"" B=""System"" H=""3""
> U=""cn=3810925,ou=users,ou=fnb,o=firstrand"" V=""3""
> Y=""cn=DisableUserAccountv2,cn=RequestDefs,cn=AppConfig,cn=UserApplication,cn=DriverSet,ou=services,ou=fnb,o=firstrand:844""
> S=""Activity4"" T=""9b0afc590d5e41eead0afc7d290c15fb"" 1=""0"" 2=""0""
> 3=""0"" M=""1"" E=""""
> D=""eyJnaWQiOiJVc2VyQXBwI1VzZXJTdGFydFdvcmtmbG93IzQyYjk4NTRiLWRjZjgtNGVhYy04NjVjLTg3OTdkZDEwZGU4MiJ9""
>
> s_RV21 3B8B9D50-4D41-1030-8BD6-000C2901F5AE
> s_RV22 3B8B9D50-4D41-1030-8C50-000C2901F5AE
> s_RV23 13C43930-78FC-1030-8E3A-028037EC0200
> s_RV24 BE871CA0-7903-1030-BB98-028037EC0200
> s_RV25 F3131C31-7D90-1030-813A-000C295AF7DD
> s_sha256Hash bf20fc3740d3347eedaf0a4e3bf10db8c0f5e607a4aad53b4b1ef92e76037725
> T 9b0afc590d5e41eead0afc7d290c15fb
> U cn=3810925,ou=users,ou=fnb,o=firstrand
> V 3
> Y cn=DisableUserAccountv2,cn=RequestDefs,cn=AppConfig,cn=UserApplication,cn=DriverSet,ou=services,ou=fnb,o=firstrand:844
>


The message of the LOG event is: 'Central Admin or Central Support
Request: No Approval Needed'

Is the message encrypted in one of these fields?

Regards,
Craig Cikara


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Hi craig,

Most connectors fill s_RXBufferString but the AUDIT connector doesn't.
As you can see in your example the full message is in s_raw_message2
(which as far as I know is filled by every connector).
The message is already parsed in the different fields by the connector.
You can see what field is what in http://tinyurl.com/ck2vxe8.
Or you can look at the Novell_Identity-Manager_6.1r7.pdf (you can find
this on http://tinyurl.com/7zoyhsy).
Some fields seem to be encrypted (like D or T).
Best way to see them decrypted that I know of is probably debug the
collector.
Scroll down to the bottom and put a break before the line: if
(!(rec.normalize(curEvt) && rec.customParse(curEvt) &&
rec.postParse(curEvt)))
Click on play and generate an event. click on |> and look in the down
left panel to see the available fields in this.
These fields you can use in your customParse (use this.<fieldname>).
There probably is an other way to decrypt them but I don't know how at
the moment.
If you find a way please share.

Hope this helps,
Anco


--
jcvader1
------------------------------------------------------------------------
jcvader1's Profile: https://forums.netiq.com/member.php?userid=502
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Thanks again Anco,

Things are slowly getting clearer 🙂

I see in the raw data trap that there is a field called "D" and it
contains the same info that is in the D portion of the s_raw_message2
field -- http://tinypic.com/r/nlexiv/6

So I added the following line to the custom.js file:
> Record.prototype.customParse = function(e) {
> e.CustomerVar21 = this.D;
> return true;
> }


From what I understand from what you said in your first reply, this
should be correct right?
As since the field "D" is what I want to make the value of the field
CustomerVar21.
And since I am doing it this way, I dont need to use the customR2E.map
correct?

So I followed the documentation for customisation of collectors and in
the ESM console, I added the custom.js "aux" file to the Novell Identity
Manager collector and then put the collector in custom mode and
restarted the collector.

But nothing is showing in the CustomerVal21 field when I look at the
events through the Sentinel web front-end...
I must be doing something really wrong, because it seems pretty simple
to populate the custom fields right?

Again, thanks for your help and patience...
Craig


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Hi Craig,

Nice to see you are getting the hang of it.

As far as I can see you are doing it right.
One thing I noticed is that the D field can be up to 3k and I think the
customervar21 can only be 255 bytes (although I cannot find that
anywhere). You can notice this only in your collector_mgr0.0.log file.
The example you gave above isn't that big however.
So now it is time to look with the debugger what is going wrong.
Just stop the collector, right-click on it and select debug.
Press OK, Press play, scroll to the bottom and set a breakpoint before
the line if: (!(rec.normalize(curEvt) && rec.customParse(curEvt) &&
rec.postParse(curEvt)))
Press play again and wait until something gets in (or generate
something).
press |> once and select step over (the bended arrow over a tiny red
square) for a few times until you reach your code.
Now you can see in the bottom left screen what is in the D field.
Press step over once again so your line of code is processed and select
in the bottom right screen the tab evaluate.
type: e.CustomerVar21 <enter>
and see what is in the field.
Keep in mind that if you have a syntax error in the custom.js the
collector will run as 'release'.
Please post back the results.

Good luck,
Anco


--
jcvader1
------------------------------------------------------------------------
jcvader1's Profile: https://forums.netiq.com/member.php?userid=502
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Hi again Anco,

So now I understand what you mean when you say Debug... I was putting
the collector in Debug execution mode instead of running the collector
in Debug mode.

I followed your instructions to the tee a few times, but I do not see my
custom code anywhere... I searched the code that appears after the 1st
click of the play button for my code, but it is not there... It should
be right?

The collector's execution mode is "custom" and I have re-imported the
custom.js script to the collector and generated a few events, but I
still do not see my code anywhere.

Again, this is the only code that I have customised at the moment...
Record.prototype.customParse = function(e) {
e.CustomerVar21 = this.D;
return true;
}

Any other suggestions? Is there a way to check that the custom.js file
was properly imported?


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


I see from the console that the collector is running in release mode...

% this.CONFIG.params.ExecutionMode
release

I also see that the custom.js file is on the server in 2 places...
../opt/novell/sentinel6/data/collector_mgr.cache/collector_instances_pluggable/Novell_Identity_Manager_304D4110308C50000C2901F5AE/run6450251957278476757/custom.js
../opt/novell/sentinel6/data/collector_mgr.cache/collector_plugins/Novell_Identity_Manager_68F23102C9FAB005056C00008_554976498460438769/custom.js

I am going to re-create the custom.js file from scratch and try again.


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Nevermind the last post where I say it was running in release mode... I
set it to release 😕

Now its back to custom and I am stepping through the code in the debug
console...

> this.MAPS.TZMap=[];if(this.CONFIG.params.ExecutionMode=="custom"){var
> customFile=new
> File(this.CONFIG.collDir+"custom.js");if(customFile.isOpen()){try{eval(customFile.readFile());customFile.close();}catch(err){log("Could
> not read from custom parsing file:"+err,4,this.EVT);}}


this.CONFIG.params.ExecutionMode = custom
customFile.isOpen() returns false


> if(typeof this.customInit=="undefined"||typeof
> Record.prototype.customPreparse=="undefined"||typeof
> Record.prototype.customParse=="undefined"){this.CONFIG.params.ExecutionMode="release";log("Custom
> parsing file not found or not complete; reverting to release
> mode",4,this.EVENT&this.LOG);}}


all return as type "function"

> if(this.CONFIG.params.ExecutionMode!="custom"){Collector.prototype.customInit=function(){return
> true;}
> Record.prototype.customPreparse=function(e){return true;}
> Record.prototype.customParse=function(e){return true;}}


code not executed because this.CONFIG.params.ExecutionMode="custom"

So it looks to me like everything is working fine here...
I also noticed that when in running in Debug mode, a copy of the
collector is created on my machine, so "this.CONFIG.collDir+"custom.js""
points to the custom.js file on my machine, and that custom.js file
looks correct and has the customisations I made...
But I do not see it being executed anywhere...

Thanks AGAIN for the help! It is really appreciated!!!


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Hi Graig,

I have my sdk setup on a windows 2003 SP1 server. This server has by
default all .js executed by 'Microsoft (r) Windows Based Script Host'.
If I double click on the .js script it executes and reports an error.
If the error is 'Collector' is undefined then the code is OK, if not,
look at the line it reports and correct the error.
Thats how I check if the .js is OK.
As I siad it was installed like this by default, so I don't know what
software you have to install to get this.
It doesn't work on my Workstation.

I have checked the following custom.js and it should be OK:
// Javascript Collector Template 6.1
// Developed by Novell Engineering
Collector.prototype.customInit = function() {
// load additional maps, parameters, etc
return true;
}

Record.prototype.customPreparse = function(e) {
return true;
}


Record.prototype.customParse = function(e) {
e.CustomerVar21 = this.D;
return true;
}

If your brakepoint is on the line stated in the mail above, you can
check if it is still in cusom mode by evaluating
this.CONFIG.params.ExecutionMode

You are correct to conclude that in debug mode the collector code is on
your local machine.
The thing is that you can't find the code in the main.js and can see the
code only if it is executed by stepping into it.
Sadly we have connected our IDM yet, so I can't test it for you.

Good luck,
Anco


--
jcvader1
------------------------------------------------------------------------
jcvader1's Profile: https://forums.netiq.com/member.php?userid=502
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Thanks again Anco,

Your help is really appreciated.

I will continue to play around and hopefully get this working... Seems
like something really simple that I am missing...

I will post back once I have found what I am missing.

Regards,
Craig Cikara


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


I have tried to troubleshoot the code I did using the log() function as
below:


> Record.prototype.customParse = function(e) {
> e.CustomerVar21 = "hello";
> log("hello again");
> log(this.D);
> return true;
> }


This is the result in the log file:

> Apr 04, 2013 11:01:51 AM
> esecurity.ccs.comp.evtsrcmgt.collector.util.ScriptEngineContext log
> SEVERE: Novell Identity Manager(3B8B9D50-4D41-1030-8C50-000C2901F5AE)
> hello again
> Apr 04, 2013 11:01:51 AM
> esecurity.ccs.comp.evtsrcmgt.collector.util.ScriptEngineContext log
> SEVERE: Novell Identity Manager(3B8B9D50-4D41-1030-8C50-000C2901F5AE)
> undefined


so "this.D" is undefined... That at least points me in the right
direction...


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


One thing that springs to mind is, try: this.RXMap.D
Sometimes the RXMap structure is used for the fields.

Tomorrow I will be at a customer with audit running so I might have some
time to look at this.

Regards,
Anco


--
jcvader1
------------------------------------------------------------------------
jcvader1's Profile: https://forums.netiq.com/member.php?userid=502
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


I tried:

this.Data
this.D
this.RXMap.D
this.RXMap.Data

and none work...

However... this.message works... Yet message is not one of the fields I
see in the raw data trap... And I do not see how "message" is mapped to
anything other than "msg" in the mapping files.

It would be great if you have time at your client tomorrow.

Have a good day!
Craig


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Collector Customisation


Well...

I now tried: rec.RXMap.D and that gave me the message sting... (I looked
at the dirxml.js file)

> {"gid":"UserApp#UserStartWorkflow#635fb63a-6617-414d-86ce-e197136f1606","Data":"IN:cn=3810925,ou=users,ou=fnb,o=firstrand|"}


Now all I need to do is parse this using JSON and I will be able to get
the data out using jsonObj.Data, then I will use parseNVP("|", ":") to
get the fields out of Data and set those to the CustomerVal## fields I
need.

Once I am done I will upload what I did incase anyone else needs this
info...

Thanks again Anco!


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: https://forums.netiq.com/member.php?userid=506
View this thread: https://forums.netiq.com/showthread.php?t=47425

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.