By default,
OverTime will present a single master list of devices that it is monitoring for
all users to view.
When the
users are from different companies, the devices can be grouped by company and
access restricted.
To achieve
this configuration, OverTime requires
1)
Individual user account that limit access to OverTime.
2) A file
that defines the groups and users that have access to those groups
(security.xml)
Each user,
except for the 'admin' user, is associated with just one group.
The 'admin'
user has access to all groups and all devices.
The user's
group is shown in the output with the group's name as the user's home page in
OverTime.
Each device
should be represented in just one group and if not explicitly listed then the device
is treated as if it were listed in the default group.
Each group
can have color specifications that are used when drawing graphs.
Enabling security.
To enable
security the following steps need to be performed:
1)
Edit
overtime.cfg and add a new line like this:
Windows:
pwdfile C:\overtime\cfgs\overtime.pwd
Unix:
pwdfile \var\opt\overtime\cfgs\overtime.pwd
and save the file.
2)
Specify
the administration user name and password by running from the command line
‘adminuser’ which is in the cgi-bin directory of OverTime’s web server.
3)
At
this point, access to Overtime will be restricted to the created users.
4)
From
your browser go to URL /cgi-bin/adminuser?
5)
Log in
as the administrator you just created and create new users as required.
6)
If
per-device access is required, then in the overtime/cfgs directory create a new
file called security.xml
security.xml
Here is an example of that file
showing the layout:
|
<!--
this is the group file for OverTime. --> <!--
It has some restrictions above a normal xml file--> <!--
Each tag must start and finish on the same line--> <!--
Blanks can only proceed an opening tag --> <groups> <group name="Company One"> <users> <user>Co1User1</user> <user>Co1User2</user> </users> <hosts> <host name="Company One Main Router">NETic-Router</host> <host>Switch101</host> </hosts> <colors> <color>00F0FF</color> <color>0F8888</color> <color>888888</color> <color>0FF088</color> <color>0F88F0</color> </colors> <templates> <template
name="overtime">co1\overtime.xml</template> <template name="devmst">co1\devmst.xml</template> <template name="devdtl">co1\devdtl.xml</template> </templates> </group> <group name="Non Company one
Devices"> <users> <user>Co2User1</user> </users> <hosts> <host name="Main
server">host1</host> <host>IGateway</host> <host name="Backup
Server">host11</host> <host>router5</host> </hosts> </group> </groups> |
security.xml
tags
<groups>
<groups>
is the opening tag, which encapsulates everything up to the closing
</groups> tag.
<group>
There can
be one or more <group> tags defined. Each <group> tag defines a new
group and it has an optional name parameter. <group> tags can not be
nested and must end with </group>
<users>
The
<users> tag is mandatory and defines the list of users that have access
to this group.
<user>
Each
<user> tag must be enclosed within a <users> tag group. Each
<user> tag has a user name (case sensitive) that permits that user to
view the hosts for this group. You should have already defined the user name
with ‘adminuser’.
<hosts>
The
<hosts> tag is mandatory and defines the list of hosts that are in this
group.
<host>
Each
<host> tag must be enclosed within a <hosts> tag group. Each
<host> tag defines a host (case sensitive) that is in this group. An
optional name within the group tag is the alias that will be shown on the main
page for the device rather than actual real name.
<colors>
The colors tag is optional and defines the list of graph colors to be
used when drawing graphs for the devices in that group. If the <colors>
tag is present within a group then it MUST be defined after both the
</users> and </hosts> tag.
<color>
Each
<color> tag must be enclosed within a <colors> tag group. Each
color is a hex string (6 hex digits in three pairs, defining red green and
blue) ie: 00FF00 would be pure green.
The first
color defined will be used for color 1, the second definition will be used for color
2 etc.
How are
these colors used?
OverTime
produces four types of graphs, IO, IO Errors, PingTime and General.
The first
color is used in an IO graph for output octets and for a PingTime graphs
minimum response time (default is blue).
The second
color is used for PingTime graphs where it represents the average values
(default red).
The third
color is used in IO and PingTime graphs. The IO graph uses it for input octet
measurement and the PingTime graphs use it to represent maximum values (default
green).
The fourth
color is used in IO Error graphs to represent In Errors (default yellow).
The fifth
color is used in IO Error graphs to represent Out Errors (default cyan).
General
graphs use colors 1-54 for each of the values they graph.
|
Color |
IO |
IO Errors |
PingTime |
General |
|
1 |
Out |
|
Min |
Line 1 |
|
2 |
|
|
Average |
Line 2 |
|
3 |
In |
|
Maximum |
Line 3 |
|
4 |
|
In Errors |
|
Line 4 |
|
5 |
|
Out Errors |
|
Line 5 |
|
6 |
|
|
|
Line 6 |
|
… 54 |
|
|
|
… Line 54 |
Colors 1-54
are used for general graphs.
<templates>
The <template>
tag is optional and defines the list of output templates that are to be used by
this group.
<template>
Each <template>
tag must be enclosed within a <templates> tag group. Each <template>
tag defines an output template that will be used instead of the default output.
The three possible names are ‘overtime’, ‘devmst’ and ‘devdt’. In the example,
these templates live in a directory ‘co1’ that would be created under the cfgs
directory of OverTime.
Combining ‘Output Templates’ and ‘Security for OverTime’ means you can configure each group of users to have their own customized output. This is ideal for an ISP who has 1 copy of OverTime and wants to provide customer branded reporting and secure access.