EVENT SYSTEM II v2.7 Copyright (c)1993/94 Roy Coates 1. WHAT IS THE EVENT SYSTEM? The event system provides a simple means to monitor DOS based system events in a way which should generally be transparent to users of the system. There are two main programs in the event package, event.exe which actually logs an event to the log file events.sys - and eventman.exe which is used to extract information from the log file and to provide various management tools. 2. INSTALLATION - WHAT GOES WHERE. Installation should be very simple. The event.exe file must be placed somewhere in every users path - SYS:PUBLIC is recommended. Eventman.exe is only intended to be used by privileged users and so may best be placed in SYS:SYSTEM. The log file 'event.sys' must reside in the directory SYS:EVENTS. *** SEE "QUICK INSTALL" BELOW *** 3. EVENT.EXE Event.exe takes a single argument from the command line (the name of the event) which may be up to 15 characters long, spaces are ignored and the argument will be converted to upper case. If no event name is given, a message is sent to the console to inform the system administrator since the chances are that unauthorised use is being made of the event.exe program. One of the most useful uses for event.exe is to place it in the system login script ie:- #event LOGIN to monitor user logins. Event.exe may also be placed in batch files used to call applications to monitor application usage. For example, to monitor usage of Word-Perfect, rename the original WP.EXE file to something like XWP.EXE and create a batch file called WP.BAT which may contain:- @ECHO OFF event WORD-PERFECT capture /que=laser /notab /noformfeed /form=1 XWP Many system administrators already use batch files to call applications in order to set up printer re-direction as in the above example so adding the call to event.exe is really very easy. As an added precaution if event monitoring is to be kept hidden from users, use a propietary .bat to .com file convertor and hide the .bat file from the users. Event.exe will write to the log file the following information: 1. The event name. eg:- LOGIN 2. The Username. eg:- ELEC15 3. The User's Real Name eg:- John Doe 4. The date and time from the File Server. 5. The users ethernet address. The data is encoded and slightly compressed with a checksum to help detect tampering or file errors. In the event that another user is currently writing an event to the log file at the same time, event.exe will wait for approximately 2-3 seconds trying to access the log-file before sending a message to the console terminal to inform the system administrator that it could not gain access to the file, and then exits quietly allowing the user to continue unaware of the situation. 4. EVENTMAN.EXE Eventman provides both the tools necessary to manage the event log and to extract information from it. The program is all menu driven and should be self explanatory in its use. 5. QUICK INSTALL a) Copy EVENTMAN.EXE to SYS:SYSTEM b) Copy EVENT.EXE to SYS:PUBLIC c) Create a directory SYS:EVENTS and make it available to all users. d) Run EVENTMAN and create a new event file. e) add the line: #event LOGIN to the system login script. Event is now installed and active for trapping system LOGINS. 5. COPYRIGHT AND *IMPORTANT* NOTES This software is given freely for non-profit use. This version has been released far earlier than intended due to popular request (leave my mailbox alone ;-) and eventman.exe will shortly be replaced by a far superior version currently being tested. No warranties are given and if this software turns your hair green or trashes your system - don't look at me. However, this system has been in use here on a Novell 3.11 system for nearly two years. In the last 6 months it has logged over 35,000 events without any problems. The size of the log file for 35,000+ events is 2.5Mb. Not all of the options in eventman are available since I dropped development of version 2 when I had a flash of inspiration and started work on version 3 which will be available soon. Please mail any bug reports, suggestions etc to roy@mechnet.liv.ac.uk In fact, if you find a use for this software - send me some encouragement!! - END -