check point™ amon (application monitoring)read.pudn.com/downloads142/doc/614417/amon.pdf · 2006....

OPSEC

Check Point™ AMON (Application Monitoring)

OPSEC SDK 6.0

May 2006

© 2003-2006 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

©2003-2006 Check Point Software Technologies Ltd. All rights reserved.

Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935 and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications.

For third party notices, see “THIRD PARTY TRADEMARKS AND COPYRIGHTS” on page 135.

Table of Contents 5

Contents

Preface Who Should Use This Guide................................................................................ 8What Typographic Variations Mean ...................................................................... 9Summary of Contents ....................................................................................... 11...................................................................................................................... 12

Chapter 1 Introduction Overview ......................................................................................................... 14Programming Model ......................................................................................... 15

Threads ..................................................................................................... 15Defining the AMON Service ......................................................................... 15AMON data model ...................................................................................... 15AMON Communication Protocol ................................................................... 18AMON Client .............................................................................................. 20AMON Server.............................................................................................. 21OPSEC OID Tree......................................................................................... 21

AMON API Overview......................................................................................... 29

Chapter 2 Vendors Private Schema Vendors Private Schema ................................................................................... 36

Schema Format Definitions.......................................................................... 36Block Definition.......................................................................................... 38Branch Definition ....................................................................................... 39Node Definition .......................................................................................... 40Simple OID Definition ................................................................................. 41Table Definition.......................................................................................... 43Porting Private Schema ............................................................................... 46

Chapter 3 Server API Functions Function Calls ................................................................................................. 48

Oid API...................................................................................................... 48OidRep API ................................................................................................ 56AmonRequest API....................................................................................... 62AmonRequestIter API.................................................................................. 63AmonReply API .......................................................................................... 65AmonReplyIter API ..................................................................................... 70Server API.................................................................................................. 71

Event Handlers ................................................................................................ 73AMON_REQUEST_HANDLER....................................................................... 73AMON_CANCEL_HANDLER ......................................................................... 74

Index...........................................................................................................81

7

Preface PPreface

In This Chapter

Who Should Use This Guide page 8

What Typographic Variations Mean page 9

Summary of Contents page 11

Who Should Use This Guide

8

Who Should Use This GuideThis document describes the AMON (Application Monitoring).

This API specification is written for developers who write software to enhance the network security provided by VPN-1.

It assumes that you have read the Check Point OPSEC API Specification.

It also assumes that you have a basic understanding and a working knowledge of the following:

• system and network security

• the VPN-1 product

• system and network administration

• the C and/or C++ programming language

• the Unix or Windows operating system

• Internet protocols

What Typographic Variations Mean

Preface 9

What Typographic Variations MeanThe following table describes the typographic variations used in this book.

TABLE P-1 Typographic Conventions

Typeface or Symbol Meaning Example

AaBbCc123 The names of commands, files, and directories; on-screen computer output; code

Edit your .login file.Use ls -a to list all files.machine_name% You have mail.session = sam_new_session (client, server);

AaBbCc123 same as above, but with emphasis

session = sam_new_session (client, server);

Save Text that appears on an object in a window

Click on the Save button.

<your text> Replace the angle brackets and the text they contain with your text.

Edit the file <FWDIR>\lib\yourfile.xx

.

.

.

Lines of data or code omitted from example

line 1line 2...line n

What Typographic Variations Mean

10

[item] The item is optional.

dir [/o]

[item1] ... [item2] List of optional items

dir [/o] [/w] [/s]

item1 | item2 | item3 Choose one of the items.

copy infile1 | infile1 + infile2 |infile1 + infile2 + infile3 outfile

italic Specific values will be shown in italics

one of addnet | addapp

TABLE P-1 Typographic Conventions(continued)

Typeface or Symbol Meaning Example

Summary of Contents

Preface 11

Summary of ContentsThis guide contains that following chapters:

Chapter Description

Chapter 1, “Introduction”

Chapter 2, “Vendors Private Schema”

Chapter 3, “Server API Functions”

13

Chapter 1Introduction

In This Chapter

Overview page 14

Programming Model page 15

Defining the AMON Service page 15

AMON data model page 15

AMON Communication Protocol page 18

AMON Client page 20

AMON Server page 21

OPSEC OID Tree page 21

AMON API Overview page 29

Overview

14

OverviewCheck Point’s OPSEC (Open Platform for Security) integrates and manages all aspects of network security through an open, extensible management framework. Third party security applications can plug into the OPSEC framework via published application programming interfaces (APIs). Once integrated into the OPSEC framework, all applications can be configured and managed from a central point, utilizing a single Security Policy editor.

This document describes the AMON (Application Monitoring), which enables third party applications to export their status to VPN-1.

Programming Model

Chapter 1 Introduction 15

Programming Model

ThreadsAMON API Multithread level is “reentrant”. This means that:

• Multiple threads may use the AMON API concurrently.

• Multiple threads may not share data generated by AMON API

For more information, see “Multithreaded OPSEC Applications” in the Check Point OPSEC API Specification.

Defining the AMON ServiceAMON (Application MONitoring) Service enables network applications to report their status to Check Point management. Status information is available to be fetched either by a CPMI Client or by the Check Point Status Monitoring Application (see the “OPSEC CPMI API Specification”).

The AMON service has 4 components:

• AMON data model

• AMON Communication Protocol

• AMON Server

• AMON Client

AMON data modelThe data in the AMON data structure is organized in a multi-leaf tree. Each node in the tree is designated by an OID (Object ID), which is a series of non zero positive integers. In ASCII, OID is represented as a dot-separated series of numbers (e.g. - 1.3.6.1.4.2620.1.2). The OID 1.3.6 is said to be "under" 1.3 or contain 1.3 (for more information about OID order see "OID Order" below).

Values can be held only in leafs, and not in nodes. For example, if 1.3.5 has a value, then 1.3 and 1 are nodes, which can’t have values.

An organization wishing to expose data using AMON, may want to apply to a public commitee, (IANA), to get a Private Enterprise Number in the global tree under 1.3.6.1.4.1. (e.g. iso.org.dod.internet.private.enterprise). It will then be considered

AMON data model

16

as the private territory of the organization. Under that sub-tree the organization is free to expose any data it wishes. The organization can make this sub-tree public, by publishing a schema file that describes the structure of the sub-tree.

To define an AMON schema one should define the OIDs in this schema and for each OID define a name, value type and display string. It is enough to define the leaves. Consider the following AMON server data tree:Figure 1-1 Example of an AMON server data tree

Then the schema would look like Table 1-1

AMON TablesIn some cases it is necessary to define multiple values for an OID. This type of schema is called a table. A table has the following properties:

• A table has one or more columns. Each has its own OID.

• One of these columns is considered as an “index column”, which forms the “table index”.

• The table index has a unique value for each “row”.

• The value of a specific “cell” can not be held in the OID of it’s column; there are multiple cells in each column so the value of a cell is held in an OID. This OID is a combination of the column OID and a sub-OID which encodes the index of the new row.

• AMON supports only integer columns as indexes.

Table 1-1 Simple Schema Definition

OID Name Value Type Display String

35.1 appStatus string Application status

35.2.1

appName string Application name

35.2.2

appVersion integer Application version

35 appSta tus(1 )

appN am e(1)2

appVers ion(2 )

AMON data model


• The OID of columns are always placed 2 OID levels “below” the table OID. This is in order to allow the definition of a logical “table entry” entity in the schema (between the table OID and the column OIDs), whose only purpose is to specify which are the index columns. The sub-OID of the table entry is usually “1”.

Suppose we have the following table definitions:

Table OID = 56.32

Table Entry OID = 1

Column “Serial” OID = 1,type=integer

Column “Name” OID = 2,type=string

Column “Money” OID = 3,type=integer

In this example “Serial” will serve as the index column.

The schema of the table would look like Table 1-2

OID Order and ContainmentOID's can be ordered in lexicographic order. One OID can contain another OID.

Lexicographic Order and Containment Rules

Table 1-2 Simple Table Schema Definition

OID Name Value Type Display String

56.32.1.1 Serial integer Index

56.32.1.2 Name string Name

56.32.1.3 Money integer Bank Account Balance

Table 1-3 Lexicographic Order and Containment Rules

first OID second

OID

order rule containment rule

1.2.3, 1.2.2 1.2.2 is before 1.2.3 no containment

1.2.3, 1.2.3.4 1.2.3 is before 1.2.3.4 1.2.3.4 contains 1.2.3

AMON Communication Protocol

18


The Protocol

The communication protocol of AMON presents a request-reply mechanism. The request is simply a list of OID's to retrieve (see “AmonRequest”” Content on page 31). The reply is a list of reply items, each of which specifies: the OID for which it replies, the value found for this OID, the type of the value, and an optional error status (see “AmonReply”” on page 31).

Amon Scope TypesThe AMON protocol specifies that for each OID found in the request, the AMON server has to reply with OIDs, which are equal or "under" the OID based on the scope of the request. Amon supports three scope types (see “AmonRequest”” Content on page 31):

All– client expects to get all leaves which are successors of this OID

One– client will only get this OID

Next– starting from this OID the client expects to get only the next leaf OID

For example, if an AMON server has the following data tree:Figure 1-2 Example of an AMON server tree

1.2, 1.2.1.2 1.2 is before 1.2.1.2 1.2.1.2 contains 1.2

1.2.3, 1.2.3 identical identical

1.2, 2.3 1.2 is before 2.3 no containment

Table 1-3 Lexicographic Order and Containment Rules

first OID second

OID

order rule containment rule

32 1, value = “Abba”

1, value = “U2”2

2, value = 3



Simple Queries

Request with scope “all”

OID = 32.1

OID = 32.2

Request with scope “one”

OID = 32.1

OID = 32.2

Request with scope “next”

OID = 32.1

Querying TablesQuerying tables works just like any other query. The reply still consists of leaves that have values. OIDS are returned in lexicographic order meaning column after column rather then row after row. The client knows that the OIDs are part of a table and therfore can build the table row by row.

Table 1-4 Reply Results for Scope “all”

Value OID Value Type Status

Abba 32.1 String OK

U2 32.2.1 String OK

3 32.2.2 Number OK

Table 1-5 Reply Results for Scope “one”


Abba 32.1 String OK

None 32.2 String Not Found

Table 1-6 Reply Results for Scope “next”


Abba 32.2.1 String OK

AMON Client

20

Consider the table schema definition from Table 1-2 the “Simple Table Schema Definition”. Assuming the values in Table 1-7 below populate this table

and that the scope is “all” and the request if for “OID 56.32.1”, the values that will be returned by an AMON server for Table 1-7 are liste in below.

AMON ClientAn AMON Client is an application, which send AMON requests to AMON servers, and handles the replies when they arrive from the server. The only AMON client is the Check Point SmartCenter Server. Check Point SmartCenter Server builds requests based on a predefined schema and exports the results through CPMI (Check Point Management Interface). The AMON client might limit the size of the reply by setting the size argument in the request (see “AmonRequest”” Content on page 31). If the server sends data beyond the limit, the client might drop the reply.

Table 1-7 Querying Tables Population

Serial Name Money

1 George -1000

2 Kim 3200

3 Bill 5700

Table 1-8 Querying Tables Example Results

OID Value Value Type Status

56.32.1.1.1 1 Integer OK

56.32.1.1.2 2 Integer OK

56.32.1.1.3 3 Integer OK

56.32.1.2.1 George String OK

56.32.1.2.2 Kim String OK

56.32.1.2.3 Bill String OK

56.32.1.3.1 -1000 Integer OK

56.32.1.3.2 3200 Integer OK

56.32.1.3.3 5700 Integer OK

AMON Server


AMON ServerAn AMON Server is an application, which waits for AMON requests, produces replies, and sends them back to their initiator. The OPSEC package contains an API for implementing an AMON server.

The server might send the whole reply at once or it might split the reply into a few replies. In the former case the server should mark the reply as “last reply” and in the later, it should mark the reply as “not last reply” (see “AmonReply”” Content on page 31). The server might get a cancel request which notifies it that the reply for a certain request is no longer needed. In this case the server can drop the request.Figure 1-3 AMON Configuration

OPSEC OID TreeCheck Point’s Private Enterprise Number is 2620.

The OID is 1.3.6.1.4.1.2620.

• iso(1).

• org(3).

• dod(6).

• internet(1).

• private(4).

• enterprises(1).

• checkpoint(2620)

ManagementStation

AMON ClientMIB

OPSECApplication

AMON ServerSystem Status

Viewer

CPMI ClientCPMI Server

The Management Stationprovides application status info

on request to CPMI Clients.

The Management Stationqueries the OPSEC application

for its status.

OPSEC OID Tree

22

This sub-tree has two sub-trees: Checkpoint.1 is Checkpoint products (e.g. checkpoint.1.1 is FireWall-1, checkpoint.1.2 is VPN-1) and checkpoint.2 is OPSEC which is the entry point for OPSEC applications.Figure 1-4 The Check Point sub-tree

OpsecGenericStatus Schema

Figure 1-5 opsecGenericStatus Fields

Iso(1) Internet(1) Private(4) Enterprises(1) Checkpoint(2620)

Products(1) Opsec(2)

Org(3) Dod(6)

opsec(2)

opsecStatus(1)

opsecGenericStatus(1)

opsecCvpStatus(2)

opsecUfpStatus(3)

opsecLeaStatus(4)

opsecSamStatus(6)

opsecElaStatus(5)

opsecCpmiStatus(7)

OPSEC OID Tree


Entry point OID 1.3.6.1.4.1.2620.2.1.1

Table 1-9 opsecGenericStatusFields

Name OID Value

Type

OPSEC VT Type Description

statusOK 1 Integer

OPSEC_VT_I32BIT 0 if the status of the application is OK, otherwise non-zero.

statusDescription 2 String OPSEC_VT_STRING Text description of the status of the application.

opsecVendor 3 String OPSEC_VT_STRING Text description of the status of the application.

opsecProduct 4 String OPSEC_VT_STRING The product name.

opsecProductVersion 5 String OPSEC_VT_STRING The product version.

opsecSdkVersion 6 String OPSEC_VT_STRING The OPSEC SDK version.

opsecSdkBuildNumber

7 Integer

OPSEC_VT_UI32BIT OPSEC SDK build number.

opsecAppUpTime 8 Integer

OPSEC_VT_UI32BIT The number of seconds since the application started as returned by the ANSII C function time().

OPSEC OID Tree

24

OpsecCvpStatusSchema

Entry point OID 1.3.6.1.4.1.2620.2.1.2

OpsecUfpStatusSchema

Entry point OID 1.3.6.1.4.1.2620.2.1.3

Table 1-10 opsecCvpStatusFields

Name OID Value

Type


cvpItemsModified 1 Integer OPSEC_VT_UII32BIT The number of the sessions that modified the content.

cvpItemsNotModified 2 Integer OPSEC_VT_UII32BIT The number of the sessions that did not modify the content.

cvpItemsReplaced 3 Integer OPSEC_VT_UII32BIT The number of the sessions that replaced the content.

cvpItemsNotSafe 4 Integer OPSEC_VT_UII32BIT The number of the sessions where the content was not safe.

cvpItemsSafe 5 Integer OPSEC_VT_UII32BIT The number of session where the content was safe.

OPSEC OID Tree


Figure 1-6 OpsecUfpStatus Schema Image

Table entry point OID 1.3.6.1.4.1.2620.2.1.3.1.1

OpsecLeaStatusSchema

Entry point OID 1.3.6.1.4.1.2620.2.1.4Figure 1-7 OpsecLeaStatusSchema Image

Table 1-11 ufpEntry Fields

Name OID Value

Type


ufpIndex 1 Integer OPSEC_VT_UI32BIT Index for the table.

ufpCategoryName 2 String OPSEC_VT_STRING The category name.

ufpCategory Matched

3 Integer OPSEC_VT_UI32BIT The number of requests that matched this category.

opsecUfpStatus(3)

ufpEntry(1)

ufpTable(1)

opsecLeaStatus(4)

leaEntry(1)

leaTable(1)

OPSEC OID Tree

26


OpsecElaStatusSchema

Entry point OID 1.3.6.1.4.1.2620.2.1.5Figure 1-8 OpsecElaStatus Schema Image


Table 1-12 leaEntry Fields

Name OID Value

Type


leaIndex 1 Integer OPSEC_VT_UI32BIT Index for the table.

leaServer 2 String OPSEC_VT_STRING The host name of the LEA server.

leaLogsRead 3 Integer OPSEC_VT_UI32BIT The number of logs read from this server.

opsecElaStatus(5)

elaEntry(1)

elaTable(1)

Table 1-13 ela Entry Fields

Name OID Value

Type


elaIndex 1 Integer OPSEC_VT_UI32BIT Index for the table.

elaServer 2 String OPSEC_VT_STRING The host name of the ELA server.

elaLogsWritten 3 Integer OPSEC_VT_UI32BIT The number of logs written to this server.

OPSEC OID Tree


OpsecSamStatus Schema

Entry point OID 1.3.6.1.4.1.2620.2.1.6Figure 1-9 OpsecSamStatus Schema Image


OpsecCpmiStatus Schema

Entry point OID 1.3.6.1.4.1.2620.2.1.7

opsecSamStatus(6)

samEntry(1)

samTable(1)

Table 1-14 samEntry Fields

Name OID Value

Type


samIndex 1 Integer OPSEC_VT_UI32BIT Index for the table.

samServer 2 String OPSEC_VT_STRING The host name of the SAM server.

samInhibitReq 3 Integer OPSEC_VT_UI32BIT The number of ”Inhibit” requests to this server.

samNotifyReq 4 Integer OPSEC_VT_UI32BIT The number of ”Notify” requests to this server.

samDeleteReq 5 Integer OPSEC_VT_UI32BIT The number of ”Delete” requests to this server.

samCancelReq 6 Integer OPSEC_VT_UI32BIT The number of ”Cancel” requests to this server.

samClosedConn 7 Integer OPSEC_VT_UI32BIT The number of ”Close Connection” requests to this server.

OPSEC OID Tree

28

Figure 1-10 OpsecCpmiStatus Schema Image


OPSEC Schema Mandatory FieldsOPSEC defines mandatory fields which vendors should support if they support AMON in their applications. The vendors should support the opsecGenericStatus variables as well as any other supported OPSEC service status variables. For example, if the vendor supports ELA and CVP, they should also support opsecCvpStatus and opsecElaStatus variables. Vendors might also support their own schema (see Vendors Private schema on page 36).

Table 1-15 cpmiEntry Fields

Name OID Value

Type


cpmiIndex 1 Integer OPSEC_VT_UI32BIT Index for the table.

cpmiServer 2 String OPSEC_VT_STRING The host name of the CPMI server.

cpmiDbMode 3 String OPSEC_VT_STRING The Database Open mode eg. “Write”, “Read Only” etc.

opsecCpmiStatus(7)

cpmiEntry(1)

cpmiTable(1)

Note - OIDs that represent counters assumed to reset their count at application start.

AMON API Overview


AMON API Overview

AMON Server Application

EventsThe AMON Server responds to the events listed in Table 1-16 A response is handled by the event handler (callback) function set in the call to opsec_init_entity for that event.

Event Handler FunctionsThe event handlers functions are written by the AMON Server developer. These handlers should return one of the following values (for more about information about Event handlers see “Event Handlers” on page 73).

An AMON Server’s main function should proceed as illustrated below:

Table 1-16 AMON Server Events

Event

Description

Handler Reference

New request arrived

AMON_REQUEST_HANDLER Event Handler for the AMON_REQUEST event page 29

Cancel request arrived

AMON_CANCEL_HANDLER Event Handler for the AMON_CANCEL_REQUEST event page 29

Table 1-17 Values Returned by Event Handlers

Value Meaning

OPSEC_SESSION_OK The session can continue.

OPSEC_SESSION_END The session will be closed.

OPSEC_SESSION_ERR The session will be closed because of an error.

AMON API Overview

30

Figure 1-11 AMON Server Application Structure

mainloop

Handler forEvent #1

Handler forEvent #2

EVENT #1 EVENT #2

initialize OPSECenvironment

initialize AMON Server

entity

start themain loop

start the ServerAMON

free OPSECenvironment

free the Server

entityAMON

AMON API Overview


Data Structures

AmonRequestAmonRequest includes the following information:

• list of OID's (one or more).

• search scope (see below) - the AMON client adds to each request a search scope. This might be one of the following values:

AmonScope_GetAll– client expects to get all leaf successors of this OID.

AmonScope_GetOne–client expects to get this OID only.

AmonScope_GetNext– client expects to get only the next leaf of this OID

• size limit - client expect server to send in the reply OID's up to this limit (Default = 500; 0 = no limit)

AmonReplyAmonReply includes the following information:

• List of OidRep's (one or more) – see OidRep Content (page 17).

• Error code for the whole reply. One of the following values

AmonError_OK

AmonError_Fail

Table 1-18 AMON use the following objects as its data structures:

Object Definition page

AmonRequest Holds the request from the client to the server.

page 31

AmonReply Holds the reply from the server to the client.

page 31

OidRep Building blocks for AmonReply. page 32

Oid Object that represent OID. page 32

Opsec_value_t Object to hold many types of data. page 32

Note - All of these objects have functions to create, destroy and manipulate them

AMON API Overview

32

• Last reply marker (see below)

LastReply_False

LastReply_True

Server should send a reply to the client with one of the following:

• LastReply_False - if the reply for a request is partial result and more replies will be sent soon for a that request.

• LastReply_True - if the reply is complete.

OidRepOidRep includes the following information:

• Oid

• Error code for this OID- this should be one of the following values:

OidErr_Ok

OidErr_NotFound

• Value – see below opsec_value_t

Opsec_value_tAMON use virtual types of data with objects to hold these data types. The table below lists all the valid types used by AMON:

Table 1-19 Valid Types of Data Used by Amon

Virtual Type Actual Type Comments

OPSEC_VT_NONE None

OPSEC_VT_I16BIT Signed short

OPSEC_VT_I32BIT Signed integer

OPSEC_VT_I64BIT Signed 64 bit number

OPSEC_VT_UI16BIT Unsigned short

OPSEC_VT_UI32BIT Unsigned integer

OPSEC_VT_UI64BIT Unsigned 64 bit number

AMON API Overview


For further information on opsec_value_t refer to “Opsec Value Tyes” in the “OPSEC API Specification”.

AMON Client ToolThe OPSEC SDK Next Generation includes amon_client, an AMON testing tool that enables testing of an AMON Server without VPN-1. The tool is contained in the OPSEC SDK Next Generation package.

The Amon Client queries the Amon Server and prints the results to stderr.

Syntax

amon_client [options] <list of oid’s>

OPSEC_VT_IP IP address Network Order

OPSEC_VT_BUFF Array of characters

OPSEC_VT_STRING NULL terminated buffer

OPSEC_VT_IPV6 Type that represents Ipv6

Table 1-19 Valid Types of Data Used by Amon

Virtual Type Actual Type Comments

AMON API Overview

34

Arguments

Table 1-20 AMON Client Tool Arguments

Argument Meaning

Options Any of the following:

Option Meaning

-s scope One of the following

All client expects to get all leaves which are successors of this OID

One client will only get this OID

Next starting from this OID the client expects to get only the next leaf OID

Options (Cont.)

-t timeout Client side timeout for all operations (in mili-seconds). The default is 0, no time out.

-r reply mode One of the following

all accept all the results (default)

partial accept partial results

-l size limit The default is 500. 0 means no size limit.

-h host The Server’s IP address in dotted format. The default is 127.0.0.1

-p port The Server’s Port. The default is 18193

list of OID’s The list of OID’s to retrieve.

35

Chapter 2Vendors Private Schema

In This Chapter

Vendors Private Schema page 36

Schema Format Definitions page 36

Block Definition page 38

Branch Definition page 39

Node Definition page 40

Simple OID Definition page 41

Table Definition page 43

Porting Private Schema page 46

Vendors Private Schema

36

Vendors Private SchemaAMON allows vendors to export their private schema. This schema needs to be imported into the Check Point schema before it can be used. After it has been imported, based on this schema, the AMON client (ie, VPN-1 SmartCenter Server) will query the AMON server.

To import a private schema definition to Check Point’s schema (which resides on the VPN-1 SmartCenter Server), AMON supports a private schema file with a specific format. An import tool uses this file as an input to port the schema (with a compatible format) into the Check Point schema (see “Porting Private Schema”” below).

Schema Format DefinitionsThe schema file is composed of a file header and one or more blocks. Each block represents a complete product schema definition. This definition can be referenced using its identifier, from the Policy Editor when the product is defined as an OPSEC application (see “Defining OPSEC applications” in the “Check Point SmartCenter Guide”). Blocks are composed of one or more branches. Each branch contains definitions of simple OIDs, nodes and tables. Nodes may contain simple OIDs, other nodes and tables. Tables contain columns.

Tokens are composed of letters, digits and underscore characters. All white space characters except newline are ignored unless they are placed in quoted strings (““). Tokens are separated by comma characters (,). Token’s identifier have to be unique within the scope of the schema file.

Schema Format Definitions

Chapter 2 Vendors Private Schema 37

For example

File Header

Block

Branch

Simple-OID and/or Node and/or Table

End-Branch

End-Block

Table 2-1 Header Tokens

Token Arguments

Meaning of Arguments Comments

START-FILE-HEADER

None

FILE-TYPE File Type The type of this file. Should be: MIB-DEFINITION.

VERSION Version The version of this file. Should be:5.0.

END-FILE-HEADER None

START-FILE-HEADER

FILE-TYPE, MIB-DEFINITION

VERSION, 5.0END- FILE-HEADER

Block Definition

38

Block Definition

For example:

Table 3:

Token Arguments Meaning of Arguments Comments

START-BLOCK

None

BLOCK-NAME

Identifier Identifier for this block. The one word token that should start with a lower case letter.

Display String String to display with this block.

A quoted string.

IMPLEMENT Implement Comma separated list of the OPSEC APIs that the application supports.

One or more of: CVP, UFP, LEA, ELA, SAM, CPMI.

END-BLOCK None

START-BLOCK

BLOCK-NAME, myStatus, “My Status”

IMPLEMENT,CVP, CPMI, ELA

…END-BLOCK

Branch Definition


Branch Definition

For example

Table 2-1 Branch Tokens


START-BRANCH

Identifier Identifier for this branch. The one word token that should start with a lower case letter.

Display String

String to display with this branch.

A quoted string.

OID The absolute OID of the branch.

END-BRANCH

None

START-BLOCK



START-BRANCH, myFirstBranch, “My First Branch”, 1.2.34

…

END-BRANCH

END-BLOCK

Node Definition

40

Node Definition

For example

Table 2-2 NODE Tokens


START-NODE

Identifier An identifier for this node. The one word token, should start with lower case letter.

Display String

The string to display with this branch.

A quoted string.

OID The relative OID of the Node.

END-NODE None

START-BLOCK




START-NODE, myFirstNode, “My First Node”, 4

…

END-NODE

END-BRANCH

END-BLOCK

Simple OID Definition


Simple OID DefinitionTable 2-3 Simple OID Tokens


SIMPLE-OID

Identifier An identifier for this OID. The one word token, should start with lower case letter.

Display String The string to display with this OID.

A quoted string.

OID The relative OID of this OID.

Value Type The value type. One of: UINT16, INT16, UINT32, INT32, UINT64, INT64, IP, STRING

Mandatory Optional attribute: Is this OID mandatory or optional.

One of: MANDATORY, OPTIONALDefault = MANDATORY

Simple OID Definition

42

For example

START-BLOCK





SIMPLE-OID, myFieldName, “My FieldName”, 1, STRING

SIMPLE-OID, myFieldNumber, “My Field Number”, 2, UINT16

END-NODE

SIMPLE-OID, myName, “My Name”, 10, STRING, OPTIONAL

SIMPLE-OID, myNumber, “My Number”, 11, UINT32

END-BRANCH

END-BLOCK

Table Definition


Table DefinitionTable 2-4 TABLE Tokens


START-TABLE

Table Identifier An identifier for this table.

The one word token, should start witha lower case letter.

Table Display String The string to display with this table name.

A quoted string.

OID The relative OID.

Entry Identifier An identifier for this table entry.

The one word token, should start with lower case letter.

Entry Display String The string to display with this entry name.

A quoted string.

OID The relative OID to the table entry.

Table Definition

44

COLUMN

Identifier The identifier for this column.

The one word token, should start with lower case letter.

Display String The string to display with this OID.

A quoted string

OID The relative OID of this OID.

Value Type The value type. One of: UINT16, INT16, UINT32, INT32, STRING.

Index For index column this is the index number.

Must be an integer. 0 means not an index column.

END-TABLE

None

Table 2-4 TABLE Tokens

Table Definition


For example

START-BLOCK





SIMPLE-OID, myFieldName, “My Node Name”, 1, STRING

SIMPLE-OID, myFieldNumber, “My Node Number”, 2, UINT16

START-TABLE, nodeTableName, “My Node Table”, 3, nodeEntryName, “My Node Entry”, 1

COLUMN, myTableIndex, “Index”, 1, UINT32, 1

COLUMN, myName, “My Name”, 2, STRING, 0

COLUMN, myNumber, “My Number”, 3, INT32, 0

END-TABLE

END-NODE

SIMPLE-OID, myName2, “My Name2”, 10, STRING, OPTIONAL

SIMPLE-OID, myNumber2, “My Number2”, 11, UINT32

START-TABLE, otherTableName, “My Table”, 21, otherEntryName, “My Entry”, 1

COLUMN, otherIndex, “Other Index”, 1, UINT32, 1

COLUMN, otherName, “My Other Number”, 2, INT32, 0

END-TABLE

END-BRANCH

END-BLOCK

Porting Private Schema

46

Porting Private SchemaIn order to port the AMON schema (definition described in “Schema Format Definitions””) to a Check Point schema, a command-line tool is supplied in the VPN-1 package called "amon_import". Run it on SmartCenter Server with root permissions. Its output is a modification of the Check Point schema that takes effect after re-running the Check Point AMON (Application Monitoring) service.

UsageThe format of the command line is as follows:

amon_import [-force] [-nochange] [-delete] input_file

The program exits with a non-zero code upon failure. The default invocation has no parameters and ports the scheme for the first time. If the program is run again, it will exit with error, with a prompt stating that the schema was already ported.

To delete the existing entry run the program with the -delete parameter. To force an override of the existing entry, use the -force parameter. Use the -nochange parameter to check the validity of the input file as well as the validity of the whole porting process.

Table 2-5 amon_import parameters

parameter meaning

-nochange Do the process,leave the Check Point schema unchanged.

-force Force a possible override of an existing AMON schema.

-delete Delete the input_file schema from the Check Point schema.

input_file The AMON schema file name.

Note - Because it uses the input file name as an entry in the scheme, don't use the tool with different files (containing same block names) without deleting the old entry first.

47

Chapter 3Server API Functions

In This Chapter

Function Calls page 48

Oid API page 48

OidRep API page 56

AmonRequest API page 62

AmonRequestIter API page 63

AmonReply API page 65

AmonReplyIter API page 70

Server API page 71

Event Handlers page 73

AMON_REQUEST_HANDLER page 73

AMON_CANCEL_HANDLER page 74

Function Calls

48

Function CallsThis section describes the functions provided by the OPSEC AMON API.

Oid APIThe following functions enable creation, deletion and other manipulations on Oid objects.

oid_createCreate oid object.

Prototypeint oid_create(Oid **oid, const OidNum *oid_arr, unsigned int oid_arr_len);

Arguments

Return Values

EO_OK if successful. EO_ERROR otherwise.

oid_create_from_stringCreate oid object from string.

Prototypeint oid_create_from_string(Oid **oid, const char *oid_str);

Table 3-1 oid_create arguments

argument meaning

oid a pointer to hold the new oid

oid_arr number-array representation of oid

oid_arr_length length of the array

Oid API

Chapter 3 Server API Functions 49

Arguments

Return Values


oid_duplicateDuplicate (create) oid object from another oid.

Prototypeint oid_duplicate(Oid **dst_oid, const Oid *src_oid);

Arguments

Return Values


oid_destroyDestroy oid object.

Prototypevoid oid_destroy(Oid *oid);

Table 3-2 oid_create_from_string arguments

argument meaning

oid a pointer to hold the new oid

oid_str a string representation of oid (e.g. a.b.c.d)

Table 3-3 oid_duplicate arguments

argument meaning

dst_oid a pointer to hold the new oid

src_oid oid to duplicate

Note - The caller should destroy the duplicated oid, using oid_destroy.

Oid API

50

Arguments

Return Values

None.

oid_to_stringReturn the string representation of the oid on success, else NULL.

Prototypechar * oid_to_string(const Oid *oid);

Arguments

Return Values

return the string representation of the oid on success, else NULL

oid_to_arrayConvert oid to array of numbers.

Prototypeint oid_to_array(const Oid *oid, OidNum **oid_arr, unsigned int *oid_arr_len);

Table 3-4 oid_destroy arguments

argument meaning

oid Oid object

Table 3-5 oid_to_string arguments

argument meaning

oid Oid object

Note - The caller should free this string using opsec_free().

Oid API


Arguments

Return Values


oid_get_lengthReturn oid length.

Prototypeunsigned int oid_get_length(const Oid *oid);

Arguments

Return Values

The size of the array that is required to hold this oid.

oid_compareLexicographical comparison between two oid's.

Prototypeint oid_compare(const Oid *left, const Oid *right);

Table 3-6 oid_to_array arguments

argument meaning

oid oid object

oid_arr a pointer to hold the Number-array representation of oid

oid_arr_length a pointer to hold array length

Note - The caller should free this array using opsec_free().

Table 3-7 oid_get_length arguments

argument meaning

oid oid object

Oid API

52

Arguments

Return Values

0 if not different (equal),

< 0 if left is before right

> 0 if left is after right

oid_concatConcatenate oid2 to oid1.

Prototypeint oid_concat(Oid* oid1, const Oid* oid2);

Arguments

Return Values


oid_containCheck if left oid number contains right oid.

For example:

1.2.3 , 1.2.2 - no containment

1.2.3 , 1.2.3.4 - right contains left

1.2.3.4, 1.2.3 - left contains right

Table 3-8 oid_compare arguments

argument meaning

left left oid

right right oid

Table 3-9 oid_concat arguments

argument meaning

oid1 oid object

oid2 oid object

Oid API


1.2.3, 1.2.3 - identical

PrototypeeOidContain oid_contain(const Oid* left, const Oid* right);

Arguments

Return Values

eoidContain values.

Possible values for containment:

Arguments

oid_prefixReturns the prefix of oid on success.

Prototype

int oid_prefix(const Oid* oid, unsigned int num_of_elems, Oid** prefix_oid);

Table 3-10 oid_contain arguments

argument meaning

left left oid

right right oid

Table 3-11 eOidContain values

value description

OidContain_NoContainment not containment between the oid’s

OidContain_LeftContainRight left oid contain right oid

OidContain_RightContainLeft right oid contain left oid

OidContain_Identical oids are identical

Oid API

54

Arguments

Return Values

EO_OK if successful. EO_ERROR otherwise

oid_suffixReturns the suffix of oid on success.

Prototypeint oid_suffix(const Oid* oid, unsigned int num_of_elems, Oid** suffix_oid);

Table 3-12 oid_prefix arguments

argument meaning

oid Oid object

num_of_elems number of elements in prefixif num_of_elems > oid_length then all oid will be returned in prefix_oid

prefix_oid pointer to hold the prefix

Note - Caller should destroy prefix_oid using oid_destroy.

Oid API


Arguments

Return Values

EO_OK if successful. EO_ERROR otherwise

oid_chop_leftChop n elements from left of oid.

Prototypevoid oid_chop_left(Oid* oid, unsigned int num_of_elems);

Arguments

Return Values

None.

oid_chop_rightChop n elements from right of oid.

Table 3-13 oid_suffix arguments

argument meaning

oid Oid object

num_of_elems number of elements in suffixif num_of_elems > oid_length then all oid will be returned in suffix_oid

suffix_oid pointer to hold the suffix

Note - Caller should destroy prefix_oid using oid_destroy.

Table 3-14 oid_chop_left arguments

argument meaning

oid Oid object

num_of_elems number of elements to chopif num_of_elems > number of elements in oid then oid length will be 0

OidRep API

56

Prototypevoid oid_chop_right(Oid* oid, unsigned int num_of_elems);

Arguments

Return Values

None.

oid_elementReturns the 'index' element in oid.

Prototypeint oid_element(const Oid *oid, unsigned int index);

Arguments

Return Values

the n-th element if exists (>=0), else -1

OidRep APIThe following functions enable creation, deletion and other manipulations to OidRep objects.

Table 3-15 oid_chop_right arguments

argument meaning

oid Oid object

num_of_elems number of elements to chopif num_of_elems > number of elements in oid then oid length will be 0

Table 3-16 oid_element arguments

argument meaning

oid Oid object

index the nth element to retrieve

OidRep API


oid_reply_createCreate oid reply object.

Prototypeint oid_reply_create(OidRep **oid_rep);

Arguments

Return Values


oid_reply_destroyDestroy OidRep object.

Prototypevoid oid_reply_destroy(OidRep *oid_rep);

Arguments

Return Values

None.

oid_reply_get_oidReturns a reference to the oid of the OidRep object

Prototypeconst Oid * oid_reply_get_oid(const OidRep *oid_rep);

Table 3-17 oid_reply_create arguments

argument meaning

oid_rep OidRep object

Table 3-18 oid_reply_destroy arguments

argument meaning


OidRep API

58

Arguments

Return Values

A pointer to (reference) Oid on success, otherwise NULL.

oid_reply_get_opsec_valueReturns reference to opsec_value object in oid_rep.

Prototypeconst opsec_value_t *oid_reply_get_opsec_value (const OidRep *oid_rep);

Arguments

Return Values

Pointer to (reference) opsec_value_t on success, otherwise NULL.

oid_reply_get_errorReturn error status of OidRep object.

PrototypeeOidError oid_reply_get_error(const OidRep *oid_rep);

Table 3-19 oid_reply_get_oid arguments

argument meaning


Note - Do not try to free this pointer.

Table 3-20 oid_reply_get_value arguments

argument meaning


Note - Do not try to free this pointer.– opsec_value_t should be parsed and acced using opsec_value api (see the OPSEC.pdf)– for amon supported value types see “AMON Communication Protocol” on page 18

OidRep API


Arguments

Return Values

Return one of the eOidError values from Table 3-22 below.

oid_reply_get_allReturn all the content of OidRep object.

Prototypevoid oid_reply_all(const OidRep *oid_rep, const Oid **oid, const opsec_value_t **value, eOidError *err)

Table 3-21 oid_reply_get_error arguments

argument meaning


Table 3-22 oid_reply_get_error codes

value description

OidErr_OK the status of this oid reply is OK

OidErr_NotFound this oid was not found

OidRep API

60

Arguments

Return Values

None.

oid_reply_set_oidSets the oid in OidRep.

Prototypeint oid_reply_set_oid(OidRep *oid_rep, const Oid *oid);

Arguments

Return Values


oid_reply_set_opsec_valueSets opsec_value_t object to OidRep object.

Table 3-23 oid_reply_get_all arguments

argument meaning


oid a pointer to hold the oid

value a pointer to hold the value

err a pointer to hold the error

Note - Do not try to free oid and value.

Table 3-24 oid_reply_set_oid arguments

argument meaning


oid the oid to set in the OidRep

OidRep API


Prototypeint oid_reply_set_opsec_value(OidRep *oid_rep, const opsec_value_t *value);

Arguments

Return Values


oid_reply_set_errorset error of oid object in OidRep object

Prototypevoid oid_reply_set_error(OidRep *oid_rep, eOidError err);

Arguments

Return Values

None.

oid_reply_create_with_allCreates OidRep object with all setting.

Prototypeint oid_reply_create_with_all(OidRep **oid_rep, const Oid *oid, const opsec_value_t *value, eOidError err);

Table 3-25 oid_reply_set_opsec_value arguments

argument meaning


value the value to set

Table 3-26 oid_reply_set_error arguments

argument meaning


err the error to set

AmonRequest API

62

Arguments

Return Values


AmonRequest APIThe following functions enable you to parse AmonRequest objects.

amon_request_get_num_of_oidsReturns the number of OIDs in the specified request.

Prototypeunsigned int amon_request_get_num_of_oids(const AmonRequest *req);

Arguments

Return Values

The number of OIDs if successful, otherwise 0.

amon_request_get_scopeReturns the search scope of the request.

PrototypeeAmonScope amon_request_get_scope(const AmonRequest *req);

Table 3-27 oid_reply_create_with_all arguments

argument meaning

oid_rep a pointer to hold the new created OidRep object

oid oid that will be set to the created OidRep

value value that will be set to the created OidRep

err error that will be set to the created OidRep

Table 3-28 amon_request_get_num_of_oids arguments

argument meaning

req A pointer to the request.

AmonRequestIter API


Arguments

Return Values

One of the following values:

amon_request_get_size_limit

Prototypeunsigned int amon_request_get_size_limit(const AmonRequest *req);

Arguments

Return Values

Return the size_limit (max oid's) of the request.

AmonRequestIter APIThis set of functions allow iteration on the AmonRequest object.

amon_request_iter_createCreates iterator on request.

Table 3-29 amon_request_get_scope arguments

argument meaning


Table 3-30 amon_request_get_scope return values

Value Meaning

AmonScope_GetAll this oid and all its sub tree oid's

AmonScope_GetOne one oid only

AmonScope_GetNext next oid only

Table 3-31 amon_request_get_size_limit arguments

argument meaning


AmonRequestIter API

64

Prototypeint amon_request_iter_create(AmonRequest *req, AmonRequestIter **iter);

Arguments

Return Values

EO_OK on success. EO_ERROR otherwise.

amon_request_iter_nextIterate on all oid’s in AmonRequest.

Prototypeconst Oid * amon_request_iter_next(AmonRequestIter *iter);

Arguments

Return Values

On the first call, the first oid in the request is returned. For each succeeding call, the function iterates and the next oid is retrieved. NULL if error or if the last oid has been returned.

amon_request_iter_destroyDestroy AmonRequestIter.

Table 3-32 amon_request_iter_create arguments

argument meaning


iter A pointer to be set to the request iterator.

Note - Note: caller should destroy iter using amon_request_iter_destroy

Table 3-33 amon_request_iter_next arguments

argument meaning

iter A pointer to the request iterator.

AmonReply API


Prototypevoid amon_request_iter_destroy(AmonRequestIter *iter);

Arguments

Return Values

None.

AmonReply APIThe following functions enable creation, deletion, parsing, setting and get value from AmonRequest objects.

Contains:

• list of OidRep's

• number of OidRep's in the list

• last reply marker

• reply status

amon_reply_createCreate AmonReply object

Prototypeint amon_reply_create(AmonReply **rep);

Table 3-34 amon_request_iter_destroy arguments

argument meaning

iter A pointer to the request iterator.

AmonReply API

66

Arguments

Return Values


amon_reply_destroyDestroy AmonReply object.

Prototypevoid amon_reply_destroy(AmonReply *rep);

Arguments

Return Values

None.

amon_reply_add_oidAdd oid to reply.

Prototypeint amon_reply_add_oid(AmonReply *rep, const OidRep *oid_rep);

Table 3-35 amon_reply_create arguments

argument meaning

rep pointer to hold the AmonReply object

Note - Note: the caller should destroy this reply using amon_reply_destroy.

Table 3-36 amon_reply_create arguments

argument meaning

rep pointer to AmonReply object

AmonReply API


Arguments

Return Values


amon_reply_remove_oidRemove oid from reply.

Prototypevoid amon_reply_remove_oid(AmonReply *rep, const Oid *oid);

Arguments

Return Values

None.

amon_reply_get_num_of_oidsReturns the number of oid's in a reply.

Prototypeunsigned int amon_reply_get_num_of_oids(const AmonReply *rep);

Table 3-37 amon_reply_add_oid arguments

argument meaning

rep the reply which the oid will be added to

oid_rep OidRep object to add to the reply

Table 3-38 amon_reply_remove_oid arguments

argument meaning

rep AmonReply object which the oid will be removed from

oid the oid to remove

AmonReply API

68

Arguments

Return Values

returns number of oid's

amon_reply_get_errorGets error of reply from AmonReply object.

PrototypeeAmonError amon_reply_get_error(const AmonReply *rep);

Arguments

Return Values

AmonError_OK when the reply is OK. AmonError_Fail meaning the server failed to reply to a specific request.

amon_reply_set_errorSets error of reply in AmonReply object.

Prototypevoid amon_reply_set_error(AmonReply *rep, eAmonError reply_err);

Table 3-39 amon_reply_get_num_of_oids arguments

argument meaning

rep AmonReply object

Table 3-40 amon_reply_get_error arguments

argument meaning

rep AmonReply object

AmonReply API


Arguments

Return Values

None.

amon_reply_get_last_reply_markGets last reply marker from AmonReply object.

PrototypeeLastReply amon_reply_get_last_reply_mark(const AmonReply *rep);

Arguments

Return Values

None.

amon_reply_set_last_reply_markSets last reply marker in AmonReply object.

Prototypevoid amon_reply_set_last_reply_mark(AmonReply *rep, eLastReply last_rep_mark);

Table 3-41 amon_reply_set_error arguments

argument meaning

rep AmonReply Object

reply_err refer to “amon_reply_get_error”” above

Table 3-42 amon_reply_get_last_reply_mark arguments

argument meaning

LastReply_False This is not the last reply.

LastReply_True This is the last reply.

AmonReplyIter API

70

Arguments

Return Values

None.

AmonReplyIter APIThis set of functions allow iteration on the AmonReply object.

amon_reply_iter_createCreates iterator on reply.

Prototypeint amon_reply_iter_create(AmonReply *rep, AmonReplyIter **iter);

Arguments

Return Values


amon_reply_iter_nextIterate on all OidRep objects in AmonReply.

Table 3-43 amon_reply_set_last_reply_mark arguments

argument meaning


last_rep_mark the last reply marker

Table 3-44 amon_reply_iter_create arguments

argument meaning


iter pointer to hold the iterator

Note - Caller should destroy iter using amon_reply_iter_destroy.

Server API


Prototypeconst OidRep * amon_reply_iter_next(AmonReplyIter *iter);

Arguments

Return Values

On the first call, the first oid in the request is returned. For each succeeding call, the function iterates and the next oid is retrieved. NULL if error or if the last oid has been returned.

amon_reply_iter_destroyDestroy AmonRequestIter.

Prototypevoid amon_reply_iter_destroy(AmonReplyIter *iter);

Arguments

Return Values

None.

Server APIThe following functions enable interaction with an amon client.

amon_reply_sendSends the reply on the session.

Table 3-45 amon_reply_iter_next arguments

argument meaning

iter pointer to hold the iterator

Table 3-46 amon_reply_iter_destroy arguments

argument meaning

iter AmonReplyIter object

Server API

72

Prototype

int amon_reply_send(OpsecSession *session, AmonReply *rep, AmonReqId id);

Arguments

Return Values


Table 3-47 amon_reply_send arguments

argument meaning

session opsec session

rep the reply to send

id the id of the request that this reply answers

Event Handlers


Event HandlersThis section describes the functions that need to be written in order to implement an AMON Server. All of these functions take a pointer to an OpsecSession as their agrument. The memory allocated for the function arguments is managed by the OPSEC environment, and the arguments hold valid data only during the execution of the handler function. For this reason do not save a static pointer to this data to use after the handler function returns.

AMON_REQUEST_HANDLERThis function is called when a new request arrives from the client.

Prototype

eOpsecHandlerRC amon_request_handler(OpsecSession *session, AmonRequest *req, AmonReqId id);

Arguments

Return Value

OPSEC_SESSION_OKOPSEC_SESSION_ERROPSEC_SESSION_END

Table 3-48 amon_request_handler

argument meaning


req the request that arrived from the amon client

id id of the request

AMON_CANCEL_HANDLER

74

AMON_CANCEL_HANDLERThis function is called when a cancel request arrives from the client.

PrototypeeOpsecHandlerRC amon_cancel_handler(OpsecSession *session,AmonReqId id);

Arguments

Return Value

OPSEC_SESSION_OKOPSEC_SESSION_ERROPSEC_SESSION_END

Table 3-49 amon_request_handler

argument meaning


id id of the request

135

THIRD PARTY TRADEMARKS AND COPYRIGHTS

Entrust is a registered trademark of Entrust Technologies, Inc. in the United States and other countries. Entrust’s logos and Entrust product and service names are also trademarks of Entrust Technologies, Inc. Entrust Technologies Limited is a wholly owned subsidiary of Entrust Technologies, Inc. FireWall-1 and SecuRemote incorporate certificate management technology from Entrust.

Verisign is a trademark of Verisign Inc.

The following statements refer to those portions of the software copyrighted by University of Michigan. Portions of the software copyright © 1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided “as is” without express or implied warranty. Copyright © Sax Software (terminal emulation only).

The following statements refer to those portions of the software copyrighted by Carnegie Mellon University.

Copyright 1997 by Carnegie Mellon University. All Rights Reserved.

Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

The following statements refer to those portions of the software copyrighted by The Open Group.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

The following statements refer to those portions of the software copyrighted by The OpenSSL Project. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The following statements refer to those portions of the software copyrighted by Eric Young. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright © 1998 The Open Group.

136

The following statements refer to those portions of the software copyrighted by Jean-loup Gailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler. This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.

2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution.

The following statements refer to those portions of the software copyrighted by the Gnu Public License. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

The following statements refer to those portions of the software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper Copyright (c) 2001, 2002 Expat maintainers. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.GDChart is free for use in your applications and for chart generation. YOU MAY NOT re-distribute or represent the code as your own. Any re-distributions of the code MUST reference the author, and include any and all original documentation. Copyright. Bruce Verderaime. 1998, 1999, 2000, 2001. Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Cold Spring Harbor Laboratory. Funded under Grant P41-RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Boutell.Com, Inc. Portions relating to GD2 format copyright 1999, 2000, 2001, 2002 Philip Warner. Portions relating to PNG copyright 1999, 2000, 2001, 2002 Greg Roelofs. Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002 John Ellson ([email protected]). Portions relating to gdft.c copyright 2001, 2002 John Ellson ([email protected]). Portions relating to JPEG and to color quantization copyright 2000, 2001, 2002, Doug Becker and copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, Thomas G. Lane. This software is based in part on the work of the Independent JPEG Group. See the file README-JPEG.TXT for more information. Portions relating to WBMP copyright 2000, 2001, 2002 Maurice Szmurlo and Johan Van den Brande. Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application, provided that this notice is present in user-accessible supporting documentation. This does not affect your ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd, not to interfere with your productive use of gd. If you have questions, ask. "Derived works" includes all programs that utilize the library. Credit must be given in user-accessible documentation. This software is provided "AS IS." The copyright holders disclaim all warranties, either express or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying documentation. Although their code does not appear in gd 2.0.4, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue Software Corporation for their prior contributions.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

The curl license

COPYRIGHT AND PERMISSION NOTICE

Copyright (c) 1996 - 2004, Daniel Stenberg, <[email protected]>.All rights reserved.

Permission to use, copy, modify, and distribute this software for any purpose

with or without fee is hereby granted, provided that the above copyright

notice and this permission notice appear in all copies.

Chapter 137

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder.

The PHP License, version 3.0

Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

4. Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written permission from [email protected]. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo"

5. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a distinguishing version number. Once covered code has been published under a particular version of the license, you may always continue to use it under the terms of that version. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes PHP, freely available from <http://www.php.net/>".

THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. The PHP Group can be contacted via Email at [email protected].

For more information on the PHP Group and the PHP project, please see <http://www.php.net>. This product includes the Zend Engine, freely available at <http://www.zend.com>.

This product includes software written by Tim Hudson ([email protected]).

Copyright (c) 2003, Itai Tzur <[email protected]>

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Neither the name of Itai Tzur nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission.

138

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Copyright © 2003, 2004 NextHop Technologies, Inc. All rights reserved.

Confidential Copyright Notice

Except as stated herein, none of the material provided as a part of this document may be copied, reproduced, distrib-uted, republished, downloaded, displayed, posted or transmitted in any form or by any means, including, but not lim-ited to, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of NextHop Technologies, Inc. Permission is granted to display, copy, distribute and download the materials in this doc-ument for personal, non-commercial use only, provided you do not modify the materials and that you retain all copy-right and other proprietary notices contained in the materials unless otherwise stated. No material contained in this document may be "mirrored" on any server without written permission of NextHop. Any unauthorized use of any material contained in this document may violate copyright laws, trademark laws, the laws of privacy and publicity, and communications regulations and statutes. Permission terminates automatically if any of these terms or condi-tions are breached. Upon termination, any downloaded and printed materials must be immediately destroyed.

Trademark Notice

The trademarks, service marks, and logos (the "Trademarks") used and displayed in this document are registered and unregistered Trademarks of NextHop in the US and/or other countries. The names of actual companies and products mentioned herein may be Trademarks of their respective owners. Nothing in this document should be construed as granting, by implication, estoppel, or otherwise, any license or right to use any Trademark displayed in the document. The owners aggressively enforce their intellectual property rights to the fullest extent of the law. The Trademarks may not be used in any way, including in advertising or publicity pertaining to distribution of, or access to, materials in

this document, including use, without prior, written permission. Use of Trademarks as a "hot" link to any website is prohibited unless establishment of such a link is approved in advance in writing. Any questions concerning the use of these Trademarks should be referred to NextHop at U.S. +1 734 222 1600.

U.S. Government Restricted Rights

The material in document is provided with "RESTRICTED RIGHTS." Software and accompanying documentation are provided to the U.S. government ("Government") in a transaction subject to the Federal Acquisition Regulations with Restricted Rights. The Government's rights to use, modify, reproduce, release, perform, display or disclose are

restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software and Noncommercial Computer Soft-ware Documentation clause at DFAR 252.227-7014 (Jun 1995), and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52.227-14, Alternative III (Jun 87) and paragraph (c)(2) of the Commer-cial

Computer Software-Restricted Rights clause at FAR 52.227-19 (Jun 1987).

Use of the material in this document by the Government constitutes acknowledgment of NextHop's proprietary rights in them, or that of the original creator. The Contractor/Licensor is NextHop located at 1911 Landings Drive, Mountain View, California 94043. Use, duplication, or disclosure by the Government is subject to restrictions as set forth in applicable laws and regulations.

Chapter 139

Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty

THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT POSSIBLE PURSUANT TO THE APPLICABLE LAW, NEXTHOP DISCLAIMS ALL WARRANTIES,

EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS. NEITHER NEXTHOP NOR ANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THIS DOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THE USE, VALIDITY, ACCURACY, OR RELIABILITY OF, OR THE RESULTS OF THE USE OF, OR OTHERWISE RESPECTING, THE MATERIAL IN THIS DOCUMENT.

Limitation of Liability

UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA OR PROFIT, ARISING OUT OF THE USE, OR THE INABILITY TO USE, THE MATERIAL IN THIS DOCUMENT, EVEN IF NEXTHOP OR A NEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IF YOUR USE OF MATERIAL FROM THIS DOCUMENT RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTION OF EQUIPMENT OR DATA, YOU ASSUME ANY COSTS THEREOF. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT FULLY APPLY TO YOU.

Copyright © ComponentOne, LLC 1991-2002. All Rights Reserved.

BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC"))

Copyright 1997-2001, Theo de Raadt: the OpenBSD 2.9 Release

PCRE LICENCE

PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. Release 5 of PCRE is distributed under the terms of the "BSD" licence, as specified below. The documentation for PCRE, supplied in the "doc" directory, is distributed under the same terms as the software itself.

Written by: Philip Hazel <[email protected]>

University of Cambridge Computing Service, Cambridge, England. Phone:

+44 1223 334714.

Copyright (c) 1997-2004 University of Cambridge All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

* Neither the name of the University of Cambridge nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

June 2006 81

Index

AAMON communication

protocol 18three scope types 18

Amon Scope Types 18AMON Tables 16AMON_CANCEL_HANDLER 74amon_reply_add_oid 66amon_reply_create 65amon_reply_destroy 66amon_reply_get_error 68amon_reply_get_last_reply_mark

69amon_reply_get_num_of_oids 67amon_reply_iter_create 70amon_reply_iter_destroy 71amon_reply_iter_next 70amon_reply_remove_oid 67amon_reply_send 71amon_reply_set_error 68amon_reply_set_last_reply_mark

69amon_request_get_num_of_oids

62amon_request_get_scope 62amon_request_get_size_limit 63AMON_REQUEST_HANDLER 73amon_request_iter_create 63amon_request_iter_destroy 64amon_request_iter_next 64AmonReplyIter API 70arguments

AmonScope_GetAll 63AmonScope_GetNext 63AmonScope_GetOne 63dst_oid 49err 60, 61, 62id 72, 73, 74index 56iter 64, 65, 70, 71last_rep_mark 70LastReply_False 69

LastReply_True 69left 52, 53num_of_elems 54, 55, 56oid 48, 49, 50, 51, 54, 55,

56, 60, 62, 67oid_arr 48, 51oid_arr_length 48, 51oid_rep 57, 58, 59, 60, 61,

62, 67oid_str 49oid1 52oid2 52prefix_oid 54rep 66, 67, 68, 69, 70reply_err 69req 62, 63, 64, 72, 73right 52, 53session 72, 73, 74src_oid 49suffix_oid 55value 60, 61, 62

Bblocks 36

DData Structures 31

EEvent Handler Functions 29Event Handlers 73

AMON_CANCEL_HANDLER74

AMON_REQUEST_HANDLER73

Ffile header 36Function Calls

AmonReply API 65AmonRequest API 62AmonRequestIter API 63Oid API 48OidRep API 56Server API 71

Iidentifier 36

Llexicographic order and

containment rules 17

MMultithread 15

reentrant 15

OOID Order and Containment 17oid_chop_left 55oid_chop_right 55oid_compare 51oid_concat 52oid_contain 52oid_create 48oid_create_from_string 48oid_destroy 49oid_duplicate 49

82

oid_element 56oid_get_length 51oid_prefix 53oid_reply_create 57oid_reply_create_with_all 61oid_reply_destroy 57oid_reply_get_all 59oid_reply_get_error 58oid_reply_get_oid 57oid_reply_get_opsec_value 58oid_reply_set_error 61oid_reply_set_oid 60oid_reply_set_opsec_value 60oid_suffix 54oid_to_array 50oid_to_string 50OPSEC OID Tree 21OPSEC schema mandatory

fields 28OpsecCpmiStatus Schema 27OpsecCpmiStatusSchema 27OpsecCvpStatusSchema 24OpsecElaStatusSchema 26OpsecLeaStatusSchema 25OpsecSamStatus Schema 27OpsecUfpStatusSchema 24

Pporting private schema

usage 46possible values for

containment 53private enterprise number

2620 21

QQuerying Tables 19

SSimple Queries 19

Tthreads 15tokens 36

Vvendors private schema 36

check point™ amon (application monitoring)read.pudn.com/downloads142/doc/614417/amon.pdf · 2006....

Documents