Friday, March 14, 2008

PERL Postemsg Script and Module

This has been around a long time, enjoy.

PERL Postemsg and Module...

10 comments:

Unknown said...

Has anuone gotten this to work? would love to see a follow-up.

Frank Tate said...

Yes, lots of people have. Are you getting an error when you try to use it? Have you read through the code (there's really not much to it)?

Suresh said...

Any updates for the header changes to support the new eif probe

Suresh said...

How to interpret the tcp header I am no wise on reading packets if you can shed some light I can fix it

Frank Tate said...

The changes needed are very easy. The EIF probe listens on a specific port that is specified in the probe's properties file (the TEC server on UNIX/Linux used the portmapper service, and that's what the script is written to query. One way to fix Postemsg.pm is to simply comment out the body of the existing getPortNum() subroutine and have it just return the port number that you've set the probe to listen on. Or you could require the user provide the port number.

Suresh said...

Thanks Frank, I tried the same but the probe log states "Discarding Event : from xxx.xxx.xxx.xxx:1234 Check message header" error code is I-JPR-104-000

Frank Tate said...

Ah. I found the same problem with the 'postemsg' command on which this package is based: http://www-01.ibm.com/support/docview.wss?uid=swg21667565 . Unfortunately, I don't have an updated version. But there may be something else out there that can accomplish your goal. As suggested in the link, have you looked at 'posteifmsg'?

Suresh said...

Thanks I tried looking into the posteifmsg but if you could help me with the details on the pack a8 n7 etc I can try to look into the top dump from the native posteifmsg and the existing perk code to fix it, since I found this very useful and platform independent which I can use within my app packages

Frank Tate said...

Cool. The pack function on line 172 of Postemsg.pm is:

$pmess=pack("a8 N7a$HDR_HEADER_LENGTH",">",0,0,0,0,0,$HDR_HEADER_LENGTH,$HDR_HEADER_LENGTH,$sub1);

(information on pack can be found here: http://perldoc.perl.org/perlpacktut.html)

So the TEMPLATE for packing is made up of these components:

a8: a string of 8 characters (">")

: a space/blank caharacter

N7: 7 unsigned longs in big-endian order ("0,0,0,0,0,$HDR_HEADER_LENGTH,$HDR_HEADER_LENGTH" are the 7 numbers)

a$HDR_HEADER_LENGTH: a string of $HDR_HEADER_LENGTH characters.


So a test for this is the following short script:

$HDR_HEADER_LENGTH=20;
$sub1="pppppppppppppppppppp";
$pmess=pack("a8 N7a$HDR_HEADER_LENGTH",">",0,0,0,0,0,$HDR_HEADER_LENGTH,$
HDR_HEADER_LENGTH,$sub1);
print("$pmess\n");

Run that and you can see the printed output for the case where the header length is 20.

hth

Unknown said...

We are now having to update our integration thanks to an updated version of Netcool. Has anyone got this working with Netcool 8.1?