Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)
TACL> #SET #INFORMAT TACL
TACL> EMSDIST COLLECTOR $ZCLA, TYPE P, TEXTOUT [#MYTERM]
Retrieving the Events from the $ZCLA by an Application
This feature will allow security audit applications running on NonStop to access these logs and
include them in the audit reports. The application can retrieve these events from the collector $ZCLA.
Please refer to the EMS Manual for details on procedures to be used to retrieve the EMS messages
from the alternative collector.
Deleting the Collector
The logging of authentication events is an optional service. If you are not interested in authentication
events and do not want to have the collector $ZCLA running and creating the EMS logfiles, the
$ZCLA collector can be aborted and deleted. This stops logging of authentication events to the
collector $ZCLA. To abort and delete the $ZCLA collector, use the following commands:
$SYSTEM SYSTEM 3> scf abort process $zzkrn.zcla
SCF - T9082H01 - (23JUN11) (02MAY11) - 07/08/2013 20:24:47 System \VIHAR
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
KERNEL W00028 Process \VIHAR.$ZCLA aborted successfully.
$SYSTEM SYSTEM 4> scf delete process $zzkrn.zcla
SCF - T9082H01 - (23JUN11) (02MAY11) - 07/08/2013 20:24:57 System \VIHAR
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
Configuring CIP iptables/ip6tables (IP CIP)
To configure CIP iptables and ip6tables, use the CLIMCMD {clim-name | ip-address}
climconfig {climiptables|iptables|ip6tables} commands.
The CLIMCMD {clim-name | ip-address} climconfig climiptables command
enables and disables the configured functionalities for iptables and ip6tables, and also displays
the state and configurations of the iptables and ip6tables.
Before using climiptables you must enable the facility.
See : “Climconfig (Man Pages)” (page 301) for detailed syntax of the configuration commands.
The CLIMCMD {clim-name | ip-address} climconfig {iptables|ip6tables}
commands are used to configure the iptables and ip6tables configuration rules. Later in this section
are two examples of how one would use the climiptables facility: “To allow all inbound FTP traffic
on all but eth2 and to allow inbound telnet traffic only on eth2:” (page 110) and “To allow inbound
SNMP TRAPS (port 162) from IP address 100.100.100.56 only:” (page 111).
NOTE: The CIP iptables and ip6tables configurations are not failed over. You must pre-set the
failover CLIM’s iptables and ip6tables configuration in anticipation of a failover. You can compare
the configuration of the home CLIM and failover CLIM by comparing the –obeyform output of
climiptables from each CLIM and ensuring any iptables/ip6tables rules on the home CLIM exist
on the failover CLIM in anticipation of a failover.
Configuring climiptables
The command syntax for climconfig climiptables is
climconfig climiptables [-prov prov-name] {-enable | -disable
[-force] | -status | -info [-obeyform] | -h | -help | --help }
DescriptionClimconfig Command
Enable the iptables and ip6tables functionalityclimiptables -enable
Disable the iptables and ip6tables functionalityclimiptables -disable [-force]
Configuring CIP iptables/ip6tables (IP CIP) 109