/* Copyright (C) 1996-2008 Mike Harrelson

   The Console Logger is free software; you can redistribute it
   and/or modify it under the terms of the GNU General Public License
   as published by the Free Software Foundation; either version 2, or
   (at your option) any later version.

   The Console Logger is distributed in the hope that it will be
   useful, but WITHOUT ANY WARRANTY; without even the implied warranty
   of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   The GNU General Public License is often shipped with GNU software, and
   is generally kept in a file called COPYING or LICENSE.  If you do not
   have a copy of the license, write to the Free Software Foundation,
   59 Temple Place, Suite 330, Boston, MA 02111 USA.
*/

 		Console Logger v1.15.x Documentation


Introduction

	Many UNIX shops have accessed the consoles of their UNIX boxes by 
connecting to their serial ports via some kind of terminal server.  
Typically pormasters or cyclades were used as terminal servers to manage 
the large number of serial ports.  The problem with Portmasters was that 
there was limited access and no logging of output.  Cyclades improve on 
this somewhat adding some new capabilities not previously available.  
Console Logger was written to solve these problems.  It runs from an admin 
host that has access to all of the terminal servers.  A shop configures 
its terminal servers (Portmaster, Cyclades, etc.)  to map a TCP port to an 
individual serial port (each connected to one machine).  The telnet 
protocol is used over this interface.  Access should be restricted by the 
network security model, and all traffic should operate over a switched 
network, so sniffing is difficult.  All other access from the outside to 
the internal network should be over an encryption network (typically SSH).
	Console Logger's main features are 1) ease of access, 2) raw 
console output to logfiles, 3) Combined and timestamped log output for 
monitoring, 4) attachment to and management of consoles by personel, and 
5) abillity to watch console activity without attaching.  Console Logger 
was designed to not be dependant on any other services such as DNS, LDAP, 
or Kerberos which may not be available in a crisis.  It was also designed 
to operate with as few system resources as possible (memory, CPU, etc).  
It uses a central configuration file for most of its parameters.  It can 
also receive signals to carry out special operations such as re-reading 
its configuration file or open/closing logfiles.  Since its code is 
open source, admins have full control over its capabilities.


Configuration

	Console Logger uses a central configuration file. A parameter is 
passed to Console Logger specifying the full path of the configuration 
file.  There are three groups of definitions in the configuration file 
that the administrator should be concerned about.  They can appear almost 
anywhere in the file as long as the format coorect.  Lines beginning with 
'#' or are empty are ignored.  The first group of definitions are the 
global options.  Currently seven global options are used:

LOG=consoled.log
ROOT  R.8eHa2/IxqpG
USER  joesmoe 522e18d3ce0bdd8d5f098c626ece
USER  sallymae
USER  billybob Ha2/IxR.8Ge
LOGDIR=/var/log/consoles
LISTEN 6000
PIDFILE /var/tmp/consoled.pid
CLOG   Combined.log
RUNAS  nobody
POOLSIZE 500
SYSLOG LOG_SYSLOG LOG_DEBUG
BIND 127.0.0.1

Each item above is denoted at the beginning of the line by a keyword 
followed by a value.  The two can be seperated by an '=' sign or 
whitespace (both are demonstrated above).  Either/or works fine.  The 
keywords are NOT case senstive.  All of the above are required except for 
the 'ROOT' line which can be left out if no global password is wanted.
	The 'LOG' keyword denotes the logfile for Console Logger itself.  
This log file holds error condition or events that Console Logger 
encounters.  Things such as user logins, console attachments, user 
logouts, unexpected console disconnects, etc. are logged along with a 
timestamp and whoever (if applicable) initiated the action.  Received 
signals are also logged as well as the resulting action.
	The 'ROOT' keyword specifies a DES hash (or special hash) for the 
Console Logger global password.  The functionality is fully implemented as 
of v1.4.  Previously Console Logger enforced no notion of true users, but 
used the GID of the given user to determine access.  This keyword pair can 
be commented out or omitted from the configuration file if no global 
password is wanted.  If it is not specified, Console Logger will not 
prompt for a password (see exception below).  The login in these cases is 
purely for bookeeping purposes.
	Related to the 'ROOT' keyword is the 'USER' keyword.  It allows an 
individual user to set a password for only that username.  The 'USER' 
directive overrides 'ROOT' (unless the password hash is left off) and is 
enforced whether 'ROOT' is set or not.  Any number of users can be 
specified.  The special hash value can be generated using the 'makehash' 
utility or a DES hash can be used.  This function was added in 1.5.  If 
the password hash is left off, no password will be prompted for unless the 
global password is set via the 'ROOT' option.  The 'USER" option can also 
be used to identify users who may not be in the /etc/passwd file or in the 
proper Unix group.
	The 'LOGDIR' keyword specifies the logging directory in which the 
various various logfiles will be kept (if no abosolute path is given).  
Console Logger also chdir's into this directory when it starts up.  The 
user that Console Logger runs as needs to have read+write permission to 
this directory.
	'LISTEN' specifies which local TCP port Console Logger will listen 
on to accept new connections.  At one employer of mine, the port was 6000 
which is the range currently set for the Portmasters (the Cyclades were 
configured for port 7000 ranges).  If Console Logger is not running as 
root (which it generally does not need to do) then the port needs to be 
set above 1024.
	The 'PIDFILE' specifies the file (including path) to use as a PID 
file.  This file is mainly used by the startup/shutdown init.d scripts to 
send signals to Console Logger.  Administrators can also send signals to 
Console Logger using the PID file.  The init.d script currently expects 
the PID file to be '/var/tmp/consoled.pid'.
	The 'CLOG' keyword specifies the filename of the 
"combined" logfile.  All output to raw logs for consoles that are not 
attached to is captured, line-buffered, stripped of 8-bit and nonprintable 
characters, timestamped and machine stamped, and then stored in this file.  
This allows one to view all free console output in one location for 
monitoring.  Each of these keywords should appear only once, but 
additional instances replace the previous value.
	The 'RUNAS' option specifies what user Console Logger should run 
as after startup initialization.  Console Logger must be started as root 
in order for this to work as only root can setuid() to another user.  For 
security reason, consoled should not run as root (after startup).  
However, the log directories must be writable by the specified user so 
that log files can be created and updated.
	The 'POOLSIZE' option specifies the maximum number of consoles to 
support.  This option is used to raise the resource limits for file and 
socket descriptors.  The formula is as follows rlimit = poolsize * 2 + 24.  
The 24 is for global log files, remote logins, and place holders.  
Roughly 20 remote logins are allowed.  If the reources for maxfiles needs 
to be raised, upping POOLSIZE will do so.  Since only root is allowed to 
raise past the hard limit, this option only has effect on startup 
(assuming it is started as root).
	Next, the 'SYSLOG' option allow you to send Console Logger's log 
output as well as the combined log to the specified syslog facility.  See 
the man page for syslog(3C) to get the options for the facility and level.  
If the SYSLOG option is omitted or commented out, then nothing is logged 
to the syslog facility.  The first option specifies the facility and the 
last specifies the level (or priority).
	Finally, the BIND option allows you to tell Console Logger to only 
listen for incoming connections on a particular interface.  A local IP 
address should be sepcified if it is to accept incoming connections only 
from that interface.  '*' can be used to spedify any/all addresses.  IF 
the option is missing or commented out, Console Logger binds to all 
interfaces.

	The second group in the configuration file is the network
allowance section.  The definitions in this section resemble and act like
TCPwrappers.  It consists of an 'ALLOW' keyword (also not case senstive)
and an opening brace '{'.  On each line afterwards there should be an IP
address or subaddress.  An example is given below:

ALLOW {   # one entry per line follows
127.0.0.1        #obviously need this
172.134.200.254  #allow this host to connect
10.30.112        #an internal NAT'd network - entire range allowed
}

The section is terminated with a closed brace '}' on a line by itself.  
This section should appear only once in the config file.  The listed
networks or IP addresses specified are ALLOWED to connect to Console
Logger.  All others will be rejected with the attempt being logged to
Console Logger's logfile.  Successful logins are logged as well.

	The last group of definitions can have multiple sections.  Each 
instance defines a specific terminal server (colorfully called a doormat 
in Console Logger) and the consoles connected to it.  The 'CONSOLES' 
keyword denotes the beginning of a new terminal server section.  It is 
followed (on the same line) by a terminal server name, then an IP address 
for that terminal server.  Finally, an opening brace '{' ends the line.  
The lines following (one per line) specify the individual console 
information.  The format is '<label> <port> <logfile>'.  Console labels 
must be unique and cannot use the same terminal server/port pair values 
more than once.  An example is shown below:

CONSOLES  ts-01  172.63.200.214  {
sbrelay01       6001     sbrelay01.log
sbrelay02       6002     sbrelay02.log
hazard          6003     hazard.log
county          6004     county.log
}

There is no limit to the number of consoles assigned to a specific 
terminal server except for the its own physical limitations.  Additional 
sections can follow for additional terminal servers.  Approximately 2 file 
descriptors are used for each entry (one for the TCP connection and one 
for the log file).  An IP address is specified for the given terminal 
server because DNS is not used by Console Logger in order to avoid any 
dependancies.  However, if an entry exists in the /etc/hosts file, the 
terminal server name (or any non-numerical placeholder) can be used 
instead, and Console Logger will attempt to map it to an IP address (as 
follows):

CONSOLES  ts-01 ts-01  {
...
}

If '-' is specified as the logfile for a console, then no logfile will be 
used.


Operation

	The Console Logger interface (CLI) was patterned in part after the 
Portmaster command line interface.  A few of the basic commands are 
identical.  Console Logger adds a number of additional commands specific 
to a shop may need.  To access Console Logger's interface environment, a 
telnet client needs to be used.  Assuming the IP or network address one is 
comming from is allowed, one should be able to telnet in on the port 
specified in Console Logger's config file.  SSH should probably be used to 
first access the host Console Logger is running on.  A sample session is 
below:

adminhost:~> telnet localhost 6000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

CLogin: 


Enter your username and hit ENTER.  If the global root password has been
set in the configuration file (or there is a 'USER' directive for your
account), then it will prompt you for the a password as well.  If there
is a problem, Console Logger will print 'Invalid login' and disconnect
you.  Otherwise you should see something like the following:

CLogin: joesmoe
Password: 

Console Logger Interface v1.15.3
 (enter '?' for help)

CLI> 


User 'joesmoe' (obviously made up) is used here, but the admin should use
their own login name. At this point you are logged in and are at the
command line interface.  NOTE: if a 'USER' directive for 'joesmoe' was not
found in the configuration file nor a global password via the 'ROOT'
directive, then a valid user will NOT be prompted for a password.
	A number of commands are available at this point.  To see them you 
many type 'help' or '?' and hit ENTER.  You should see something like the 
following:

CLI> ?
 Console Logger Interface v1.15.3  commands:   { '|' means 'or' }
---------------------------------------------------------------------
help | ?                <-- show help page  (see also 'shortcuts')
quit | exit | logout    <-- exit program
clear | cls             <-- clear and reset the screen
lines [n]               <-- view or set number of screen lines to _n_
who | w                 <-- display all logins
doormats                <-- list all doormat labels
display <doormat>       <-- display all consoles associated with a doormat
list | ls [consoles]    <-- list all matching consoles info+status
show [consoles]         <-- show matching console names
attach | at <console>   <-- attach to a console
watch [console]         <-- watch, but not attach to a console
reset <console>         <-- kick someone off a console
disconnect <console>    <-- disconnect a console from doormat
connect <console>       <-- re-connect a console to doormat
reconnectall [doormats] <-- re-connect ALL disconnected consoles
disconnectall <doormat> <-- disconnect all consoles for specified doormats
stats                   <-- display current stats
shortcuts               <-- list shortcuts for common commands
listdisconn | lsd       <-- list disconnected consoles
monitor [consoles]      <-- monitor consoles matching <patterns...>
xmonitor <consoles>     <-- monitor consoles NOT matching <patterns...>
rmonitor <console>      <-- replay and monitor console
replay <console> [-n]   <-- replay recent log for this console
last | !                <-- display last command and arguments
!last | !!              <-- execute last command and arguments
-------------Extended Admin functions-------------
reload [clean]           <-- reload configuration settings
relog                    <-- close and reopen all logfiles
rename <old> <new> [log] <-- rename old console to new name
wall "<message>"         <-- send a message to all remote logins
delete <console>         <-- delete a disconnected console
add <console:doormat,doormatIP,port,logfile>   <-- add a new console


Some of the commands are fairly self-explanatory.  'quit', 'exit', or 
'logout' will disconnect you from Console Logger.  You may also simply 
close the telnet session.  The 'last' command can be used to display the 
last command (which initiated an action) that the user entered.  If '!' is 
included before the 'last' command, then the last command entered will be 
executed again.  The 'clear' or 'cls' commands will clear and reset the 
screen and place you in the upper left corner.  Both commands are 
identical and should work if your terminal program is emulating 
vt220/vt52/vt100/vt102/xterm settings. Other terminal types may yield 
unknown results.  The next setting, 'lines' prints the number of lines 
that Console Logger will assume when the built in pager is used.  It 
defaults to 24, but can be set manually by the user. Though Console Logger 
emulates the telnet protocol, it does not support advanced telnet 
functions such as automatic window resizing.

CLI> lines
lines is currently set to 24
CLI> lines 28
CLI> lines
lines is currently set to 28


	The 'who' or 'w' commands shows who is logged into Console Logger, 
where they are from, what they are doing, and how long they have been 
idle.  For example:

CLI> w
 Who           From             Action      Console          Idle
------------  ---------------  ----------  ---------------  ----------
bobdoe        127.0.0.1        CLI
joesmoe       127.0.0.1        Attached    web05             8h:34m
maryjane      127.0.0.1        Monitoring  *                 8h:37m


	Another command, 'stats', gives you information about all of the 
current users, consoles, and terminal servers (doormats).  As shown:

CLI> stats
  3 users, 18 doormats
 402 consoles: 402 connected, 0 disconnected


	The command 'doormats' (shortcut: 'dms') prints all of the doormats
active on the system and the number of consoles associated with each one 
as well as the associated IP address of each doormat.  Additionally, the 
number disconnected consoles is also displayed:

CLI> doormats
ts-00.dm     [192.168.112.5]    (24 consoles/ 0 disconnnect)
ts-01.dm     [192.168.112.7]    (28 consoles/ 0 disconnnect)
ts-02.dm     [192.168.112.11]   (14 consoles/ 0 disconnnect)
ts-03.dm     [192.168.112.135]  (20 consoles/ 0 disconnnect)
ts-04.dm     [192.168.112.51]   (26 consoles/ 0 disconnnect)
ts-05.dm     [192.168.112.52]   (27 consoles/ 0 disconnnect)
ts-06.dm     [192.168.112.52]   (18 consoles/ 0 disconnnect)
ts-07.dm     [192.168.112.58]   (18 consoles/ 0 disconnnect)
ts-08.dm     [192.168.112.66]   (29 consoles/ 0 disconnnect)
ts-09.dm     [192.168.112.75]   (20 consoles/ 0 disconnnect)
ts-11.dm     [192.168.112.85]   (24 consoles/ 0 disconnnect)
ts-12.dm     [192.168.112.35]   (9  consoles/ 0 disconnnect)
ts-13.dm     [192.168.112.25]   (28 consoles/ 0 disconnnect)
ts-14.dm     [192.168.112.15]   (4  consoles/ 0 disconnnect)
ts-15.dm     [192.168.112.95]   (10 consoles/ 0 disconnnect)
ts-16.dm     [192.168.112.99]   (29 consoles/ 0 disconnnect)
ts-17.dm     [192.168.112.71]   (23 consoles/ 0 disconnnect)
ts2b2a.pri   [192.168.112.81]   (28 consoles/ 0 disconnnect)


	The 'display' command (shortcut: 'dsp') lets you see all of the
consoles associated with a particular doormat.  Its format is
'display <doormat>' as shown below:

CLI> display ts-12.dm
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  -------------------
corpgate1       ts-12.dm         6001    Connected
corpgate0       ts-12.dm         6002    Connected
ubergrep00      ts-12.dm         6003    Connected
charley         ts-12.dm         6004    Connected
ancie           ts-12.dm         6005    Connected
hubbard         ts-12.dm         6006    Connected
web05           ts-12.dm         6010    Connected      joesmoe:127.0.0.1
andromeda2      ts-12.dm         6020    Connected
andromeda1      ts-12.dm         6021    Connected     


The first column labeled 'Console' displays the console label.  The 
'Doormat' column shows which doormat it is associated with (obviously 
ts-12.dm in this case).  The 'Port' field shows which port on the doormat 
that console is accessible from via a TCP connection if Console Logger was 
not using it.  The next column, 'Status' specifies whether or not Console 
Logger is connected to that doormat/port and actively handling sessions 
for that console.  If it is marked as 'Disconnected', then you cannot 
attach or watch that console through Console Logger.  A console may be in 
a 'Disconnected' state for two reasons: 1) someone explicitly disconnected 
it from Console Logger (more on that in a bit), or 2) someone is using 
that console by connected to it via the doormat itself as opposed to 
through Console Logger.  In the latter case, Console Logger is not able 
to 
establish a connection to that port on the doormat.  It is also possible 
that the doormat is misconfigured.  The last field, 'Who:Where' displays 
the user of anyone who is attached to that console and where they are 
logged in from.  The output of the 'display' command is sorted by the 
'Port' field.
	The next command 'list' or 'ls' displays ALL consoles actively 
configured in Console Logger.  If the list is longer than the number of 
lines as set by the 'lines' command (see above), then the built in pager 
is used.  An example is:

CLI> list
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  ------------------
aaron           ts-02.dm         6028    Connected     
adams           ts-04.dm         6013    Connected     
aimoney         ts-04.dm         6028    Connected     
albert          ts-02.dm         6001    Connected     
albinus         ts-07.dm         6008    Connected     
alice           ts-05.dm         6008    Connected     
allen           ts-13.dm         6013    Connected     
amos            ts-17.dm         6021    Connected     
anci0           ts-12.dm         6005    Connected     
andromeda1      ts-12.dm         6021    Connected     
andromeda2      ts-12.dm         6020    Connected     
antonius        ts-05.dm         6012    Connected     
arkham          ts-11.dm         6026    Connected     
augustus        ts-05.dm         6017    Connected     
aurelius        ts-08.dm         6025    Connected     
baldwin         ts-03.dm         6027    Connected     
banker          ts-04.dm         6012    Connected     
barry           ts-01.dm         6020    Connected     
beaver          ts-05.dm         6002    Connected     
bellagio        ts-11.dm         6013    Connected     
bigbrotha       ts-11.dm         6011    Connected     
blount          ts-01.dm         6015    Connected     
blt             ts-01.dm         6028    Connected     
bonnie          ts-07.dm         6007    Connected     
clyde           ts-08.dm         6010    Connected
  <<Hit ENTER to step, SPACE to page, or 'q' to quit>>


The built-in pager works much like the 'more' command.  Three functions
are supported: paging, stepping, and abort/quit.  Paging via the SPACE bar
will display the next screen full of consoles (determined by the number of
lines).  Stepping via the ENTER key will display one new line of console
information.  Hitting 'q' will abort the listing and return you to the
CLI> prompt.  When all of the output has been displayed, the built-in
pager exits and returns you to the CLI> prompt.
	You can show just the label name for a single console or matching 
consoles with the 'show' command.  It's format is 'show <console>' as 
shown:

CLI> show nsauth*                                              
nsauth1
nsauth2


The output formats for 'list/ls' and 'display' commands are all identical.  
Additionally, 'list' and 'show' can take multiple arguments and also take
wildcard characters as inputs to display a subset of machines.  '*' represents
anything and '?' represents any single character.  For example:

CLI> ls *auth1?
 Console          Doormat         Port    Status        Who:Where
---------------  --------------  ------  ------------  ------------------
smtpauth10       ts2b2a          7011    Connected     
smtpauth11       ts2b2a          7012    Connected     
smtpauth12       ts2b2a          7013    Connected     
smtpauth13       ts2b2a          7014    Connected     
smtpauth14       ts2b2a          7015    Connected     
smtpauth15       ts2b2a          7016    Connected     
smtpauth16       ts2b2a          7017    Connected     
smtpauth17       ts2b2a          7018    Connected     
smtpauth18       ts2b2a          7019    Connected     
smtpauth19       ts2b2a          7020    Connected 


'*auth1?' matches anything containing 'auth1' and has 1 character 
following it.  Sample output for the 'show' command:

CLI> show *auth1?  news*
smtpauth10
smtpauth11
smtpauth12
smtpauth13
smtpauth14
smtpauth15
smtpauth16
smtpauth17
smtpauth18
smtpauth19
newsfeed1
newsfeed2
newsnfs1
newsnfs2
newsread1
newsread2
newsread3
newsspool1
newsspool2


	To actually attach to a console, use the 'attach' or 'at' command.  
Like 'ls', attach takes a wildcard.  It will attach to the first 
matching console.  The format is 'attach <console>' as shown below:

CLI at augustus                                                   
Attached to augustus {to detach, type 'send ip' at the telnet> prompt}


At this point you should be connected.  Hitting ENTER should get something 
back from the system's console:


SunOS 5.9  (augustus.mydomain.net) console

login: 


If you get nothing, the machine may be hosed/sluggish, there is nothing 
connected to that port on the doormat, or there is a problem with the 
doormat itself.  If everything is working, however, you should be able to 
do anything you would be able to do if you connected to that console 
directly via the doormat.  There is one important operation that is common 
for admins to use, particularly for Sun and Linux boxen.  A system 
STOP/INTERRUPT can be sent by telling your telnet client to sent a 
"break".  Typically this can be initiated by doing a telnet "escape" via 
hitting CTRL-], then typing 'send brk'.  This should halt a Sun box to the 
ok prompt, or send a sysreq-key to the Linux box.  Once you are done 
working on a console and wish to return to the Console Logger interface, 
have your telnet client send an 'interrupt process' code.  It is done just 
like the sending of a 'Break' except that you type 'send ip' instead.  An 
example:

SunOS 5.9 (augustus.mydomain.net) console

login: ^]
telnet> send ip

DISCONNECTED from console (augustus)
CLI> 


It should be noted that while someone is attached to a console, no output 
from that console is sent to the combined logfile.  This is to avoid 
unnecessary clutter associated from interactive use.  Output is still 
logged to the raw log for that console, however.
	In order to avoid conflicts, only one person should be attached to 
a console at a time.  If you do attach to a console that has someone on it 
you will see the message:

***** WARNING THERE ARE USERS ALREADY ATTACHED TO THIS CONSOLE *****
Attached... {to detach, type 'send ip' at the telnet> prompt}


Both users will be able to type and see output from the console so care 
and coordination should be taken when sharing a console.  Also note that 
if someone is editing a file or running an application that formats the 
screen, each session may have different ideas about the screen size.  An 
example of a wildcard attach:

CLI> at aug*
Attached to augustus (to detach, type 'send ip' at the telnet> prompt}


NOTE: Make sure that the console it selected is the one you intended.
	However, you may simply observe or watch a console without 
attaching to it.  This can be done whether someone is attached to it or 
not.  The format is 'watch <console>' (shortcut: 'wa') as shown below:

CLI> watch augustus
Attached as a watcher...{enter 'XXX' to return}


At this point you can see all output sent from the console.  If someone is 
attached to it, you can observe what they type as long as it is echoed by 
the server, so entered passwords from a login should not be visible.  To 
return to the CLI> prompt type 'XXX' and hit ENTER or tell telnet to 'send 
ip' (as if attached to a console):

CLI> watch augustus
Attached as a watcher...{enter 'XXX' to return}


XXX
CLI> 


Like 'attach', 'watch' also accepts wildcard arguments for the console 
name.
	Another common operation is resetting a console if someone is 
attached to it.  If you need to make sure that only one person is 
connected, or just need to kick them off, then you can do this by using 
'reset <console>'.  A sample session is shown below:

CLI> at augustus
That console is already attached to by mikeh
CLI> list augustus
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  -------------------
augustus        ts-05.dm         6017    Connected     billybob@127.0.0.1

CLI> reset augustus
That console is now free.
CLI> at augustus
Attached... {to detach, type 'send ip' at the telnet> prompt}


The other user that was attached to augustus  will get the message:

DISCONNECTED from console (augustus)
CLI> 


	Similar to 'watch' is 'monitor' (shortcut: 'mon').  The monitor 
command allows a user to view, real time, the output to the Combined log.  
A wildcard pattern can be supplied to show only selected consoles that 
match the pattern.  The default pattern is '*':

CLI> monitor smtpauth??
Monitoring mode...(enter 'XXX' to return}
...
Wed Apr  5 08:21:01 2006 [smtpauth08]:  dmatea01@mydomain.net logged in
Wed Apr  5 08:21:01 2006 [smtpauth08]:  timi_morgan04@mydomain.net failed
Wed Apr  5 08:21:01 2006 [smtpauth08]:  rslavelle@hiddomain.com 14
Wed Apr  5 08:21:01 2006 [smtpauth08]:  rudeone67@mydomain.net 15
...


Like watching, either entering 'XXX' or using telnet to 'send ip' will 
exit from the monitor and return you to the CLI> prompt.  A companion 
command, 'xmonitor' (shortcut: 'xmon'), can be used to exclude consoles 
based on the given pattern:

CLI> xmon smtpauth??
Monitoring mode...(enter 'XXX' to return}
...
Wed Apr  5 08:24:49 2006 [stamper]:  Apr  5 05:24:42 
stamper.mydomain.net last message repeated 2 times
Wed Apr  5 08:24:49 2006 [stamper]:  Apr  5 05:24:49 
stamper.mydomain.net cycloned[17154]: Error during connect to 
newsfeed0.mydomain.net (Connection timed out)
...


No console output for any consoles matching 'smtpauth??' will be shown, 
but everything else should be displayed normally.  Both 'monitor' and
'xmonitor' can take multiple arguments.

	A recently added feature is the replay log feature.  The syntax 
is:  'replay <console> [-n]' (shortcut: 'rp').  A pattern can be used to 
simplify typing, but only the first matching console name is selected.

CLI> replay *-brown  -2

Tue Jul 11 13:20:01 2006 [mailhub-brown]:  Jul 11 13:20:01 vos01psx1 
sendmail[12815]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: 
cannot open: No such file or directory
Tue Jul 11 13:25:01 2006 [mailhub-brown]:  Jul 11 13:25:00 vos01psx1 
sendmail[13568]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 0: 
cannot open: No such file or directory


By default, up to 10 lines (taken from the Combined.log output) will be 
displayed unless the line count is specified as an optional last argument.  
The dash, '-', is optional.

	A new feature added in 1.14.x was the rmonitor function (shortcut: 
'rmon').  This command combines 'replay' and 'monitor' functions.  It 
takes a single argument or wildcard pattern (selecting on first match) and 
displays the last 10 lines of combined log output for that console.  It 
then begins monitoring that console from that point on.

CLI> rmonitor *-bitter
Monitoring mode...(enter 'XXX' to return}
Mon Jul 31 20:47:42 2006 [ldap-bitter]:  Jul 31 20:47:42 
ldap-bitter.mydomain.net sshd[7127]: refused connect from 
mgm.mydomain.net
Mon Jul 31 20:58:39 2006 [ldap-bitter]:  Jul 31 20:58:38 
ldap-bitter.mydomain.net sshd[7980]: refused connect from 
mgm.mydomain.net
Mon Jul 31 21:09:48 2006 [ldap-bitter]:  Jul 31 21:09:47 
ldap-bitter.mydomain.net sshd[8855]: refused connect from 
mgm.mydomain.net
Mon Jul 31 21:20:53 2006 [ldap-bitter]:  Jul 31 21:20:52 
ldap-bitter.mydomain.net sshd[9712]: refused connect from 
mgm.mydomain.net
...


As with monitor/xmonitor/watch, you can return to the CLI> prompt by 
entering 'XXX'.


Special Operations

	Sometimes it may be necessary to tell Console Logger to disconnect 
from a specific doormat/port in order for someone to connect to that 
console directly via the doormat.  It may also be necessary to disconnect 
Console Logger from an entire doormat completely (as when the doormat 
needs to be rebooted).  'disconnect <console>' (shortcut: 'dc') will 
disconnect a single console leaving others on that doormat connected.  
For example:

CLI> disconnect augustus
Console has been disconnected from doormat.
CLI> list augustus
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  ------------------
augustus        ts-05.dm         6017    Disconnected  

CLI> at augustus
That console is not connected.
CLI> watch augustus
That console is not available or is unknown.
CLI> 


Anyone who was attached to that console when a disconnect was initiated 
will be disconnected from it.  However, anyone watching it will stay in a 
'watching' state, but will receive the message:

***Console (augustus) disconnected from doormat (ts-05.dm)***


To reconnect a disconnected console, use the 'connect' command.  The format
is 'connect <console>' (shortcut: 'con') and is demostrated below:


CLI> connect augustus
Re-connect in progress....
CLI> list augustus
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  ------------------
augustus        ts-05.dm         6017    Connected     


The user is immediately returned to the CLI> prompt after initiating a
connect as it is unknown how long it will take to establish the connection
if at all.  The 'list' command (see above) can be used to display the
status of a console if needed.
	If all consoles on a doormat need to be disconnected, a single 
command is available to do just that.  The format is 
'disconnectall <doormat>' (shortcut: 'dca') is shown below:

CLI> display ts-14.dm
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  -----------------
db              ts-14.dm         6001    Connected     
ecomm1          ts-14.dm         6002    Connected     
ecomm2          ts-14.dm         6003    Connected     
nms-outweb      ts-14.dm         6004    Connected     

CLI> disconnectall ts-14.dm
All consoles for ts-14.dm have been disconnected.
CLI> display ts-14.dm   
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  -----------------
db              ts-14.dm         6001    Disconnected  
ecomm1          ts-14.dm         6002    Disconnected  
ecomm2          ts-14.dm         6003    Disconnected  
nms-outweb      ts-14.dm         6004    Disconnected  


If '*' is given as the doormat name, then ALL consoles on ALL doormats 
WITH currently disconnected consoles will be disconnected.  'disconnectall'
will take multiple arguments if more than one doormat is to be disconnected
completely.

The 'reconnectall <doormat>' command (shortcut: 'rca') can be used to
reconnect all disconnected consoles on a specified doormat (even if some are
connected already).  Continuing with the above session:

CLI> reconnectall ts-14.dm
Reconnect of all disconnected consoles initiated...
CLI> display ts-14.dm   
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  ------------------
db              ts-14.dm         6001    Connected     
ecomm1          ts-14.dm         6002    Connected     
ecomm2          ts-14.dm         6003    Connected     
nms-outweb      ts-14.dm         6004    Connected     


The 'reconnectall' can also be used without any arguments to reconnect ALL
disconnected consoles, no matter which doormat they are associated with.  
As with the 'connect' command, the 'reconnectall' command returns to the
CLI> prompt immediately as it is unknown how long the operation may take.  
Multiple doormats can be specified on the command line if needed.  If
Console Logger cannot connect to a particular console it will stay
disconnected.  However, if the doormat itself closed the connection,
Console Logger will wait a few seconds and try to re-establish the
connection automatically.  If the reconect attempt fails after a minute or
so, then it will give up permanently..  To see a list of all disconnected 
consoles, use the 'listdisconn' (or 'lsd' for short) command:

CLI> lsd
 Console            Doormat       Port    Status        Who:Where
-----------------  ------------  ------  ------------  -------------------
barry              ts-01.dm      6020    Disconnected  
blount             ts-02.dm      6015    Disconnected  
blt                ts-03.dm      6028    Disconnected  
cuban              ts-04.dm      6011    Disconnected  
granger            ts-08.dm      6016    Disconnected  
hall               ts-09.dm      6021    Disconnected  
hazard             ts-13.dm      6003    Disconnected  
horatio            ts-17.dm      6026    Disconnected  
kendall            ts-00.dm      6010    Disconnected  


	Also noted for various commands above are shortcuts.  A number of
commands have shortcuts, but only a few are shown by the help command.
A list of all current shortcuts are below:

CLI> shortcuts
 at   -> attach
 cls  -> clear
 con  -> connect
 dc   -> disconnect
 dca  -> diconnectall
 dsp  -> display
 dms  -> doormats
 ?    -> help
 ls   -> list
 rca  -> reconnectall
 kick -> reset
 wa   -> watch
 w    -> who
 lsd  -> listdisconn
 mon  -> monitor
 xmon -> xmonitor
 rmon -> rmonitor
 rp   -> replay
 !    -> last
 !!   -> !last


Either forms can be used interchangely at the CLI prompt.  You can type
'shortcuts' at the CLI prompt to get a list of shortcuts.


Special Administrative functions

	From within Console Logger there are several special operations 
that can be performed.  The first is a system wide message using the 
'wall' command.  The message to be sent is enclosed in double quotes:

CLI> wall "I 0wnz ur k0ns0les"
!!! CONSOLE LOGGER SYSTEM MESSAGE FROM mikeh@10.30.112.182 !!!
I 0wnz ur k0ns0les


All users logged into Console Logger (even the sender) gets the message in 
his/her session.  This includes watchers and attaching users.  Wall 
messages are useful if Console Logger needs to be taken down for some 
reason (upgrade, etc).  It is a nice way of letting others know what is 
coming and give them a chance to quickly finish what they are doing or 
get to a stopping point.
	Sometimes it may be necessary to temporarely add a new console.  
This can be done with the 'add' command.  The format is as:

'add <console:doormat,doormatIP,port,logfile>'

'console' is the console label to be used for this box.  It must be 
unique.  'doormat' is the doormat label to be assigned.  'doormatIP' is 
the doormat IP address.  Since Console Logger does no DNS lookups, it must 
be supplied (though if that doormat already exists, it can be left empty - 
Console Logger will figure it out).  'port' is the TCP port the console is 
available at on that doormat.  'logfile' is the name of the logfile to be 
used to log the raw output for this console to.  Keep in mind that 
consoles added manually disappear if Console Logger is restarted.  An 
example addition is below:


CLI> display ts-14.dm   
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  ------------------
db              ts-14.dm         6001    Connected     
ecomm1          ts-14.dm         6002    Connected     
ecomm2          ts-14.dm         6003    Connected     
nms-outweb      ts-14.dm         6004    Connected     

CLI> add mybox:ts-14.dm,173.68.200.156,6005,mybox.log
Console (mybox) added successfully

CLI> display ts-14.dm
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  -----------------
db              ts-14.dm         6001    Connected     
ecomm1          ts-14.dm         6002    Connected     
ecomm2          ts-14.dm         6003    Connected     
mybox           ts-14.dm         6005    Disconnected  
nms-outweb      ts-14.dm         6004    Connected     


The consoles listed by the 'display' command are in alphabetical order.  
As you can see, our new console shows up in a disconnected state.  In 
order to connect it, we simply use the 'connect' command (see above):

CLI> connect mybox
Re-connect in progress....
CLI> list mybox
 Console         Doormat          Port    Status        Who:Where
--------------  ---------------  ------  ------------  ------------------
mybox           ts-14.dm         6005    Connected


We can now attach to it normally:

CLI> at mybox
Attached... {to detach, type 'send ip' at the telnet> prompt}

mybox login:

telnet> send ip

DISCONNECTED from console (mybox)
CLI> 


	When we no longer need the console and wish to delete it, the 
administrative command 'delete <console>' can be used:

CLI> delete mybox
Delete failed: console must first be disconnected


Since the console is listed as active.  We must first disconnect it from 
the doormat:

CLI> disconnect mybox
Console has been disconnected from doormat.
CLI> delete mybox
Console (mybox) successfully deleted


When a console is deleted, any watchers will be returned back to the CLI> 
prompt since what they were watching no longer exists.
	Permanent additions to the consoles array must be manually added 
to the configuration file. Other changes such as logfile changes or the 
allow list can be made as well.  To put these changes in affect, however, 
does not require Console Logger to be restarted.  Instead, a SIGUSR1 can 
be sent to the process (requires appropriate priviledges) or the 'reload' 
command can be issued from the CLI> prompt.  All log files are closed, the 
configuration file is re-read, the Allows table is updated, and any new 
consoles are added.  The logfiles are re-opened (created if they do not 
exist) and new console connections are established for the added consoles.  
NOTE: any consoles removed from the config file are NOT deleted via a 
SIGUSR1.  These must be manually deleted using the commands above or via 
the 'clean' option given with the 'reload' command at the CLI> prompt.  
Any users already logged in and attached to existing consoles will not 
notice anything as existing connections are left intact.  Consoles renamed 
by the new settings will take affect immediately.  Consoles currently 
active in Console Logger but not in the configuration file will remain 
intact after a reload (unless 'reload clean' is used).
	Some other signals that can be sent to the Console Logger process.  
SIGTERM, SIGQUIT, and SIGINT will all cause Console Logger to clean up and 
exit.  SIGHUP is used to rotate logfiles.  Upon receiving that signal, 
Console Logger will close all of its logfiles, and re-open them, 
re-creating them if necessary.  The configuration file is not re-read on 
receipt of a SIGHUP.  The 'relog' command issued at the CLI> prompt 
simulations a SIGHUP.

	Finally, there is the 'rename' command.  Rename allows you to 
temporarely rename a console to something else:

CLI> ls war
 Console            Doormat       Port    Status        Who:Where
-----------------  ------------  ------  ------------  ------------------
war                ts-05.dm      6029    Connected     
CLI> rename war peace peace.log
Console (war) renamed to (peace) successfully
CLI> ls peace
 Console            Doormat       Port    Status        Who:Where
-----------------  ------------  ------  ------------  ------------------
peace              ts-05.dm      6029    Connected     


The last argument, 'peace.log', is optional and designates a new logfile 
name. If the console is already in use, Console Logger will give an error:

CLI> rename war peace
New console (peace) already in use


Renaming a console currently being watched or attached to will not affect 
those sessions.  NOTE: the logfile for the renamed console is NOT changed 
unless specified as the 3rd (optional) argument to the 'rename' command.


Other

	The source package contains a start-up script for /etc/init.d 
which can be used to manage Console Logger's service.  The init.d script 
(currently called "consoled") takes one of the following 
arguments:'start', 'stop', 'rotate', or 'reload'.  'start' obviously 
starts the service up if it is not currently running.  'stop' of course 
stops the service by sending a SIGTERM to the running process.  'rotate' 
basically closes and reopens all of the active logfiles.  'reload' sends 
the running process a SIGUSR1 to tell it to re-read its configuration 
file.  It also closes and reopens all of the logfiles.  The init.d script 
should be configured to 'su' to a nonpriviledged user before starting up 
Console Logger for security reasons IF the 'RUNAS' option is not used (see 
above).
	Console Logger takes one or two arguments at runtime. The last is 
always the configuration file.  If the -d flag is given then it will fork 
off a child process and goes into the background.  If omitted however, 
Console Logger will stay in the foreground.  The command line arguments 
are:

 consoled [-d] <configfile>

Normally Console Logger is only called without the -d flag if it is being
tested.  When called without any arguments it displays its usage and 
version:

./consoled
Usage:  ./consoled [-d] <config_file>
  ./consoled, version 1.15.3
  -d : daemon mode (background)


ISSUES

	I have had problems with older Portmasters acting flakey.  They 
apparently do not like having large numbers of connections open to them 
for extended periods of time.  It has been suggested that they run short 
on memory.  Whatever the cause, the most effective way to restore full 
service is to reboot them.  Symtoms of a flakey Portmaster: no responses 
recieved on attached consoles, intermittant responses or frozen consoles 
that are attached to.  The best way to deal with these is to disconnect 
all cosnoles from that terminal server (see the 'disconnectall' command 
above) and reboot the Portmaster.  Simply disconnecting all consoles from 
a Portmaster (connecting only the machine you need), may alleviate the 
symtoms for a while if time is short.  Once the Portmaster has been 
rebooted, using the 'reconnectall' command (see above) will restore all 
consoles back to normal operation.
	Console Logger is compiled with debugging, so if it were to crash, 
please restart it and let the maintainer know.  There is hopefully a core 
file in its current working directory .  Also let the maintainer know what 
time it crashed and anything you were doing at the time that may have 
caused the crash.
	Currently Console Logger ups its rlimits to the max as it uses a 
lot of file descriptors.  Upping the limits higher may require changes to 
the source code, but may alos require ulimit changes (as root in the 
init.d script.  If POOLSIZE is specified in the config file and the 
startup script is run as root, then this should not be a problem.  E-mail 
the maintainer if you have any problem, questions, suggestions, or updates 
regarding Console Logger.  This file should have the contact information 
for the current maintainer.
	Another problem that could arises from time to time is out-of-sync 
telnet modes.  A common symptom of this is double echo's on attached 
consoles.  Also passwords are echo'd on attached consoles.  The telnet 
client is not synchronized with the remote terminal server.  Normally 
Console Logger handles the initial synchronizing between the client and 
server.  The most effective way to resolve this is to disconnect the 
console from the terminal server and then reconnect it:

CLI> dc <console>
...
CLI> con <console>
...

This forces telnet modes between Console Logger and the remote terminal 
server to re-synchronize.  Hopefully this problem should be fixed in newer 
versions of Console Logger.

Current maintainer: mikeh@mindspring.com
This document last updated: 6/25/08.
.
====================================================================
CHANGELOG
====================================================================
v1.15.3 (Changes since v1.15.2):
  --Updated documentation

v1.15.2 (Changes since v1.15.1):
  --fixed missing O_LARGEFILE flags when opening logfiles
  --fixed some formating/missing linefeeds that caused gcc to croak

v1.15.1 (Changes since v1.15.0):
  --fixed 'rca' command to report status
  --add !last command to execute last command
  --altered '!!' shortcut to refer to '!last' and '!' to refer to 'last'

v1.15.0 (Changes since v1.14.1):
  --fixed a potential memory leak in process_cli(), show_consoles()
    and Global_disconnect_alldm()
  --converted a number of functions to use new dlist calls
  --converted monitor/xmonitor to take multiple arguments
  --converted list/show to take multiple arguments
  --converted rca/dca to take multiple arguments
  --made a number of minor code cleanups
  --added the 'last' command to display previous action command+args
  --added SIGUSR2 support to do a 'reload clean' operation externally

v1.14.1 (Changes since v1.14.0):
  --fixed a faulty strncpy that was overwriting other variables
  --fixed formatting for long hostnames
  --fixed a state where 'busy' consoles cannot be disconnected

v1.14.0 (Changes since v1.13.3):
  --added new command, 'rmon' to replay and monitor a console in one 
    request
  --added option to 'replay' to display given number of lines
  --upped replay buffer to 96 lines, default is now 10 (from 12)
  --added addition argument (optional) to rename to rename logfile
  --added 'clean' option to 'reload' to remove consoles not in config file
  --fixed a few minor memory leaks

v1.13.3 (Changes since v1.13.1):
  --rewrite telnet filtering code to fix spurious data (from 1.13.2)
  --fix relog bug

v1.13.1 (Changes since v1.13.0):
  --fix reverse telnet code bug for portmaster junk
  --update docs for tips2conf -l flag

v1.13.0 (Changes since v1.12.0):
  --rewrite of telnet handling code to seemlessly deal with delayed
    transmission of telnet codes from the cyclades
  --added replay feature for replaying log entries for a specified console
  --added ability to map IP addresses in the console section of the config
    file IF in the /etc/hosts file
  --added new tips2conf utility
  --added delay to event reconnect to avoid usleep()
  --updated randomization code for idleness NOP sends
  --minor code cleanups and removals of dead code

v1.12.0 (Changes since v1.10.0):
  --Fixed some formatting issues
  --redisigned handling of internal Console data structures to be
    completely pointer based
  --added rename command
  --added dca * option to disconnect all the consoles on those flakey
    portmasters easily
  --added monitor and xmonitor commands to replace 'watch *' and included
    wildcard filtering
  --added reload and relog commands so priviledges aren't needed
  --watch now handles wildcards correctly
  --watch (and monitor/xmonitor) now take telnet's 'send ip' in addition
    to 'XXX'
  --reloading config file now handles renames and conflicts cleanly
  --command entry errors now print usage
  --reconnectall and startup are now 5 times faster
  --version is now stored internally
  --a few other minor cleanups and bug fixes which I can't remember

v1.10.0 Baseline - no previous changes recorded here - see CVS