5 0 0:Creating a Command Event
Overview
A command event enables the execution of any program on a SEP sesam Client. A user must be authorized to run the commands on a specific client. By default, only commands entered in the system directory at <SESAM_ROOT>/bin/sesam
can be executed. If you want to allow starting commands in other directories, see the section Setting permission to run commands.
In the SEP sesam GUI, you can start command events immediately or schedule the events for automatic execution.
Steps
To create a new command event, follow the steps below:
- From Main Selection -> Scheduling -> Schedules, select the schedule to which you want to add a command event. Then right-click the desired schedule and select New Command Event. The New Command Event window is displayed. Note that if you have not already configured a schedule, you must first configure it by clicking the New Schedule button in the Schedules window. For details, see Creating a Schedule.
- Under the Parameter tab, specify the following settings:
- Priority: Optionally, define a priority for the command event. SEPuler always executes schedules with higher priority first. The default priority level is 1, which is the lowest priority (the highest is 99). The highest priority level is 99. The only exception is schedules with priority 0, which override all other priorities and are always executed. For details, see Event Priority.
- Blocking date: This should be used in conjunction with high priority for special events. When this check box is selected, lower priority events of the same type are blocked, ensuring that the command event is processed if other command events are also scheduled at the same time. See Blocking Events.
- Name: Select the name of the existing command from the drop-down list. When selected, the full command is displayed in the Preview field below.
- Client: Select a client on which to execute the command.
- User: Enter the user name of a user who has sufficient rights to execute the command on the client.
- Retention time: Specify how long (in days) to retain the command event results and logs (default 30).
- Additional Parameter: Optionally add additional parameters to the command.
- Follow up (available in v. ≥ 5.0.0 Jaglion): Optionally use this field to configure a follow up event to be started on the SEP sesam Server once the command event has completed. For details, see Creating Follow-up Events.
- Click OK to add your command event to a schedule. You can review your schedules and assigned events, trigger events to start immediately, or delete them by right-clicking the selected schedule/event.
Tip | |
You can access the configured commands from the menu bar -> Configuration -> Command. You can define your own commands to use when creating a command event, and modify, delete, or copy the existing commands. For details, see Configuration: Commands. |
Setting permission to run commands
Not every user on a specific client is authorized to run all commands. Without additional entries authorizing selected users to run certain commands, commands can only be run from the system directory <SESAM_ROOT>/bin/sesam
. If a command is to be started from another directory before the regular backup is started, this must be entered/allowed on the target client.
- UNIX
Copy the file sesam_cmdusers.allow from the directory <SESAM_ROOT>/skel
to /etc
on the client and modify the file. You can now enter a line for the user and the command in the format {user} {command}. If you use a wildcard (*), all commands will be executed.
No explicit permissions are required to execute SEP sesam commands such as sm_loader.
- Windows
To set access rights for the user and command, use the following key: \\HKLM\SOFTWARE\SEP Elektronik GmbH\sesam\CommandEvents\<user>\<command>
In addition, on the client computer, the entry CTRLD_Path=ID/bin/sesam;ID/bin/sms in the file ID/var/ini/sm.ini in the section [CTRLD_Server] must be extended to include the directories in which the desired programs are located.
- Open the Regedit editor.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\ and create a new key named CommandEvents. If it does not already exist, right click and select New Key.
- Enter <user> and then <command> with the full path information as the key.
The available commands are:
Command | Execution |
---|---|
* | all commands |
cmd /c | all DOS commands (dir, etc.) |
DOS command (e.g., dir) | specific DOS command only (e.g., dir) |
specific command (e.g., ping) | specific command only (e.g., ping) |
If there are other commands, the last command is executed. If you use a wildcard (*), all commands are executed.
Below is an example of a registry file (*.reg) that allows all command events for the administrator and the sesam user:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\CommandEvents\sesam\*] [HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\CommandEvents\Administrator\*]
Note | |
The most common errors when setting up the desired user permissions and allowed commands are:
|