This section describes how certain aspects of the license status can be monitored.
Introduction
The emulator periodically checks the presence of a valid license. The checking period is specified on the license (default: once per hour) and can be different for the different Charon emulator products. Should no valid license be found, this will be logged in the emulator log file. As the emulator continues to run only for a limited time without the license, it is important to receive timely information about the license problem. This section describes some methods for monitoring the log file on Linux and Windows.
Please note: Charon-AXP/VAX 4.9 and Charon-PAR 1.10 and newer will grant a grace period of 12 hours after all valid licenses have disappeared. Older versions of these products and other emulator products will continue to run without a license until the next scheduled license check (default 1 hour). Charon-SSP starting with version 3.0 will continue to run for two license check periods. The grace period varies significantly between products and versions of the same product!
Monitoring the Emulator on Linux
Emulator Log Files on Linux
Please note:
- If you use the Charon Linux Toolkit for Charon-AXP/VAX, you can use it to monitor the emulator log files and have it provide alerts should the license be removed or otherwise become unavailable.
- Please refer to Charon Linux Toolkit for more information. The rest of this section provides an example of how to monitor the emulator log files with generally available Linux tools should it not be possible to use the Linux Toolkit.
The log-file contents differ depending on Charon products and versions as shown in the following examples.
The following Charon-AXP/VAX log file excerpt shows the message written after the license dongle has been removed for Charon-AXP/VAX versions before version 4.9:
20160809:185509:INFO :0:000003E6:ll_sentine(1820): Performing regular license check ... 20160809:185509:ERROR:2:000003E8:ll_sentine( 379): Sentinel HASP RunTime Error 7. 20160809:185509:INFO :0:00000351:ethane.cxx(3056): session: Detected removal of the license. Normal operation is supported for 59 minutes from now.
|
The following Charon-AXP/VAX log file excerpt shows the message written after the license dongle has been removed for Charon-AXP/VAX version 4.9:
<lines removed>
|
The following Charon-SSP log file excerpt shows the message written after the license dongle has been removed:
|
The following Charon-PAR version 1.7.4 log file excerpt show the message written after the connection to the license dongle has been lost or the dongle has been removed:
20160927:150512.34743:PDC CHASSIS:0XCE0F State= INITIALIZE 20160927:150619.152882:Device EWA0 (enp6s0) : RX up 20161009:200646.683932:err:Contact with license key lost ... 20161009:200646.684279:err:Please reinsert the key within 15 minutes otherwise emulator will stop. |
The following Charon-PAR version 1.11 log file excerpt show the message written after the connection to the license dongle has been lost or the dongle has been removed:
|
Monitoring the Emulator Log Files Using logwatch
If the use of the Linux Toolkit is not an option for some reason, there are several different ways log files can be monitored on Linux. One possibility is to use the logwatch utility.
The following very basic example shows how to monitor the emulator log files with logwatch and send an email if the dongle removal message appears in the emulator log file.
Please note:
- Most of the messages show in the examples above are not written to the emulator log file immediately when the license is removed. They are written when the periodic license check is performed. Exception: Charon-AXP/VAX 4.9 and Charon-PAR 1.10 and higher also write messages to the emulator log - with a short delay - that reflect the messages written to the system log by aksusbd. The aksusbd daemon reports the removal of a license almost instantaneously in the system log.
- If possible, use the monitoring capabilities of the Charon Linux Toolkit. This will provide alerts for both message types and additional monitoring features, for example monitoring and alerting based on counters.
Installing logwatch
Logwatch is available via the standard repositories of the supported Linux versions. If it is not yet installed, the installation can be performed using the command:
# yum install logwatch |
Information on how to customize logwatch can, for example, be found here: http://www.stellarcore.net/logwatch/tabs/docs/HOWTO-Customize-LogWatch.html.
Creating a logwatch Setup for Charon Log Files
The Charon log file must be added to the logwatch configuration before it can be monitored.
All customizations should be done on files in the directory /etc/logwatch.
To change settings in the general logwatch configuration, copy the file /usr/share/logwatch/default.conf/logwatch.conf to the directory /etc/logwatch/conf/. In this copy you can modify the settings as desired. For example, the email address to which notifications will be sent.
Most of the general settings can also be modified by command-line parameters when starting the program. Please refer to the logwatch man page.
The following files must be added to the logwatch configuration in order to monitor the Charon log file:
- Log file definition file
- Service definition file
- Log file analysis script
- Timestamp adaption file
Logwatch Example
Please note:
- This example is very much simplified and will not work for all cases. Should the Charon log file format change in the future, it will have to be modified. It is intended to demonstrate the concept and is not a solution suited for a production environment.
- The examples of the analysis script and the time stamp adaption script are specific to the Charon-AXP and Charon-VAX products. Different formats are required for the Charon-SSP and Charon-PAR products.
1. Create the log file definition file:
Create a file with the names of the log files in the directory /etc/logwatch/conf/logfiles/.
For example, add a file named /etc/logwatch/conf/logfiles/charon.conf with the following content:
LogFile = "ds20-v1.log" |
The name of the log file must be specified relative to the LogDir parameter (default /var/log). Wildcards are possible.
Please note:
- The Charon-AXP/VAX log file configuration can be set to automatically rotate the log file at configurable intervals. If this is the case, the currently active log file can be accessed by a symbolic link with the default name
<hw-model>.log.
The LogFile parameter can be set to the symbolic link. As the logwatch command is typically started via the cron utility, it will automatically use the current log file. Other Charon products also provide a log-rotation feature. Please refer to the appropriate product documentation for details. - Even though there would have to be frequent runs to catch the message about a removed dongle before the emulator stops, there is a small risk that the log rotation and the logwatch run could overlap, causing the dongle removal message to be missed. Hence, the use of rotating log files is not recommended when using logwatch. This risk can be avoided by using the Linux Toolkit.
- Some versions of logwatch convert the log file path to lowercase. This prevents the log files from being found if uppercase characters are used in the LogDir target. A workaround is to create a symbolic link consisting of lowercase characters pointing to the target directory and to use the symbolic link as the LogDir value.
2. Create the service definition file:
Create a file including the name of the log file definition in the directory /etc/logwatch/conf/services/.
For example, add a file named /etc/logwatch/conf/services/charon.conf with the following content:
|
3. Create the log file analysis script:
Create a script in the directory /etc/logwatch/scripts/services/ that is able to extract the relevant messages from the Charon log file. The script will receive the lines of the log file via standard input.
For example, create a file named /etc/logwatch/scripts/services/charon with the following content:
|
Please note: for Charon-AXP/VAX version 4.9, the egrep-line above must be adapted to the new log-messages format.
For example to "if echo $LINE|egrep '(00000424|Communication with the license key|Application will stop)' &> /dev/null;"
4. Create a timestamp adaption script:
The time range that can be provided to logwatch must be translated into the timestamps of the Charon emulator log file. To do this, create a file in the directory /etc/logwatch/scripts/logfiles/charon/ containing the necessary commands.
For example, create the file /etc/logwatch/scripts/logfiles/charon/applydate with the following content (as an existing applydate script was used as template, the copyright must be preserved):
|
Please note: the script above does not cover all parameters possible for the range parameter of logwatch. It is provided only as an example for informational purposes.
5. Run the logwatch command to check the Charon emulator log file for a removed license message:
|
This command overrides the LogDir, mail, range and service parameters of the default configuration. A command similar to this could be added to crontab in order to check the Charon emulator log file every few minutes.
Sample crontab entry (for the root user) to check the Charon log file every 5 minutes:
*/5 * * * * /usr/sbin/logwatch --logdir=/opt/charon/log --output=mail --mailto=root |
If the error code indicating a removed dongle is found in the indicated time range, a mail similar to the following will be sent to the root user (the email content can be customized).
The following exhibit shows a sample logwatch message for Charon-AXP/VAX versions before Charon-AXP/VAX 4.9:
|
The following exhibit shows logwatch sample logwatch message for Charon-AXP/VAX 4.9:
|
Monitoring aksusbd Messages in the Linux System Log
The background process aksusbd logs its messages via the journald daemon. These logs can be extracted using the journalctl command.
To extract messages specific to the aksusbd software for the last five minutes, use the following command:
$ journalctl --since="$(date '+%Y-%m-%d %H:%M:%S' -d '5 minutes ago')" -t aksusbd --no-pager |
If a dongle had been removed within this time span, the output is similar to the following:
Aug 12 14:57:49 host1 aksusbd[17450]: aksusbd_usb_dev_remove: device '/dev/aks/hasp/1-14.2'
|
If a dongle is connected, a message similar to the following will be displayed:
Apr 11 19:44:37 redhat7.localdomain aksusbd[15047]: aksusbd_usb_dev_connect: device '/dev/aks/hasp/2-1'
|
A journalctl command similar to the one above can be run regularly within a cron-job that sends an alert if the license has been removed. This method of monitoring has the advantage of being independent of different emulator log file formats and the different check periods set for the individual products.
Charon-AXP/VAX version 4.9 and Charon-PAR version 1.10 and newer also show messages corresponding to the journalctl messages in the emulator log file (with a delay of about one minute) that can be captured by log monitoring tool such as logwatch. Below is a sample for the Charon-AXP/VAX product:
|
Please note: If you use Charon-AXP/VAX, the Linux Toolkit can be used to implement this monitoring option.
Charon License Expiration Check
The Charon Linux Toolkit includes a license expiration check utility that can send alert emails, and/or execute a custom script, a specified number of days before the license expires. This utility can be installed in standalone-mode to be used on Charon-AXP, Charon-VAX, Charon-SSP (non-Baremetal versions) and Charon-PAR without installing the Charon Linux Toolkit.
To download the utility, you must issue a request via email to the Stromasys support team or ask your reseller.
Please refer to How-to install Charon license expiration check on a Linux server for detailed installation and configuration instructions.
Charon-PAR Special Monitoring Options
Charon-PAR versions 1.10 and higher offer an additional feature to support alerts in the case of license problems.
The Charon-PAR configuration file supports the following new parameters that can be used to alert the user to potential license problems:
Parameter | Description |
---|---|
hasp_lost_usr_cmd | Runs a user-defined script or a executable if Charon disconnects from current valid license and no other valid license is found. This action is called every hour during the 12 hours grace period (at the end of which Charon-PAR stops unless a license has been found). The script or command started receives three parameters from Charon-PAR: key-id, product-license-id, and termination time. Usage example: |
license_changed_usr_cmd | Runs a user-defined script or an executable when Charon-PAR disconnects from one license and connects to another for any reason. The script or command started receives four parameters from Charon-PAR: old-key-id, old-product-license-id, new-key-id, and new-product-license-id. Usage example: |
license_expiration_warning_usr_cmd | Runs a user-defined script or an executable when the license expiration time is within few hours. The default setup is: starting 24 hours before expiration this script is invoked each hour. The script or command started receives three parameters from Charon-PAR: key-id, product-license-id, expiration time. Usage example: |
License logging level:
Starting with Charon-PAR version 1.11, periodic (once per hour) log messages indicating a successful periodic license check are disabled by default to avoid cluttering the log file. They can be re-enabled by adding the parameter
system.license_logging_level = 2
to the emulator configuration file. Setting the parameter to 0 or 1 will disable the messages.
Please note that this parameter must be placed towards the end of the configuration file and will not work if placed before the memory configuration.
Monitoring the Emulator Log File on Windows
Charon-AXP/VAX/PDP come with the logmond (Log Monitor & Dispatcher) utility. This utility can monitor the emulator log for events indicating that the license has been removed.
Please refer to CHARON Log monitoring on Windows (logmond). It contains detailed descriptions for using this tool on all supported Charon product versions.
Currently, there is no comparable utility for the Charon-AXP/SMA product.
Emulator Log File Examples
The following Charon-AXP/VAX log file excerpt (before version 4.9) shows the message written after the license dongle has been removed:
20160809:185509:INFO :0:000003E6:ll_sentine(1820): Performing regular license check ... 20160809:185509:ERROR:2:000003E8:ll_sentine( 379): Sentinel HASP RunTime Error 7. 20160809:185509:INFO :0:00000351:ethane.cxx(3056): session: Detected removal of the license. Normal operation is supported for 59 minutes from now.
|
The following log file excerpt from Charon-AXP/VAX 4.9 shows the messages written after the license has been removed, the periodic checks to verify whether the license has become available again, and finally the message to indicate the stop of the emulator due to the missing license:
|
Please note that not all messages are shown in the log excerpt above because the configuration parameter log_repeat_filter was set to on (default).
To receive all messages, this parameter must be set to off in the emulator configuration file. This will create a more detailed output as shown below. In particular, it shows the grace period after which the emulator will stop:
|
The following Charon-AXP/SMA log file excerpt shows the message written after the dongle has been removed:
2016-10-04 01:43:15:231: ES40-1: license: Error 7, CHARON can't detect HASP key and will shutdown within 60 minutes 2016-10-04 01:58:15:243: ES40-1: license: Error 7, CHARON can't detect HASP key and will shutdown within 45 minutes 2016-10-04 02:13:15:253: ES40-1: license: Error 7, CHARON can't detect HASP key and will shutdown within 30 minutes 2016-10-04 02:28:15:260: ES40-1: license: Error 7, CHARON can't detect HASP key and will shutdown within 15 minutes 2016-10-04 02:43:15:269: ES40-1: license: Emulator stopped on error 7...Appropriate license key is not present
|
License Expiration Check on Windows
Starting with Charon-AXP/VAX/PDP version 4.8 the license expiration check utility is installed with the Charon emulator kit. The details of this utility are described in the user's guides of the Charon-AXP/VAX/PDP for Windows. This section provides a short overview.
This utility is executed once a day at 09:00 AM and will send Windows Application Events 15 days before license expiration. No other action will be taken unless you customize the expiredlicense.bat
script.
The installation process installs the utility and the default expiredlicense.bat
file under the Charon installation folder, usually in C:\Program Files\CHARON\
Redistributables\Stromasys
. It also provides examples on how to send alerts via email.
Please note:
- If you installed this utility manually before installing Charon-AXP V4.8, the scheduled task will remain unchanged.
- If you remove all Charon emulator products from the server, the scheduled task will be disabled. It will not be deleted.
- For versions prior to Charon-AXP/VAX 4.8 the utility can be installed manually. Please refer to Charon on Windows - Automated License Expiration Check for details on the use of this tool.