OverTime Security

By default, OverTime will present a single master list of devices that it is monitoring for all users to view.

When the users are from different companies, the devices can be grouped by company and access restricted.

 

To achieve this configuration, OverTime requires

1) Individual user account that limit access to OverTime.

2) A file that defines the groups and users that have access to those groups (security.xml)

 

Each user, except for the 'admin' user, is associated with just one group.

The 'admin' user has access to all groups and all devices.

The user's group is shown in the output with the group's name as the user's home page in OverTime.

Each device should be represented in just one group and if not explicitly listed then the device is treated as if it were listed in the default group.

Each group can have color specifications that are used when drawing graphs.

 

Enabling security.

To enable security the following steps need to be performed:

1)      Edit overtime.cfg and add a new line like this:
Windows:
pwdfile C:\overtime\cfgs\overtime.pwd
Unix:
pwdfile \var\opt\overtime\cfgs\overtime.pwd
and save the file.

2)      Specify the administration user name and password by running from the command line ‘adminuser’ which is in the cgi-bin directory of OverTime’s web server.

3)      At this point, access to Overtime will be restricted to the created users.

4)      From your browser go to URL /cgi-bin/adminuser?

5)      Log in as the administrator you just created and create new users as required.

6)      If per-device access is required, then in the overtime/cfgs directory create a new file called overtime.xml

 

overtime.xml

Here is an example of that file showing the layout:

 

<!-- this is the group file for OverTime. -->

<!-- It has some restrictions above a normal xml file-->

<!-- Each tag must start and finish on the same line-->

<!-- Blanks can only proceed an opening tag -->

<groups>

 <group name="Company One">

  <users>

   <user>Co1User1</user>

   <user>Co1User2</user>

  </users>

  <hosts>

   <host name="Compnay One Main Router">NETic-Router</host>

   <host>Switch101</host>

  </hosts>

  <colors>

   <color>00F0FF</color>

   <color>0F8888</color>

   <color>888888</color>

   <color>0FF088</color>

   <color>0F88F0</color>

  </colors>

 </group>

 <group name="Non Company one Devices">

  <users>

   <user>Co2User1</user>

  </users>

  <hosts>

   <host name="Main server">host1</host>

   <host>IGateway</host>

   <host name="Backup Server">host11</host>

   <host>router5</host>

  </hosts>

 </group>

</groups>

 

overtime.xml tags

 

<groups>

<groups> is the opening tag, which encapsulates everything up to the closing </groups> tag.

 

<group>

There can be one or more <group> tags defined. Each <group> tag defines a new group and it has an optional name parameter. <group> tags can not be nested and must end with </group>

 

<users>

The <users> tag is mandatory and defines the list of users that have access to this group.

 

<user>

Each <user> tag must be enclosed within a <users> tag group. Each <user> tag has a user name (case sensitive) that permits that user to view the hosts for this group. You should have already defined the user name with ‘adminuser’.

 

<hosts>

The <hosts> tag is mandatory and defines the list of hosts that are in this group.

 

<host>

Each <host> tag must be enclosed within a <hosts> tag group. Each <host> tag defines a host (case sensitive) that is in this group. An optional name within the group tag is the alias that will be shown on the main page for the device rather than actual real name.

 

<colors>

The colors tag is optional and defines the list of graph colors to be used when drawing graphs for the devices in that group. If the <colors> tag is present within a group then it MUST be defined after both the </users> and </hosts> tag.

 

<color>

Each <color> tag must be enclosed within a <colors> tag group. Each color is a hex string (6 hex digits in three pairs, defining red green and blue) ie: 00FF00 would be pure green.

The first color defined will be used for color 1, the second definition will be used for color 2 etc.

How are these colors used?

OverTime produces four types of graphs, IO, IO Errors, PingTime and General.

The first color is used in an IO graph for output octets and for a PingTime graphs minimum response time (default is blue).

The second color is used for PingTime graphs where it represents the average values (default red).

The third color is used in IO and PingTime graphs. The IO graph uses it for input octet measurement and the PingTime graphs use it to represent maximum values (default green).

The fourth color is used in IO Error graphs to represent In Errors (default yellow).

The fifth color is used in IO Error graphs to represent Out Errors (default cyan).

General graphs use colors 1-54 for each of the values they graph.

 

Color

IO

IO Errors

PingTime

General

1

Out

 

Min

Line 1

2

 

 

Average

Line 2

3

In

 

Maximum

Line 3

4

 

In Errors

 

Line 4

5

 

Out Errors

 

Line 5

6

 

 

 

Line 6

… 54

 

 

 

… Line 54

Colors 1-54 are used for general graphs.