The purpose of the goal using the list of active actions. Effective system of living organization using lists in the list of active actions you determine

N. the estate Fly Lady loves order in everything. She even fleeting plans is born in the head in the disciplined form. And when the farm needs to keep accounting, analyze all of its areas, control stocks, costs, the fulfillment of cases, here and not do without a clear organization.

Those who do not want to miss any little things, but at the same time do not delve into complex programs and as much as possible to simplify the process of housekeeping management, comes to the aid of the universal system of lists.

Starting to draw up lists follows from the level that is now most understandable for you. If you are boldly looking forward a person, then it will be far-reaching prospects.

List of global plans

Watch everything you want to have time in life. You can act according to the method of brainstorming: to write everything that comes to mind, and then streamline the importance, need, the complexity of execution. Thus, you have a list of affairs to life - the starting point in the structure of the Life management. For creative natures, the option of the cards of the desires, which we wrote about in one of the past articles.

Subsections of this list can be:

A list of actions in relation to family members (teach a daughter to cook dinner, to introduce a husband to sports, etc.);

Qualities that I would like to work out in yourself;

Errors that would like to fix.

Tip: Do not put yourself hard tasks in the form "must" or "need", life is often unpredictable, be prepared to change according to the current situation.

By placing a lifestyle into a slim system, you can proceed to planning and structuring more terrestrial and tangible levels.

Necessary information

First of all, surrounding ourselves useful important and not very information - we write the lists of all that we may need to perform the role of a good wife, a caring mother, a devastating hostess, in one word, a real Fly Lady.

1. List of necessary information about each family member

Data of important documents (passports, birth certificates, insurance numbers), which may be needed to fill various forms in government structures and other organizations;

Basic information about health (availability of special diseases, states, the name of drugs and the time of their reception) - information for nanny and nurses;

For more information (hobbies and preferences, favorite colors) - it will be useful for the choice of gifts, it will save from the temptation to buy something to your taste.

2. List of all things in the house

It will be the most bulk manuscript, so it is better to divide it to the sections (for example, by rooms). In essence, this is an inventory of property, home inventory. This difficult work can be done only once, dividing it into several stages. Separate speakers on this list will highlight cabinets, shelves and their contents, a list of documents and, if you are completely passionate, inventory books and magazines.

What is the result?

• each thing in the house acquires its place, which will greatly facilitate cleaning;
• the apartment is burlossing, you get rid of almost half of the "hot spots", where it likes to copy the bored trash;
• an understanding appears, which is still missing your dwelling for optimal ergonomics of space and a full appearance of a cozy nest.
• list of important phones (household services used by your family, teachers, educators, nannies, contacts of relatives and so on)
• a list of drugs that are needed by your family (universal and individual).

If necessary, and optionally, you can compile lists of the wardrobe of each family member for the seasons. I am happy to do this, making pleasant amendments when changing the seasons, the spouse is also very pleased, because he does not have to break his head on this.

Food and all that is connected with it.

This may include various subsections:

List of favorite dishes each family member;

List menu for a week;

List of essential products.

The list of products should be highlighted with a separate article in planning. It is divided into two types: products for every day and other products. The first is that for our family it is important to have in stock every day (milk, eggs, butter, apples - for each family it will be your list). The second list includes long-term storage products that are purchased, as a rule, 1-2 times a month in an Internet hyperm with delivery. Both list are stored in my smartphone, in a special program with check-sheet functions.

Other purchases (all that is necessary for life is tools for cleaning, consumables, household trivia, hygiene products), in my case, such a list is called "non-water"

Active action

Another large-scale list is a list of necessary cases.

How to make a list of cases to not forget anything? The easiest way to do this in the areas of household and life in general. We divide all things to constant (routine) and operational (one-time business for a day, week or month). Each of these large sections will be the following lists:

• lists of affairs at home (monthly, weekly, daily);
• urgent cases (related to a specific date or period) - they are better to immediately enter the calendar or a phone with reminders;
• affairs out of the house (all that is associated with travel and hikes in the city, shopping, events).

From time to time

Special partitions of situational lists that will be needed in certain moments of life.

• lists of things for the sea (trips to the country, to relatives), as well as actions, with this related;
• lists of things and cases for moving;
• list of places and sights who need to be visited during cultural recreation;
• list of business and shopping for family celebration.

Lists intended for specific events can be drawn up for a child, and this will help him be more organized, attentive and responsible.

You can compile lists on paper, on a computer or enamel your smartphone using regular notepad or special applications.

Under control of everything

C. so you can fit into the list of list? Almost whatever!

These can be lists of the required minimum cosmetics, Vish Sheets, gardening work and landings list - existing and desired, films that you want to see, books that are worth reading, lists of advantages and minuses when choosing between two or more alternatives.

But the most important thing is in the list - so that he worked. If you do not look at some of the plans for more than six months, you can safely change the approach or system of organization in this area.

In general, the lists are very simplifying and facilitating control and planning, help in current activities, serve as an effective tool in any field of management.

Name of parameter	Value
Theme of article:	Active action
Rubric (thematic category)	Psychology

Fig. 26.1 shows that the main styles of behavior in conflict situations are associated with the main source of any conflict - orthogonal dependence of the interests of the parties.The style of behavior of the manager in the conflict depends on how much he wants to satisfy his own interests, being either active or passive, and the interests of the other side, acting together with it or act independently, individually. Passive reaction means the desire to get away from the conflict, active - attempts to resolve it. The same refers to the nature of the action. The desire for joint efforts indicates that the conflict will be resolved, and, on the contrary, individual aspirations lead to avoiding or solving the problem in the interests of one party.

The typology of behavior in conflict is not once and forever set. Everyone can use the entire arsenal of styles based on the situation. In addition, some styles can be applied to quite specific types of conflicts. Consider the styles of behavior of managers (avoiding, adaptation, competition, compromise and cooperation in the following scheme

♦ cases when it is advisable to use style;

♦ Using style in conflict prevention conditions;

♦ Using style when resolving the resulting conflict.

Avoiding. The manager implements this style when he, simply evading the permission of a conflict situation, does not defend his leadership and does not cooperate with anyone to solve the problem. However, to care from attempts to defend both their own interests and the interests of another person, will certainly be founding.

Cases of expedient application style

♦ The manager feels high tensions in relations and feels the need to reduce the heat;

♦ the manager itself has a lot of worries, and he believes that ᴇᴦο involvement in this situation will bring additional care and unproductive time loss;

♦ The manager believes that the outcome is insignificant and should not be spent on the resolution of the conflict time and strength;

♦ The manager needs to win time (enlist the support, to obtain additional information, etc.);

♦ The manager does not find strength and resources to solve this problem;

♦ The manager sees that this question is impossible to solve when ᴇᴦο powers that this can be done better by another instance;

♦ The manager believes that the immediate discussion of the problem may lead to the exacerbation of the situation.

Conflict prevention.The manager applies the tactics of waste to the back plan. The surrounding impression is that it shows an insufficient interest in business, but it may be false ideas about obvious and implicit behavior. Being in the shade, you can always imperceptibly observe and engage in time to solve the problem. Bringing orders to the attention of employees, the manager eliminates itself from the need to deeply analyze them, being essentially only a gear-link Ithey transmitted, and they ... 'or''ony did not fulfill, but I have nothing to do with it. Thus, the manager avoids responsibility and inclusion

Active actions - concept and types. Classification and features of the category "Active actions" 2015, 2017-2018.

Hello friends! The most frequent question with which mylifeorganized users are addressed to me - I do not understand what to do next with a list of active actions. And then there is an addition that this list:

• large
• not clear
• all confused

I will not try to accommodate all the answers to one article - I will consider in turns of the main problems of using acts of active action.

Please note that the reason, for the most part, does not lift in active actions. Lists Todo are a consequence.

Have you heard about the law of cause and consequence?

So the reason is that you have been applied and nanalized all sorts of properties. And the fact that the program showed in the list is the display of your thoughts and plans.

Misunderstanding what needs to be done - the first reason for nothing

The main reason for the procrastination - from the list of our tasks it is not clear what to do. The tasks seem to eat. Even stood some properties. And it even felt that the list of tasks "On our topic". But what you need to do with it - it is not clear.

What tasks will not be performed

Those that require not only actions, but also additional mental flows.

Look at these tasks taken from the standard template:

In the standard template, they are declared as expected reasons followed by a specific action. In practice, it is found that in this form, users are trying to perform their tasks.

How does your brain work at this moment?

Correctly! Begins to ask smart questions:

• so what should I do?
• what result should I get?
• where to get the necessary tool?
• where can I make this task?
• etc…

How should your tasks look like in the list of following concrete actions

The basic requirement for the following specific actions

They must only require specific actions! All reflections ended during a weekly review or disclaiming incoming.

It should be clearly understandable - the task is made or not.

My favorite example - "There is almost no pregnant!" There are only two options - either yes no.

If it is observed - it is very easy to put the task execution checkboxes.

Let's look at the challenges from the standard MLOS template:

What do these tasks are distinguished from the first example?

The task is spelled out in such a way that it is clearly understood or not:

• mirror either rubbed either not rub
• rugs either looked out or did not shake out

But it is possible to wipe the mirror badly. Is it done or not? - There will be smarters who ask such a question.

And this is your personal business! And the responsibility for it is also completely at you. Personally, when I wipe the mirror, I do it right away to mark the task as done.

Such elementary actions can be launched half a life on the autopilot!

How I decide this question in my trainings

The definition of the following specific actions is one of the main issues of the analysis of incoming information. It will depend on it how qualitatively the lists of active actions will be created and whether it will be clear what to do.

What I pay attention to:

1. I teach the proper wording of tasks so that it is clear what to do and what result you need to get.
2. Learning to determine which properties affect the display and build lists of specific actions, how to properly assign these properties.
3. We introduce it as a habit, so that it happened on the autopilot and happened as if by itself.
4. This principle is considered, starting with one-time tasks (specific actions), with a continuation of application in projects and purposes.

1. If you have determined that you do not understand what you need to do with this task in the list of active actions - transfer it to the incoming and re-process until you fully explain.
2. When processing, you can use the test questions described at the beginning of the post. They will actually help you. If you answer them at the planning stage, you will not have to respond to them at the execution phase.

That's all today. Get rid of procrastination and be productive!

If you have any questions - write in the comments! I will definitely answer them.

Thanks for reading this article - I spent a lot of time, creating it for you. I would be grateful if you give your feedback. Without information from you, this blog cannot be complete. So let's stay in touch!

• Do not forget to leave a comment - Your conclusions, thoughts and comments on the weight of gold. I read them all, I definitely answer and create new articles on their basis.
• Share a link to this article - If what I wrote is useful, interesting or touching you, inform friends and acquaintances.
• Join me in Instagram - There you will find situations, thoughts, impressions of my daily life, my own takeoffs and falls in the struggle for harmony, as well as many photos that depicts, as I try to follow my hobbies and principles of life.
• Join me on

UDC 316.612 BBK 88.492

Lizensausgabe des Rudolf Haufe Verlags, BundesRempublik Deutschland, Freiburg I. Br. 2003.

Licensed Edition by the Rudolf Haufe Verlag, Federal Republic of Germany, Freiburg, 2003

Licensed edition of Rudolf Haufe Publishing House, Germany, Freiburg, 2003

Bishop, Anita.

B67 self-generation. Effectively and rational / Anita Bishof, Claus Bishop; [Per. with it. D. A. Parchment]. -2-E ed., Act. - M.: Omega-L, 2006. - 127 s: Il.; Table. - (Taschen Guide. Just! Practical!). - Add. Tit. l. it. - ISBN 5-365-00123-0.

1. Bishop, Claus. Agency CIP RGB

Behind the word "Self-" hides the concept and ability of self-organization. How to achieve not to do "nothing superfluous," not to make actions "just so", "in vain", simply because "so accepted", how to act intelligently and purposefully, seeking maximum disclosure of their abilities and opportunities and adequate to them high Result - How to achieve all this? There are special technologies based on well-developed technicians and strategies that allow us to come closer to the goal. They are talking about in detail and thoroughly.

The book is written by a simple, clear and affordable language, is abundantly illustrated by examples.

Addressed to a wide circle of readers.

all you need to know

For everyone who has little time and who wants to know the essence of the case. For beginners and professionals who want to quickly refresh their knowledge.

You will save time and can effectively apply the knowledge gained in practice.

All sections are structured in accordance with the most important issues and issues in practice.

The visual content plan will allow you to quickly and clearly navigate in the book.

Detailed Guide "Step by Step", Self-test systems and useful tips will be necessary for you necessary tools in work.

These publications can serve as an operational and visual manual for labor collectives of various organizations and enterprises.

We are very interested in your opinion! Send your feedback and offers for email address: [Email Protected] We will be happy with your responses.

Preface

What is your place in professional life?

Balance Satisfaction - Disappointment

Balance of productivity

Analysis of the strengths and weaknesses

Definition and assessment of competence

How do you determine the goals and reach them?

Search Owls

Formulation of the goal

Target implementation using the list of active actions

Do you know the course of the process?

How to organize your time?

What is the organization of time?

The principle of Eisenhower: What is important, what is urgent?

Working Protocol

First and then in and only then with

Definition and exclusion of the braking factor

Plan a day with Alpen!

Planning time

List of calling a list of active actions Overcoming stress

How to work effectively in a team?

Get ready for negotiations! Skillful presentation and the presentation of the recipes from excitement before the performance confidently keep the visualization to the public before the public!

What are your communicative abilities?

What is it about? Test your own

communicative abilities! Analyze and eliminate

difficulties in communication

Organization of your workplace

Take care of the workplace in the workplace of the archive system by category

Conclusion Original for copying

Preface

Self-compliance is a key technique that has a few, and there is nothing surprising in this, because neither at school, nor at the university we will teach us how to set up professional goals and achieve them, organize your work, to use the time and effectively cooperate with colleagues or develop communicative abilities. Already being employees or managers of various enterprises, we realize that the inorganized style of work costs us too expensive (if you take into account both money and time and nerves).

This book will help you plan a working day and achieve professional goals.

Learn to organize yourself, and you will quickly move forward through the career stairs!

Anita Bishof, Dr. Claus Bishop

What is your place in professional life?

The one who wants to consciously bear responsibility for his professional career must first of all determine what he has already achieved. Opportunities and chances of achieving success should be studied from the first step on the way to the self-compliance.

Below we will present you some tested tools with which you will be easier and faster to determine your current position.

Balance of satisfaction - disappointment.

Performance balance.

Analysis of strengths and weaknesses.

Estimation of competence.

Later, when we formulate your possible goals and write them, these tools will need to be replenished.

Suppose when analyzing the strengths and weaknesses, you determine that you are the hardest work with the team and you work significantly better. But in the future you want to cooperate with a specific firm, for example, by assembling engines. You know that then you have to work with engineers, so you should, naturally, ask the question: "Will I be able to work in the team?" Then, perhaps you are

those that will be more successful in another area of \u200b\u200bactivity, which is worth to give preference. Then ask yourself if you areted your talent, if you find a job in the future without contact with people.

Be sure to write down the results of the following analyzes. The one who has answers to the questions posed by the Tolkovgolov, the risks of the surcharged low-risk answers. That the non-propagandaubumage, the unwitting-endoconse, most often forgotten the inserted interpreter the following, than perversely,

Balance Satisfaction - Disappointment

First of all, it is necessary that you correctly evaluate your actual professional situation. This is not about the facts, but about your emotions that you define writing in the balance sheet of satisfaction - disappointment.

Based on this balance, you can find out what work gives you pleasure and is performed easily, and which is your weak place and causes disappointment.

Balance reflects your real situation. Later with it, you can easily see how your position has changed.

Your actions

1 Compare a number of factors, determine their impact on your working satisfaction or dissatisfaction. Such factors could be: tasks from different areas of knowledge, joint work with leadership or colleagues, working climate, your relationship with customers and suppliers, etc.

2 Now write in writing on the left side of the balance that you brings joy, and in the right thing that causes displeasure.

Balance of satisfaction - disappointment explaining negative and positive emotions

If you need to answer immediately when you were satisfied, and when angry, it reflects "on what kind of money is a stand-deep-poslegiy box, and what do you do fast? Performing what work, you are calm or, on the contrary, annoyed? Shot of colleagues, managers and customers you prefer to deal, and what avoiding?

Balance of productivity

Do you know what you did, for example, over the past year? Your personal balance of work done will answer what areas you were successful, and vice versa. It will help you learn your productivity and determine in which direction to work further.

Good day, dear readers!

In this article, I want to tell about the implementation of the active lists functional, or as it is called in English - "Active Lists", in Ossim / USM systems. At first, a few words about what I mean by saying "active lists".

For example, we have an application A that users use. This application registers in its event log input and user output. Suppose that we need to record which users have completed an input and at this particular point (i.e. are logged in) and correlate this information with other data. For example, we want to know whether the login has completed the application and the user logo to the B. server

In solving this task will help "active lists". At the time of the appearance of a specific event (in our case, this is an event of a user entry in a), a specific field of this event (username) is placed in an active list. Another event (in our case, this is an event output event from Annex a) deletes the field (username) from the active list. In addition, at the time of the definite rule, in our case, the rule is triggered when the user logs on the user b), the username that performs the login in the active list is checked. The whole procedure is shown in the figure below.

Fig.1 - List job

Below, I will describe the implementation of the functional of active lists (hereinafter - lists) in OSSIM / USM using a Python script, three correlation directives and policies and a specially developed plug-in.
In this article, I use the list functionality to track user connections to systems. However, you can put any information on the lists: file names, IP addresses, port numbers and all-all.

1. Progress

On my demonstration stand lists work as follows (Figure 3):

• The user "root" connects to SSH to the server 192.168.2.30;
• The policy "Add to Logged Users List on BCKP" Using the Correlation Directive "User Logon On BCKP" launches the Active_List_Manager.py script as follows:

# ./Active_List_Manager_py Add Logins_List $ UserName

as a result of the script operation, the "logins_list" file is created and the user name passed to the $ username variable is added to it;

• The user (any) is connected by SSH to the server 192.168.10.2;
• The policy "Check Logged Users List On Mail" using the Correlation Directive "User Logon On Mail" launches the Active_List_Manager.PY script as follows:

# ./Active_List_Manager_Py Check Logins_List $ UserName

If the username was found in the logins_list, the script creates a syslog message to the following:

Sep 6 15:40:25 Siem Active_List_log: Match | List: logins_list | Value: root

• The file in which the message falls is read by the "Active_List_Monitor" plug-in "Active_List_Monitor" as a result of which an event of the form appears in the OSSIM / USM graphics interface:

Fig. 2 - Coincidence with a list

You can configure Alert for this type of message;

• The user who focused on 192.168.2.30 (in paragraph 1) closes the session from 192.168.2.30;
• The "Remove User From Logged Users List On BCKP" using the "User Logout BCKP" directive launches the Active_List_Manager.PY script as follows:

# ./Active_List_Manager_py Del Logins_List $ UserName

as a result, the $ UserName script is removed from "logins_list".

Fig. 3 -Laboratory Stand Scheme

1. Required resources

To solve the task, the following objects were created:

• Correlation Directives (Directives):
  • "User Logon On BCKP";
  • "User Logon On Mail";
  • "User Logout from BCKP";
• Politicians:
  • "Add to Logged Users List on Bckp";
  • "Check Logged Users List On Mail";
  • "Remove User From Logged Users List On Bckp";
• Script "Active_List_Manager.py";
• plugin "Active_List_Monitor".

1. Correlation Directives

Created directives are shown in the figure below.
User. logon. oN. Bckp.”:

EVENT TYPE - 5501 (talking about a successful entry event)
I placed the "Backup" object in the "To" field. IP address of this facility - 192.168.2.30.
Thus, this directive is triggered when a successful user login occurs at 192.168.2.30.
The main parameters of the Directive " User. logout. from. Bckp.”:
Data Source - Alienvault Hids-Syslog
EVENT TYPE - 5502 (session closure)
For this directive, I placed the object "Backup" in the "FROM" field.
The directive is triggered when the user closes the session from 192.168.2.30.
The main parameters of the Directive " User. logon. oN. Mail”:
Data Source - Alienvault Hids-Authentication_Success
EVENT TYPE - 5501 (Successful login)
I placed the object "Mail" in the "To" field. His IP address - 192.168.10.2.
This directive is triggered when the user logs on to the server 192.168.10.2.

Fig. four -Correlation Directives

1. Politicians

Politicians are designed to start the "Active_List_Manager.py" script with various parameters at the time of responding to the relevant directive.
When a directive included in the source group (DS Group), used in policies, the action is performed specified in the policy ("Policy Action"). This action runs the script and transmits it to the parameters from the event.
Settings made for each of the three policies include:

• creating a new group of sources (DS Group) based on the relevant directive;
• creating actions executed by policies - "Policy Action".

The "Add to Logged Users List on BCKP" policy uses the "User Logon On BCKP" directive included in the "DS GROUP" group and the ADD User to Active List. This means that if the Directive is triggered (the user has logged in to the BCKP) policy launches the appropriate action - "Add User to Active List".
The "Remove User From Logged Users List On BCKP" policy uses the "User Logout from BCKP" directive included in the "DS Group" and the action "Remove User From Active List". When the directive is triggered, the user closes the BCKP session) performs the "Remove User From Active List".
CHECK Logged Users List On Mail uses the "User Logon On Mail" directive through the DS Group of the same name and the CHECK User In Active List action. When the directive is triggered, the user has logged in to Mail) performs "Check User In Active List".
The policy setup example is shown in the figure below (for the policy "Add to Logged Users List on Bckp"). The remaining policies are configured in a similar way, other DS groups and actions are used in them - "POLICY ACTIONS".

Fig.5 - Policy example

4.1 groupsDS Groups.

To create a group DS (Data Source), go to the "Configuration" menu - "Threat Intelligence" - "Policy" - "Data Source". Click on the "Add New Goup" button in the upper left corner of the window. Enter the name of the group to the appropriate field (in this example it coincides with the name of the Directive). Click the "Add By Event Type" button and enter the keyword (part of the title) directive (I entered the "BCKP"). Click "Search". In the table that appears, check the box next to the desired source and click "Add Selected". After that, click "Update". Read more in the figure below.

Fig.6 -Ds group.

4.2 Actions performed by politicians

To create an action that will be executed by politics Go to the "Configuration" - "Threat Intelligence" - "Policy" - "Actions". Press the "New" button and fill in the fields as shown in the figure below. The figure shows the creation of ADD User to Active List. The remaining actions are created in a similar way using the parameters listed below.
General For All Actions Parameters: For "Add User to Active List", "Remove User From Active List" and "Check User In Active List" use Type - "Execute Action". Name and Command fields have their own unique. In the Comment field you can write anything.
To action "Add user to active list" The value of the Command field - "python /usr/share/ossim/scripts/Active_List_Manager.py Add logins_list username"
The task of this command is the start of the script with the parameters that will add the value of the username field from the event to the Login_List list.
For action "Remove User From Active List" The value of the Command field - "python /usr/share/ossim/scripts/Active_List_Manager.py del Logins_list UserName"
Task - Starting the script with parameters that remove username from the Login_List list.
For action "Check User in Active List" The value of the Command field - "python /usr/share/ossim/scripts/Active_List_Manager.py check Logins_List UserName"
Task - Starting the script with parameters checking the presence of the UserName field value from the event in the Login_List list. In case of success, the script will create a syslog message.

Fig.7 - actions performed by politicians

1. Script "Active_List_Manager.py"

This script is designed to add, delete and check the availability of the username in the list. Of course, it is applicable not only for user names, but also for any data that you can enable in the list (iPaths, file names and hosts, etc.).
The syntax used by the script is as follows:

# Active_List_Manager.py.

You can use it, for example, like this:

Thus, we added "Mario" to the Logins_List list.
If you run the script with the key "Check", then checks the transmitted value to the presence in the list. If the coincidence is found, the script creates a syslog of the Local5 level. The message has the following format:

Timestamp hostname active_list_log: Match | List: list_name | Value: Value

Sep 7 15:57:00 Siem Active_List_log: Match | List: user_list | Value: Alex

The file in which this message falls is read and parse the OSSIM agent plugin described in the next section.
Listing script "Active_List_Manager.py" below:

#! / usr / bin / python import sys import os import syslog listfile \u003d "/ usr / share / ossim / scripts /" + sys.argv if len (sys.argv)<> 4: Print "Quit Due to IncorRect Syntax. \\ Nplease Check Syntax: \\ Nactive_List_Manager.py (Add | Del | Check) "sys.exit () if sys.argv \u003d\u003d" add ": Open (ListFile," A "). Close () File \u003d Open (Listfile," R + ") Lines \u003d file.Readlines () file.seek (0 ) file.truncate () for line in lines: if not line.startswith (sys.argv.split (",")): file.write ((Line)) for key_value in sys.argv.split (",") : file.write ((Key_Value + ")) file.write ((" \\ n ")) file.close () elif sys.argv \u003d\u003d" DEL ": if", "in sys.argv: print" quit due to incorrect Syntax. \\ Nonly One Variable Allowed for Delete Action. \\ Nplease Check Syntax: \\ Nactive_List_Manager.py (Add | Del | Check) "sys.exit () File \u003d Open (Listfile," R + ") Lines \u003d file.Readlines () file.seek (0) for Line in Lines: if not sys.argv in line.split (): file.write ( Line) file.truncate () file.close () elif sys.argv \u003d\u003d "Check": if "," in sys.argv: print "quit due to incorrect Syntax. \\ Nonly One Variable Allowed for Delete Action. \\ Nplease Check Syntax: \\ Nactive_List_Manager.py (Add | Del | Check) "sys.exit () file \u003d open (listfile," r ") lines \u003d file.readlines () file.close () for Line in Lines: if sys.argv in line.split (): Print" Found A Match in : ", Line syslog.openlog (" active_list_log ", 0, syslog.log_local5) syslog.syslog (" Match | List: "+ sys.argv +" | Value: "+ sys.argv)) ELSE: Print" quit Due to incorrect Syntax. \\ Nplease Check Syntax: \\ Nactive_List_Manager.py (Add | del | Check) "sys.exit ()

Script should be placed in USR / Share / Ossim / scripts
You can place it in another folder, but then it will be necessary to edit it slightly. The script can be tested from the console, for example, like this:

# Active_List_Manager.py Add Logins_List Mario

This will create a logins_list file in the script working folder (/ usr / share / ossim / scripts) and add "mario" to this file.

1. Plugin. "Active_List_Monitor"

This plugin reads the log file in which the script message writes. When compliance is found in the list, the script transmits the message RSysLog a demon with the Local5 label. The RSysLog daemon is configured to record all messages with the Local5 label to the file. This article is /Var/Log/Active_List_alerts.log
To configure the configuration described, create a new file (call it Active_List_alerts.conf) in the /etc/rsyslog.d/ folder. File contents:

Local5. * - / var / log / active_list_alerts.log ~

After that restart rsyslog command /etc/init.d/rsyslog Restart
Below is the listing of the file.cfg created by the plugin:
Active_List_Monitor.cfg.

Plugin_id \u003d 9005 Type \u003d Detector Enable \u003d YES Source \u003d log location \u003d / var / log / active_list_alerts.log Create_File \u003d False Process \u003d RsySlogd Start \u003d No Stop \u003d NO startup \u003d / etc / init.d / rsyslog start shutdown \u003d / etc / init.d / rsyslog stop match \u003d 1 event_type \u003d event regexp \u003d (? p \\ w + \\ s + \\ d + \\ s + \\ d + \\: \\ d + \\: \\ d +) \\ s + (? p \\ S +) \\ s + \\ s + \\ s + (? P \\ S +) \\ s + \\ s + \\ :(? P \\ S +) \\ s + \\ s + \\ :(? P \\ S +) date \u003d (Normalize_Date) Device \u003d (RESOLV ($ SENSOR)) plugin_sid \u003d (translate ($ sid)) UserName \u003d ($ UserName) UserData1 \u003d ($ list_name)

File should be placed in / etc / ossim / agent / plugins and name, for example, Active_List_Monitor.cfg. The file extension must be "CFG", it is important!
Below is the listing of the file.sql, which adds information about the new plug in the Ossim database:

# Active_List_Monitor.SQL Delete from Plugin WHERE ID \u003d "9005"; Delete from Plugin_Sid WHERE PLUGIN_ID \u003d "9005"; INSERT IGNORE INTO PLUGIN (ID, TYPE, NAME, DESRIPTION) VALUES (9005, 1, "ACTIVE LIST MONITOR", "MONITORING PLUGIN FOR Active Lists Functonality"); INSERT IGNORE INTO PLUGIN_SID (plugin_id, sid, category_id, class_id, name) VALUES (9005, 1, NULL, NULL, "Active List Match Detected");

It can be created anywhere in the file system, however it is recommended .SQL files are placed in / usr / Share / Doc / Ossim-MySQL / Contrib / Plugins /
Add information about the plugin in the Ossim database with the following command:

# ossim-db< active_list_monitor.sql

And at the end, turn on the plugin through the graphic or Console OSSIM interface. Connecting the SSH to the OSSIM server, go to the "Configure Sensor" - "Configure Data Source Plugins" menu. Mark the new plugin list. Click "OK" - "Back" - "Apply All Changes".

After the server restarts everything should work.

1. Summary

The result of the work done is the following message in the OSSIM interface whenever the user connected by SSH to BCKP performs SSH to Mail.

Fig.8. - Example of notifications

For this event, you can configure the response of Alert and, for example, sending a notification letter or something more cruel. For example, performing forced user disconnection.