Geneos ["Geneos"]
["Geneos > Netprobe"]["Technical Reference"]

Netprobe whitelist

Overview

Netprobe has whitelist settings available for both plugins and commands.

Plugin whitelist

The plugIn whitelist is a list of plugin names that determines if a plugin can be used for Netprobe sampling. If a plugin is not in the whitelist, then the sampler associated with it cannot perform sampling during runtime.

The whitelist is defined in the Netprobe setup file.

Note: If no setup file is specified, or if the whitelist does not contain any valid plugin names, then all plugins are allowed by default.

When defined, plugin names should be the same as those listed under Plugin in the Gateway Setup Editor for them to be recognised.

Below is a screenshot of a disabled sampler:

../_images/image1_netprobe_user_guide.png

Command whitelist

The command whitelist is a list of shell commands that can be used for Netprobe sampling. If a shell command is not in the whitelist, then an error will be shown in the dataview.

The whitelist is defined in the Netprobe setup file.

Note: If no setup file is specified, or if the whitelist does not contain any valid shell commands, then all shell commands are allowed by default.

Valid commands are as follows:

  • Configurable plugin shell commands that are invoked by the plugins themselves.

  • User commands specified in the Gateway Setup Editor that are manually invoked in the Active Console.

The command whitelist makes use of regular expressions, which follows the Perl-Compatible Regular Expressions (PCRE) syntax, to specify the allowed commands. When matching for exact strings, always terminate your regular expressions.

Below are screenshots of error messages:

../_images/image2_netprobe_user_guide.png ../_images/image3_netprobe_user_guide.png

Applicable plugins and features

Below is the list of plugins and features with user-configurable shell commands that can be used in the command whitelist:

Caution: In Toolkit plugin, you can use the Advanced settings to write the script to the server. Unless the Toolkit Advanced tab is secured by a Gateway hook validation, it is possible to work around the restriction set in the command whitelist.

  • cpu
  • toolkit
  • network
  • processes
  • gl-orderbook
  • fidessa
  • flm
  • gl-lostorders
  • informix
  • ipc
  • market-data-monitor
  • net-ping
  • tcp-links
  • unix-users
  • veritas-cluster-server

Configuration settings

Plugin whitelist settings

pluginWhiteList

Contains the list of plugin names to be enabled.

Mandatory: No

pluginWhiteList > data

Specifies a plugin name to be enabled.

Mandatory: No

Command Whitelist Settings

commandWhiteList

Contains the list of shell commands to be enabled.

Mandatory: No

commandWhiteList > data

Specifies a shell command to be enabled.

Mandatory: No

Example configuration

Plugin Whitelist

This example shows that the CPU and TOP plugins are enabled.

<netprobe>
        <pluginWhiteList>
                <data>cpu</data>
                <data>top</data>
        </pluginWhiteList>
</netprobe>

Command Whitelist

This example shows that the commands echo test and cat <anything>are enabled.

<netprobe>
        <commandWhiteList>
                <data>echo test\b</data>
                <data>^cat.*</data>
        </commandWhiteList>
</netprobe>