Point taken - loud and clear!!! :-)
SNMP it is. We will, in all probability, do this via SNMPv3 with
auth&privacy turned on. More details after 3.6.
Regards,
-Rajesh.
P.S. Thanks to everyone for your feedback.
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Simon Kissler
Sent: Saturday, October 15, 2005 11:38 PM
To: [log in to unmask]
Subject: Re: CCA Metrics and Reporting (was Re: WGA validation
incomplete)
I think one of the keys here is that we are all used to dealing with
network equipment that works w/ SNMP. All the tools we're using are
based upon it. At least I don't really have any good tools readily
available to interface with the http API. It's fundamentally a neat idea
and far more flexible in a way, but the tools I have don't work for it
since they are geared towards working with routers/switches/etc.
-S
On Sat, 15 Oct 2005, Rajesh Nair (rajnair) wrote:
> Return-Path: <[log in to unmask]>
> Received: from localhost by genesis with LMTP for
<[log in to unmask]>;
> Sun, 16 Oct 2005 01:29:29 -0500
> Received: from smtp01.valpo.edu (smtp01.valpo.edu [152.228.33.51])
> by genesis.valpo.edu (Switch-3.1.7/Switch-3.1.0) with ESMTP id
> j9G6TTG0010890
> for <[log in to unmask]>; Sun, 16 Oct 2005 01:29:29 -0500 (CDT)
> Received: from localhost (localhost [127.0.0.1])
> by smtp01.valpo.edu (8.12.11/8.12.9) with ESMTP id
j9G6TTWR004763
> for <[log in to unmask]>; Sun, 16 Oct 2005 01:29:29 -0500 (CDT)
> Received: from smtp01.valpo.edu ([127.0.0.1]) by localhost (smtp01
> [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01932-15 for
> <[log in to unmask]>; Sun, 16 Oct 2005 01:29:26 -0500 (CDT)
> Received: from listserv.muohio.edu (listserv.muohio.edu [134.53.7.26])
> by smtp01.valpo.edu (8.12.11/8.12.9) with ESMTP id
j9G6TQkf004757
> for <[log in to unmask]>; Sun, 16 Oct 2005 01:29:26 -0500
(CDT)
> Received: from nasw2k01 (listserv.muohio.edu) by listserv.muohio.edu
> (LSMTP for Windows NT v1.1b) with SMTP id
> <[log in to unmask]>; 16 Oct 2005 2:29:26 -0400
> Received: by LISTSERV.MUOHIO.EDU (LISTSERV-TCP/IP release 14.3) with
> spool id
> 40822130 for [log in to unmask]; Sun, 16 Oct 2005
02:28:02
> -0400
> Received: from mulnx11.mcs.muohio.edu by listserv.muohio.edu (LSMTP
for
> Windows
> NT v1.1b) with SMTP id <[log in to unmask]>; 16
Oct
> 2005
> 2:28:02 -0400
> Received: from mulnx24.mcs.muohio.edu (mulnx24.mcs.muohio.edu
> [134.53.6.11]) by
> mulnx11.mcs.muohio.edu (Switch-3.1.6/Switch-3.1.6) with
ESMTP id
> j9G6S0P7022702 for <[log in to unmask]>; Sun, 16
Oct 2005
> 02:28:00 -0400
> Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com
> [171.71.176.72])
> by mulnx24.mcs.muohio.edu (Switch-3.1.6/Switch-3.1.6) with
> ESMTP id
> j9G6S0lg032467 for <[log in to unmask]>; Sun, 16
Oct 2005
> 02:28:00 -0400
> Received: from sj-core-2.cisco.com ([171.71.177.254]) by
> sj-iport-3.cisco.com
> with ESMTP; 15 Oct 2005 23:28:00 -0700
> X-IronPort-AV: i="3.97,218,1125903600"; d="scan'208";
> a="352672226:sNHT34903888"
> Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com
> [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6)
with
> ESMTP
> id j9G6RvJh017287 for <[log in to unmask]>; Sat,
> 15 Oct 2005
> 23:27:58 -0700 (PDT)
> Received: from xmb-sjc-22d.amer.cisco.com ([128.107.191.68]) by
> xbh-sjc-221.amer.cisco.com with Microsoft
> SMTPSVC(6.0.3790.211); Sat,
> 15 Oct 2005 23:27:57 -0700
> X-mimeole: Produced By Microsoft Exchange V6.5.7226.0
> Content-class: urn:content-classes:message
> MIME-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: CCA Metrics and Reporting (was Re: WGA validation
> incomplete)
> Thread-Index: AcXRnVU/gX/arPBTTyebY+VcZgZ79gAfVNgQ
> X-OriginalArrivalTime: 16 Oct 2005 06:27:57.0423 (UTC)
> FILETIME=[BF875FF0:01C5D21A]
> X-Real-ConnectIP: 171.71.176.72
> Message-ID:
>
> <[log in to unmask]>
> Date: Sat, 15 Oct 2005 23:27:56 -0700
> Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> Sender: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> From: "Rajesh Nair (rajnair)" <[log in to unmask]>
> Subject: Re: CCA Metrics and Reporting (was Re: WGA validation
> incomplete)
> To: [log in to unmask]
> Precedence: list
> X-Virus-Scanned: by amavisd-new at valpo.edu
>
> That was our reasoning in providing the API. But, sounds like the
> HTTPS-based API requires too much scripting and folks would prefer
SNMP.
>
> -Rajesh.
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Cal Frye
> Sent: Saturday, October 15, 2005 8:28 AM
> To: [log in to unmask]
> Subject: Re: CCA Metrics and Reporting (was Re: WGA validation
> incomplete)
>
> Yeah, most often I'm after historical data. SYSLOG!?!? There are too
> many required interfaces for this system, that's my point. From
> syslog, I can't revoke his registration, adjust his bandwidth, or
> switch roles (such as place a miscreant into my copyright violator
> role, given his IP address initially).
>
> --Cal Frye, Network Administrator, Oberlin College
> www.ouuf.org, www.calfrye.com
> Say Yes Twice for Oberlin Schools! www.oberlinyesyes.com
>
> "There are only two lasting bequests we can hope to give our
children.
> One is roots; the other, wings." -- Hodding Carter.
>
>
> Rajesh Nair (rajnair) wrote:
> > Cal,
> >
> > User id, IP and MAC for online users is all in the online user list.
> > This info is available through API as well and the Online user page
> > is
>
> > searchable as well. Are you refering to historic searchability?
i.e.
> > users who might have logged in and out in the past? If so, syslog
> > might be a better place to do this search.
> >
> > Yes, I am aware that the scan/agent reports should also be available
> > from one place... That we can try to do sooner than the full
> reporting.
> >
> > -Rajesh.
> >
> >
> >
> > -----Original Message-----
> > From: Perfigo SecureSmart and CleanMachines Discussion List
> > [mailto:[log in to unmask]] On Behalf Of Cal Frye
> > Sent: Friday, October 14, 2005 11:17 AM
> > To: [log in to unmask]
> > Subject: Re: CCA Metrics and Reporting (was Re: WGA validation
> > incomplete)
> >
> > I would like one place to go to to search for a user, knowing any
> > ONE of the
> > following:
> > userid, IP address, MAC address
> > and returning all information on the user the system knows,
> > including scan reports and log entries.
> >
> > It's all in there, sure, but the number of times I begin a search in
> > the DHCP records to find the corresponding MAC address is way too
> many.
> >
> > --Cal Frye, Network Administrator, Oberlin College
> > www.ouuf.org, www.calfrye.com
> > Say Yes Twice for Oberlin Schools! www.oberlinyesyes.com
> >
> > "The hottest places in hell are reserved for those who, in times
> > of great moral crisis, maintain their neutrality." -- Dante.
> >
>
------------------------------------------------------------------------
-------
Simon Kissler [log in to unmask]
UNIX Systems Administrator Phone: (219) 464 6773
Electronic Information Services Fax : (219) 464 5381
Valparaiso University
Kretzmann Hall B22
Valparaiso, IN 46383
------------------------------------------------------------------------
-------
"What we call the beginning is often the end.
And to make an end is to make a beginning.
The end is where we start from."
-T. S. Eliot, "Four Quartets"
------------------------------------------------------------------------
-------
|
