|
ldms_core 3.0.1
Posted by Jack Coates on Sep 29, 2008 9:20:50 PM
Sep 30, 2008 7:20 PM
Jack Coates
says
in response to Dicipulus:
Jack Coates
says
in response to Dicipulus:
I screwed up 3.0.1. Try 3.0.2, it's uploading now.
Oct 1, 2008 6:31 AM
Dicipulus
says
in response to Jack Coates:
Dicipulus
says
in response to Jack Coates:
I am the type of man that knows my limitations. I "Know enough to know I don't know” and that has gotten me pretty far in life.
A programmer I am not. But, customizing code to meet my needs is something I can do for sure. That being said, I have some questions that perhaps you can answer for me.
My unmanaged device discovery sometimes gets populated with IP’s from my DHCP range, or some of my managed machines have an IP from that range. These sometimes are laptops that go out into the field and might not connect right away via our VPN, so the IP in the database in say 192.168.1.XX. My clients are configured to do a scan when IP changes, but if they aren’t in my network they can not update.
That being said, along comes Richard Hertz with his laptop. DHCP lease has expired for 192.168.1.XX and so it given to Richard. He isn’t a managed device of mine, but he doesn’t show up in an unmanaged scan (and therefore nMap doesn’t scan him either) and he goes unnoticed (if it weren’t for my Cron jobs that run on my debian box sniffing and scanning my network)
My assumptions are that the IP in the database excludes Richard Hertz’s machine (according to tests I run) so I assume that I need to not only rely on IP but perhaps NetBIOS or DNS to double check.
Oct 1, 2008 8:36 AM
Jack Coates
says
in response to Dicipulus:
Jack Coates
says
in response to Dicipulus:
I'm the type of guy who keeps getting hit with sticks by knights on ostriches 
If you're using XDD, try an alert on unmanaged device discovery... that should let you know about Richard the Unmanaged within 5-10 minutes. If you're using UDD only, there's no way. Still, that Debian box is the Right Way(TM) to deal with the security threat aspect, unless you're willing to go NAC.
As for the managed clients who can't tell you about their location when they're off-net, that's one of the things a Management Gateway is good for (and why geolocation mapping is on my todo list for ldms_core).
| ||||||
It has worked great for me till today. Just upgraded. Going to try and trouble shoot it now, but thought you might be able to tell me quicker.
ldms_core.exe 3.1 starting, scheduling priority set to low.
WARNING: select DISTINCT top ? IPADDRESS, LASTSCANTIME from UNMANAGEDNODES where XDDEXCEPTION='0' and IPADDRESS is not NULL and OSNAME is null or OSNAME='' or OSNAME='UNKNOWN' or OSNAME='UNIX' order by LASTSCANTIME desc caused Microsoft[ODBC SQL Server Driver][SQL Server]Incorrect syntax near '@P1'. (SQL-42000) Microsoft[ODBC SQL Server Driver][SQL Server]Statement(s) could not be prepared. (SQL-42000)(DBD: st_execute/SQLExecute err=-1)
thanks
On second look, I am not even sure nMap is running. It seems too quick and I don't see nMap in Process Manager. I'm not sure if it has worked before now that I look at it. How would I know? I see a cmd window come up and down, as if I were typing in the command in Run, however it seems to just flash. Guess I should have run it and watched closer. Everything else seems to work ok though......I think