Here's a useful little tool that aggregates the various logfiles that LANDesk produces: http://www.droppedpackets.org/scripts/ldms_log
You'll find core and client programs, no installer necessary.
|
ldms_client 2.4.9 hits the web today. This is a major revision, because it moves the inventory locations of several attributes, and it provides an optional ability to model data for those attributes. The affected inventory items are Battery, NetStat, Mapped Drives, and User Profile Size.
What does that mean? From the manual:
A database schema is the map of the database; it's how programs know where to read and write data from. LANDesk's database has an extremely clever trick available to it, which allows it to extend that map on the fly. If you send it data that it doesn't know how to map, it will figure out what you wanted and make it happen. For instance, if you add "Foo"."Bar" = "Baz" to an inventory scan, it will reason that you must want to assign Baz to a value named Bar, which is under an object named Foo. So it takes the data, puts together a attribute relationship, and stores it all in the UNMODELEDDATA tables.
By default, much of the data that ldms_client provides is unmodeled... after all, if it were modeled that would mean that LDMS was already gathering it, and ldms_client wouldn't need to. If you just need ldms_client temporarily, this is fine. For example, if you're just trying to quickly ascertain license compliance or force Dell WoL into a known state, you probably don't want to make a permanent change to your database.
On the other hand, performance of unmodeled data is potentially very poor, especially as the number of nodes reporting it goes up. That means that if you're using some of ldms_client's features as a permanent part of your inventory, you'll want to model the data.
This is still optional because it's potentially risky, but the benefits are worth pursuing.
Thanks to some questions from Jim Hysell, I found a bug in ldms_core yesterday, which has been fixed in 3.6.4. The bug was in the listing of detected vulns and autofix vulns by severity, which are then added together to make the detected and autofix lines in the Vulnerabiltiy Statistics graph. Prior to 3.6.4, the number is only accurate if you haven't created overlapping scopes. Of course, since everything's covered by the default "All machines" scope, that effectively means that all scopes overlap at least little. This caused the vulns on the machines that are in overlap to be counted once per scope that the machine was in, which is probably not what anyone wants.
Net result: For some LDSS admins, upgrading to ldms_core 3.6.4 or greater will cause a precipitous drop in the number of detected and autofix vulnerabilities. The new number is more accurate than the older one.
So, in figuring that out I also realized that I could delineate between vulns detected, and machines with vulns, which wasn't very clear in the text report. There's a big difference between "you've got six critical vulns in the environment" and "you've got six machines with critical vulns on them"... These values are now clarified:
Detected vulnerability counts by severity:
Critical - 68 vulnerabilities found on 8 machines.
High - 45 vulnerabilities found on 7 machines.
Low - 12 vulnerabilities found on 9 machines.
Medium - 48 vulnerabilities found on 10 machines.
N/A - 129 vulnerabilities found on 11 machines.
Service Pack - 10 vulnerabilities found on 3 machines.
Unknown - 11 vulnerabilities found on 9 machines.
Detected vulnerabilities set to autofix by severity:
Critical - 64 vulnerabilities found on 7 machines.
High - 40 vulnerabilities found on 5 machines.
Low - 4 vulnerabilities found on 4 machines.
Medium - 12 vulnerabilities found on 7 machines.
N/A - 47 vulnerabilities found on 7 machines.
Service Pack - 1 vulnerability found on 1 machine.
Unknown - 5 vulnerabilities found on 7 machines.
By the way, I've also posted ldms_core to google code, so anyone so inclined can use the source code more easily. I'll do the same for my other projects as time permits.
I just posted ldms_core 3.4.7, which integrates some of the feedback and discoveries of the last few weeks... thanks for all the help, folks. Debugging help and feature suggestions from LANDesk admins around the world are making this utility into a very useful tool indeed.
Here's a few notes about where it might (or might not) go next:
- Scheduled Tasks
-
- Check scheduled tasks and policies for RRD stats -- jobs without start times, jobs in success-level buckets, duplicated jobs...
- Delete ghost devices from scheduled tasks (stuck in active because they reported status). If they were from a query they should be deleted from the list, but if they were from a static targeting they should be moved to pending. http://community.landesk.com/support/message/17222#17222
- Import ldms_delete_users, auto-reassign to single user or delete objects, give the user an option to decide what should be done. Alternatively, rewrite ldms_delete_users as a standalone tool...
- NMAP as an XDD client add-on instead of a core-side piece... this implies some command-channel use and data-passing which are non-trivial, but entirely possible. On the plus side, it will also produce a much higher level of accuracy in OS fingerprinting.
-
- Be smart about hysteresis... maybe it could not send another email within a day unless the new email it wants to send is more urgent than the last email that it had to send? Users going from daily runs to hourly runs are having challenges sorting the important emails from the repetitive info.
- Maybe it's email worthy that unmanaged nodes isn't fresh...
- Web pages and reports
-
- In RRD pages, give textual data supporting the graph. That'll probably push it over the edge to needing templated data instead of straight html.
- Support proxy servers (nice to have for update check, will need for geo-location)
- Give links to non-RFC1918 addresses on maps: GeoIP2Location
- Drill-down from topology map with per subnet listings of computers, including inventory and remote control links for them
- Auto-import email from domain controller into ConsoleUser table. If UserName is like Directory and Email is blank, then import from AD. Requires AD credential input in UI.
- Count duplicate serial number records and show a count before the number... e.g. "34 machines with serial number SystemSerialNumb, 2 machines with LYAC12"
- More options, more smarts, more feedback, more efficiency...
- Find why McAfee silently stops it from working properly when it's run as a scheduled task (error 0x9 in Windows scheduled task, immediate "success" as a LANDesk scheduled task, works great when run interactively from the start menu).
Finally got the network map looking like I wanted it. You'll want to delete \\CORE\ldreports\ldms_core\ldms_core.css and replace it with the one from ldms_core 3.3.3 to enjoy this mofessional lookin style. Or don't, if you like that really ugly green on black look. I'd really love to see how some bigger maps get laid out, if someone could post some screenshots that would be great.
There'll be rejoicing in the alleyways tonight! http://www.droppedpackets.org/
If you'd like to see the gory details, read on.
Firstly, I wouldn't feel comfortable telling customers to test thoroughly and carefully if I wasn't personally inclined toward shooting from the hip. Backups were taken, but this upgrade was not really tested meaningfully. That's why it took about 15 hours of work instead of 5.
- Hardware -- It's more fun to compute like it's 1999. Don't go changing!
- OS Upgrade -- smooth and well-played. Moving from the execrable OpenSuSE 10.0 to Xubuntu 8.04 was a good idea.
- Zope/Plone Upgrade -- and this is where the trouble begins. To use the package manager, or to use source? The Ubuntu packages for Zope and Plone are less than perfect; they're old, they're goofily designed, and they're a bit buggy. But, the install from source method is difficult and unpleasant to maintain... so when it didn't work and consumed a bit of troubleshooting time, I went back to the packages. That settled things on Zope 2.3 > Zope 2.9 and Plone 2.1.1 > Plone 2.5.1, and older revisions of some other packages that I wanted upgraded (such as Kupu, which is now at 1.3.9).
- Site Restoration -- You simply restore the Data.fs file and restart, right? Well, it references products which may or may not exist, and it also does a bunch of magic which may or may not work. I must have wiped the machine back to a zope-free state and started over 6 or 7 times. I can tell you from memory that line 81 of the post-install for Ubuntu's plone-site package has a typo, for instance (setuser zope:zope, not setuser zope).
- Site Upgrade -- You simply go to product_migration in the ZMI and click migrate. Except you also need to do that on portal_atct (undocumented), and if you do it without deleting your cookie_authentication object you'll be locked out of the site, and the dry-run option doesn't really dry run, and don't forget to delete your customizations from the old school days because they'll make things break. It wasn't as bad as installing Oracle, but it wasn't fun.
There was more, and there's still more to do, but it'll wait. I'm outta here for the weekend.
I've posted a beta release of ldms_core at http://www.droppedpackets.org/scripts/ldms_core/ldms_core_2-9-5beta.zip which attempts to support email authentication. If you'd like to try it out, please let me know of any errors. 
17 days without a complaint, it must be working. 2.9.5 is published.
| ||||||
