Jack Coates' Blog

3 Posts tagged with the statistics tag

Thanks to some questions from Jim Hysell, I found a bug in ldms_core yesterday, which has been fixed in 3.6.4. The bug was in the listing of detected vulns and autofix vulns by severity, which are then added together to make the detected and autofix lines in the Vulnerabiltiy Statistics graph. Prior to 3.6.4, the number is only accurate if you haven't created overlapping scopes. Of course, since everything's covered by the default "All machines" scope, that effectively means that all scopes overlap at least little. This caused the vulns on the machines that are in overlap to be counted once per scope that the machine was in, which is probably not what anyone wants.

 

Net result: For some LDSS admins, upgrading to ldms_core 3.6.4 or greater will cause a precipitous drop in the number of detected and autofix vulnerabilities. The new number is more accurate than the older one.

ldssstats-daily.png
So, in figuring that out I also realized that I could delineate between vulns detected, and machines with vulns, which wasn't very clear in the text report. There's a big difference between "you've got six critical vulns in the environment" and "you've got six machines with critical vulns on them"... These values are now clarified:

 

Detected vulnerability counts by severity:
Critical - 68 vulnerabilities found on 8 machines.
High - 45 vulnerabilities found on 7 machines.
Low - 12 vulnerabilities found on 9 machines.
Medium - 48 vulnerabilities found on 10 machines.
N/A - 129 vulnerabilities found on 11 machines.
Service Pack - 10 vulnerabilities found on 3 machines.
Unknown - 11 vulnerabilities found on 9 machines.


Detected vulnerabilities set to autofix by severity:
Critical - 64 vulnerabilities found on 7 machines.
High - 40 vulnerabilities found on 5 machines.
Low - 4 vulnerabilities found on 4 machines.
Medium - 12 vulnerabilities found on 7 machines.
N/A - 47 vulnerabilities found on 7 machines.
Service Pack - 1 vulnerability found on 1 machine.
Unknown - 5 vulnerabilities found on 7 machines.

 

By the way, I've also posted ldms_core to google code, so anyone so inclined can use the source code more easily. I'll do the same for my other projects as time permits.

0 Comments Permalink Tags: ldms_core, statistics, droppedpackets, upgrades, report

ldms_core 3.1.5

Posted by Jack Coates Nov 3, 2008

I've posted a new ldms_core which has a lot of changes (good, bad, and otherwise).

 

  • added ability to report on stale vuln data (greater than 7 days will produce a warning)

  • installation directory changes -- NullSoft Installer System uninstallation routine actually assumes a separate directory per program, and was deleting things that shouldn't be deleted when users would remove a program. To correct this, uninstall all Monkeynoodle programs and delete Program Files\Monkeynoodle before installing ldms_core.

  • detect dual boot systems via serial number

  • fixed &CullIPs again -- I had a function which seemed to do the right thing, but was actually deleting the oldest IP -- the downfall of using a small test set is that the expected result might happen for the wrong reasons.

  • Always check that what's supposed to be an IP is one -- failure to do so was causing spurious calls to DoNMAP and CullIPs

  • LDMS statistics graphing and trending via RRD. This is pretty cool; I'm just generating the graphics and putting them into ldmain\reports\ldms_core for now, but I'll throw together a nice index.html for it in a bit. LDSS stats are not being gathered yet.

  • hourglass cursor when setup is doing things

  • Unmanaged nodes culling (&CullUDD) failed when the discovered node was a WAP; skipping the attempt for now.

 

I'm still trying to decide if I want to spend time on a more formalized test procedure and/or beta period... if anyone has thoughts or would like to volunteer as a tester, please let me know.

 

I'm also having some difficulty with the Right Way(TM) to schedule repeated runs... in the past, I've asked the user to create a Windows scheduled task, but those quit working when the service account password changes. Currently I'm creating a LANDesk scheduled task, but those are finicky and are least likely to work on the cores which most need an automatic maintenance program. I could go to a long-running service, but memory consumption is high and that introduces a whole new set of potential problems. Ideas are welcome.

9 Comments Permalink Tags: ldms_core, health, statistics

ldms_core 3.0.5

Posted by Jack Coates Oct 3, 2008

ldms_core home page

 

The new alert system in version 8.8 can get stacked up on low-performance cores, and it doesn't purge records unless you tell it to. ldms_core will now check that queue and purge records older than X days. There's also an email test button in the setup window, so you can make sure you've got email right.

 

I've also updated the manual.

 

 

1 Comments Permalink Tags: ldms_core, statistics, health, maintenance

Popular Blog Posts

Incoming Links

LANDesk Community powered by Jive Software's Clearspace ® Subscribe| Legal Notices| Investor Relations| Avocent| Privacy Policy © 2009 LANDesk Software