This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-08-12 04:16 AM

Addition/disabling of log sourcesdevices remotely

Hi,

Since we would like to automate as much as possible of the process of adding new devices to be monitored, we would like to see the possibility to add new devices remotely.

 

The reason is that since our environment is changing constantly with (primarly) new Windows servers being added all the time and with a couple of thousand servers it gets cumbersome to ensure that all servers are monitored by being added to the agentless logfetching list. If this would be possible we could script the addition of new devices in our asset management system, so that when a new system gets added to the assetmanagement system, that assetmanagment system also ensures it is added in to envision. It would be great to have the possibility to disable monitoring as well, but I guess that would be hard to implement in a way without introducing the risk of disabling by "evil users".

 

What also could be handy is a compare function. Say that you have a list of devices that should have agentless windows logfetching enabled, maybe a function where you could load it in and get a list with deviations which have not been added to envision for some reason.

 

I have not seen this kind of features in the roadmap list yet.

 

Message Edited by pwaattov on08-12-200810:30 AM
0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2008-08-12 07:13 AM

Hi:

You can certainly automate most of this using the db_import_windows_clients.cmd script included within enVision under e:\nic\<version>\<site>\database\cmd.

What I suggest is this.

Use your existing asset management solution to produce a text file that contains new Windows Servers, with each server being identified within the text file by "domain     host(fqdn)      ipaddress"

You can probably add a field to your asset management system called "Logging to RSA." That way you can script the identification of new servers by the outputting of those servers that are not labelled as "Logging to RSA," spitting out the contents to that text file, and then automate the labelling of the new assets as "Logging to RSA"

This text file can then either be uploaded to a FTP directory on enVision, or transferred via CIFS, or SFTP, whatever means you want.

Then you can create a batch to add the contents of the text file to enVision by using the db_import_windows_clients.cmd. Your batch file would read something like:
db_import_windows_clients.cmd e:\nic\<version>\<site>\ftp_files\new_windows_servers.txt

Then you can schedule this batch file to run on a daily basis on enVision.

You could also follow a similar methodology for removing servers, but you would have to execute a script directly against the NIC DB.

Does this help?

Regards;
Mark Nadir
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.