Addition/disabling of log sourcesdevices remotely
Since we would like to automate as much as possible of the process of adding new devices to be monitored, we would like to see the possibility to add new devices remotely.
The reason is that since our environment is changing constantly with (primarly) new Windows servers being added all the time and with a couple of thousand servers it gets cumbersome to ensure that all servers are monitored by being added to the agentless logfetching list. If this would be possible we could script the addition of new devices in our asset management system, so that when a new system gets added to the assetmanagement system, that assetmanagment system also ensures it is added in to envision. It would be great to have the possibility to disable monitoring as well, but I guess that would be hard to implement in a way without introducing the risk of disabling by "evil users".
What also could be handy is a compare function. Say that you have a list of devices that should have agentless windows logfetching enabled, maybe a function where you could load it in and get a list with deviations which have not been added to envision for some reason.
I have not seen this kind of features in the roadmap list yet.
You can certainly automate most of this using the db_import_windows_clients.cmd script included within enVision under e:\nic\<version>\<site>\database\cmd.
What I suggest is this.
Use your existing asset management solution to produce a text file that contains new Windows Servers, with each server being identified within the text file by "domain host(fqdn) ipaddress"
You can probably add a field to your asset management system called "Logging to RSA." That way you can script the identification of new servers by the outputting of those servers that are not labelled as "Logging to RSA," spitting out the contents to that text file, and then automate the labelling of the new assets as "Logging to RSA"
This text file can then either be uploaded to a FTP directory on enVision, or transferred via CIFS, or SFTP, whatever means you want.
Then you can create a batch to add the contents of the text file to enVision by using the db_import_windows_clients.cmd. Your batch file would read something like:
Then you can schedule this batch file to run on a daily basis on enVision.
You could also follow a similar methodology for removing servers, but you would have to execute a script directly against the NIC DB.
Does this help?