Is anybody have an updated and working nicsftpagent.sh script for SAP (Based on Unix) integration with RSA SA then please upload here, the script which i got form Knowledgebase in not working showing an error when i run that script in unix.
Is anybody have an updated and working nicsftpagent.sh script for SAP (Based on Unix) integration with RSA SA then please upload here, the script which i got form Knowledgebase in not working showing an error when i run that script in unix.
which version is yours? I just downloaded which is - Automated FTP/SCP/SFTP Script v2.7.12.
Did you configure the required parameters?
there are two locations in the script which contains the errors:
Can you check whether the NIC folder exists or Data Dir?
### Test that NIC directory exists
if [ ! -d "$NIC_DIRECTORY" ]
then
echo "$NIC_DIRECTORY cannot be found."
exit 1
fi
PWD=`pwd`
### Test that each of the data directories exists
for d in `echo "$DATA_DIRECTORY" | awk '{split($0, a, ":"); for (i in a) print a[i]; }'`
do
if [ ! -d $d ]
then
echo "$d cannot be found."
exit 1
elif [ -d "$NIC_DIRECTORY$d" ]
then
# Clear out old tracking files
Hi patriot,
can you tell me which line i have to delete or if you have any updated script then please upload here.
i don't think you need to delete any line. we're using the same file.
can you run this:
sh -x
it will output all the details.
i got the same output even with your script.
apecchrt:/usr/local/nic # ./nicsftpagent.sh
cannot be found.
apecchrt:/usr/local/nic # sh -x nicsftpagent.sh
+ PATH=/usr/xpg6/bin:/usr/xpg4/bin:/usr/css/bin:/sbin:/usr/sbin:/usr/local/sbin: /root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/u sr/lib/mit/bin:/usr/lib/mit/sbin
+ ENVISION=10.10.30.187
+ DATA_DIRECTORY=/usr/sap/ECH/DVEBMGS00/log
+ ENVISION_DIRECTORY=SAP_44
+ NIC_DIRECTORY=/usr/local/nic
+ TRANSFER_METHOD=FTP
+ USERNAME=anonymous
+ PASSWORD=default
+ IDENTITY=/root/.ssh/id_rsa
+ FILESPEC='rsa_sap_audit*'
+ UPLOAD_SPEC=tmp
+ FLAG_REMOVE_FILE_AFTER_SEND=no
+ NUMBER_OF_OUTPUT_LINE_ON_SFTP_SUCCESS=6
+ NUMBER_OF_OUTPUT_LINE_ON_FTP_SUCCESS=3
+ NIC_CONFIG=nicsftpagent.conf
+ SCRIPT_NAME=nicsftpagent.sh
+ KILL_RUNNING_AFTER=300
+ USETAIL=0
+ USEHEAD=0
+ '[' -f /usr/local/nic/nicsftpagent.conf ']'
+ . /usr/local/nic/nicsftpagent.conf
++ SILENT=$'true\r'
++ ENVISION=$'10.10.30.187\r'
++ ENVISION_DIRECTORY=$'SAP_10.10.28.44\r'
++ DATA_DIRECTORY=$'/usr/sap/ECH/DVEBMGS00/log\r'
++ NIC_DIRECTORY=$'/usr/local/nic\r'
'+ FILESPEC='rsa_sap_audit*
++ TRANSFER_METHOD=$'SFTP\r'
++ USERNAME=$'nic_sshd\r'
++ NUMBER_OF_OUTPUT_LINE_ON_FTP_SUCCESS=$'3\r'
+ '[' $'xtrue\r' = x ']'
+ '[' -f $'/usr/local/nic\r/running10.10.30.187\r' ']'
++ date +%Y%m%d%H%M%S
+ TIMENAME=20131226144923
+ '[' $'xtrue\r' = x ']'
+ '[' '!' -d $'/usr/local/nic\r' ']'
cannot be found.'/nic
cannot be found.
+ exit 1
apecchrt:/usr/local/nic #
according to nic _sftp _shell _script guide we have to do for adding SA collector as known host:
On the UNIX system, follow these steps to add the RSA enVision appliance to the
list of known hosts:
a. Verify that you are logged on to the RSA enVision console as root.
b. To add the RSA enVision appliance to the list of known hosts, run the following
command:
sftp -o IdentityFile=~/.ssh/id_rsa nic_sshd@
1.2.3.4
where 1.2.3.4 is the IP address of the enVision appliance that will be collecting
the data.
c. When prompted to continue, type yes.
but i am not getting to enter right password have a look on attached screen shot, i have already added the unix nic sshd public key in log collectoer
i nvr done this before, just some advise, are you able to login to envision server with id: nic_sshd?
you can try locally: ssh nic_sshd@localhost, maybe the the password is wrong, or its not allowed to login as ssh.
i got it and script output is that it processing but then too there is not data in SA directory, please have a look on attached text file.
i have tried to run three or might be four time with support person because before this it was not showing like process audit_?
and we were not able to found anything in local directory or decoder directory?
To send log files from a server to SA Log Decoder, we had to do a lot of things! We have to use "sftp" user and we needed to change sshd_config file and change the owner of in /var/netwitness/logcollector/upload directory. We integrated a Microsoft IIS Server and BlueCoat Reportes. The first device type is working ok..but the other not. I'll appreciate if you can share your experience with NIC SFTP Agent.
Hi Patriot,
if we used IPDB to extract the report by using SA , then do we need Z connector to install on envision server or in case when we want send logs from enVision to Decoder then only we need to install z connector?
is there any document available for Z connector?
for z connector, it's used for sending logs which collected by envision. You no need to install and configure zconnector if you only do IPDB reports.
you can search SCOL for the z connector but it's old version. or open a support case with support for the latest version.
https://knowledge.rsasecurity.com/scolcms/knowledge.aspx#a61808
Hi Patriot,
I got an serious problem that’s related to envision I just restart the server and got that NIC web server service is down then I try to restart it but got an error message see that I am attaching with this mail. Then I just see the webserver log and found that it showing error :44 lockbox file not found, I am also sending you log. and i also try to restart the nic server manager.
i know whats the problem as i simulated the issue with your config file.
The conf file contains the special char "CR", please remove all of them.
You can use notepad++, search for '\r' the replace with ''