Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Info

Image Removed

...

This is a simple objective that scans the user and group details retrieved from various Snare Agents as part of the "Retrieve Data" objectives within "Snare Agents". It can display users/groups pulled directly from Snare agents, or from Active Directory/LDAP (if enabled).

User and group information is used to enhance reporting, when available - for example, SID to UserName translation, or username to full name enhancement.

Info

Image Removed

...

Table of Contents


Remote Management

This section provides the ability to audit and manage the configuration of the Snare Agents within your environment.  By default it contains a single 'Manage Agents' objective, but this objective can be cloned, renamed, and deleted to support as many different combinations of agent configurations as required. The "..." button to the right of the objective will allow you to clone and otherwise manage the objective, using a system very similar to that provided for reporting objectives.

AMC (Agent Management Console) is a tool within the Snare Server that enables remote management of Snare Agents through the Snare Central interface.

Note

Starting from Snare Central v8.6.0 AMC is superseded by Snare Agent Manager (SAM) that introduces a new configuration management capability for Snare Agents v5.8.0 and newer. 
Instead of pushing configuration to agents, SAM allows agents to pull configuration, thus eliminating the need to have an open web port on agent end points.
For details, refer to SAM User Guide > Agents > Agents Policies Management

It is recommended to manage Snare Agents v5.8.0 or newer in Snare Agent Manager (SAM), as AMC will be deprecated in the future.

For Migration instructions, please refer to SAM User Guide > Appendix A - AMC to SAM Migration Guide for Remote Agents Configuration Management


The AMC enables administrators to set up automatic audits of the configuration of Agents within their fleet. The administrators specify a Master Configuration, which represents the required configuration of the fleet Agents. This Master Configuration is then compared to the actual configuration of each of the Agents within their network based on the filters in the AMC objective. Any discrepancies that are found are listed, and alerts sent out as required. Any Agents that were uncontactable during the process are also identified in the relevant tab. The results of these configuration audits provide information to the administrators that can be used to identify if the configurations of any Agents have been unexpectedly modified vs the approved master configuration. 

...

Note
No other objectives within the Agent Management, Status or System menu can be cloned - this ability is available for AMC-related objectives only.


User and Group Query

This is a simple objective that scans the user and group details retrieved from various Snare Agents as part of the "Retrieve Data" objectives within "Snare Agents". It can display users/groups pulled directly from Snare agents, or from Active Directory/LDAP (if enabled).

User and group information is used to enhance reporting, when available - for example, SID to UserName translation, or username to full name enhancement.

Info

Image Added



Utilise the search functions to scan for particular users or groups of interest. The search function provides a very basic query builder. Results are returned in tabular form.

Info

Image Added

Retrieve System Data Using Agents

AIX Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for AIX Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

...

In order to run this objective successfully, you should have at least one 'Snare for AIX' agent installed on a server that has full YP visibility, with 'remote control' activated, and a password set that matches either the 'override' password explicitly configured for this objective, or the password set under the 'Configuration Wizard'. In addition, the system in question should be reachable by the Snare Server from a network perspective (eg: firewalls between the Snare Server and the YP master should allow TCP connections from the Snare Server to the remote system on TCP port 6161).

Cognos Users and Groups

Retrieve users and groups by connecting to a Cognos-specific LDAP server that has been configured to allow the Snare Server IP address to download Cognos user and group information.

User and group information will be used by Cognos objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

Irix Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Irix Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

User and group information will be used by Irix objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

LDAP Users and Groups

Retrieve users and groups by connecting to a generic LDAP server that has been configured to allow the Snare Server IP address to scan for user and group information.

Linux Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Linux Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

User and group information will be used by Linux objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

OS400 Users and Groups

Search for files generated with the AS/400 DSPUSRPRF tool, that have been transferred to the /data/SnareCollect/OS400Users directory on the Snare Server, and retrieve user account information, and related user flags from the file.

Retrieve Notes Data for Yesterday

Lotus Notes Event Logs: Since no agent currently exists for Lotus Notes, this objective attempts to connect to a target Domino server, and download the log.nsf (MiscEvents, MailRoutingEvents, ReplicationEvents and NNTPEvents), catalog.nsf, and names.nsf databases, and insert the resulting data into appropriate data stores on the Snare Server.

...

  1. Choose the Web Site document you want to edit and click Edit Document.
  2. Click the Domino Web Engine tab. Under "Conversion/Display", the default settings are: Default lines per view page: 30 Maximum lines per view page: 1000. These values should be configured as follows:
    1. Default lines per view page: 250
    2. Maximum lines per view page: 0


Tip
The objective will attempt to download event log data tagged with a date/time of "yesterday's" date, by Lotus Notes. It is recommended that this objective be configured to run once per day.

User and group information will be used by user/group snapshot objectives.

Solaris Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Solaris Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

...

In order to run this objective successfully, you should have at least one 'Snare for Solaris' agent installed on a server that has full NIS visibility, with 'remote control' activated.

Windows Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Windows Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

...