Need help building an RSA SecurID / Ace Server query
-
Need help building an RSA SecurID / Ace Server query We are moving our SecurID Ace Server infrastructure from Windows servers onto RSA Appliances. Part of the migration includes removing agents that are no longer in use. However, we have no idea of what agents are no longer in use. None of the pre-built reports are able to give us this information. I emailed RSA and here is what they wrote back: I don't have great news for you, in terms of an easy query. Many of the database tables have fields for dates. For example, the table SDToken has a field dateLastLogin that shows when this token was last used. The Table SDClient has information on the agent hosts, including some date fields, but none of them are related to the last time of use. Unfortunately, this means the only way to get information on the date of use for agents is to go through the logs, which is a little inconvenient to do with SQL queries. If a particular agent host hadn't been used in the checked time period (or ever), it won't show up with this kind of query. One of my colleagues came up with information about a query with the fields that you are looking for. Some of the information you need will be kept in these tables and fields: SDLogEntry.iLogEntryNum unique number for each line in the log SDLogEntry.chClientName the name of the agent host SDLogEntry.chLogin the user who logged in SDLogEntry.iMessageNum which event happened, if it is 1011 from SDLogMessage.iMessageNum, this means passcode accepted, a good basic thing to check for use of an agent SDLogMessage.iIncedentSearchCount the number of records to look back in the log, 1 will probably be fine You can build a query using ARG01 to enter the agent host name It can prompt for an agent host name, and return 'passcode accepted' events for that agent host from the sdlog database. If you have a large number of Agent Hosts, potentially you can also have the query look at SDClient.iClientNum and SDClient.chName to cycle through all of the agent hosts in the database, instead of manually going through them. Unfortunately, I cannot go through these in more detail, as building the queries is a PSO function. One option to the SQL queries is to either dump the logs, or archive them without deleting, and use a third-party tool to look for the last instances of use. If a particular agent host hadn't been used in the checked time period, it won't show up in the logs with this method either. Can anyone help in building a query that will allow me to find out when when the last time an agent was used? Thank you.
-
Answer:
Could you proxy the server through an intermediate NAC, ACS will let you run reports on what is still in use...
twistedmetal at Ask.Metafilter.Com Visit the source
Related Q & A:
- How to present large dataset from a SQL Server query?Best solution by stackoverflow.com
- I need help on what I need to buy or do.Best solution by Yahoo! Answers
- I need help with some horse questions, can you help me.Best solution by Yahoo! Answers
- How might clock synchronization work with RSA SecurID tokens?Best solution by Physics
- Help building my own gaming PC?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.