[prev in list] [next in list] [prev in thread] [next in thread]
List: dragonidsuser
Subject: RE: [Dragonidsuser] Direct Database Access??
From: "Dean.J.Pompilio () usdoj ! gov" <Dean ! J ! Pompilio () usdoj ! gov>
Date: 2004-01-06 21:51:49
Message-ID: "JMD0120-040106215127Z-6681*/PRMD=USDOJ-JCON/ADMD= /C=US/" () MHS
[Download RAW message or body]
Okay, I followed the RTC instructions below which gets me closer to my goal... I \
still need a way to compute the aggregate number of ATTACKS and PROBE events over the \
given date range. I'm thinking that a Python script (or similar) could be used to \
automate the instructions for the RTC.
Are there any decent docs for using the RTC? How can I add these numbers easily??
-----Original Message-----
From: dragonidsuser-admin@enterasys.com
[mailto:dragonidsuser-admin@enterasys.com]On Behalf Of
Carl.Rodio@fms.treas.gov
Sent: Tuesday, January 06, 2004 4:22 PM
To: dragonidsuser@enterasys.com
Subject: RE: [Dragonidsuser] Direct Database Access??
Importance: Low
Yup. You can also get the totals from entering that info as a "Custom
Query" in the Realtime console. I did my reports this way before, but got
tired of doing it manually every month.
Carl
\
brianp@trustwave.com \
Sent by: To: \
<dragonidsuser@enterasys.com> \
dragonidsuser-admin@en cc: \
terasys.com Subject: RE: [Dragonidsuser] \
Direct Database Access??
\
\
01/06/2004 03:52 PM \
Please respond to \
dragonidsuser \
\
\
If you use the real time console you can get the data pretty easiely with
the following commands ran on the EFP. The dates on the dates command here
would be modified to reflect the month you are making the query for.
telnet 127.0.0.1 8000
rts> dates 03Dec01 03Dec31<?xml:namespace prefix = o ns
= "urn:schemas-microsoft-com:office:office" />
START TIME: 03Dec01 00:00
STOP TIME : 03Dec31 23:59
rts> filter
Matches: 3480
rts> sum_group
-----Original Message-----
From: dragonidsuser-admin@enterasys.com
[mailto:dragonidsuser-admin@enterasys.com]On Behalf Of Jean Hernandez
Sent: Thursday, January 29, 2004 12:58 PM
To: dragonidsuser@enterasys.com
Subject: Re: [Dragonidsuser] Direct Database Access??
Carl, can you please send me a copy of your script too?
it would be much appreciated,
It's really too back Enterasy's default reporting is pretty much
non-existent!!
thanks,
Jean
Carl.Rodio@fms.treas.gov
Sent by: To:
dragonidsuser-admin@enterasys dragonidsuser@enterasys.com
.com cc:
Subject: Re:
[Dragonidsuser] Direct Database Access??
01/06/2004 12:40 PM
Please respond to
dragonidsuser
We have similar reporting requirements and I wrote a Perl script to
do
exactly what you're asking about. The script uses SQL queries to
pull this
info directly out of the MySQL database, rather then parsing the
daily flat
files. I can enter any range of dates and get the totals for that
time
period. Once you figure out the Dragon's MySQL database schema, it's
not
too bad to get such a script working. If you'd like, email me, and I
can
send you the script. Just a warning, I'm not a great programmer, so
the
code may appear "strange". I also make no promises it will work in
your
environment. It's about 275 lines of code, so if anyone else wants
to see
it, I could post it here??
Carl
"Dean.J.Pompilio@usdoj
.gov" <Dean.J.Pompilio To:
"'dragonidsuser@enterasys.com'" <dragonidsuser@enterasys.com>
(Receipt
Sent by: Notification
Requested) (IPM Return Requested)
dragonidsuser-admin@en cc:
terasys.com Subject:
[Dragonidsuser] Direct Database Access??
01/06/2004 12:57 PM
Please respond to
dragonidsuser
Hello,
I have been tasked with creating a monthly report that provides an
aggregate count of all ATTACKS and PROBE events. I run my Perl
script on
our Dragon 6.1.1 server and it provides the totals as expected. I
could
not figure out a way to get this information using the GUI, so I
parse out
these events from each daily file of a given month instead.
I was thinking that it would be far easier if the 'sum_event' command
worked on a range of dates in addition to timespans... Since that is
not
currently doable, is there any documentation for connecting directly
to the
MySQL database? This way, I could just write a script to run SQL
queries
to get exactly what I want.
Ideas? Suggestions??
Thanks!!
~dean
_______________________________________________
Dragonidsuser mailing list
For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message
to:
Dragonidsuser-request@enterasys.com
with the word `help' in the subject or body (don't include the
quotes), and
you will get back a message with instructions.
You must know your password to change your options (including
changing the
password, itself) or to unsubscribe.
If you forget your password, don't worry, you will receive a monthly
reminder telling you what all your enterasys.com mailing list
passwords
are, and how to unsubscribe or change your options.
_______________________________________________
Dragonidsuser mailing list
For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message
to:
Dragonidsuser-request@enterasys.com
with the word `help' in the subject or body (don't include the
quotes), and you will get back a message with instructions.
You must know your password to change your options (including
changing the password, itself) or to unsubscribe.
If you forget your password, don't worry, you will receive a monthly
reminder telling you what all your enterasys.com mailing list
passwords are, and how to unsubscribe or change your options.
_______________________________________________
Dragonidsuser mailing list
For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:
Dragonidsuser-request@enterasys.com
with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.
You must know your password to change your options (including changing the password, \
itself) or to unsubscribe. If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options. \
_______________________________________________ Dragonidsuser mailing list
For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:
Dragonidsuser-request@enterasys.com
with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.
You must know your password to change your options (including changing the password, \
itself) or to unsubscribe. If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic