[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    Re: [Sidewinder] Tracking ACL changes in Sidewinder
From:       sidewinder-admin () adeptech ! com
Date:       2004-04-07 14:46:33
Message-ID: 200404071820.i37IK2504563 () aag ! adeptech ! com
[Download RAW message or body]

Not really sure how sophisticated you would like the automation to be but
something as crude as:

cat << __EOF__ > awk_acl_prog
function cat(beg, end,   i, str) {
  str = ""
  for(i = beg; i < end; i++)
      if (str)
          str = str " " $i
      else
          str = $i
  print str
}

BEGIN { RS = "\n\n"; FS = "[ \n]" }
/policy>acl/ {
  cat(1, 8)
  cat(30, 32)
  cat(34, NF + 1)
  print ""
}
__EOF__
showaudit -kC | awk -f awk_acl_prog

Will get you a listing of the date and time, the user and the acl changes
that were made on the box sperated by a blank line.  Modify to suit your
needs.

As to the second issue, unless I misunderstand, you should just be able to
run the monitor on the Enterprise Manager.  This should show you all the
acl changes that are being made for all firewalls being managed.

Andy

On Mon, 5 Apr 2004 sidewinder-admin@adeptech.com wrote:

> Date: Mon, 5 Apr 2004 21:54:45 -0500
> From: sidewinder-admin@adeptech.com
> Reply-To: sidewinder@adeptech.com
> To: sidewinder@adeptech.com
> Subject: [Sidewinder] Tracking ACL changes in Sidewinder
>
>
>
>
>
> Does anyone know of a good way to track ACL changes on the Sidewinder?  I
> need to know what was changed(add, change, modified, deleted), when, and
> who made the change.  showaudit -C and acat -ak -e "type AUDIT_T_SWEDE"
> will show you adds, changes and deletes.  However, my problem is twofold.
> First, I need to automate this process as much as possible.  Secondly, and
> most importantly, we are running Enterprise Manager, and from my
> understanding, Enterprise manager takes ownership of all pushes and updates
> the entire ACL database, not just the change.  Therefore, the user that is
> making the change is "hidden" behind Enterprise Manager.
>
> _______________________________________________
> Sidewinder mailing list
> Sidewinder@adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
>

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic