SSL VPN
Reply
Visitor
fresco
Posts: 8
Registered: ‎03-12-2008
0
Accepted Solution

Host Checker Pass/Fail messages

I am running 2 SA6000s in Active/Active.  I have enabled Host Checker to be Evaluated on the realm, not Enforce.  I had been given the task to come up with an AntiVirus and Firewall policies to check against.  The powers at be want to know what percentage of the population connecting pass or fail the host check.  I can provide this information.  Now they want on the users that passed the host check, what rule did they match on.  I have about 50 antivirus programs and 25 firewall programs selected for checking but the IVE will not tell me which specific rule the user passed on.  Is there a way to get this information? 

 

Here are examples of passed and failed Hostchecks:

 

Info AUT22925 2008-09-02 16:59:32 - SA6000-1 - [X.X.X.X] USER1(Main Realm)[USER] - Host Checker policy 'ANTIVIRUS' failed on host X.X.X.X for user 'USER1'. Reason: 'The rule 'TRENDMICRO' evaluated to false. ; The rule 'MCAFEE' evaluated to false. ; The rule 'Microsoft' evaluated to false. ; The rule 'ZONEALARM' evaluated to false. ; The rule 'SYMANTEC' evaluated to false. '.
Info AUT22923 2008-09-02 16:59:32 - SA6000-1 - [Y.Y.Y.Y] USER2(Main Realm)[USER] - Host Checker policy 'ANTIVIRUS' passed on host Y.Y.Y.Y for user 'USER2'.
Info AUT22923 2008-09-02 16:59:32 - SA6000-1 - [Y.Y.Y.Y] USER2(Main Realm)[USER] - Host Checker policy 'FIREWALL' passed on host Y.Y.Y.Y for user 'USER2'.
 

  

Contributor
MasterArtisan
Posts: 13
Registered: ‎05-27-2008
0

Re: Host Checker Pass/Fail messages

Individual policies.
Contributor
DanSmart
Posts: 109
Registered: ‎01-21-2008
0

Re: Host Checker Pass/Fail messages

The way I've do this type thing before is to send the logs to a syslog server, then roll the logs daily.  Run a "grep -c" against the log, counting the number of lines with hits for each of the virus scanner types. 

 

eg.

echo "TrendMicro" > count.txt

egrep -c "TRENDMICRO" >> count.txt

echo "Avast" >> count.txt

egrep -c "AVAST" >> count.txt

 

-=Dan=-
Visitor
fresco
Posts: 8
Registered: ‎03-12-2008
0

Re: Host Checker Pass/Fail messages

I was afraid of that.  Looks like I will have alot of policies.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.