cancel
Showing results for 
Search instead for 
Did you mean: 

Host Checker Pass/Fail messages

SOLVED
fresco_
Occasional Contributor

Host Checker Pass/Fail messages

I am running 2 SA6000s in Active/Active. I have enabled Host Checker to be Evaluated on the realm, not Enforce. I had been given the task to come up with an AntiVirus and Firewall policies to check against. The powers at be want to know what percentage of the population connecting pass or fail the host check. I can provide this information. Now they want on the users that passed the host check, what rule did they match on. I have about 50 antivirus programs and 25 firewall programs selected for checking but the IVE will not tell me which specific rule the user passed on. Is there a way to get this information?

Here are examples of passed and failed Hostchecks:

Info AUT22925 2008-09-02 16:59:32 - SA6000-1 - [X.X.X.X] USER1(Main Realm)[USER] - Host Checker policy 'ANTIVIRUS' failed on host X.X.X.X for user 'USER1'. Reason: 'The rule 'TRENDMICRO' evaluated to false. ; The rule 'MCAFEE' evaluated to false. ; The rule 'Microsoft' evaluated to false. ; The rule 'ZONEALARM' evaluated to false. ; The rule 'SYMANTEC' evaluated to false. '.
Info AUT22923 2008-09-02 16:59:32 - SA6000-1 - [Y.Y.Y.Y] USER2(Main Realm)[USER] - Host Checker policy 'ANTIVIRUS' passed on host Y.Y.Y.Y for user 'USER2'.
Info AUT22923 2008-09-02 16:59:32 - SA6000-1 - [Y.Y.Y.Y] USER2(Main Realm)[USER] - Host Checker policy 'FIREWALL' passed on host Y.Y.Y.Y for user 'USER2'.

1 ACCEPTED SOLUTION

Accepted Solutions
MasterArtisan_
Occasional Contributor

Re: Host Checker Pass/Fail messages

Individual policies.

View solution in original post

3 REPLIES 3
MasterArtisan_
Occasional Contributor

Re: Host Checker Pass/Fail messages

Individual policies.
DanSmart_
Contributor

Re: Host Checker Pass/Fail messages

The way I've do this type thing before is to send the logs to a syslog server, then roll the logs daily. Run a "grep -c" against the log, counting the number of lines with hits for each of the virus scanner types.

eg.

echo "TrendMicro" > count.txt

egrep -c "TRENDMICRO" >> count.txt

echo "Avast" >> count.txt

egrep -c "AVAST" >> count.txt

fresco_
Occasional Contributor

Re: Host Checker Pass/Fail messages

I was afraid of that. Looks like I will have alot of policies.