2 Replies Latest reply on Jan 24, 2014 5:07 PM by consoul

    Export configuration to Database

    celayeta

       

      First, apologize for my English , I have not much experience in this language.

      The reason for the post is because I find realiando a project in order to be able to monitor device configuration .

      The application must alert or inform when changes are made to the same settings . This way you can detect any unauthorized changes made .

      So  far I could get the current settings from the directory "/opt/mwg/storage/default/" , but stored in that location configuration is in  XML format and due to the large amount of data and files is very  complicated to process it .

      As a second option try toread the file that generated by the script "mwg-coordinator -B file:in=ACTIVE",but the content of the file is unreadable.

      If it is possible , can you help me telling me how I can read and  interpret these files or what method do you recommend for making the  action I want to do?

      Of course once you are in the project will share it with the community ended .

      Thank you very much !

       

      El mensaje fue editado por: celayeta on 22/01/14 14:44:34 CST
        • 1. Re: Export configuration to Database
          skloepping

          Hi Celayeta,

           

          if you just need to monitor the changes or want to have an overview what is happening, there is a built in log file for that: it is called the audit.log file (Troubleshooting > Log files > Audit > audit.log

           

          The content of a file looks like this:

          Timestamp  : 24/Jan/2014:12:56:48.628 +0100

          User       : admin

          Action     : USER_LOGIN

          Source Type: USER

          Source ID  : 10.149.113.36

          Appliance  : mwgappl73

          Details:

             User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0

             Role    : Super Administrator

           

           

          ________________________________________________________________________________

          Timestamp  : 24/Jan/2014:12:57:13.532 +0100

          User       : admin

          Action     : FILE_DOWNLOAD

          Source Type: SYSTEM_FILES

          Source ID  : 564DEA57-F2AE-EDC8-5152-11402381852F/LOG/audit/audit.log

          Appliance  : mwgappl73

           

           

          ________________________________________________________________________________

          Timestamp  : 24/Jan/2014:12:57:25.030 +0100

          User       : admin

          Action     : MODIFIED_RULE_GROUP

          Source Name: SSL Scanner

          Source Type: RULE_GROUP<RuleGroup>

          Source ID  : 5169

          Source Path: Initial-GatewayRules/RuleGroups/SSL Scanner[0]

          Appliance  : mwgappl73

          Details:

             Old Enabled: true

             New Enabled: false

          Here you can see that i have just disabled the SSL Scanner rule set as a test.

           

          Or here an example where i have enabled the URL.Host Whitelist and added *.mcafee.comm to the list:

           

          Timestamp  : 24/Jan/2014:13:01:01.857 +0100

          User       : admin

          Action     : ADDED_CONTENT

          Source Name: Global Whitelist

          Source Type: LIST<Wildcard expression>

          Source ID  : com.scur.type.regex.4518

          Source Path: /Lists/Wildcard expression/

          Appliance  : mwgappl73

          Details:

             Entry      : *.mcafee.com

             Description:

           

           

          ________________________________________________________________________________

          Timestamp  : 24/Jan/2014:13:01:01.862 +0100

          User       : admin

          Action     : MODIFIED_RULE

          Source Name: URL Host Matches in List Global Whitelist

          Source Type: RULE

          Source ID  : 10809

          Source Path: Initial-GatewayRules/RuleGroups/Global Whitelist[1]

          Appliance  : mwgappl73

          Details:

             Old Enabled: false

             New Enabled: true

           

           

          Bets Regards

          Stefan

          • 2. Re: Export configuration to Database
            consoul

            I wanted this as well so I have a three-stage process that logs into each proxy via a bash script and collects the changes to the audit log every five minutes and emails them to me. PM me if you want me to send you a copy of what I use.

            1 of 1 people found this helpful