1 of 1 people found this helpful
We monitor connections. Each client could connect many times, such as with inventory, vulscan, policies, remote control. So if a client were doing all that, it would have a bunch of connections.
On the first web page we give you information on this:
The total connections (ever)
Total request (which means connections and denied connections)
As for checking which clients are using the gateway vs. which are not, that should be done on the Core Server. You can query to see what the last IP information was sent up to the Core Server is. Create a query that includes all your internal subnets. Create a query that includes all your VPN subnets. Create a query that shows you devices that are in a subnet other than the internal or vpn subnets. Then add columns to the query to show the last hardware scan, last software scan, last vulscan, etc...
Also, you can do some cool things in linux to parse information from the command line.
Run this command on your gateway from the shell to get a list of IP Addresses going through the gateway currently:
netstat -an |grep ESTABLISHED |tr -s ' ' |cut -d" " -f5|cut -d: -f1|sort -u
Thanks for your helpful answers. I am just seeing them now. For some reason the system never informed me that I had a response. I probably didn't click on the right radio box.
I was looking for something more similar to your solution regarding monitoring external IP addresses. That seems to be a little more complicated than at first glance. It seems that at any given time, devices in our network can have any of a number of IP addresses, none which seem to say in a constant location. For instance, direct network configuration, wireless network, VPN, ISP, etc... We ran into inventory problems with duplicate devices due to similar duplicity.
I worked with LD support to get a custom vulnerability that would parse the local log file on the PC and record that information in a custom data form. This will record if the PC has ever connected via the gateway and when. It seems that the local log file is the only place that a record of connections via the gateway is recorded.
We're still working on getting it out to the field to see how well it works. So far I only have 5 of 1225 computers actually reporting in a connection, though I do know the numbers are better than that.
I'll post an update if this actually works.
Did you ever get eh custom vul created to grab the LMG connection info/status? If so, can you toss my way and I will test also.
This is a COOL util !!!! I will install and test today.