6 Replies Latest reply on Feb 25, 2009 11:57 AM by jwyckoff

    Monitoring connections via the Gateway

    Rookie

       

      My company has been having ongoing problems with the Gateway since its initial installation over a year and a half ago.  We recently rebuilt the gateway for the 3rd time and moved it to a VM server.  Since this latest rebuild, we wanted to be able to validate the actual number of devices that are using the gateway and which devices are connecting. 

       

       

      Looking through the console and gateway, I am unable to find a simple way of validating the total % of the population is connecting via the gateway, as opposed to via VPN, dial-up, or directly via the LAN. 

       

       

      Has anyone devised a way to monitor and report on gateway usage?  I noticed that the Gateway configuration interface has information under the Manage Certificates option that lists computer names, session counts and last session time, but I haven't found information that explains what these actually indicate.  Is session count the number of times a device has connected via the gateway?  Does last session indicate that the device connected via the gateway externally, or could the connection have been within the LAN as well?

       

       

      Also, support pointed out that there is a log file on each computer that records connection and will list the gateway IP if it connects via the gateway.  Anyone tried to parse this log file and get a report that way?

       

       

      We're running LD 8.7 SP5 and whatever the latest build of the gateway is.

       

       

      Thanks for the assist.

       

       

       

       

       

        • 1. Re: Monitoring connections via the Gateway
          Jared Barneck SupportEmployee

          We monitor connections.  Each client could connect many times, such as with inventory, vulscan, policies, remote control.  So if a client were doing all that, it would have a bunch of connections.

           

          On the first web page we give you information on this:

           

          The total connections (ever)

          Total request (which means connections and denied connections)

          Current connections

          Failed Authentications

          Lockouts

          Connections waiting:

          Connections linking:

          Connections requesting

           

          As for checking which clients are using the gateway vs. which are not, that should be done on the Core Server.  You can query to see what the last IP information was sent up to the Core Server is.  Create a query that includes all your internal subnets.  Create a query that includes all your VPN subnets.  Create a query that shows you devices that are in a subnet other than the internal or vpn subnets.  Then add columns to the query to show the last hardware scan, last software scan, last vulscan, etc...

          1 of 1 people found this helpful
          • 2. Re: Monitoring connections via the Gateway
            Jared Barneck SupportEmployee

            Also, you can do some cool things in linux to parse information from the command line.

             

            Run this command on your gateway from the shell to get a list of IP Addresses going through the gateway currently:

             

            netstat -an |grep ESTABLISHED |tr -s ' ' |cut -d" " -f5|cut -d: -f1|sort -u

             

            • 3. Re: Monitoring connections via the Gateway
              Rookie

               

              Thanks for your helpful answers.  I am just seeing them now.  For some reason the system never informed me that I had a response.  I probably didn't click on the right radio box.

               

               

              I was looking for something more similar to your solution regarding monitoring external IP addresses.  That seems to be a little more complicated than at first glance.  It seems that at any given time, devices in our network can have any of a number of IP addresses, none which seem to say in a constant location.  For instance, direct network configuration, wireless network, VPN, ISP, etc...  We ran into inventory problems with duplicate devices due to similar duplicity.

               

               

              I worked with LD support to get a custom vulnerability that would parse the local log file on the PC and record that information in a custom data form.  This will record if the PC has ever connected via the gateway and when.  It seems that the local log file is the only place that a record of connections via the gateway is recorded. 

               

               

              We're still working on getting it out to the field to see how well it works.  So far I only have 5 of 1225 computers actually reporting in a connection, though I do know the numbers are better than that.

               

               

              I'll post an update if this actually works.

               

               

               

               

               

               

               

               

              • 4. Re: Monitoring connections via the Gateway
                Employee

                Did you ever get eh custom vul created to grab the LMG connection info/status?  If so, can you toss my way and I will test also.

                Thx;

                John Wyckoff

                LANDesk SE

                • 5. Re: Monitoring connections via the Gateway
                  Employee

                  You mean from the client's perspective? ldms_client can do that.. it's in the "LANDesk Client Information" section.

                  • 6. Re: Monitoring connections via the Gateway
                    Employee

                    This is a COOL util !!!!  I will install and test today. 
                    JW