Alex,
I don't know about "easier," but I can think of some alternative
methods. One would be to install NetDisco (http://netdisco.org/) or
a similar ARP table crawling program, then query its database for the
IP <-> MAC pair. Alternatively, we're doing regular snapshots of the
user_info table from cron, which gives us a historical record of who
was logged on to a specific machine at a specific time. We do
snapshots every 15 minutes, but you could feasibly (see below) do
them every minute if you wanted to. It's then a simple matter of
grep and awk to determine IP <-> MAC <-> User mappings. It's a
brutish hack that we put in place until I get a chance to setup
RADIUS accounting to Oracle... Yes, there are obvious race
conditions in the script, and it's a bit simplistic, but it does the
job. And at ~ 1.1 MB per dump (~ 141KB gzipped) it's possible to
store months or even years of them... For "Certified Users" I think
you need to dump mac_filter, user_info is the "Online Users."
Here's the crontab if you're interested. It runs on the two HA CAMs.
*/15 * * * * /root/cca-user_info-backup.pl
[root@ccam1 ~]# cat /root/cca-user_info-backup.pl
#!/usr/bin/perl
use strict;
use Fcntl;
use Time::localtime;
### System defined variables
my $tm;
my $pg_dump_cmd = '/usr/bin/pg_dump -a -D -O -t user_info -x -h
127.0.0.1 -U postgres controlsmartdb'; # you can change the dump
output format if you like
my @pg_dump = `$pg_dump_cmd`; # backticks are dangerous
# Get time
$tm = localtime(time);
# Resolution of 1 minute is sufficient for our purposes
my $file_time = sprintf("%04d%02d%02d-%02d%02d", $tm->year+1900, $tm-
>mon+1, $tm->mday, $tm->hour, $tm->min);
my $file_name = sprintf("/root/user_info/$file_time.txt"); # create a
filename like 20050823-2000.txt for August 23, 2005 8:00 pm
# Print out the file
sysopen (OUTPUTFILE, $file_name, O_WRONLY|O_TRUNC|O_CREAT, 0660)
or die "Failed to create file: $!";
print OUTPUTFILE @pg_dump;
close OUTPUTFILE;
[root@ccam1 ~]#
Here is how long it takes to run the dump:
[root@ccam1 ~]# time /root/cca-user_info-backup.pl
real 0m0.276s
user 0m0.110s
sys 0m0.019s
[root@ccam1 ~]#
HTH,
Michael Grinnell
Network Security Administrator
The American University
On Aug 30, 2006, at 8:26 PM, Alex Lanstein wrote:
<snip>
> then, from there, its a hop skip and a jump to get the IP or username.
>
> Of course, for this to work, the server must be on the same subnet
> as the clients.
>
> Anyone know of an easier way to pull up this information?
>
<snip>
|