Novell Doc: Novell ZENworks Network Access Control Users Guide - Novell ZENworks Network Access Control Events Generated

12.4 Novell ZENworks Network Access Control Events Generated

The following Novell ZENworks Network Access Control events can be generated:

DeviceTestedEvent — Identifies the endpoint that was tested and the results of the tests
DeviceChangeEvent — Identifies the endpoint and it’s current state

The following sections contain more information:

12.4.1 Examples of Events Generated

The following shows examples of information returned for generated events:

-------------------------------------------------------------------------
<MNMDeviceChangeEvent>
  <device>
    <uniqueId>5928e8f98d4ce49c6c03529ca4325b5e</uniqueId>
    <ip>10.1.13.29</ip>
    <mac>00:11:43:4F:15:D6</mac>
    <netbiosName>SSLJDOE</netbiosName>
    <domainName>MyCompany</domainName>
    <userName>administrator</userName>
    <loggedOnUser>administrator</loggedOnUser>
    <os>Windows</os>
    <osDetails>XP SP2</osDetails>
    <policyId>LowSecurity</policyId>
    <lastTestTime>1157042366000</lastTestTime>
    <lastTestStatusId>PASSED</lastTestStatusId>
    <gracePeriod>-1</gracePeriod>
    <gracePeriodStart>0</gracePeriodStart>
    <createTime>1156536669000</createTime>
    <lastActivityTime>1157045939456</lastActivityTime>
    <lastConnectTime>1157044195000</lastConnectTime>
    <lastDisconnectTime>0</lastDisconnectTime>
    <postureToken>healthy</postureToken>
    <nodeId>b198ada2-06ce-4e30-bbb9-bcc11ffa777b</nodeId>
    <clusterId>5b227ee9-5085-4bbc-9c6f-dd57900eaa1f</clusterId>
    <accessStatusId>QUARANTINED_BY_POLICY</accessStatusId>
    <nextTestTime>1157049566000</nextTestTime>
    <nadPort></nadPort>
    <nadIP></nadIP>
    <sessionAccess>-1</sessionAccess>
    <sessionAccessEnd>0</sessionAccessEnd>
    <otherDeviceProperties>
      <entry>
        <string>OS</string>
        <string>Windows</string>
      </entry>
    </otherDeviceProperties>
    <lastUpdateTime>1157045949373</lastUpdateTime>
    <testingMethod>NONE</testingMethod>
  </device>
  <ip>10.1.70.101</ip>
  <id>b198ada2-06ce-4e30-bbb9-bcc11ffa777b</id>
  <originalTimeStamp>1157045949373</originalTimeStamp>
</MNMDeviceChangeEvent>

<MNMDeviceTestedEvent>
  <device>
    <uniqueId>58511c4a0895a1c33792de48264262f4</uniqueId>
    <ip>10.1.1.13</ip>
    <mac>00:11:25:AB:92:7A</mac>
    <netbiosName>UNITY</netbiosName>
    <domainName>MyCompany</domainName>
    <userName>administrator</userName>
    <password>changeme</password>
    <loggedOnUser>administrator</loggedOnUser>
    <os>Windows</os>
    <osDetails>2000 SP4</osDetails>
    <policyId>LowSecurity</policyId>
    <lastTestTime>1157046206801</lastTestTime>
    <lastTestStatusId>FAILED</lastTestStatusId>
    <gracePeriod>604800</gracePeriod>
    <gracePeriodStart>1157042301000</gracePeriodStart>
    <createTime>1157042283000</createTime>
    <lastActivityTime>1157046201262</lastActivityTime>
    <lastConnectTime>1157040486000</lastConnectTime>
    <lastDisconnectTime>0</lastDisconnectTime>
    <postureToken>checkup</postureToken>
    <nodeId>b198ada2-06ce-4e30-bbb9-bcc11ffa777b</nodeId>
    <clusterId>5b227ee9-5085-4bbc-9c6f-dd57900eaa1f</clusterId>
    <accessStatusId>ALLOWED_BY_POLICY</accessStatusId>
    <nextTestTime>1157053406845</nextTestTime>
    <nadPort></nadPort>
    <nadIP></nadIP>
    <sessionAccess>-1</sessionAccess>
    <sessionAccessEnd>0</sessionAccessEnd>
    <otherDeviceProperties>
      <entry>
        <string>OS</string>
        <string>Windows</string>
      </entry>
    </otherDeviceProperties>
    <lastUpdateTime>1157046206846</lastUpdateTime>
    <testingMethod>AGENTLESS</testingMethod>
  </device>
  <testResults>
    <TestResultInfo>
      <timestamp>1157046206801</timestamp>
      <gracePeriod>604800</gracePeriod>
      <testName>Windows 2000 hotfixes</testName>
      <testClass>Check2000HotFixes</testClass>
      <testModule>check2000HotFixes</testModule>
      <testGroup>OperatingSystem</testGroup>
      <actionsTaken>access allowed, temporary access period continuing from 8/31/06 10:38 AM, email not sent</actionsTaken>
      <debugInfo>918899, 921883, 912812-IE6SP1-20060322, 842773, 921398, 922616, 917422, Update Rollup 1, 920683, 914388, 920670, 917159, 917008, 920958, 911562</debugInfo>
      <severity>2</severity>
      <statusCode>1</statusCode>
      <resultCode>fail</resultCode>
      <resultMessage>The hotfixes installed are not current. Run Windows Update to install the most recent service packs and hotfixes. The missing hotfixes are: 918899, 921883, 912812-IE6SP1-20060322, 842773, 921398, 922616, 917422, Update Rollup 1, 920683, 914388, 920670, 917159, 917008, 920958, 911562. You may need to run Windows Update multiple times to install all the hotfixes. Some of the hotfixes listed may be contained in a cumulative patch.</resultMessage>
      <policyId>LowSecurity</policyId>
      <mostSeriousInRun>true</mostSeriousInRun>
      <previousResultCode>fail</previousResultCode>
    </TestResultInfo>
    <TestResultInfo>
      <timestamp>1157046206801</timestamp>
      <gracePeriod>604800</gracePeriod>
      <testName>Service packs</testName>
      <testClass>CheckServicePacks</testClass>
      <testModule>checkServicePacks</testModule>
      <testGroup>OperatingSystem</testGroup>
      <actionsTaken>none</actionsTaken>
      <severity>2</severity>
      <statusCode>1</statusCode>
      <resultCode>pass</resultCode>
      <resultMessage>All required service packs are installed</resultMessage>
      <policyId>LowSecurity</policyId>
      <mostSeriousInRun>false</mostSeriousInRun>
      <previousResultCode>pass</previousResultCode>
    </TestResultInfo>
    <TestResultInfo>
      <timestamp>1157046206801</timestamp>
      <gracePeriod>0</gracePeriod>
      <testName>Worms, viruses, and trojans</testName>
      <testClass>CheckWormsVirusesAndTrojans</testClass>
      <testModule>checkWormsVirusesAndTrojans</testModule>
      <testGroup>Software</testGroup>
      <actionsTaken>none</actionsTaken>
      <debugInfo>None</debugInfo>
      <severity>1</severity>
      <statusCode>1</statusCode>
      <resultCode>pass</resultCode>
      <resultMessage>No worms, viruses or trojans were found.</resultMessage>
      <policyId>LowSecurity</policyId>
      <mostSeriousInRun>false</mostSeriousInRun>
      <previousResultCode>pass</previousResultCode>
    </TestResultInfo>
  </testResults>
  <ip>10.1.70.101</ip>
  <id>b198ada2-06ce-4e30-bbb9-bcc11ffa777b</id>
  <originalTimeStamp>1157046206882</originalTimeStamp>
</MNMDeviceTestedEvent>
-------------------------------------------------------------------------

12.4.2 Java Program and Command for Events

Novell ZENworks Network Access Control ships with a sample shell script that invokes Java code that can be used to listen for JMS events. Invoke the program by entering the following command:

eventListener.sh [-u broker URL] [-t topicName] [-l login -p password]

Where:

broker URL— The URL of the JMS message bus. If not specified, it defaults to tcp://localhost:61616
topicName— The topic on which events are published. By default, all Novell ZENworks Network Access Control events are published on the topic nac.requests
login and password— Not set by default

The following python script is provided with Novell ZENworks Network Access Control that can be invoked when an event occurs:

/usr/local/nac/bin/snmpScript.py — Generates an SNMP trap when an event is received.