Questions

Batch File for Monitoring

+
0 Votes
Locked

Batch File for Monitoring

sabrefreak
I set up Untangle last week based on the suggestion of another poster. It works great, but it sends me the details of "who's who" on my largely DHCP network in IP's, so knowing that user 192.168.1.23 did "whatever" doesn't mean much.
I'd like to go a step further and create a batch file that tells me who the users are and what their IP's are so that I can match up the problems to the people.
Problem is I haven't written a batch in twenty or so years (maybe there is something better? but a batch just seemed simple and convenient). Maybe having it spit out to a text file would be a good too?
Any ideas?

The O/S is Windows XP, almost everyone is DHCP (a few dedicated IP's, like printers), about 35 users.

Many thanks.
  • +
    0 Votes
    ---TK---

    you could run nbtstat -a Ip_Adress, which will give you the net bios name associated with the ip address.

    Send me a pm, there is another way to do this more efficiently... but I will not post up "how to", since it can be abused.

    +
    0 Votes
    seanferd

    rather than IPs. In both Untangle Reports config and AD Connector config (if you use AD) you must switch this to report hosts rather than IPs.

    +
    0 Votes
    timwalsh

    With the way you are currently setup, what you wan't really can't be done.

    I'm assuming that you ar using the DHCP function in Untangle vs. on some other device (DSL modem, router, etc.).

    If DHCP is coming from some other device, then the answer is it definitely can't be done (unless you want to get cozy with the coders that work for whatever vendor created that device.)

    If Untangle is providing DHCP, much depends on how DHCP was implemented. All DHCP really does is assign an IP address to a particular MAC address. It may or may ot capture a computer name for that MAC address.

    DNS (if you have it configured in untangle), is the only thing that might tie an IP address to a specific computer name. However, in order to capture IP addresses provided by DHCP, DNS would have to allow dynamic updates. Not all DNS implementations allow for this.

    Even if all of the above is working in your favor, neither DHCP, nor DNS will capture what user is logged into a computer with a particular IP address. The best you could expect would be to tie a particular activity to a computer with a particular IP address and name.

    You would have to then search the event logs of that particular computer to deterine who was logged onto that computer at the time in question. And that assumes that you have Security logging turned on (by default, it is turned off in XP). This of course also assumes that you aren't using any universal logons, and that users don't know each others credentials.

    Untangle does have a User Access and User Authentication capability, but this is only used in relation to Remote Access capabilities of Untangle.

    The one capability of Untangle you need (Active Directory Authentication with Reporting and Policy Enforcement), you are denied because of your current network environment. This capability would allow you to generate a report showing user activity based on user ID.

    To take advantage of this capability you would need a machine running a current Windows Server OS set up for an Active Directory domain environment (which may or may not make your Untangle server superfulous as the Windows Server could perform most functions of the Untangle server).

    +
    0 Votes
    Jacky Howe

    With only 35 Users it should be easy to create a map of the Systems using the computernames or the user ID. I used to allocate by the room number and start from the doorway and work around the room. The Systems were named along the lines ws1a1 - ws25a1. Put a tag on the System with the computername so that when the user has a problem they can tell you the computer name and all you have to do is lookup your map until you get to know your Systems.

    You could add this to logon scripts specified by a Group Policy.

    Create A hidden share on the file server EG: Trace$. It was origianlly called from the users logon script. You may have to modify it. I originally used this with 98 on a nt4 domain.

    You will have the Username, Computername and Time of logon. It should keep adding to the file with the Logon ID.

    @echo off
    c:
    echo %username% > %computername%.txt
    type c:\%computername%.txt >> \\"server"\trace$\%computername%.txt
    echo y| net time \\"server" /set >> \\"server"\trace$\%computername%.txt
    del c:\%computername%.txt

  • +
    0 Votes
    ---TK---

    you could run nbtstat -a Ip_Adress, which will give you the net bios name associated with the ip address.

    Send me a pm, there is another way to do this more efficiently... but I will not post up "how to", since it can be abused.

    +
    0 Votes
    seanferd

    rather than IPs. In both Untangle Reports config and AD Connector config (if you use AD) you must switch this to report hosts rather than IPs.

    +
    0 Votes
    timwalsh

    With the way you are currently setup, what you wan't really can't be done.

    I'm assuming that you ar using the DHCP function in Untangle vs. on some other device (DSL modem, router, etc.).

    If DHCP is coming from some other device, then the answer is it definitely can't be done (unless you want to get cozy with the coders that work for whatever vendor created that device.)

    If Untangle is providing DHCP, much depends on how DHCP was implemented. All DHCP really does is assign an IP address to a particular MAC address. It may or may ot capture a computer name for that MAC address.

    DNS (if you have it configured in untangle), is the only thing that might tie an IP address to a specific computer name. However, in order to capture IP addresses provided by DHCP, DNS would have to allow dynamic updates. Not all DNS implementations allow for this.

    Even if all of the above is working in your favor, neither DHCP, nor DNS will capture what user is logged into a computer with a particular IP address. The best you could expect would be to tie a particular activity to a computer with a particular IP address and name.

    You would have to then search the event logs of that particular computer to deterine who was logged onto that computer at the time in question. And that assumes that you have Security logging turned on (by default, it is turned off in XP). This of course also assumes that you aren't using any universal logons, and that users don't know each others credentials.

    Untangle does have a User Access and User Authentication capability, but this is only used in relation to Remote Access capabilities of Untangle.

    The one capability of Untangle you need (Active Directory Authentication with Reporting and Policy Enforcement), you are denied because of your current network environment. This capability would allow you to generate a report showing user activity based on user ID.

    To take advantage of this capability you would need a machine running a current Windows Server OS set up for an Active Directory domain environment (which may or may not make your Untangle server superfulous as the Windows Server could perform most functions of the Untangle server).

    +
    0 Votes
    Jacky Howe

    With only 35 Users it should be easy to create a map of the Systems using the computernames or the user ID. I used to allocate by the room number and start from the doorway and work around the room. The Systems were named along the lines ws1a1 - ws25a1. Put a tag on the System with the computername so that when the user has a problem they can tell you the computer name and all you have to do is lookup your map until you get to know your Systems.

    You could add this to logon scripts specified by a Group Policy.

    Create A hidden share on the file server EG: Trace$. It was origianlly called from the users logon script. You may have to modify it. I originally used this with 98 on a nt4 domain.

    You will have the Username, Computername and Time of logon. It should keep adding to the file with the Logon ID.

    @echo off
    c:
    echo %username% > %computername%.txt
    type c:\%computername%.txt >> \\"server"\trace$\%computername%.txt
    echo y| net time \\"server" /set >> \\"server"\trace$\%computername%.txt
    del c:\%computername%.txt