Batch File for Monitoring

By sabrefreak ·
I set up Untangle last week based on the suggestion of another poster. It works great, but it sends me the details of "who's who" on my largely DHCP network in IP's, so knowing that user did "whatever" doesn't mean much.
I'd like to go a step further and create a batch file that tells me who the users are and what their IP's are so that I can match up the problems to the people.
Problem is I haven't written a batch in twenty or so years (maybe there is something better? but a batch just seemed simple and convenient). Maybe having it spit out to a text file would be a good too?
Any ideas?

The O/S is Windows XP, almost everyone is DHCP (a few dedicated IP's, like printers), about 35 users.

Many thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

For starters....

by ---TK--- In reply to Batch File for Monitoring

you could run nbtstat -a Ip_Adress, which will give you the net bios name associated with the ip address.

Send me a pm, there is another way to do this more efficiently... but I will not post up "how to", since it can be abused.

Collapse -

You should be able to switch that to report host names

by seanferd In reply to Batch File for Monitoring

rather than IPs. In both Untangle Reports config and AD Connector config (if you use AD) you must switch this to report hosts rather than IPs.

Collapse -

Can't be done

by timwalsh In reply to Batch File for Monitoring

With the way you are currently setup, what you wan't really can't be done.

I'm assuming that you ar using the DHCP function in Untangle vs. on some other device (DSL modem, router, etc.).

If DHCP is coming from some other device, then the answer is it definitely can't be done (unless you want to get cozy with the coders that work for whatever vendor created that device.)

If Untangle is providing DHCP, much depends on how DHCP was implemented. All DHCP really does is assign an IP address to a particular MAC address. It may or may ot capture a computer name for that MAC address.

DNS (if you have it configured in untangle), is the only thing that might tie an IP address to a specific computer name. However, in order to capture IP addresses provided by DHCP, DNS would have to allow dynamic updates. Not all DNS implementations allow for this.

Even if all of the above is working in your favor, neither DHCP, nor DNS will capture what user is logged into a computer with a particular IP address. The best you could expect would be to tie a particular activity to a computer with a particular IP address and name.

You would have to then search the event logs of that particular computer to deterine who was logged onto that computer at the time in question. And that assumes that you have Security logging turned on (by default, it is turned off in XP). This of course also assumes that you aren't using any universal logons, and that users don't know each others credentials.

Untangle does have a User Access and User Authentication capability, but this is only used in relation to Remote Access capabilities of Untangle.

The one capability of Untangle you need (Active Directory Authentication with Reporting and Policy Enforcement), you are denied because of your current network environment. This capability would allow you to generate a report showing user activity based on user ID.

To take advantage of this capability you would need a machine running a current Windows Server OS set up for an Active Directory domain environment (which may or may not make your Untangle server superfulous as the Windows Server could perform most functions of the Untangle server).

Collapse -

Computer Name - User ID

by Jacky Howe In reply to Batch File for Monitoring

With only 35 Users it should be easy to create a map of the Systems using the computernames or the user ID. I used to allocate by the room number and start from the doorway and work around the room. The Systems were named along the lines ws1a1 - ws25a1. Put a tag on the System with the computername so that when the user has a problem they can tell you the computer name and all you have to do is lookup your map until you get to know your Systems.

You could add this to logon scripts specified by a Group Policy.

Create A hidden share on the file server EG: Trace$. It was origianlly called from the users logon script. You may have to modify it. I originally used this with 98 on a nt4 domain.

You will have the Username, Computername and Time of logon. It should keep adding to the file with the Logon ID.

@echo off
echo %username% > %computername%.txt
type c:\%computername%.txt >> \\"server"\trace$\%computername%.txt
echo y| net time \\"server" /set >> \\"server"\trace$\%computername%.txt
del c:\%computername%.txt

Related Discussions

Related Forums