Symantec Security Expressions Server Connection Monitor Configuration File, IP Range Section

Page 54

SecurityExpressions Server User Guide

Password = AES: cb789817f8d99c7e5a1e5beb8510bf71

Once you enable the connection monitor, it can be processed at any time.

Connection Monitor Configuration File

Connection Monitors use a text file named dmconfig.txt that resides in the same directory as the Connection Monitor (\Program Files\Altiris\Security Management\SecurityExpressions Connection Monitors). The file contains four sections. You must complete the IP Range and Options sections. The Default and Active Directory sections are optional.

Tip: If you are using more than one connection monitor on the same computer, use the same configuration file to configure them.

After editing and saving the configuration file, you must stop and restart the DHCP or Active Directory monitor service through the Service Management Console, which is accessible through Administrative Tools.

Tip: Use the # character at the beginning of all comment lines to ensure they get ignored when the file processes.

Click here to review the configuration file's syntax.

IP Range Section

Create one section per IP range. The IP range section consists of:

IP and default IP range of the target devices

Distribution methods

Comma-separated list of audit server names

IP Ranges

The IP Ranges section of the configuration file identifies the IP ranges of the device groups.

Zero or more IP ranges – IP ranges divide newly detected devices into different groups. If an IP range does not exist, no devices are audited.

Default IP range – All IP addresses not previously placed in one of the IP range groups.

Distribution Methods

Two distribution methods, Round Robin and First Available, comprise the Connection Monitor sequencing. To indicate which method you want to use, type either Round Robin or First Available.

Round Robin – Each SecurityExpressions Audit & Compliance Server in the list is contacted in sequence as new devices are detected, wrapping around to the beginning of the list after contacting every listed audit server. If a connection times out, the Connection Monitor tries the next audit server in the list until it attempts contact with every audit server on the list.

First Available – To begin, the Connection Monitor always contacts the first Audit & Compliance Server. If the connection fails, it tries to contact the second audit server, and so forth, until connection is successful after trying to contact one or every audit server on the list. The First Available method is important if the first server goes down.

46

Page 53 Page 55
Image 54
Page 53 Page 55
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Secure Connection Windows 2000 ServersClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights
Top Page Image Contents