08-15-2012 10:32 AM
Duplicate thread to Knowledgebase question, but need help making the info from this technote work:
Marc Benoit Nick Piagentini
Running a PA-4020, 4.1.6 code and assouciated UserID agent on an AD server - NMS 4.2
Tried putting perl script on NMS and NAC server - does not appear to launch on either.
08-15-2012 01:10 PM
NAC notifications are broken in 4.2 I had a case open with Enterasys that was recently resolved with the release of 4.3...however, I have not yet tested.
...sounds like an upgrade to 4.3 may be required for you as well. Also, FYI...it seems as though this NAC notification fix was not reported in the NAC 4.3 release notes.
I hope that this helps
08-15-2012 02:20 PM
Thanks - am I reading the docs correctly that the script lives on the NetSight NMS server appliance, not the NAC appliance?
I'll update and report back - need to check on a report of extremely slow Compass searches in NetSight 4.3 I saw on the listsrv first.
08-15-2012 04:03 PM
Correct. I have confirmed with ETS GTAC that the NAC notifications are processed by Netsight, not the NAC gateways. So, the perl script must be located on the Netsight appliance to be triggered by the NAC notifications of end-system event changes.
Again, I have not yet implemented user-id integration...but hope to soon.
I saw the same 4.3 compass search issues on the listserv...looks like a bug fix may be in the works
09-06-2012 11:29 AM
One thing that helped me in the troubleshooting of the integration was to make a copy of the perl script on the netsight server and change it to dump out a text file so you can verify what is actually being notified on in NAC as well as verifying if state changes are correctly causing notification.
You would need to change the nac_pub.pl to contain something like the following.
echo $@ >> out.txt
I then saved it as test-trigger.sh but you can pick whatever name.
Finally setup the notifications in NAC the same way as for the nac_pub.pl but tell it to run the test-trigger.sh.
You should now be able to run the following command from an ssh session on the netsight server that will monitor the changes as they happen.
tail -f out.txt
If you want additional readability or insight into what is happening you can modify the notification to send different fields.
Hopefully that helps with some of your troubleshooting and getting the correct information that Enterasys needs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!