Report on av check big ip apm

Hi,

 

 

I'm not sure how to do it through the GUI... but on the command line you can login and go to /var/log... then run the following..

 

 

[root@edge-gateway-box:Active:Standalone] log egrep "session.user.clientip|session.logon.last.username|session.check_av.last.item_1.name|session.check_av.last.item_1.version" apm | awk -F" " '{print $8, $11, $14}'

 

db5c7e14: 'session.check_av.last.item_1.name' 'Symantec

 

db5c7e14: 'session.check_av.last.item_1.version' '20121.2.1.2'

 

db5c7e14: 24.144.40.133

 

db5c7e14: 'session.logon.last.username' 'scoope'

 

[root@cwyegw01:Active:Standalone] log

 

 

You can then load this to a database or spreadsheet (depending on how many records you have) and do your analysis on it. the first value is the session ID and the second value is the variable and the third value is the value of the variable. (except for the ip address line... awk didn't work as well but you know what you have with that one... if you want to use it you can grep it out separately and format it for what you want.

 

 

I'm not sure exactly what you are looking for but please let me know if this will help... you could write a perl script to collect the data and then print it in a better format. I would also suggest send the logs to a syslog server where the data will be able to sit longer than on the VPN device.

 

 

Also... FYI... on your current policy do you want to allow them to connect either way.. currently they are allowed access with no auth or resources assigned in the policy. If you don't want them to connect you can change the ending to deny.

 

 

Please let me know if this helps...

 

 

Seth