Every so often I get asked whether it is possible to integrate Active Directory Users and Groups with NetEye. Until now my answer has always been that it is possible to use AD via its LDAP functionality as an authentication backend, and that you may manually add each AD user one-by-one to NetEye.
I was never very satisfied with this answer and so I tried to find a solution. Here’s what needs to be done:
- Only some AD groups should be able to have NetEye access
- All users in these groups should be added automatically to NetEye as both a user and a monitoring contact
- Users and groups should also be cleaned up automatically
Starting from these requirements, I made a simple Perl script which uses the NetEye Perl API to do what I want:
- Use an existing LDAP backend configured for NetEye User Management.
- Alternatively, give all parameters needed in single mode (ldaphost, ldapuser, …)
- Search for all groups in the specified AD-Location using a regular expression, for instance: ug-neteye-*
- Add all users in this group(s) to NetEye (if they don’t already exist there) using a default NetEye profile (given as a command line parameter). Otherwise, if a NetEye profile already exists with the same name as the AD-group, then use that one instead.
- Add the AD-group as a contactgroup.
- Add all users in the group as contacts and assign them to the contactgroup created before.
- Clean up each contactgroup in Monitoring with the same regular expression as the one used above to search the groups in AD, which should no longer exist in the Active Directory.
- Clean up all contacts and NetEye users which are no longer listed in a contactgroup. This assumes that all manually created contacts HAVE TO be inserted inside a contactgroup, so that they do not get cleaned up.
If your requirements align with mine, enjoy this script that will sync your AD Users and Groups with NetEye (handle_neteye_users).
Juergen Vigna
NetEye Solution Architect at Würth Phoenix
I have over 20 years of experience in the IT branch. After first experiences in the field of software development for public transport companies, I finally decided to join the young and growing team of Würth Phoenix. Initially, I was responsible for the internal Linux/Unix infrastructure and the management of CVS software. Afterwards, my main challenge was to establish the meanwhile well-known IT System Management Solution WÜRTHPHOENIX NetEye. As a Product Manager I started building NetEye from scratch, analyzing existing open source models, extending and finally joining them into one single powerful solution. After that, my job turned into a passion: Constant developments, customer installations and support became a matter of personal. Today I use my knowledge as a NetEye Senior Consultant as well as NetEye Solution Architect at Würth Phoenix.
Author
Latest posts by Juergen Vigna
23. 02. 2024
Log-SIEM, NetEye, Unified Monitoring
Monitoring Logs in Elasticsearch: A Practical Example
30. 11. 2023
Log Management, Log-SIEM, NetEye, Unified Monitoring
Monitor Your Elasticsearch Agents Registered in the Elastic Fleet Server
28. 04. 2023
Icinga Web 2, NetEye, Unified Monitoring
Elasticsearch Snapshots and How to Monitor Them