23. 06. 2020 Giuseppe Di Garbo NetEye, Unified Monitoring

Identify and Monitor Active Directory Domain Controllers with NetEye 4

NetEye 4, thanks to the Director module, offers very powerful mechanisms when it comes to fetching data from external data sources.

Among the external resources that can be configured in NetEye 4 there is clearly LDAP / Active Directory. This type of resource can be used for multiple purposes:

  • Authentication of users
  • Import of LDAP groups
  • Import of hosts and many others object type
  • Importing users for notifications

In this blog post let’s consider a scenario in which the agents have already been installed through the Self Service API, the hosts already exist in Director, and we want to identify the domain controllers, integrate some Custom Variables, apply a specific host group, and then apply a Service Set dedicated for monitoring DNS, LDAP and NTP services.

The Service Set can be downloaded from our github repository and imported using Director’s Basket feature. Next you need to adapt the LDAP and LDAP: Global Catalog service templates.

LDAP Resource Creation

In order to use the data made available from an Active Directory or LDAP source, you must first create an LDAP-type resource from the Configuration > Application > Resources menu.

Remember the importance of using an LDAPS connection.

After creating the resource we can use the automation functionality of the Director module to import the data of interest from the domain controllers and synchronize them with existing data.

Import Source Creation

Using an Import Source, we can use our previously created resource to identify domain controller type computers very easily: it’s sufficient to use a filter on the UserAccountControl field with the value 532480.

In the properties field it is necessary to fill in a comma-separated list of LDAP properties that should be fetched. In our example we want: dn,cn,description,dnshostname,operatingSystem,operatingSystemVersion,userAccountControl,samaccountname.

Subsequently, thanks to the Modifiers, we can verify the properness of the data obtained from the previous query in two steps:

  • It’s possible to check and subsequently exclude any disabled hosts by creating an ad_hoc property called is_disabled which, thanks to a control (bitmask match with value 2) on the UserAccountControl field, will be defined as true or false.
  • We can then use the is_disabled field to perform a blacklist based on this field whenever the value is true.

Finally, we can check the result shown in the Preview tab.

Sync Rule Creation

Using a Sync Rule, we can use the data prepared during the Import phase with the aim of merging existing data relating to domain controllers type hosts.

The Sync Rule must thus be created with “Object Type” Host and “Update Policy” Merge.

In the properties we must uniquely identify the host domain controllers using the dnshostname field associating it with the target field object_name.

We can also enhance some Custom Variables to track the name and version of the operating system and a field of the boolean is_ad_controller type to identify domain controllers:

This is the result after importing the data:

Host Group and Service Set Association

Now that we have the information, we can easily create a Host Group dedicated to Domain Controllers using an Assign where rule on the field of type boolean is_ad_controller and apply the imported Service Set in the same way.

HostGroup

ServiceSet

In conclusion we will end up having a dedicated Host Group that identifies only the domain controllers along with a series of specific controls just for these hosts, which clearly can be extended according to varying needs.

Below is an example of the controls applied to a domain controller host:

Giuseppe Di Garbo

Giuseppe Di Garbo

Consultant at Würth Phoenix
Hi everybody. I’m Giuseppe and I was born in Milan in 1979. Since the early years of university, I was attracted by the Open Source world and operating system GNU\Linux. After graduation I had the opportunity to participate in a project of a startup for the realization of an Internet Service Provider. Before joining Würth Phoenix as SI consultant, I gained great experience as an IT consultant on projects related to business continuity and implementation of open source software compliant to ITIL processes of incident, change and service catalog management. My free time is completely dedicated to my wife and, as soon as possible, run away from Milan and his caotic time and trekking discover our beautiful mountain near Lecco for relax and lookup the (clean) sky.

Author

Giuseppe Di Garbo

Hi everybody. I’m Giuseppe and I was born in Milan in 1979. Since the early years of university, I was attracted by the Open Source world and operating system GNU\Linux. After graduation I had the opportunity to participate in a project of a startup for the realization of an Internet Service Provider. Before joining Würth Phoenix as SI consultant, I gained great experience as an IT consultant on projects related to business continuity and implementation of open source software compliant to ITIL processes of incident, change and service catalog management. My free time is completely dedicated to my wife and, as soon as possible, run away from Milan and his caotic time and trekking discover our beautiful mountain near Lecco for relax and lookup the (clean) sky.

Latest posts by Giuseppe Di Garbo

31. 08. 2020 Development, NetEye
Getting in Touch with the Flux Language and NetEye
19. 08. 2020 Icinga Web 2, NetEye
NetEye 4 Template Library (NTL) and Icinga Template Library
31. 03. 2020 NetEye, Unified Monitoring
How to Configure Telegram Notifications on NetEye
19. 12. 2019 Downloads / Release Notes, NetEye
Never Forget Your NetEye Updates!
30. 09. 2019 Icinga News, NetEye
Downtime with NetEye 4 Using Icinga 2 API
See All

Related Content

Tags: , , , , ,

11. 01. 2021 Log-SIEM, NetEye

Alerting on NetEye SIEM: Tornado Webhooks and Smart Monitoring (part 2)

In my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert Read More
11. 01. 2021 Log-SIEM, NetEye

Alerting on NetEye SIEM: Watcher & ‘Alerts and Actions’ (Part 1)

The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts Read More
23. 12. 2020 Development, NetEye

Adopting Pulp 2: A Migration Journey #2

In the previous chapter of this blog post series, we discussed how Würth Phoenix has recently adopted Pulp as its main repository management platform. To briefly recap, Pulp is a free and open-source platform for managing repositories of software packages Read More
23. 12. 2020 NetEye

How to Verify the Integrity of Your NetEye 4 ISO Image

When installing our favorite Linux distribution, the first thing we do is download the official installation image, an ISO file, from the distribution website or a third party site. Imagine for example that CentOS has just released a new version, Read More
23. 11. 2020 Asset Management, NetEye, Unified Monitoring

Certificate Inventory and Monitoring with NetEye

In the last 10-or-so years, the complexity of enterprise IT applications has greatly increased: each of them can span vertically with multiple (and complex) layers, and each layer can serve applications other than the one that it's part of. And, Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal
net.support@wuerth-phoenix.com

Subscribe to Feed

Article     Comments
Insert your E-Mail address:

Archive