Symantec Access Management

Hi All,

I want to get the agent creation date for all agents. Could you please help me in how to extract this information?

Regards,

Vivek Thakur

Vivek, Agent install log gives you the install date, but the host registration date you'll get from the time stamp of the SmHost.conf file, for example.

Rgds.,- Vijay

Hello Vijay,

Thanks for your reply. 

Actually this date we need for all webagent. So we can't opt this process. 

We want this data since we are planning for policy store cleanup.

Regards,

Vivek Thakur

Vivek

Trying to understand the thought process OR value behind collecting Web Agent creation date for PStore cleanup. What we really want is when was the Web Agent last used e.g. Created a Web Agent 5 years ago for an App-1, but that Web Agent is still sending request VS Created a Web Agent 2 years ago for an App-2, which has been decomm'ed hence no request from that Web Agent. Typically what Web Agents are still active could be identified from policy server audit logs (other alternatives is enabling Agent Instances feature OR SNMP OR OneView Monitor OR CA APM for SSO, but I'd personally doing it via audit logs for sake of simplicity/ease).

Nevertheless since the question has been asked for how to collect creation date.

Using XPSExplorer, If we choose to view an object, it does display the creation date. 

Note : Creation Date may not reflect the actual creation date, because it may have been re-registered. We can run the same approach for Agent Objects as well.

I'd suggest normally, export all Trusted Host Object to Xcart and then onto a output file and / OR Using REST API (R12.8) and / OR Using SDK e.g. PERL API, although I'm not very confident, if the creation date is exposed via either of these options.

Hello Dennis,

Thanks for the detailed explanation.

Actually we want to delete those agents which were created before six months and there is no request from them. There are more than two thousand agents , so doing this task manually is not possible. So we are looking for any feasible way to get the details of agent creation (registration). 

And from audit logs we already got the details of agent which are sending request to our policy servers.

Regards,

Vivek Thakur

Vivek,

You can use SMPolicyReader to check the creation date of all the agents.

You can download the same from here - Siteminder Policy Reader 

Regards,

Pankaj

Hello Pankaj,

Thanks !

But its not feasible to get the agent creation details manually for more than two thousand agents from SMPolcyReader.

So looking for any feasible method to get the details.

Regards

Vivek

Hi Vivek,

In that case, I would suggest you explore javadmsapi. It allows you to connect to the Policy server using Java code. 

It should allow you to fetch agents details with a Java program.

You can get more info here - Programming in Java - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation 

Regards,

Pankaj

If we do an XPSEXPORT of the Policy Store. This information is present. Refer below Table.

Then we can create a small shell script which does a search for Object Class="CA.SM.Agent". This will return all the lines with needed info that you are looking for, for all Agents.

All we need is the first line i.e. 

<Object Class="CA.SM::Agent" Xid="CA.SM::Agent@01-0003b620-e967-12e9-b372-00017f00d086" CreatedDateTime="2014-05-01T18:20:39" ModifiedDateTime="2014-05-01T18:20:39" UpdatedBy="XPSDictionary::Import" UpdateMethod="Internal" ExportType="Add">

Then we can sort OR apply any further as needed to this output.

NOTE :- The same applies for ANY object TYPE.

Hello Dennis,

Thanks for the help. Now I am able to extract the details.

Regards,

Vivek