Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

Finding Agent Versions

  • 1.  Finding Agent Versions

    Posted Dec 13, 2011 10:00 AM

    Recently We have had a number of issues where peop;ole are looking for the major versions of their agents for upgrade planning.

    Atttached is a Perl Script (in a WinZip file) we made that is very light weight and uses a Profiler (Policy Server Trace) file to find the information.

    Here is some example OutPut:

    C:\temp\teststuff>agentversions.pl         NEITHER CA, INC. NOR ANY OF ITS SUBSIDIARIES AND AFFILIATES ("CA") NOR ANY COMMUNITY MEMBER SHALL BE LIABLE TO THE OTHER OR ANY OTHER MEMBER OR THIRD PARTY FOR DIRECT, CONSEQUENTIAL, INCIDENTAL, INDIRECT AND/OR SPECIAL DAMAGES FOR ANY CLAIMS ARISING FROM OR IN ANY WAY CONNECTED WITH YOUR DECISION TO ACCESS OR USE ANY SUCH FILES, EVEN IF THE POSSIBILITY OF SUCH DAMAGES IS, OR SHOULD HAVE BEEN, KNOWN.  THESE FILES ARE PROVIDED AS IS WITHOUT ANY WARRANTY OR REPRESENTATION OF ANY KIND EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY/SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGMENT. Your usage of any such Files is at your own risk.  You are solely responsible for testing such Files prior to implementing them in either a test or production environment.  We encourage you to check for any documentation (if provided) by looking in the document comments or on the message boards for a corresponding thread for additional information (if available). It is recommended to deploy/implement in a test or QA environment before implementing in a production environment. Such Files are not covered by CA's Support Policy and Terms.  CA will not under any circumstances support them. Please enter "Yes" to agree to the Disclaimer/EULA and accept all         responsibility for side effects of running this script. Yes Description:         This Program is for finding Agent Versions connecting to a Policy Server         It takes a "Profiler" that uses the following minimal configuration:                 components: IsProtected/Resource_Protection                 data: Message, Data, AgentName, IPAddr Enter input filename: smtracedefault.log Enter output filename: Agents.txt C:\temp\teststuff>

    This sample was a for a singleconnection that was for an front end to an ERP agent. The text file looks like:

    CA SiteMinder Web Agent API checkin Tool This iteration run: Tue Dec 13 09:58:17 2011. Found Version 6.0 Web Agent named "ApacheNative" connecting on IP "::ffff:127.0.0.1" 2 time(s)

    The above is an example of V2.1

    edit:

    This was created with the Perl version 5.12.2 for win32, distribution from ActiveState


    EDIT: V3.0 ihas been added. More information on 3.0 below.
    *** V2.1 tells you how often an isprotected is done which is useful to show if an agent may be causing an high amount of traffic.
    *** V3.0 keys off of the monitoring data which is on a set interval and works slightly differently as a result.


    Edit on 2012-10-19
    Renaming tools.
    AgentVersions is for finding version information only. (3.x line of the previous script)
    AgentCheckin is for how often agents are checing in, and can be used to find major versions as well. (2.x line of the previous script, now its own line since updates may be neeed in the future)

    Attachment(s)

    zip
    AgentVersions.zip   3 KB 1 version
    zip
    AgentCheckin.zip   3 KB 1 version


  • 2.  RE: Finding Agent Versions

    Posted Dec 13, 2011 10:16 AM
    Thanks Josh for posting this. It looks quite useful. Would you have other examples of various runs? It might help the community at large to determine if this is something for them or not.

    -Steve


  • 3.  RE: Finding Agent Versions

     
    Posted Dec 13, 2011 02:33 PM
    Awesome! Thanks Josh for posting this!

    Check it out folks!


  • 4.  RE: Finding Agent Versions

    Posted Dec 14, 2011 05:54 AM
    Good work!!

    Just a question: it works only if Profiler activity is active? We cannot active it in production because it could have a great impact to the performance.

    Pasquale


  • 5.  RE: Finding Agent Versions

    Posted Dec 14, 2011 03:07 PM

    pasquale_russo wrote:

    Good work!!

    Just a question: it works only if Profiler activity is active? We cannot active it in production because it could have a great impact to the performance.

    Pasquale
    Pasquale,

    It was designed to be as minimally intrusive as possible in order to be run in production.
    It takes one component and four data points. For most production purposes the overhead this will add is very low. However I still would suggest verifying in your test environment first

    Sincerely,
    Josh


  • 6.  RE: Finding Agent Versions

    Posted Mar 28, 2012 03:33 PM
    This is great, I do have a question about the smtracedefault.txt file. I'd like to do something similar to do analysis on the profiler logs but I would like to get just the SMMON data. Is there a similar set of component(s) and data points to get SMMON without introducing much overhead.

    Thanks,

    Jeff


  • 7.  RE: Finding Agent Versions

    Posted Apr 11, 2012 08:39 AM
    Sorry Jeffrey, I have not pplayed with the SMMON data enough to have an answer.
    Is there anything in particular within the SMMON data you are looking for?


  • 8.  RE: Finding Agent Versions

    Posted Apr 13, 2012 11:07 AM
    Josh,

    I'm interested in getting the full platform and agent version from the SMMON output.

    <Info>Product=WebAgent,Platform=APACHE22/Unix,Version=6.0QMR06,Update=HF08

    Thanks,

    Jeff


  • 9.  RE: Finding Agent Versions

    Posted May 18, 2012 08:10 AM
    Hi Jeff!

    I did not forget this. I just had to find time to investigate properly.

    Here is the minimal configuration I found for doing this well:
    components: IsAuthorized/Receive_Request
data: AgentName, Message, Data
    it results in a file like:
    [AgentName][Message][Data]
[=========][=======][====]
[iis7internal][Receive request attribute 199, data size is 10][1337341824]
[iis7internal][Receive request attribute 159, data size is 10][1337342608]
[iis7internal][Receive request attribute 165, data size is 1][5]
[iis7internal][Receive request attribute 166, data size is 3][128]
[iis7internal][Receive request attribute 148, data size is 1][1]
[iis7internal][Receive request attribute 149, data size is 0][]
[iis7internal][Receive request attribute 145, data size is 1613][<SMMON:ComponentRegistered xmlns:SMMON='http://netegrity.com/monitor'><Host HostId='127.0.0.1'><SmComponent CompPath='Agent;3548'></SmComponent></Host></SMMON:ComponentRegistered><SMMON:ComponentData xmlns:SMMON='http://netegrity.com/monitor'><Host HostId='127.0.0.1'><SmComponent CompPath='Agent;3548' Version='12.0QMR03'><Name>internaliis</Name><Info>Product=WebAgent,Platform=IIS70/Windows,Version=12.0QMR03,Update=HF09,Label=547,FileVersion=12.0.0309.547,UTC=1337341824,TZ=5,Crypto=128</Info><ResourceCacheHits>2</ResourceCacheHits><ResourceCacheMisses>2</ResourceCacheMisses><UserSessionCacheHits>0</UserSessionCacheHits><UserSessionCacheMisses>2</UserSessionCacheMisses><IsProtectedCount>2</IsProtectedCount><IsProtectedErrors>0</IsProtectedErrors><LoginCount>2</LoginCount><LoginErrors>0</LoginErrors><LoginFailures>1</LoginFailures><ValidationCount>0</ValidationCount><ValidationErrors>0</ValidationErrors><ValidationFailures>0</ValidationFailures><AuthorizeCount>1</AuthorizeCount><AuthorizeErrors>0</AuthorizeErrors><AuthorizeFailures>0</AuthorizeFailures><CrosssiteScriptHits>0</CrosssiteScriptHits><BadURLCharsHits>0</BadURLCharsHits><BadCookieHitsCount>0</BadCookieHitsCount><ExpiredCookieHitsCount>0</ExpiredCookieHitsCount><IsProtectedAvgTime>16</IsProtectedAvgTime><LoginAvgTime>563</LoginAvgTime><ValidationAvgTime>0</ValidationAvgTime><AuthorizeAvgTime>15</AuthorizeAvgTime><ResourceCacheCount>2</ResourceCacheCount><UserSessionCacheCount>1</UserSessionCacheCount><ResourceCacheMax>1000</ResourceCacheMax><UserSessionCacheMax>1000</UserSessionCacheMax></SmComponent></Host></SMMON:ComponentData>]
    i'm now trying to improve the script based upon this.


  • 10.  RE: Finding Agent Versions

    Posted May 18, 2012 08:15 AM
    Josh,

    Thanks for the response!

    -Jeff


  • 11.  RE: Finding Agent Versions

    Posted May 18, 2012 09:12 AM
      |   view attached
    Consider the script improved!

    new output looks like:
    CA SiteMinder Web Agent Detection Tool

This iteration run: Fri May 18 09:07:53 2012.

Found Agent internaliis reporting in from 127.0.0.1 on IIS70/Windows of version 12.0.0309.547 1 time(s)

    Attachment(s)

    zip
    agentversions.3.0.zip   3 KB 1 version


  • 12.  RE: Finding Agent Versions

    Posted May 18, 2012 10:37 AM
    Hi all,

    Here is an overview of the two versions of the tools and how they differe in use and purpose. Both were designed for minimally intrusive profiler settings.

    Version 3.0 is what you will want to determine what is out there for upgrades. It uses the following Profiler Configuration 
    components: IsAuthorized/Receive_Request
data: Message, Data
    It will print out something like: 
    CA SiteMinder Web Agent Detection Tool

This iteration run: Fri May 18 09:07:53 2012.

Found Agent internaliis reporting in from 127.0.0.1 on IIS70/Windows of version 12.0.0309.547 1 time(s)
    V3.0 works on the SMMON data that is sent by all 6.0 and higher agents. (i cannot confirm that it is sent by 5.x and earlier agents, but it may be)
    It will tell you the precise versions in a way that allows for support to know if you even have a non-standard build.

    It can be used with this matrix to find the GA version (requires login): ]https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={63E0DF28-0078-487B-8F91-CF3497D82EF7}

    The File Version looks like “12.0.0309.547” and can be broken into [Major Version].[Service Pack][Cumulative Release].[Build Number] or in the example, [12.0].[03][09].[547]

    V2.1 uses Profiler Configuration: 
    components: IsProtected/Resource_Protection
data: Message, Data, AgentName, IPAddr
    This works off of a combination of points and tells you how many insprotected calls were made by the particular web agent. This will work with 3.0, 4.0, 4.1, 5. and a final api check in for 6.0/12/0/12.5 agents.
    It also will show custom agents that don't properly identify their agent type.

    This will look something like: 
        CA SiteMinder Web Agent API checkin Tool
    This iteration run: Tue Dec 13 09:58:17 2011.

Found Version 6.0 Web Agent named "ApacheNative" connecting on IP "::ffff:127.0.0.1" 2 time(s)
    By telling you how many isprotected scalls were done you can tell if a particular agent is in heavy use, or even causing some types of problems such as high "high-priority" thread counts.

    This difference allows for both to be useful, and in different ways.

    Feel free to ask further questions.

    Attachment(s)

    zip
    AgentVersions.3.0.zip   3 KB 1 version
    zip
    AgentVersions.2.1.zip   2 KB 1 version