Remote Device Activity Capture
1 Select Start>>Settings>>Control Panel>>Add or Remove Programs.
2 Click once on the WinPcap listing.
3 Click Remove.
4 Click Yes when asked if you want to completely remove the application and features. When the
uninstallation is complete, the Uninstall Complete window appears:
5 Select one of the options and click Finish.
Sentriant AG to Infoblox Connector
Infoblox™ is a DHCP server appliance that writes to syslog when it vends IP addresses. These syslog
messages (DHCPACK syslog lines) are translated and forwarded to the Sentriant AG Device Activity
Capturer (DAC) by way of the connector (
NOTE
Please verify that your Infoblox software is current (NIOS™ 4.1r5-0 or later).
NOTE
After you upgrade or perform a new installation, the connector file (syslog-to-dac.py) is in the following directory:
/usr/local/nac/bin
Configuring the Infoblox Server
You must configure syslog on the Infoblox server to send debug level DHCP logs to the Sentriant AG
ES IPs on TCP port 514, using the local3 facility. The actual steps to set this up may vary by NIOS.
Contact Infoblox support for assistance (http://www.infoblox.com/support/).
If the Infoblox DHCP is clustered, there is a floating/management IP and multiple LAN IPs (one for each
of the nodes in the DHCP cluster). In this configuration:
The switches must be configured to forward DHCP requests (using iphelper, for example) to the
●
floating/management IP (not the individual LAN IPs)
The iptables firewall on the ESs should be configured to allow syslog traffic from the individual
●
LAN IPs (one entry per Infoblox DHCP node).
Configuring Sentriant AG
To configure Sentriant AG:
Home window>>System configuration>>Select an enforcement cluster>>Quarantining
284
).
syslog-to-dac.py
Sentriant AG Software Users Guide, Version 5.3