Identity and Location Report
Overview
The Identity and Location Report Display Fields
Report Information and Event Types
Creating New Identity Events
Overview
The Identity and Location report is constructed by associating a network identity like an IP address, or MAC address, to a user identity like a user name, computer name, or domain, and tying that to a location, like a wired switch port, a wireless LAN controller, or VPN gateway. When any element of these associations changes, a new entry is created in the report.
The associations between IP addresses, users, and locations are obtained by combining Windows Active Directory events, DHCP events, and WLAN and VPN logon events, with discovery results to produce a report combining all of this information into a comprehensive listing of users and machines by their identity and location.
The Identity and Location Report Display Fields
The Identity and Location Report contains these display fields:
| Display
Field |
Description |
| IP
Address |
IP adress of a host whose identity and location is recorded in this result. You can view IP addresses with country flags in a map by clicking Locations. |
| MAC
Address |
MAC address of the host |
| User | User associated with this IP Address. Obtained from one of these event types: Windows Domain Logon, WLAN Login, VPN Logon, AAA Authentication. See the section on Report Information and Event Types on this topic for more information. |
| Host
Name |
Obtained from the Windows Domain Logon and WLAN Authentication event types. |
| Domain | Information displayed here depends on the logon event type it was obtained from:
Windows Domain Logon: the Domain name VPN Logon: the reporting IP address of the VPN gateway WLAN Logon: the reporting IP address of the WLAN controller AAA Logon: the reporting IP of the AAA server |
| VLAN ID | For hosts directly attached to a switch, this is the VLAN ID of the switch port |
| Location | For hosts attached to a switch port, this is the switch name, reporting IP address, and interface name |
| First
Seen |
The time at which this entry was first created in the AccelOps Identity and Location table |
| Last
Seen |
The time at which some attribute of this entry was last updated. If there is a conflict, for example a host acquiring a new IP address because of DHCP, then the original entry is closed and a new entry is created. A closed entry will never be updated. |
Report Information and Event Types
This table lists the events and event types that contribute to information in the Identity and Location Report, as well as what information is collected for each type of event.
| IP | MAC | Host Name | User | Domain | VLAN | Location | Contributing Event Types | |
| DHCP Renew Events | x | x | WIN-DHCP-IP-LEASE-RENEW
WIN-DHCP-IP-ASSIGN Linux_DHCPACK Generic_DHCPACK |
|||||
| AD Successful Login
Events |
x | x (resolvable by DNS or in AccelOps CMDB) | x (if in
Event) |
x | Win-Security-540
Win-Security-4624 |
|||
| AAA Successful Login
Events |
x | x | x | Win-IAS-PassedAuth
CisACS_01_PassedAuth |
||||
| VPN Successful Login
Events |
x | x | x | Cisco-VPN3K-IKE/25
ASA-722022 ASA-713228 ASA-713049-Client-VPN-Logon-success |
||||
| WLAN Successful
Login Events |
x (if in
Event) |
x | x (if in
Event) |
x | Cisco-WLC-53-bsnDot11StationAssociate | |||
| WLAN Discovery
Events |
x (if in
Event) |
x | x (if in
Event) |
x | PH_DISCOV_CISCO_WLAN_HOST_LOCATION
PH_DISCOV_ARUBA_WLAN_HOST_LOCATION |
|||
| VoIP Call Manager
Discovery Events |
x | x | x | x | PH_DISCOV_VOIP_PHONE_ID | |||
| AccelOps L2 discovery
Events |
x | x | x (if resolvable by DNS or in AccelOps CMDB) | x | x | PH_DISCOV_HOST_LOCATION |
Creating New Identity Events
There may be a situation in which a new event type is added to AccelOps, and you want to use the parsed attributes of that event in the Identity and Location report. Once you have made sure that the event will parse correctly, you will need to edit the identityDef.xml file for your Supervisor and any Worker nodes in your deployment.
- Log in to your Supervisor host machine as admin.
- Change the directory to /opt/phoenix/config/xml.
- Logon to AccelOps Super as admin
- Edit the xml file:
- Create a new <identityEvent>.
- For <eventType>, enter the ID of the event containing the identity attribute.
- For <eventAttributes>, enter the name of the event attribute and its corresponding identity attribute. For reqd, enter yes if t he event must have this event attribute for use in the identity and location report. Possible location attributes include: ipAddr macAddr computerName domain domainUser aaaUser vpnUser geoCountry geoState geoCity geoLatitude vlanId netEntryPt netEntryPort
- Restart identityMaster and identityWorker
- Repeat for any Worker nodes.
This code sample is an example of a new <identityEvent> entry in the identityDef.xml file