arnold
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
arnold [2012/11/12 08:57] bredal [The web-interface] |
arnold [2012/11/12 09:23] bredal [NAV 3.13] |
||
|---|---|---|---|
| Line 13: | Line 13: | ||
| :!: NB: It is important that the write-community is set in the NAV-database, otherwise Arnold will not be able to detain or enable ports on the switch. You specifiy write community when you add or edit a new netbox in the [[seedessentials#registering_a_new_ip_device|seed database tool]]. | :!: NB: It is important that the write-community is set in the NAV-database, otherwise Arnold will not be able to detain or enable ports on the switch. You specifiy write community when you add or edit a new netbox in the [[seedessentials#registering_a_new_ip_device|seed database tool]]. | ||
| - | Arnold does not scan or in any other way detect or judge mischievers, it leaves that to the persons or scripts giving it input. It is like the executioner getting the "Chop"-signal, happily blocking away doing its job. | ||
| - | ===== New features in arnold v2 ===== | ||
| - | |||
| - | The main addition to arnold in version 2 (that came with NAV 3.4) is the ability to change vlans on ports instead of just blocking them. This is done so that if you have available quarantine vlans defined on your network, you can put computers on those vlans instead of blocking them. Putting computers in a quarantine vlan is more helpful and convenient for the user of the computer than suddenly losing the internet connection, which often leads to frustration and helpdesk calls. The action of changing a vlan on a port with the help of Arnold is called a //quarantine//. | ||
| - | |||
| - | Other new features: | ||
| - | * Totally rewritten in python to better interface with the rest of NAV. | ||
| - | * Arnold Python module makes it easy for developers to use arnold-functionality in other scripts and webpages. | ||
| - | * New concept - //detention// - introduced. A detention is the action done to a computer to "punish" it, and refers to both a quarantine and a block. | ||
| - | * Both ip and mac-addresses may be used to detain a computer. | ||
| - | * Given address does not have to be active at the moment to be detained. | ||
| - | * More and better options when enabling (enable also refers to "unquarantining") ports. | ||
| - | * Vlans can now be specified to limit the area of a predefined detention. If an address is outside or moves outside this area, a detention will not be enforced. | ||
| ====== Running Arnold ====== | ====== Running Arnold ====== | ||
| Line 76: | Line 63: | ||
| ===== The scripts ===== | ===== The scripts ===== | ||
| - | Arnold consists of four scripts, which all are located in the ''nav/bin'' directory. | + | Arnold consists of three scripts, which all are located in the ''nav/bin'' directory. |
| - | * **arnold.py:** is a script that gives you basic arnold-functions from a shell. Using the webinterface is preferred though. | ||
| * **autoenable.py:** enables ports based on the autoenable-variable. | * **autoenable.py:** enables ports based on the autoenable-variable. | ||
| * **start_arnold.py:** is used in combination with a //predefined detention// to invoke a series of detentions. | * **start_arnold.py:** is used in combination with a //predefined detention// to invoke a series of detentions. | ||
| Line 121: | Line 107: | ||
| * **arnold** is the section that contains information about what database to use and on what networking equipment Arnold should be able to detain ports. You also define email-addresses here. | * **arnold** is the section that contains information about what database to use and on what networking equipment Arnold should be able to detain ports. You also define email-addresses here. | ||
| - | * **loglevel** defines the different loglevel for each of arnold's scripts (the webinterface logs to the default weblog-file, and that loglevel is not defined here). | + | * **loglevel** :!: is not in use anymore. Use logging.conf for setting specific loglevels. |
| * **arnoldweb** has just one config option, which sets the default detention method when loading the webinterface. | * **arnoldweb** has just one config option, which sets the default detention method when loading the webinterface. | ||
| Line 138: | Line 124: | ||
| The arnold scripts logs to individual files stored in ''nav/var/log/arnold''. The webinterface logs to STDERR, which apache most probably puts in it's error.log. The loglevel used for each script is defined in logging.conf. | The arnold scripts logs to individual files stored in ''nav/var/log/arnold''. The webinterface logs to STDERR, which apache most probably puts in it's error.log. The loglevel used for each script is defined in logging.conf. | ||
| + | |||
| + | ====== Changes ====== | ||
| + | |||
| + | ===== NAV 3.13 ===== | ||
| + | |||
| + | Arnold needed to be rewritten to not use mod_python and to use django models. Also, the code was in dire need of a cleanup. The rewrite tried to make as little changes as possible and at the same time fix the bugs that were reported. | ||
| + | |||
| + | Some changes were introduced though: | ||
| + | * The shell-script for interacting with arnold is gone. If there is an outcry for it, it will be reintroduced. | ||
| + | * The workflow when manually detaining was altered to something better. | ||
| + | * The reasons used for automatic detentions are no longer available when manually detaining. This is done to be able to differ between manual and automatic detentions. If you detain for the same reason both manually and automatically, just create two similar reasons. | ||
| + | * Logleves are no longer set in arnold.conf. Use logging.conf to alter loglevels for the scripts and web. | ||
| + | * Some bugs were found that was not reported. | ||
| + | * The "Open on move"-option in a predefined detention was never used. This is fixed. | ||
| + | * Pursuing was not done in some cases. | ||
| + | * Reported bugs that are fixed: | ||
| + | * #341703 Manual detention does not pursue client | ||
| + | * #361530 Predefined detention does not exponentially increase detentions | ||
| + | * #744932 Arnold should give warning if snmp write is not configured | ||
| + | |||
| + | ===== NAV 3.4 ===== | ||
| + | |||
| + | The main addition to arnold in version 2 (that came with NAV 3.4) is the ability to change vlans on ports instead of just blocking them. This is done so that if you have available quarantine vlans defined on your network, you can put computers on those vlans instead of blocking them. Putting computers in a quarantine vlan is more helpful and convenient for the user of the computer than suddenly losing the internet connection, which often leads to frustration and helpdesk calls. The action of changing a vlan on a port with the help of Arnold is called a //quarantine//. | ||
| + | |||
| + | Other new features: | ||
| + | * Totally rewritten in python to better interface with the rest of NAV. | ||
| + | * Arnold Python module makes it easy for developers to use arnold-functionality in other scripts and webpages. | ||
| + | * New concept - //detention// - introduced. A detention is the action done to a computer to "punish" it, and refers to both a quarantine and a block. | ||
| + | * Both ip and mac-addresses may be used to detain a computer. | ||
| + | * Given address does not have to be active at the moment to be detained. | ||
| + | * More and better options when enabling (enable also refers to "unquarantining") ports. | ||
| + | * Vlans can now be specified to limit the area of a predefined detention. If an address is outside or moves outside this area, a detention will not be enforced. | ||
arnold.txt ยท Last modified: 2016/01/06 13:54 by morten
Page Tools
