Troubleshooting and Best Practices for IBM BigFix Web Reports

Troubleshooting and Best Practices for IBM® BigFix® Web Reports IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to li...
Author: Lewis Lamb
15 downloads 0 Views 1MB Size
Troubleshooting and Best Practices for IBM® BigFix® Web Reports IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio.

USA toll-free: 866-803-2141-2141 USA toll: 1-203-607-0460 Participant passcode: 7402573 Additional phone numbers in Open Mic techdoc:

https://ibm.biz/BdrEj9

NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING THE CALL, AS WELL AS TO IBM’S USE OF SUCH

July 26, 2016

RECORDING IN ANY AND ALL MEDIA, INCLUDING FOR VIDEO POSTINGS ON YOUTUBE. IF YOU OBJECT, PLEASE DO NOT CONNECT TO THIS CALL.

Panelists • Presenter: ̶

Hubert Fort – Level 2 Support Engineer for IBM Bigfix

• Panelists: ̶ ̶

Adam McDonald - Level 2 Support Engineer for IBM BigFix Nathan Hanner – Level 2 support Engineer for IBM Bigfix Aram Eblighatian – Solutions Architect for IBM Bigfix ̶

• Moderator: ̶

2

Steven Kyle - BigFix and MobileFirst Protect Team Lead

IBM Security

Agenda • Configuring Web Reports: Requirements, Deploying • Configuring Web Reports: LDAP/Active Directory • Configuring Web Reports: SSL/https • Configuring Web Reports: Settings • Web Reports: Navigating (Explore Data, Reports List)

• Web Reports: Administration • Web Reports: Troubleshooting

3

IBM Security

Configuring Web Reports Requirements, Deploying

Requirements • Can install Web Reports stand-alone or on same machine with its database • Starting with version 9.2.3, only supports 64 bit architecture • Performance is related to CPU and memory size of machine • Greater than 30000 endpoints would benefit from stand-alone setup

5

IBM Security

Deploying a stand-alone server • When installing, select remote database • When selecting core components, only select Web Reports • Specify the database login and authentication method ̶

NT Authentication or SQL Authentication

• Create a new key in the Web Reports registry: ̶ ̶

6

HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Installer: Hostname= Contains FQDN of stand-alone server

IBM Security

Deploying: Session inactivity setting • Limit of the session on the user interface • REG_SZ keyword named InactivityTimeoutLength ̶ ̶ ̶

7

In minutes HKEY_LOCAL_MACHINE\Software\Wow6432Node\BigFix\Enterprise Server\BESReports [Software\BigFix\Enterprise Server\BESReports] – beswebreports.config for linux

IBM Security

Configuring Web Reports LDAP

Integrating Web Reports with LDAP • First add LDAP server to BigFix Server

9

IBM Security

Integrating Web Reports with LDAP • Log in to the Web Reports using a user with Administrator privileges, and navigate to Administration > User Management:

• Click the LDAP Group permissions to see the list of the available directories among the known datasources:

10

IBM Security

Integrating Web Reports with LDAP • Click a directory to list all its users and groups:

11

IBM Security

Integrating Web Reports with LDAP • Select users or groups…

12

IBM Security

Integrating Web Reports with LDAP • Assign users or groups to the Web Reports roles:

13

IBM Security

Integrating Web Reports with LDAP • You can now log in as the LDAP user:

14

IBM Security

Setting number of LDAP entries to display • LDAPSearchMaxResults ̶

Applies to ldap queries of users or groups

• Setting for windows registry ̶

HKEY_LOCAL_MACHINE\Software\Wow6432Node\BigFix\Enterprise Server\BESReports

• Setting for Linux webreports.config file ̶

15

[Software\BigFix\Enterprise Server\BESReports]

IBM Security

Configuring Web Reports Active Directory

Integrating Web Reports with Active Directory • Log in to Web Reports as Administrator user • Navigate to Administration → User Management' • Click Active Directory Permissions link • Enter Active Directory Credentials

17

IBM Security

Integrating Web Reports with Active Directory • Select a domain name

18

IBM Security

Integrating Web Reports with Active Directory • Select the user container

19

IBM Security

Integrating Web Reports with Active Directory • Select domain groups or users, click Assign roles, and choose the roles or permissions that you want to assign to them:

20

IBM Security

Configuring Web Reports SSL / HTTPS

Settings for SSL / HTTPS in Web Reports • WebReports_HTTPServer_UseSSLFlag set to 1 • _WebReports_HTTPServer_SSLCertificateFilePath set to path of certificate file on server … e.g. “c:\certificate\cert.pem” • _WebReports_HTTPServer_PortNumber is normally set to 443

• To redirect http listening port to https ̶ ̶

22

_WebReports_HTTPRedirect_Enabled to 1 _WebReports_HTTPRedirect_PortNumber

IBM Security

Configuring Web Reports Settings

Settings for SSL / HTTPS in Web Reports

24

IBM Security

Setting Login Lockout Settings for Web Reports • Go to IBM Bigfix Console to set Login Lockout Settings ̶ ̶

25

_WebReports_Authentication_LockoutDurationSeconds _WebReports_Authentication_LockoutThreshold

IBM Security

Web Reports Navigating around Web Reports

Major Links in Web Reports • Explore Data • Report List • Administration

27

IBM Security

Web Reports Explore Data

Explore Data

29

IBM Security

Explore Data: Computers • Create a filter to display your custom information • Choose type of information

30

IBM Security

Explore Data: Computers • Select a property • Select an operator • Save filter

31

IBM Security

Explore Data: Content

32

IBM Security

Explore Data: Actions

33

IBM Security

Web Reports Report List

Report List Data Link

35

IBM Security

Report List Data Link

36

IBM Security

Report List Data Link • Which computers need remediation • Select column to display

37

IBM Security

Report Charts • Ordinary Charts • Historical Charts • Configure Chart

• Start Date/Time, End Date/Time • Group by Hour, Day, Week

38

IBM Security

Link to New Web Reports Out of The Box • https://ibm.biz/BdXKuU is “New Web Reports Overview” • Must turn on the analyses for these reports that returns the results • Link gives a description of what each report does

39

IBM Security

Link to some cool compliance reports

https://ibm.biz/Bdrs3Y is “BigFix Custom Reports”

40

IBM Security

Web Reports Administration

Administration

42

IBM Security

Administration – Setting up Email • Enter SMTP server name • Test connection

43

IBM Security

Administration – Setting up Email • Add email addresses to contact list

44

IBM Security

Administration: Schedule Activities • Select an existing report to schedule

45

IBM Security

Administration: Adding Datasource • Link to IBM Bigfix data to report on (BFEnterprise) • Must enter master operator credentials - just used this once

46

IBM Security

Administration – User Management - Create a Role • Create a Role – Filter the role

47

IBM Security

Administration: User Management • Create a User

48

IBM Security

Web Reports Troubleshooting

Troubleshooting: Errors • When have errors turn on Web Reports logging • Need to clear errors from Web Reports ̶

50

Clear errors link

IBM Security

Troubleshooting: Errors • Web Reports server registry • HKLM\Software\BigFix\Enterprise Server\BESReports ̶

̶

̶ ̶

51

"LogOn" (dword) • 0 for log off, 1 for on "EnabledLogs" (string) • "all“ • or a subset of "critical; debug; memory; performance; timing; database" "LogPath" (string) • full path to log file (i.e. "C:\program files\BigFix Enterprise\BES Server\WR.log") "Debug" (string) • "1" will display more detail for errors inside the web reports user interface.

IBM Security

Troubleshooting: Issue displaying all AD users • Web Reports service not running as AD service account • Set Registry Value on Web Reports Server ̶ ̶

UseLegacyADLogin Set to 1

• Found here in registry ̶

HKLM\Software\BigFix\EnterpriseServer\BESReports

• Allows login to AD using AD domain username and password

52

IBM Security

Troubleshooting: Report Results Incorrect • Not the correct number of results in report or blank results • Sometimes the amount of data returned is larger than the http max line buffer • Error seen in Web Reports Log ̶

53

CAUGHT EXCEPTION ON BACKGROUND THREAD: Error414 – --Request-URI Too Long... A background server data exception occurred for datasource xxxxxx

IBM Security

Troubleshooting: Report Results Incorrect • Set this setting on Web Reports server ̶ ̶

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client _BESRelay_HTTPServer_MaxRequestLineLength Set the value to 65536 (double the default setting).

• If the issue still occurs raise the value until it no longer happens.

54

IBM Security

Troubleshooting: Display Stored Stats • http://:/webreports?page=StoreStats

55

IBM Security

Troubleshooting: Web Reports QNA

56

IBM Security

Questions for the panel Now is your opportunity to ask questions of our panelists. To ask a question now: Press *1 to ask a question over the phone or Type your question into the IBM Connections Cloud Meeting chat

To ask a question after this presentation: You are encouraged to participate in our Forum on this topic - https://ibm.biz/Bdrs36

57

IBM Security

Where do you get more information? • Questions on this or other topics can be directed to the dW Answers forum: • https://developer.ibm.com/answers/topics/bigfix-openmic/ • https://developer.ibm.com/answers/topics/bigfix/

More articles you can review: •

Technote 7048423 on this event: https://ibm.biz/BdrEj9



IBM developerWorks articles: https://ibm.biz/Bdrs3k



IBM Knowledge Center: https://ibm.biz/Bdrs3t

Useful links: Get started with IBM Security Support IBM Support Portal | Sign up for “My Notifications”

Follow us:

58

IBM Security

THANK YOU FOLLOW US ON: https://www.facebook.com/IBM-Security-Support-221766828033861/

youtube/user/ibmsecuritysupport @askibmsecurity securityintelligence.com xforce.ibmcloud.com

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informati onal purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.

Suggest Documents