Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Auto-update of Custom User Lookup Table

Created: 16 Jul 2007 • Updated: 22 May 2010 | 16 comments
lukaszfr's picture

Hello,

Is it possible to prepare custom lookup table, which will be updated without user activity e.g. by periodically executed script? If yes, what steps are required to do that?

Thanks,
Antilles

Comments 16 CommentsJump to latest comment

Jake Schlachter's picture

Looking into this, will have an answer soon.

An excellent enhancement suggestion I have heard is to allow the reading and populating of these Custom Lookup Tables via our Web Services interface.  Would something like that solve your problem?

cheers,

Jake

lukaszfr's picture

Of course, if the auto-update of lookup tables will be provided by Web Services interface it will be good solution. But possiblity of doing the same table update in different way (such as shell script) will be also good thing. I modified *.tab files directly on appliance but these changes weren't visible in SSIM console (even after reboot).

Regards,
Antilles

Paul Murgatroyd's picture
hey antilles, probably the best thing for you to do at the moment is contact support - they may be able to help you out.
 
p.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

lukaszfr's picture

Hi Paul,
Your previous answer gives me important clue about location of lookup tables data (other than files), now I will test it and in case of further questions I will consider contact support. Thanks anyway.

Regards,
Antilles

Paul Murgatroyd's picture
no problem, just make sure you take a full backup before you start doing anything and be fully aware that what you are doing is UNSUPPORTED.
 
p.
 
 

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

lukaszfr's picture

Yes, I'm aware of that.
Part of my questions regards unsupported or probably unsupported features, even so I'd like to test at least some of them to get wider knowledge about SSIM potential capabilities.
Antilles.

AL76's picture

I have done some work on this, using a JAVA application to update the respective look up table. Let me know if you are still keen on this.

Alan Lee

Sr Manager, Regional Product Management, APJ

Enterprise Security, Mobility & Management

lukaszfr's picture

Yes, it's still an issue for me, maybe not critical but possibility of lookup table auto-update is quite desirable.
I've done this by modifying LDAP entries and it's generally works but due to lack of support for it I didn't use this in production environment.
Of course using Java application is more proper and better way to do that.

rafael.nunes's picture

Hi antilles, i have the same problem, i find some flies that reflect the same data of the lookup tables, when i change it on OS and restart the SSIM, the console don´t show the changes. Can you pass me your solution?

Regards,
Rafael.

rafael.nunes's picture

Hi antilles, i have the same problem, i find some flies that reflect the same data of the lookup tables, when i change it on OS and restart the SSIM, the console don´t show the changes. Can you pass me your solution?

Regards,
Rafael.

lukaszfr's picture

Hi Rafael,

Those tables definitions and their content are stored in LDAP database, so you may use any LDAP browser to determine exact path to specific user lookup table and then you can write a script or other piece of code which helps you to automate update of this LDAP entry.

But you must be aware that - as Paul Murgatroyd wrote before - this solution is not supported so if you really need to use it, do it very carefully.

Regards,
Antilles

DVorel's picture

Hi,

please, do you have working solution for this ?

I tried to modify lookup table in LDAP directly, but SSIM "locked" this modified table and thus table is not usable at all.

Thank you

Intasunta N.'s picture

Hi DVorel

Have you login as root level of LDAP ?
Just make sure you've a right authorize level to modify the content.

DVorel's picture

Hi Intasunta

Login seems work fine and LDAP content is modified as well.

If I modify (add or delete) data in lookup table directly via LDAP (cisProperty), in GUI is this table completelly empty, even structure of lookup table is not visible. Restarts of GUI/SSIM, changes in symcMetaData, symcSequenceRevision or in /opt/Symantec/simserver/simcm/tables/*.tab files did not help.
Lookup table example (table name is testos):

dn: orderedCimKeys=Symc_Setting.SettingID\=testos,cn=Lookup
Tables,cn=Rule Eng
 ine,cn=SIM,ou=Administration,dc=sample,dc=ses,o=symc_ses
orderedCimKeys: Symc_Setting.SettingID=testos
cisProperty::
JXR5cGVzLHRleHQKJW5hbWVzLCJmZGFmZHNmYXNkZiIKCiJmZHNhZmFzZGZzZiI
 KImZkYWZzZGZhcyIKImZkYWZhZmFzZGZhc2Zhc2RmIgoiamtqbGoiCiJmZGFzZnNkZmFzZnNkZiI
 =
dlmCaption: testos
dlmDescription: Lookup Table
dlmSettingID: testos
objectclass: top
objectclass: dlm1ManagedElement
objectclass: dlm1Setting
objectclass: symc1Setting
objectclass: symc1SettingInstance
symcMetaData::
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPENvbmZpZy
 ByZWFkT25seT0iZmFsc2UiIGVuYWJsZWQ9ImZhbHNlIiB2ZXJzaW9uPSIxIiBzY2hlbWFWZXJzaW
 9uPSIyIj4KICA8RGVzY3JpcHRpb24gLz4KICA8SGlzdG9yeT4KICAgIDxNb2RpZmljYXRpb24gdX
 Nlcj0iZHZvcmVsIiBkYXRlPSIxMjUyOTI3OTY0MDI1IiAvPgogICAgPE1vZGlmaWNhdGlvbiB1c2
 VyPSJkdm9yZWwiIGRhdGU9IjEyNTI5MjgwMzMxOTciIC8+CiAgICA8TW9kaWZpY2F0aW9uIHVzZX
 I9ImR2b3JlbCIgZGF0ZT0iMTI1MjkyODI3NTA1NiIgLz4KICAgIDxNb2RpZmljYXRpb24gdXNlcj
 0iZHZvcmVsIiBkYXRlPSIxMjUyOTI4NTEwODUzIiAvPgogICAgPE1vZGlmaWNhdGlvbiB1c2VyPS
 Jkdm9yZWwiIGRhdGU9IjEyNTI5Mjg3MzkxMTkiIC8+CiAgICA8TW9kaWZpY2F0aW9uIHVzZXI9Im
 R2b3JlbCIgZGF0ZT0iMTI1MjkyODg0NTc3NSIgLz4KICA8L0hpc3Rvcnk+CjwvQ29uZmlnPgoK
symcSequenceName: testos
symcSequenceRevision: 20090914114727.250Z


LDAP search example:

ldapsearch -h localhost  -Z -K /etc/symantec/ses/key.kdb -b "cn=Lookup Tables,cn=Rule Engine,cn=SIM,ou=Administration,dc=sample,dc=ses,o=symc_ses" -D 'USERID=ADMINISTRATOR,OU=PEOPLE,DC=SAMPLE,DC=SES,O=SYMC_SES' -w rootpassword   "objectclass=*"


I appreciate any help
DVorel's picture

None of you do not use dynamic lookup tables (in some way, CLI / LDAP) ?