Scripts for Policy Check in ESM
Updated: 11 Jun 2010 | 11 comments
This issue has been solved. See solution.
Do we have Scripts for running ESM Policy Runs or can you tell me what is this CLI command to run a policy run externally.
discussion Filed Under:
Comments
CLI Command
Hi,
You can probaly use following command to do policy run using CLI:
> run job policy_name domain_name
User can also provide agent names, modules etc. See the help of this command below:
run job [-a agent1,agent2,..] [-m module1,module2,...] [-v name] [-c count] policy_name domain_name
Run a policy against a domain
-a specify agents within the domain
-m specify modules within the policy
-v variable name to receive the job id for use in later CLI commands
-c maximum module message count
For example:
esm> run job -v myjobid "Phase 1" "All Agents"
esm> show job %myjobid%
As mentioned, show job <job_id> can be used to check the status of the job.
Thanks let me check..
Thanks let me check..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Does the complete the Policy
Does the CLI complete the Policy run faster than GUI or is it the same thing ?
say i have a server name and want to find which ESM manager it is registered to how to find it Via command Line?
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi Vikram, Adding further,
Hi Vikram,
Adding further, ESM CLI also has batch command feature, where by, you can provide all the arguments to esmc.exe (ESM CLI) and it will do the job for you. This way you can skip the interactive mode. So, for example if you have shell scripts (which are triggered by some scheduled batch scripts) wrappers to do the same, you can write commands like below inside it.
<<your shell script start>>
...
....
<path-to-esmc> -m <Manager> -U <username> -P <Password> run job -m <module-1>, <module-2> <policy-name> <domain-name>
...
...
<<your shell script end>>
You just need to take care that the shell script wrapper has access to username and password which is to be passed to esmc.
Additionally you can redirect the outout to some log file of your choice.
Hope this helps.
Hi Vikram, Internally CLI
Hi Vikram,
Internally CLI does the same thing as Console, so there won't be any difference in time to do policy run.
CLI always runs commands for a particular manager. You provide manager credentials through script or login command. Then there are commands like show domains and show agents to know registered agents with that manager. I hope this satisfies your query.
Automate
Does ESM 6.5.3support CLI method for Report generation ?
Yes
Yes, 6.5.3 does supprt 'view report' command from CLI.
Regards,
-Rupali
Hi, Am trying to automate my
Hi,
Am trying to automate my daily ESM report generation process. Currently am generating using the console manually.
But i want to automate this process using batch script. The ESM console version am using is 6.5.3.
Based on the inputs from u guys in this thread, i tried to write a batch script including CLI options as follows,
@echo off
cd "C:\Program Files\Symantec\Symantec ESM Enterprise Console\"
run esm.exe -m managername -U consoleloginname -P consoleloginpassword run job -m agentname policyname Domainname >> test.mht
Is this correct ? Since, am new to this, your help would be highly appreciated.
Thanks in advance guys :-)
Hi, I read from a thread in
Hi,
I read from a thread in this forum that scheduled job can be created using ESM console and the report can be sent to the user via email,
https://www-secure.symantec.com/connect/forums/sen...
Anyone can help me to show the steps to do the same using ESM console version 6.5.3
Thanks in advance
About Report Generation using CLI
Creating a batch file that specifies a policy: an example
This example shows how to create a batch file that runs the Phase 1 policy on agents in the Windows 2000 Agents domain. The batch file produces a Summary Security report.
Variables:
Platform Windows 2000
Manager name GS100
Domain Windows 2000 agents
Agent GS101
Network transport layer TCP
Port 5600
User name ESM
Password pass+24
Batch file name phase1.esm
Policy name Phase 1t.
The Run command initiates a policy run on the specified domain. The Sleep command makes the CLI wait for each policy run to complete before continuing. The View report command displays the resulting security information.
To create a batch file
1 In a text editor, create the phase1.esm batch file. This file contains the following commands:
run job "Phase 1" "Windows 2000 Agents"
sleep -j 0
view report "Phase 1" GS101 account 0
2 In the file, type a separate view report command for each of the other modules in the policy.
3 Save the phase1.esm batch file in the directory that contains the esmc executable.
To run the batch file
1 Access the operating system command prompt. (On the Manager)
2 Change to the directory that contains the esmc executable and batch file.
3 Type esmc -t -p 5600 -m GS100 -U ESM -P pass+24 -b phase1.esm to run the batch file.
For example:
C:\>cd "program files"\symantec\Enterprise Security Manager\esm\bin\nt-ix86
C:\Program Files\Symantec\Enterprise SecurityManager\ESM\bin\nt-ix86> esmc -t -p 5600 -m GS100 -U ESM -P pass+24 -b phase1.esm
run job "Phase 1" "Windows 2000 Agents"
Job 47 submitted
sleep -j 0
view report "Phase 1" GS101 account 0
About scheduling a policy run
For scheduling policy runs you can use policy run wizard.
To launch the policy run wizard
1. Go to Policy runs node, right click and say 'New'
OR
2. Go to toolbar and click the 'Policy run wizard' Icon.
For the detailed information regarding which the steps to follow, you can check the documentation (adminguide.pdf)
Section - Performing policy runs
Please let me know if you need more information on this.
Regards,
-Rupali
Would you like to reply?
Login or Register to post your comment.