Hi, I've been troubleshooting an issue where it seems to be related to connectivity, as per the admin manual it says Network discover needs TCP/8090 to be allowed from and to the destination server to be scanned:
What connectivity needs to be in place in order to perform a Network Discover Filesystem Scan?
Source: Network Discover
Destination: Windows Server with File System agent installed
Port: TCP/8090 (default)
However by looking at the traffic I see a lot of packets being sent from the Network Discover to the Windows server at random ports such as , TCP/1308,1314,1316,1318,1319, etc
a) So what ports need to be open in order to make this work? and
b) Once I've run the FileSystem, it wont work a second time, in the same server, is there any setting i need to turn on to make this work?
---
scanner controller:
###########################################################################
# Connection to the Discover Server #
###########################################################################
discover.host = 192.168.1.80
discover.port = 8090
discover.compress = true
discover.retry.interval = 10000
scanner.incremental = false
scanner.send.endofscanmarker = true
###########################################################################
# Advanced Settings #
###########################################################################
clean.script = C:\\Archivos de programa\\FileSystemScanner/bin/Clean
outgoing.folder.path = C:\\Archivos de programa\\FileSystemScanner/outgoing
failed.folder.path = C:\\Archivos de programa\\FileSystemScanner/failed
scanner.config.path = C:\\Archivos de programa\\FileSystemScanner/config
scanner.executable = C:\\Archivos de programa\\FileSystemScanner/scanner/VontuFileSystemScanner.exe
dre.fake.port = 19821
queue.folder.path = C:\\Archivos de programa\\FileSystemScanner/scanner/outgoing
---vontu filesystem scanner---
[Configuration]
//###########################################################################
//# Jobs
//###########################################################################
Number=1
0=Job0
[Job0]
DirectoryPathCSVs=C:\
DirectoryCantHaveCSVs=*/temp/*,*/WINDOWS/*,*/windows/*
DirectoryMustHaveCSVs=
DirectoryFileMatch=*
*note it still scanns Windows directory, how can i exclude it?
thanks!
Comments
Why use the Windows file
Why use the Windows file system scanner at all? If you have appropriate credentials, why not just mount the file system on that server as a share and use a standard Network Discover scan (i.e. define the target as //mytargetserver/c$)?
If it's a perceived bandwidth issue, you're going to use about the same amount of bandwidth either way. Alternatively, if you have Endpoint Discover licensed, use an Endpoint Agent on that server for the explicit purpose of doing file system scans (might require you to deploy an additional Endpoint detection server to manage your server-based agents however).
I haven't tried that, Im
I haven't tried that, Im doing it now, thanks for your suggestion, once completed I'll report back the results.
Try the below solution and check or modify port to defaults
Hi K0r3
You can check all the ports to default or make below changes and test
The ports used below are default ports. The system administrator at the customer site should be consulted to check if any of the ports used has been modified in their environment.
NOTE: Port 8100 is the default port used by all detection servers to communicate with the enforce server.
try to modify existing port 8090 to TCP port 2049
See the below helpful
hi Kor3,
please find the below
On Windows,
select Start > Vontu FileSystem Scanner > Vontu FileSystem Scanner Console.
On UNIX,
enter the following command:
/opt/FileSystemScanner/bin/FileSystemScanner_Console
discover.port 8090 The Network Discover port to which the scanner routes data.
Would you like to reply?
Login or Register to post your comment.