Something that would be handy is if you could specify a
user defined variable for the checksum in a file integrity
test.
We have a situation in which the same file exists on 60
different servers - but this file changes once every 2-3
weeks.
If it were possible to specify %udv_currentcksum%
as the value for the checksum field, then when the file is
intentionally updated, I could just change the user defined
variable in one location rather than update each of 60
tests.
Currently, the best way I can see to do this is to export all
tests to text, thenuse a global search and replace on the
checksum value, then re-import from text. This method is
not terrible but a UDV would be easier.
Just a suggestion...
User-defined variable in file integrity
Sorry Alex, I should have been a bit clearer.
The file name stays the same on all 60 machines but the content of the file changes -- thus the CRC changes.
In the global user defined variable, I would like to store the value of the CRC.
When the content does change, I could determine the new CRC/checksum and modify a single global UDV, which would then be used as the new test value for all 60 tests. (As opposed to modifiying 60 tests manually.)
The file name stays the same on all 60 machines but the content of the file changes -- thus the CRC changes.
In the global user defined variable, I would like to store the value of the CRC.
When the content does change, I could determine the new CRC/checksum and modify a single global UDV, which would then be used as the new test value for all 60 tests. (As opposed to modifiying 60 tests manually.)
I could be missing something, but this is what i see:
Test a file for its CRC (so some action when it fails)
But when it fails you want to change the test to the new CRC??
Doesn't sound logic to me
A file/folder availability test sounds more logical: Test for the presence of the file and generate an action when not found.
Test a file for its CRC (so some action when it fails)
But when it fails you want to change the test to the new CRC??
Doesn't sound logic to me
A file/folder availability test sounds more logical: Test for the presence of the file and generate an action when not found.
Testing for the presense of a file if not sufficient. What we are attempting to do is detect 'unauthorized' changes to a web page.
Here's another way of looking at it.
But, instead of updating 60 individual tests (where the only difference is the IP address), if I could change a single global UDV that was used by each of the 60 tests, then my life would be easier. The UDV would hold the calculated CRC value.
Does this make sense or is there a better way (already) to do this? Host Monitor keeps amazing me with what it can already do...
Here's another way of looking at it.
- We have a web page that is loaded onto a 60-server web farm. It is the same file contents, directory and file name on all 60 servers. We would have 60 total CRC tests - one test for the file on each of 60 servers.
- Normally, we want to monitor for any changes to this file on all 60 servers and generate an alert if the page changes without our permission - indicating we have possibly been hacked.
Say for example, someone hacks server #38 and changes our web page to redirect to a competitor's site or simply defaces the site with some profanity. In this case, the file would still be present, but -- because of the change -- the CRC monitor will fail and hopefully, notify us soon enough to fix the problem before it becomes a media event. - However, there are 'authorized' changes made by us to this page every couple of weeks. The updated page is then re-uploaded to all 60 servers. When such 'authorized' changes occur, the CRC changes and the tests for all 60 servers must be updated so that they DON'T generate an alert. (i.e. the tests need to be told about the new 'valid' CRC)
But, instead of updating 60 individual tests (where the only difference is the IP address), if I could change a single global UDV that was used by each of the 60 tests, then my life would be easier. The UDV would hold the calculated CRC value.
Does this make sense or is there a better way (already) to do this? Host Monitor keeps amazing me with what it can already do...
HostMonitor will recalculate CRC after changes detected, it means you will receive alert once after each file modification.We dont want to 'automatically update' the test CRC value if it changes -- how would we know if someone has made 'unauthorized' changes to this file?
Its good to know are are checking web servers because this option already available for HTTP test, you can use it.
Yes, I think there is better solution - use "Compare Files" test to compare file on each web server with original backup copy. In this case you don't need to do anything with HostMonitor. Every time you change file, you copy it to each web server and make one more copy on HostMonitor's system. That's it, if all changes authorized you will not receive alerts at all.Does this make sense or is there a better way (already) to do this
Regards
Alex