Historical Data Replication

Setting up the connection between the NAC appliance(s) and historical backup database.

Step-by-step guide

  1. Identify a target machine with MySQL 5.5.x to 5.7.x installed. Alternatively, MariaDB 5.5.x to 5.7.x may also be used.
  2. Make sure all NAC Appliances have a clear logical route to this machine on port 3306.
  3. Create the database.
  4. Grant the NAC Appliance privileges to this database.

Assuming your database is named “backupDB”, the MySQL commands would look like the following. Please note that the 'USERNAME' and 'PASSWORD' fields can be whatever you want, as long as you preserve the single quotes.

Copy

Once the above is completed forward the database name, username and password to your Impulse Support representative, along with the target machine’s IP. Your representative will finish the setup and contact you for verification.

The replication cycle is configurable, defaulting to every 5 minutes. It’s a good idea to thin the table periodically, as data volume can grow quite large over time. Storage size should be allocated at 1 GB per year, for every 1000 concurrent users. Due to a third party dependency, MySQL 5.6.x or greater is currently unsupported for this feature.

Setting up the Database Table

You can use the following script to set up the Clienthist table in your target MySQL database.

Copy

Guide to the Fields

What follows is a high level breakdown of the fields in the clienthist table. Please contact your Impulse Point Support or Service Delivery Specialist for more details.

FieldDescription
clientHistIdPrimary key for the clienthist table. Typically not used for troubleshooting or reporting.
transTypeHow NAC interacted with the endpoint.
transDateTime at which this interaction occurred.
clientIdPrimary key from the internal table that tracks an endpoint’s status while it’s online. Typically only used by Impulse Point personnel.
sessionUIDUnique identifier for a Policy Key device. Rotates with each active session. Will read “NEW” for non-Policy Key devices.
currentIpAddressEndpoint’s IP address, as reported by the network.
principalCombination of network authentication username, plus any applicable role information from AD, LDAP, or Safe•Connect device enrollment. Format: “USERNAME,ROLE1,ROLE2,ROLE3,etc.”
ugroupIdIdentifies the endpoint’s NAC policy group.
ugroupLabelNAC policy group name, as displayed in the Policy Manager.
hostreftypeIdNumerically represents NAC’s current assessment of an endpoint’s device type.
hostreftypeLabelThe common name associated with each hostreftypeId.
policyComplianceLists all policies applicable to a given endpoint, along with their compliance state.
winMachineNameEndpoint’s device name as received from DHCP or the Policy Key.
macaddressEndpoint’s mac address as received from DHCP, Radius accounting, or the Policy Key.
localIpAddressThe IP address reported by the Policy Key. Will differ from the currentIpAddress 1) if the endpoint is downstream of a home router using NAT, or 2) temporarily, if the device is switching from wired to wireless, or vice versa.
routerIpAddressIP address of the Layer 3 switch that forwarded the endpoint’s flow (eg, Netflow, Sflow, Aruba mirrored traffic) data to NAC. This is the device where enforcement will take place if the endpoint should be quarantined. A blank routerIpAddress indicates that 1) no relevant flow data has been received, and consequently 2) the device cannot be quarantined.
webMessageIdIdentifies which enforcement message was displayed to the endpoint, if any.
webMessageLabelCommon name associated with the webMessageId. This is also how the message will be displayed in the Policy Manager’s Custom Messaging module, if applicable.
webMessageViewNameEnforcement message’s location on the enforcer’s file system. Typically useful for customers who have direct SSH access to edit the messaging.
osNameReported by the Policy Key if applicable, a more detailed variant of the hostreftypeLabel.
outCompliancePolicyIdIdentifies the topmost non-compliant policy in the endpoint’s policy tree. This is the policy for which the endpoint will receive any applicable messaging or enforcement actions.
outCompliancePolicyLabelCommon name associated with the outCompliancePolicyId. This is the policy name as displayed in the Policy Manager and Dashboard.
outComplianceadminMsgIdsIdentifies supplementary messaging associated with a given policy.
groupUpdatedA value of “1” indicates that a Policy Manager upload has occurred since the last time the endpoint communicated with SafeConnect.
quarantinedA value of “1” indicates that the endpoint is due to be blocked at the Layer 3 switch for policy compliance.
ilanA value of “1” indicates that the endpoint is due to be blocked using the Policy Key’s ILAN technology for policy compliance.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard