Highlighted
danje571
New Member.
172 views

What are your tips to translate Unix uid into username?

Hello,

As you know, when we receive logs from Unix system, users are shown with their uid / guid.

However having real name should be a plus.

Many tips can do that, but what is your own tips?

Does it work well?

regards

Labels (1)
Tags (2)
0 Likes
Reply
3 Replies
jring1 Trusted Contributor.
Trusted Contributor.

Re: What are your tips to translate Unix uid into username?

Hi,

some possible solutions off the top of my head (without having tried it in this specific case):

- get file with uid and usernames from central LDAP and use additional mapper on the connector to fill in username

- less nice and ESM only - get file with uid and usernames from central LDAP, import into activelist and use local variable in correlation rule to fill in username from active list in correlation events

- even less nice and ESM only - get file with uid and usernames from central LDAP, import into activelist and use global variable username from active list for channels with a fieldset using the global variable

Joachim

0 Likes
Reply
vladimir.garasc1 Absent Member.
Absent Member.

Re: What are your tips to translate Unix uid into username?

Do you want to make name resolution for a one particular server or for multiple servers?

If you have more than one server you can get in a situation where UID/GID numbers are inconsistent across multiple servers: for example user user1 has uid 520 on srv1 and uid 530 on srv02.

You have 2 ways:

1) Gather user/group UID and GID numbers from your UNIX/Linux servers and after that you need to make changes to bring your servers to a common standard. Then you can make list with uid/guid/name ralations for your scheme.

2) Also you have another way to build the uid/guid/name/ip_address scheme.

The first step to analysing our users UID numbers is to gather information from all servers. 

You can make bash script, which will SSH to each server and grab a copy of the /etc/passwd file and write it out to a file named file.txt. The account you use does not need any special privileges and can just be a regular user account(for auth you can use SSH key authentication):

#############

#!/bin/bash

for server in `cat serverlist.txt`; 

do ssh -q -o "BatchMode yes" $server "cat /etc/passwd | sed s/^/\`hostname\`:/g" >> file.txt; 

done

#############

After that you can parse this file.txt and make list with uid/guid/name/ip_address scheme in ESM.

Regards

0 Likes
Reply
vladimir.garasc1 Absent Member.
Absent Member.

Re: What are your tips to translate Unix uid into username?

If you have LDAP you can import file with uid and usernames from central LDAP as proposed by

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.