Agent Logs¶
After the agent is installed and can communicate with the openNAC Core, there are some kinds of message that will be sent from the Agent to the openNAC core:
When there is no icon, it means we are sending the return json to the agent.
Types of agent logs
Fig 1. Full scan |
Fig 2. Network address changed |
Fig 3. Product changed |
Fig 4. Scan by user |
Fig 5. Security center changed |
Fig 6. Scan |
Fig 7. Session changed |
Fig 8. Stop agent service |
Content
Administrators can see the content of XML using the eye icon if it is a row of type receiving data from agent. Otherwise, if it is a row of the type sending data to the agent (that is, no icon appears in the Type column), then in the eye icon we will see the data that make up the json that is sent to the agent.
On the other hand, we can perform a tag simulation from the tag icon.
Also, there is a third icon that will be shown if we have Agent version >= 1.0.10078 and enabled the option ‘Send daemon logs to server’ in ‘Configuration -> Agent -> Agent Configuration’. This icon is represented as bug. There we can see some logs like the programs that agent detected, the updates needed, etc. In summary, the process of the agent scan and when it occured each part.
When inserting text in the search box, it will search for that piece of text inside the XML file.
So we can use it to filter by software, hostname, IPs, processes and anything else that could reside into an agent’s XML.
List of tags generated when receiving agent info
| Prefix | Tag Name | Comment | Samples |
|---|---|---|---|
| BDA | BLUETOOTH DEVICES AVAILABLE | TAG WITH THE LIST OF DEVICES AVAILABLE | BDA_PXC_550 |
| BDC | BLUETOOTH DEVICE CONNECTED | TAG WITH THE CURRENT CONNECTED DEVICE | BDC_CAR |
| CAI | CA CERTIFICATE ISSUER | TAG WITH THE ISSUER OF A CA CERT | CAI_DIGICERT_ASSURED_ID_ROOT_CA |
| DOS | DEVICE OPERATING SYSTEM | DEVICE OS NAME | DOS_WINDOWS_10, DOS_WINDOWS_8 |
| HDT | HARDWARE DEVICE TYPE | HARDWARE TYPE DEFINITION PHYSICAL OR VIRTUAL | HDT_VMGUEST, HDT_BAREMETAL |
| IAI | INTERNAL APPLICATION INSTALLATION | DEVICE INSTALLED APPLICATIONS | IAI_EDGE, IAI_FIREFOX |
| ISS | INTERNAL SECURITY STATUS | DEVICE SECURITY STATUS | ISS_AV_ENABLED, ISS_AV_UPDATED, ISS_FW_ENABLED |
| NCA | NON COMPLIANCE APPLICATION | APPLICATIONS UNDER REQUIRED VERSION | NCA_ACROBAT_READER, NCA_TEAMVIEWER |
| NCS | NON COMPLIANCE SECURITY FEATURES | SECURITY FEATURES NON COMPLIANT | NCS_BITLOCKER, NCS_AVUPDATE, NCS_FWUPDATE |
| ONC | openNAC TAGS | TAG DEFINED BY openNAC | ONC_ARCH_X64, ONC_AGENT, ONC_WIN_AGENT |
| RDI | RELEASE DATE ID | DEVICE OS RELEASE DATE ID | RDI_WINDOWS_10_1703, RDI_WINDOWS_10_1803 |
| ROS | ROOT OPERATING SYSTEM | ROOT DEVICE OS NAME | ROS_WINDOWS, ROS_MACOS, ROS_LINUX |
| UCD | USB CONNECTED DEVICE | USB CONNECTED DEVICE | UCD_80EE_0030 |
| VOS | VERSION OPERATING SYSTEM | DEVICE VERSION OS NAME | VOS_WINDOWS_10_PRO, VOS_WINDOWS_10_ENT |
| WCS | WIFI CURRENT SSID | TAG WITH THE CURRENT CONNECTED SSID | WCS_CASA |
| WSA | WIFI SSID AVAILABLE | TAG WITH THE LIST OF SSID AVAILABLE | WSA_WLAN_3021 |
The XML generated by agent¶
<REQUEST>
<CONTENT>
$ACCOUNTINFO
$OPENNAC
$SESSION_EVENT
$USB_DEVICE
$SECURITYCENTER
$NETWORKS
$HARDWARE
$USER_ACTIVE
$PROCESS
$SOFTWARE
$WIFI
$BLUETOOTH
$CERTIFICATE
$VPNCONFIG
</CONTENT>
</REQUEST>
$ACCOUNTINFO
Description: It is used for identifying the agent.
Parameters:
<KEYNAME>: Name of the agent
<KEYVALUE>: Key for identifying the agent
Example:
<ACCOUNTINFO>
<KEYNAME>TAG</KEYNAME>
<KEYVALUE>6f2690af8df66a40d34029e59edbe431</KEYVALUE>
</ACCOUNTINFO>
$OPENNAC
Description: Information about the origin of the request.
Parameters:
<TYPE>: Type.
<VPNVERSION>: The version of VPN.
<PLATFORM>: Which platform (Windows, Linux…).
<VERSION>: The version of the platform.
<MONITOR_TYPE>: The type of the monitor.
<UID>: Identifier
Example:
<OPENNAC>
<TYPE>service</TYPE>
<VPNVERSION>0</VPNVERSION>
<PLATFORM>Windows</PLATFORM>
<VERSION>1.0.9656</VERSION>
<MONITOR_TYPE>Service</MONITOR_TYPE>
<UID>92CE9C1C9BA6</UID>
</OPENNAC>
$SESSION_EVENT
Description: Information about a session event. It is only sent from agent to opennac if the agent log is type session changed seen above in this document.
Parameters:
<TYPE>: The type of the session event.
<EVENT>: The event name.
<USERNAME>: The username used in the session event.
<DOMAINNAME>: The domain in which the session was generated.
<TIMESTAMP>: The timestamp of the session event.
Example:
<SESSION_EVENT>
<TYPE>LOGIN</TYPE>
<EVENT>LOGON</EVENT>
<USERNAME>user1</USERNAME>
<DOMAINNAME>ACME</DOMAINNAME>
<TIMESTAMP>1589544716</TIMESTAMP>
</SESSION_EVENT>
$USB_DEVICE
Description: Information about a connected usb device.
Parameters:
<DEVICE_ID>: Device identifier.
<DEVICE_NAME>: Device name.
<MANUFACTURER>: The manufacturer of the device.
<HARDWARE_ID>: Hardware identifier.
<STATUS>: The status of the usb device.
Example:
<USB_DEVICE>
<DEVICE_ID>Realtek USB GbE Family Controller</DEVICE_ID>
<DEVICE_NAME>DeviceUSBPDO-6</DEVICE_NAME>
<MANUFACTURER>Realtek</MANUFACTURER>
<HARDWARE_ID>USBVID_0BDAPID_8153REV_3000</HARDWARE_ID>
<STATUS>1</STATUS>
</USB_DEVICE>
$SECURITYCENTER
Description: Information related with the security used on the device.
Parameters:
<CATEGORY>: The category of the security. If it is a firewall, an antivirus, or other type of security.
<DOMAIN>: If the security is applied to the domain. This parameter is not required.
<PUBLIC>: If the security is public. This parameter is not required.
<STANDARD>: If that security is standard. This parameter is not required.
<SC_ENABLED>: If security center is enabled or not.
<SCV>: Security center verification.
<COMPANY>: The company of this security product.
<PRODUCT>: The product name.
<VERSION>: The version of that security product.
<ENABLED>: If that security is enabled or not.
<UPTODATE>: If that security is updated or not.
Example:
<SECURITYCENTER>
<CATEGORY>Firewall</CATEGORY>
<DOMAIN>1</DOMAIN>
<PUBLIC>1</PUBLIC>
<STANDARD>1</STANDARD>
<SC_ENABLED>1</SC_ENABLED>
<SCV>0</SCV>
<COMPANY></COMPANY>
<PRODUCT></PRODUCT>
<VERSION>0</VERSION>
<ENABLED>1</ENABLED>
<UPTODATE>1</UPTODATE>
</SECURITYCENTER>
$NETWORKS
Description: Information about the networks of device
Parameters:
<NAME>: The name of the network.
<DESCRIPTION>: Information about network adapter.
<DHCP_ENABLED>: If DHCP protocol is enabled or not.
<GATEWAY>: Gateway of the network.
<TYPE>: The type of network.
<OPER_STATUS>: The operation status.
<MACADDR>: The MAC address of the network adapter.
<IPADDRESS>: The IP address of the network adapter.
Example:
<NETWORKS>
<NAME>Ethernet</NAME>
<DESCRIPTION>Intel(R) PRO/1000 MT Network Connection</DESCRIPTION>
<DHCP_ENABLED>0</DHCP_ENABLED>
<GATEWAY>10.21.2.254</GATEWAY>
<TYPE>6</TYPE>
<OPER_STATUS>1</OPER_STATUS>
<MACADDR>92:CE:9C:1C:9B:A6</MACADDR>
<IPADDRESS>10.21.2.245</IPADDRESS>
</NETWORKS>
Surely we have several networks: <NETWORK>...</NETWORK>...<NETWORK></NETWORK>...
$HARDWARE
Description: Information about the hardware of the device.
Parameters:
<UNIQUE_ID>: The unique identifier of the hardware.
<NAME>: The name of the hardware.
<OSNAME>: Operative system name.
<OSVERSION>: The version of the operative system.
<RELEASE_ID>: The release identifier.
<ARCH>: Architecture.
<OS_VOLUME>: Operative system volume.
<SERIAL_NUMBER>: Unique number or string that identifies a product.
<BIT_LOCKER>: Disk encryption program.
<HYPERVISOR>:The hypervisor of this hardware.
<OS_VM>: If supports virtual machines.
Example:
<HARDWARE>
<UNIQUE_ID>b56cef33-5ff1-4205-a6df-0b6a54624f07</UNIQUE_ID>
<NAME>std3-v02</NAME>
<OSNAME>Windows 10 Pro N</OSNAME>
<OSVERSION>10.0</OSVERSION>
<RELEASE_ID>1903</RELEASE_ID>
<ARCH>x64</ARCH>
<OS_VOLUME>C:</OS_VOLUME>
<SERIAL_NUMBER>1754283681</SERIAL_NUMBER>
<BIT_LOCKER>0</BIT_LOCKER>
<HYPERVISOR>Microsoft Hv</HYPERVISOR>
<OS_VM>1</OS_VM>
</HARDWARE>
$USER_ACTIVE
Description: Information about the user active on the device.
Parameters:
<NAME>: The name of the user.
<DOMAIN>: The domain of the user.
Example:
<USER_ACTIVE>
<NAME>ocf</NAME>
<DOMAIN>ACME<DOMAIN>
</USER_ACTIVE>
$PROCESS
Description: Information about one active process on the device.
Parameters:
<NAME>: Type
<ID>: The process identifier (PID).
<PARENTID>: The parent process identifier.
<THREADCOUNT>: The number of threads that the process has generated.
<MEMORY>: The memory consumed by the process.
Example:
<PROCESS>
<NAME>System Process</NAME>
<ID>0</ID>
<PARENTID>0</PARENTID>
<THREADCOUNT>4</THREADCOUNT>
<MEMORY>0</MEMORY>
</PROCESS>
Surely we have several processes: <PROCESS>...</PROCESS>...<PROCESS></PROCESS>...
$SOFTWARES
Description: Information about a software installed on device.
Parameters:
<UPDATE>: If the software requires update (1) or not (0).
<NAME>: The name of the software.
<VERSION>: The version of the software.
<PUBLISHER>: The publisher or company of the software.
<INSTALLDATE>: The installation date of the software.
Example:
<SOFTWARES>
<UPDATE>0</UPDATE>
<NAME>Microsoft Visual C 2005 Redistributable</NAME>
<VERSION>8.0.61001</VERSION>
<PUBLISHER>Microsoft Corporation</PUBLISHER>
<INSTALLDATE>17/11/2017</INSTALLDATE>
</SOFTWARES>
Surely we have several softwares: <SOFTWARES>...</SOFTWARES>...<SOFTWARES></SOFTWARES>...
$WIFI
Description: Information about a wifi connection.
Parameters:
<INTERFACE_GUID>: Global unique identifier for the wifi.
<INTERFACE_DESCRIPTION>: The name of the software.
<SSID>: Public name of a wireless local area network (WLAN).
<SIGNAL_QUALITY>: The signal quality in hundred per cent.
<SECURITY_ENABLED>: If the wifi has security enabled (1) or not (0).
<SECURITY>: The encryption protocol used for messages.
<CONNECTABLE>: If the wifi is connectable (1) or not (0).
<IS_CONNECTED>: If the device is actually connected to the wifi (1) or not (0).
Example:
<WIFI>
<INTERFACE_GUID>4E5538F9-13FE-45AD-8682-77797A5AB319</INTERFACE_GUID>
<INTERFACE_DESCRIPTION>Realtek RTL8821CE 802.11ac PCIe Adapter</INTERFACE_DESCRIPTION>
<SSID>MOVISTAR_PLUS_4C1A</SSID>
<SIGNAL_QUALITY>94</SIGNAL_QUALITY>
<SECURITY_ENABLED>1</SECURITY_ENABLED>
<SECURITY>WPA2-PSK</SECURITY>
<CONNECTABLE>1</CONNECTABLE>
<IS_CONNECTED>1</IS_CONNECTED>
</WIFI>
Surely we have several wifi connections: <WIFI>...</WIFI>...<WIFI></WIFI>...
$BLUETOOTH
Description: Information about a bluetooth connection.
Parameters:
<INSTANCE_NAME>: The hostname that opens a bluetooth connection.
<INSTANCE_ADDRESS>: The MAC address of the bluetooth network.
<DEVICE_NAME>: Device name connected via bluetooth.
<DEVICE_ADDRESS>: Device address connected via bluetooth.
<DEVICE_CONNECTED>: If the device with bluetooth is connected (1) or not (0).
<DEVICE_AUTHENTICATED>: If the device is authenticated (1) or not (0).
<DEVICE_REMEMBERED>: If the device is remembered (1) or not (0).
Example:
<BLUETOOTH>
<INSTANCE_NAME>DESKTOP-77FMN5B</INSTANCE_NAME>
<INSTANCE_ADDRESS>90:32:4B:96:0E:86</INSTANCE_ADDRESS>
<DEVICE_NAME>TVBluetooth</DEVICE_NAME>
<DEVICE_ADDRESS>C4:73:1E:97:03:2D</DEVICE_ADDRESS>
<DEVICE_CONNECTED>0</DEVICE_CONNECTED>
<DEVICE_AUTHENTICATED>0</DEVICE_AUTHENTICATED>
<DEVICE_REMEMBERED>0</DEVICE_REMEMBERED>
</BLUETOOTH>
Surely we have several bluetooth connections: <BLUETOOTH>...</BLUETOOTH>...<BLUETOOTH></BLUETOOTH>...
$CERTIFICATE
Description: Information about a certificate applied on the device.
Parameters:
<ISSUER>: Issuer of certificate.
<START_DATE>: The start date of the certificate.
<END_DATE>: The end date of the certificate.
<SUBJECT>: The subject of the certificate, sometimes the same as issuer.
Example:
<CERTIFICATE>
<ISSUER>Microsoft Root Certificate Authority</ISSUER>
<START_DATE>10/05/2001 1:19:22</START_DATE>
<END_DATE>10/05/2021 1:28:13</END_DATE>
<SUBJECT>Microsoft Root Certificate Authority</SUBJECT>
</CERTIFICATE>
$VPNCONFIG
Description: Information about a vpn connection on the device.
Parameters:
<vpn”name”.ovpn>: The hash of the VPN configuration.Example:
<VPNCONFIG>
<vpnPublicDemoCenter121.ovpn>9adbb30549e2fa3544060e3ba9618414</vpnPublicDemoCenter121.ovpn>
</VPNCONFIG>
The JSON sent from opennac to agent¶
{
$AGENT_CONFIG,
$AGENT_CONNECTION,
$AGENT_TASKBAR_CONFIG,
$AGENT_QUERY,
$USB_POLICY_CLASS_ALLOWLIST,
$USB_POLICY_CLASS_DENYLIST,
$USB_POLICY_PRODUCT_ALLOWLIST,
$USB_POLICY_PRODUCT_DENYLIST,
$AGENT_HASH_QUERY,
$AGENT_VPN_CONFIG,
$vlan,
$AGENT_POLICY_NAME,
$AGENT_POLICY_USER_MESSAGE,
$AGENT_DEVICE_TAGS
}
AGENT_CONFIG
Type: object
Description: Agent configuration settings.
Parameters:
- INTERVAL: The time in seconds between each agent scan on the device.
- type: string
- FULL_INTERVAL: The time in seconds between each agent full scan on the device.
- type: string
- START_MODE_INTERVAL: Start mode interval in seconds.
- type: string
- IGNORE_SC_STATUS_INTERVAL: Ignore security center status interval in seconds.
- type: string
- INTERVAL_BETWEEN_USER_SESSION_EVENTS: The interval between user session events in seconds.
- type: string
- DISCOVERY: If discovery is enabled or not.
- type: string
- DEBUG: If debugging is enabled or not.
- type: string
- SENDLOGSTOSERVER: If send daemon logs to server is enabled or not.
- type: string
- MAXLOGSIZE: Maximum log size.
- type: string
- MAXCOMPRESSEDLOGS: Maximum compressed logs.
- type: string
Example:
"AGENT_CONFIG": {
"INTERVAL": "3600",
"FULL_INTERVAL": "86400",
"START_MODE_INTERVAL": "120",
"IGNORE_SC_STATUS_INTERVAL": "420",
"INTERVAL_BETWEEN_USER_SESSION_EVENTS": "30",
"DISCOVERY": "0",
"DEBUG": "1",
"SENDLOGSTOSERVER": "1",
"MAXLOGSIZE": "30",
"MAXCOMPRESSEDLOGS": "10"
}
AGENT_CONNECTION
Type: object
Description: Agent connection settings.
Parameters:
- PROTOCOL: The protocol used for agent connection.
- type: string
- ACTION: The action path used for agent connection.
- type: string
- PING_ACTION: The ping action path used for agent connection.
- type: string
Example:
"AGENT_CONNECTION": {
"PROTOCOL": "https",
"ACTION": "/opennac-agent",
"PING_ACTION": "/admin/favicon.ico"
}
AGENT_TASKBAR_CONFIG
Type: object
Description: Agent task bar settings.
Parameters:
- ENABLED: If task bar is enabled or not.
- type: string
- DEBUG: If debugging is enabled or not.
- type: string
- PLUGIN_VPN: Plugin VPN.
- type: string
- LANGUAGE: The language used for agent task bar.
- type: string
- MUI: Multilingual user interface languages.
- type: string
Example:
"AGENT_TASKBAR_CONFIG": {
"ENABLED": "1",
"DEBUG": "1",
"PLUGIN_VPN": "1",
"LANGUAGE": "en",
"MUI": "en-US"
}
AGENT_QUERY
Type: array
Description: Agent query settings.
Parameters:
type: object
Parameters:
- TYPE: Type of agent query.
- type: string
- KEY: Key for agent query.
- type: string
- IMPERSONATE: Impersonate or not.
- type: string
- SCRIPT: The script code to be executed.
- type: string
Example:
"AGENT_QUERY": [
{
"TYPE":"CSCRIPT",
"KEY":"MCAFEE_DAT",
"IMPERSONATE":"0",
"SCRIPT":"Dim windowsShell,regValue, currentDate, maxDays, regKey#maxDays = 14#'regKey = "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVEngine\AVDatVersion\"#regKey = "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MfeAV\Install Date\"#On Error Resume Next#Set windowsShell = CreateObject("WScript.Shell")#regValue = windowsShell.RegRead(regKey)#If err.number <> 0 then# 'Error reading regkey# Wscript.Echo "FALSE"#Else# If IsDate(regValue) then# currentDate = Now# If Abs(DateDiff("d",regValue,currentDate)) <= maxDays then# Wscript.Echo"TRUE"# Else# Wscript.Echo"FALSE"# End If# Else# Wscript.Echo regValue# End if#End if#"
}
]
USB_POLICY_CLASS_ALLOWLIST
Type: array
Description: USB Policy class white list.
Parameters:
- VENDOR_ID: The vendor identifier of the USB product.
- type: string
- PRODUCT_ID: The product identifier.
- type: string
Example:
"USB_POLICY_CLASS_ALLOWLIST": {
"VENDOR_ID": "0x090C",
"PRODUCT_ID": "0x1000"
}
USB_POLICY_CLASS_DENYLIST
Type: array
Description: USB Policy class black list.
Parameters:
- VENDOR_ID: The vendor identifier of the USB product.
- type: string
- PRODUCT_ID: The product identifier.
- type: string
Example:
"USB_POLICY_CLASS_DENYLIST": {
"VENDOR_ID": "0x090C",
"PRODUCT_ID": "0x1000"
}
USB_POLICY_PRODUCT_ALLOWLIST
Type: array
Description: USB Policy product white list.
Parameters:
- VENDOR_ID: The vendor identifier of the USB product.
- type: string
- PRODUCT_ID: The product identifier.
- type: string
Example:
"USB_POLICY_PRODUCT_ALLOWLIST": {
"VENDOR_ID": "0x090C",
"PRODUCT_ID": "0x1000"
}
USB_POLICY_PRODUCT_DENYLIST
Type: array
Description: USB Policy product black list.
Parameters:
- VENDOR_ID: The vendor identifier of the USB product.
- type: string
- PRODUCT_ID: The product identifier.
- type: string
Example:
"USB_POLICY_PRODUCT_DENYLIST": {
"VENDOR_ID": "0x090C",
"PRODUCT_ID": "0x1000"
}
AGENT_HASH_QUERY
Type: string
Description: Agent hash query.
Example:
"AGENT_HASH_QUERY": "105283bb5d45ebaa0f961f3303f7d268"
AGENT_VPN_CONFIG
Type: object
Description: Agent vpn configuration.
Parameters:
- vpn”name”: VPN configuration code.
- type: string
- EmmaVPN”name”: Emma VPN configuration code.
- type: string
Example:
"AGENT_VPN_CONFIG": {
"vpnPublicDemoCenter": "client\\r\\dev tun\\r\\proto udp\\r\remote 95.216.236.62 1296\\r\resolv-retry infinite\\r\nobind\\r\\persist-key\\r\\persist-tun\\r\\comp-lzo\\r\\verb 3\\r\\<ca>\\r\\-----BEGIN CERTIFICATE-----\\r\\MIIFLTCCBBWgAwIBAgIJALi8EuRPC3TCMA0GCSqGSIb3DQEBCwUAMIG\\/MQswCQYD\\r\\VQQGEwJFUzELMAkGA1UECBMCQkExETAPBgNVBAcTCFRlcnJhc3NhMR8wHQYDVQQK\\r\\ExZvcGVuY2xvdWQgZmFjdG9yeSBzLmwuMQ4wDAYDVQQLEwVDb21tczEiMCAGA1UE\\r\\AxMZb3BlbmNsb3VkIGZhY3Rvcnkgcy5sLiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEp\\r\\MCcGCSqGSIb3DQEJARYaY2VydEBvcGVuY2xvdXlkZmFjdG9yeS5jb20wHhcNMTcw\\r\\MjE0MTcyOTA0WhcNMjcwMjEyMTcyOTA0WjCBvzELMAkGA1UEBhMCRVMxCzAJBgNV\\r\\BAgTAkJBMREwDwYDVQQHEwhUZXJyYXNzYTEfMB0GA1UEChMWb3BlbmNsb3VkIGZh\\r\\Y3Rvcnkgcy5sLjEOMAwGA1UECxMFQ29tbXMxIjAgBgNVBAMTGW9wZW5jbG91ZCBm\\r\\YWN0b3J5IHMubC4gQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExKTAnBgkqhkiG9w0BCQEW\\r\\GmNlcnRAb3BlbmNsb3V5ZGZhY3RvcnkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\\r\\AQ8AMIIBCgKCAQEArcwlJPSlR9\\/zw0xVO9DzTn+jpoAiqVL7R6eWXI7dkSC4Tq62\\r\\ul0QY6Cw6bSybiEJCYE7J2iCcIQN\\/0Lfa\\/lAzx4OSjVX8h+5bZQ6CJYtxajmJXWe\\r\\6L5QrCPMEYXgRS77uBUU3KKettNGK8Q4xhZEUZaVzf3QsHtpzDUpzqIdU2khmLF9\\r\\OpTzS5G76kcsH7oBCwiW6PTHTc1WuZZHWAIZOq7M\\/1lLqQE4dzC\\/tubWinhhy9kC\\r\\PszfmYCEwM0Ot4xqL1btkPFAOK3CtRhky+rlsnObVymqkUY41kjwqZxD6jEnzm4W\\r\\QaPehoQs77cdcCsQy9GTUvk5gMMvj+EWUYYtOQIDAQABo4IBKDCCASQwHQYDVR0O\\r\\BBYEFD\\/DqSfj4jKuG\\/RtQCCHK06HtWqwMIH0BgNVHSMEgewwgemAFD\\/DqSfj4jKu\\r\\G\\/RtQCCHK06HtWqwoYHFpIHCMIG\\/MQswCQYDVQQGEwJFUzELMAkGA1UECBMCQkEx\\r\\ETAPBgNVBAcTCFRlcnJhc3NhMR8wHQYDVQQKExZvcGVuY2xvdWQgZmFjdG9yeSBz\\r\\LmwuMQ4wDAYDVQQLEwVDb21tczEiMCAGA1UEAxMZb3BlbmNsb3VkIGZhY3Rvcnkg\\r\\cy5sLiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEpMCcGCSqGSIb3DQEJARYaY2VydEBv\\r\\cGVuY2xvdXlkZmFjdG9yeS5jb22CCQC4vBLkTwt0wjAMBgNVHRMEBTADAQH\\/MA0G\\r\\CSqGSIb3DQEBCwUAA4IBAQBPC2UfU\\/ElhT2GDLhjxjGPM1aWA+G0r+zc7lD3FjaT\\r\\ud+MQa6s9loNaGvJqaHSm8IMWKbMuLSprvYrqLpmTC\\/sEtsnOLLOTh3bWV3vo6\\/p\\r\\QVGUhFsjG6G\\/Ad5Pwv6JoRAbCFcU5hvY66\\/B0YO49yEJ7VQ\\/\\/FNV8vTBws1ycLZM\\r\\JAtJA6pxSoyoMdBcW9x+ocDPQ6z0pKlcGH7PQt7SIFTW87Jf5uYcOcwAZ4ljBZHY\\r\\haMo7x+mBHE8Ev+hP4Ohzc3Xw5eBXp0jaM6GZWnPtsypJWGCu\\/il9Sc+r5BFOQfx\\r\\ZGRHcYohKx+AwqBynkOM3ou2+qLL84O5gFL25V3UuL9I\\r\\-----END CERTIFICATE-----\\r\\<\\/ca>\\r\\key-direction 1\\r\\cipher BF-CBC\\r\\auth SHA1\\r\\auth-user-pass\\r\ns-cert-type server\\r\\explicit-exit-notify\\r\\management-query-passwords",
"EmmaVPNRoadWarrior": "client\\r\\dev tun\\r\\proto udp\\r\remote 194.116.240.3 21196\\r\resolv-retry 3\\r\nobind\\r\\persist-key\\r\\persist-tun\\r\\cipher AES-256-CBC\\r\\verb 1\\r\\comp-lzo \\r\\explicit-exit-notify\\r\\auth SHA1\\r\\auth-nocache\\r\\<ca>\\r\\-----BEGIN CERTIFICATE-----\\r\\MIIDUzCCAjugAwIBAgIJAKvgHeau41AzMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV\\r\\BAMMFUVtbWFWUE5Sb2FkV2Fycmlvcl9DQTAeFw0yMDAzMTcxMzExMTlaFw0zMDAz\\r\\MTUxMzExMTlaMCAxHjAcBgNVBAMMFUVtbWFWUE5Sb2FkV2Fycmlvcl9DQTCCASIw\\r\\DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdpZY3xVEutc0ka8XrYjxGbfDyD\\r\\P8UnADCsOz2BFbYqC0ZI+RLxtYaGCdXCxRu1Ks7+iPk3KUled4qAaXPs2wA9dhIf\\r\\QUOQrPMp2UP8zB4PUuddL3q6rrx9hvuP4Srt9dZiX5TxEA3cVILNjoJ+\\/viOIlKJ\\r\\B\\/kHD4jnlSCVQ2hK1hEPnuMb6B60hwIo86gZb5D5W+f6UGEzE6kChHQdQjiF7sbo\\r\\coC9fatdhFHf5rS0ViR0lz+DhcbLa5egNXpKZXAERi25VVKA5eZqhkppVNB9vs9u\\r\\X9Q8G\\/wwHXtgrQeTLO\\/7pZ1V\\/275tL\\/6fhE1GBefaJby\\/\\/QqpyukHm+bJfMCAwEA\\r\\AaOBjzCBjDAdBgNVHQ4EFgQUkceeifX2OpBtZNQ0QPFuuzq6ErQwUAYDVR0jBEkw\\r\\R4AUkceeifX2OpBtZNQ0QPFuuzq6ErShJKQiMCAxHjAcBgNVBAMMFUVtbWFWUE5S\\r\b2FkV2Fycmlvcl9DQYIJAKvgHeau41AzMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD\\r\\AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQDNItJ792Ay22YyucV+CpRAvRxdxnm1rANM\\r\\z7JB9iOzItfRj+x1s+gKV7\\/hlDUjg9q7ms2Y2F8x2v83LiIyzperI3tXECI52QPF\\r\\GSHGnuDA6ZBak7CaH14vaetV128uTyIf746K9usmlqhZUv0OmayOlGRl22XOcAql\\r\\jgrzTEgNg8rxMFtAwzIhn97CGprTbXugbbFLtiyx8MzOgy50usBv+U9obwROWMbT\\r\\BqQXkUwIVT\\/YzQIOYOIKH4tIDCV1+6U1KwKgOdEXRtkxiSQagQlCOENvCkFwuwt6\\r\\uTRbZD8vMCmpMIGieUGDrt59N4zgGXnTGJrfOT1ysFafdTkNY7G5\\r\\-----END CERTIFICATE-----\\r\\<\\/ca>\\r\remote-cert-tls server\\r\\auth-user-pass\\r\\explicit-exit-notify\\r\\management-query-passwords\\r\"
}
vlan
Type: string
Description: VLAN id.
Example:
AGENT_POLICY_NAME
Type: string
Description: Last policy returned.
Example:
"AGENT_TASKBAR_CONFIG": "Corp. User & Corp. Device (AV & UPDATES)"
AGENT_POLICY_USER_MESSAGE
Type: string
Description: User message when matches the policy.
Example:
"AGENT_POLICY_USER_MESSAGE": "msg example"
AGENT_DEVICE_TAGS
Type: string
Description: Tags learned by matching the policy.
Example:
"AGENT_DEVICE_TAGS": "ONC_AUTOLEARNED,ONC_AGENT,ONC_WIN_AGENT,ISS_FW_STATUS,ISS_FW_UPDATE,ISS_FW_ENABLED,ISS_AV_STATUS,ISS_AV_UPDATE,ISS_AV_ENABLED,DOS_WINDOWS_10,ROS_WINDOWS"