Hello Fabrice, Below is a sample of what I am seeing in my location log for one mac address. Should there be an end time on all of these except the most current entry or is this normal? Thanks.
+-------------------+---------------+------+------+-----------------+----------------+------+---------------------+----------+ | mac | switch | port | vlan | connection_type | dot1x_username | ssid | start_time | end_time | +-------------------+---------------+------+------+-----------------+----------------+------+---------------------+----------+ | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-06-25 10:44:26 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-06-25 13:44:35 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-06-25 16:44:46 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-06-26 07:58:19 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-06-26 10:01:13 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-06-26 13:01:22 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-06-26 16:01:32 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-07-07 07:40:47 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-07-07 10:41:41 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-07-07 13:42:30 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-07-07 16:43:17 | NULL | | c8:cb:b8:25:8c:67 | <switch_ip> | 99 | 576 | Ethernet-NoEAP | c8cbb8258c67 | | 2014-07-08 07:52:58 | NULL | +-------------------+---------------+------+------+-----------------+----------------+------+---------------------+----------+ Jeremy Plumley ITS Network Technician Guilford Technical Community College, www.GTCC.edu 601 High Point Road, Jamestown, NC 27282 Office - 336.334.4822 ext 50428 Please note: GTCC Administrative offices will operate under a modified summer schedule May 5 - July 18, 2014. Administrative office hours will be Monday - Thursday 7:30 a.m. to 6:00 p.m. Administrative offices will be closed on Friday. 1 John 1:9 ~ If we confess our sins, he is faithful and just to forgive us our sins, and to cleanse us from all unrighteousness. From: Fabrice DURAND [mailto:[email protected]] Sent: Tuesday, July 08, 2014 8:18 AM To: [email protected] Subject: Re: [PacketFence-users] Expiring Nodes and Database Maintenance script Hello Jeremy, In fact end_time in locationlog will be set if a new locationlog entry is insert. And if you check in node.pm -> node_cleanup you can see that pf try to remove only unreg nodes. What you can do is to play with iplog instead but be sure that the production dhcp traffic is forwarded to the management interface. pfdhcplistener will update iplog table and you will be able to know exactly when the device was on the network and will be able to remove it based on the end_time + 2 months. Regards Fabrice Le 2014-07-07 22:41, Jeremy Plumley a écrit : Thanks Fabrice, I have the expiration settings setup and have rebooted the pfmon service but I haven't notice any reduction in the number of nodes in our database. I looked at the database-and-maintenance.sh script and the locationlog cleanup looks at the end_time column but all of my entries show NULL so nothing gets removed. That is why I wondered if end_time was the unregistered date of the node possibly. Most our nodes have unreg dates of five years since we don't replace systems until they break most of the time. However we would like for them to be removed if they never touch the network in two months because we do get rid of equipment. I'm thinking of modifying the script to look at the start_time since I can see nodes have multiple times a day recorded in the locationlog. No need to keep more that 30 days of start times it seems. Would this cause any issues that you are aware of? Thanks. Jeremy Plumley ITS Network Technician Guilford Technical Community College, www.GTCC.edu 601 High Point Road, Jamestown, NC 27282 Office - 336.334.4822 ext 50428 ________________________________________ From: Fabrice DURAND <[email protected]> Sent: Monday, July 7, 2014 8:27 AM To: [email protected] Subject: Re: [PacketFence-users] Expiring Nodes and Database Maintenance script Hello Jeremy, setting expiration to 60 days for nodes and 30 for location log is a good idea. What you have to take care is what technology you are using for the access (Port-Sec, mac-auth ...) In the case of the port-securty, you have be sure that the expiration on the location log is a little bit more than the maximum access duration of a node. Of course don´t forget to restart pfmon to use the new values you defined. Other thing use database-backup-and-maintenance.sh for maintenance. Regards Fabrice Le 2014-07-06 16:53, Jeremy Plumley a écrit : Hello, I have been trying to research on how to do maintenance on our packetfence database. Wanted to delete out nodes from our database that hasn't connected to the network in two months. I tried setting the expiring dates of 60 days for nodes and 30 days for the location log but nothing seems to be getting cleared out. At this moment I see some people use a cron job to delete nodes based on the last dhcp date which I will probably work on. However there is already a script in addons for locationlog maintenance but it goes by end_date. What is the end_date? All of my entries show NULL and the script only deletes those that are 1 month old. Is this the deregistration date? Thanks. Jeremy Plumley ITS Network Technician Guilford Technical Community College, www.GTCC.edu 601 High Point Road, Jamestown, NC 27282 Office - 336.334.4822 ext 50428 ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
