User Guide - Statseeker Version 3.x

Discovery

Purpose of this Guide

This Guide provides an introduction to discovering a network with the Statseeker Discovery process.

Index

What is Statseeker's Discovery

The Statseeker Discovery utility is used to discover the devices on a network and populate the Statseeker configuration files with this device information.

Statseeker’s Discovery utility can be used to:

  • Run an initial discovery of the network using IP address scan ranges;
  • Run an initial discovery of the network using a host file;
  • Discover ad hoc devices using IP address scan ranges;
  • Discover ad hoc devices using a host file;
  • Discover individual devices;
  • Rewalk the network to look for configuration changes.

Some of the configurable options for the discovery include:

  • Device types to include in the discovery;
  • Interface types to include in the discovery;
  • Preferred Device Naming Scheme;
  • Timing of rewalks;
  • Automating discoveries.

Discovery Filters

Discovery Filters include:

  1. SNMP Communities

    2. The SNMP Communities section is used as a filter for either a Discover Using Ranges or a Discover Using Hosts.

    Note:

    • The SNMP Communities list is not used for Rewalks and can be emptied after every discovery;
    • Administrators need only enter SNMP Communities they want to use for specific discoveries;
    • Statseeker only requires SNMP ‘read access’ to devices to monitor them successfully.

    To configure SNMP Communities:

    1. Go to the Network Infrastructure Monitor> Administration Tool> Network Discovery> SNMP Communities;
    2. Enter the SNMP read access strings for the next discovery;
    3. Select ‘Save’.

  2. IP Address Scan Ranges

    3. This filter is used to provide Statseeker with a list of the IP Address ranges for a discovery.

    For example:

    If ‘Save’ is selected and a ‘Discover Using Ranges’ is run, this will result in the following address ranges being probed by the discovery: 

    
      10.2.0.0 to 10.2.3.255
      10.2.5.0 to 10.2.255.255
      10.13.0.0 to 10.13.255.255
      10.80.0.0 to 10.80.0.255

    Warnings:

    • Do not include massively large network ranges (eg. 0.0.0.0/0);
    • Only include ranges relevant to a site's address ranges.

  3. Host File

    4. This filter has two primary functions:

    1. Filter the ‘Discover Using Hosts’; and
    2. Filter Statseeker’s ‘Device Naming Scheme’ to ensure that all devices in Statseeker have an appropriate name.

    It is a plain text file which lists IP addresses and host names in the following format:

    IPAddress {one or more spaces} hostname

    For example:

    Note:

    Each device must have only ONE entry. For devices with multiple IP addresses, pick the address that should be polled by Statseeker.

    A valid hostname should contain only letters [A-Z, a-z], numbers [0-9], hyphens [-] and periods (.) as per RFC 1035.

  4. sysDescr Rules

    5. The sysDescr Rules filter ensures only the device types that the User wants to discover are included in the discovery.

    The process is:

    1. In the initial stages of the discovery, System descriptions (sysDescr) of devices being discovered are checked against this filter;
    2. If text from the sysDescr matches ‘include’ rules Statseeker continues its SNMP discovery;
    3. If NO text matches the include list Statseeker stops the SNMP discovery of the device;
    4. If an exclude rule is applied that matches text from the sysDescr then Statseeker will stop its SNMP discovery of the device.

    Note:

    Users may find devices where Vendors have not specified their name in the sysDescr. In this case, Users can use any consistent text in a system description, and add that text into the sysDescr Rules.

  5. Interface Types

    6. The Interface Types filter is designed to ensure that only relevant ‘interface types’ are included in the discovery. Statseeker provides a short list of default interface types for inclusion in a discovery:

    Note: There may be interface types that Statseeker is ignoring. To find these:

    1. Go to the Administration Tool> Discover my Network;
    2. Select ‘Display Last Log’ - this shows a log of the latest discovery or rewalk. Ideally, this Log should be run after the most recent rewalk (which by default runs at 11:00 am);
    3. Search for the bold heading ‘Processing Walks – ‘Date/Time’. Under this heading is a list of all of the devices included in this discover, and a list of interface types being ignored.

    4. To add ignored interfaces copy the name of the interface type (e.g atm, atmSubInterface and sonet);
    5. Add them to their list of Interface types (see below);
    6. Select ‘Save’.

    Note: This change will not take affect until the next discovery or rewalk has occurred.

  6. Ping Config / SNMP Config

    7. The Ping Config and SNMP Config sections contain a series of tunable options that only apply to extremely large Statseeker deployments.

    Note: This section should only be used under the direction of the Statseeker Technical Support Team.

Discovery Using Ranges

Discovery Using Ranges is the first option under the Discover My Network section of the Administration Tool.

When Discover Using Ranges is selected, the Statseeker nim-discover process performs the following actions:

  1. Statseeker pings every IP address from the ‘IP Address Scan Ranges’ config section. Every successful response goes into a secondary list;
  2. Statseeker performs an SNMP sysDescr look up using the SNMP read only strings included in ‘SNMP Communities’. During this process Statseeker also tests SNMP V1 and SNMP V2;
  3. If Statseeker gets a result then sysDescr is tested against the ‘sysDescr Rules’ list. All devices that do NOT have text in their sysDescr that match an include rule, or all devices that contain text that matches an exclude rule, are removed;
  4. Devices that pass, are walked for all of the SNMP OIDs Statseeker requires. Devices failing the SNMP Walk are not included in a configuration; and
  5. Devices that pass the SNMP Walk have config files built and Statseeker commences monitoring of those devices at the end of the discovery.

At the end of this process Statseeker’s automated groups will be updated to include interface speeds and types. Also, the Statseeker Administrator’s chosen Device Naming Scheme will be applied.

Discovery Using Hosts

Statseeker’s Discovery Using Hosts is the second option under the Discover My Network section of the Administration Tool.

When Discover Using Hosts is selected, nim-discover performs the following actions:

  1. Statseeker performs an SNMP sysDescr look up on every host in the list, using the SNMP read only strings in ‘SNMP Communities’. During this process Statseeker also tests SNMP V1 and SNMP V2. Note: Statseeker doesn’t ping devices during this discovery;
  2. If Statseeker gets a positive result, the sysDescr is tested against the ‘sysDescr Rules’ list. Devices that DON’T have text in their sysDescr that match an include rule, or all devices that contain text that matches an exclude rule, will then be added to the configuration as a ping only device;
  3. All devices that pass are walked for all of the SNMP OIDs Statseeker requires. Any devices failing the SNMP Walk, are added as ping only devices;
  4. Devices that pass the SNMP Walk have config files built and Statseeker commences monitoring of those devices at the end of the discovery.

At the end of this process Statseeker’s automated groups will be updated to include interface speeds and types, and the Statseeker Administrator’s chosen Device Naming Scheme will be applied.

Rewalk and Automating the Discover

Statseeker’s Rewalk utility is the third option under the Discover My Network section of the Administration Tool.

When Rewalk is selected, nim-discover performs the following actions:

  1. An SNMP Walk will be done on every device already configured in Statseeker. The Walk checks every configuration OID on devices to see if there have been any changes, since the previous discovery or rewalk;
  2. If a configuration item on a device has changed, Statseeker updates its configuration file (nim-cfg) unless a Statseeker Administrator has ‘locked’ a configuration item. Administrators can set flags to lock a configuration change by clicking on the configurable cells within the General> Device Details report OR the Interfaces > Details report.

At the end of this process Statseeker’s automated groups will be updated to include interface speeds and types, and the Administrator’s chosen Device Naming Scheme will be applied.

Rewalk can be run manually as above, but it also runs automatically at 11:00 am daily.

To edit the timing of this automated Rewalk:

  1. Go to Administration Tool> Expert Tools> Crontab;
  2. Change the 11 to whatever time is required (in 24 hr clock);
  3. It’s recommended that the auto-rewalk take place during business hours to maximise configuration accuracy.

To add an automated discovery to run at 9:00pm using Ranges then add this entry to the Crontab field: 

0 21 * * * nim-discover -v 3 -R > $SSHOME/nim/etc/discover.log 2>&1

To add an automated discovery to run at 9:00pm using Hosts then add this entry to the Crontab field: 

0 21 * * * nim-discover -v 3 -h > $SSHOME/nim/etc/discover.log 2>&1

Advanced Options

Advanced Options assist an Administrator to maximize the Statseeker discovery. To find the Advanced Options go to:

Administration Tool> Network Discovery – Advanced Options> Advanced Options

  1. Device Naming

    2. The following options are available as a Device Naming Scheme:

    1. Host File

      2. Checks the Host File to see if there are any names associated with IP addresses in a User’s configuration. If a device has previously been named, and now there is no entry for that device in the Host File, then the naming convention will not be altered. This is popular as the Host File can be regularly emptied and used for small discoveries.

    2. Host File, IP Address

      3. Checks the Host File and if there is no entry in the Host File, the device name reverts to an IP address.

    3. Host File, SysName

      4. Checks the Host File and if there is no current entry, the device name reverts to a sysName. If the sysName contains invalid characters, or if there are duplicate sysNames, the naming convention will not be altered.

    4. Host File, SysName, IP Address

      5. Checks the Host File and if there is no current entry then the device name reverts to a sysName. If the sysName contains invalid characters, or if there are duplicate sysName’s, the device name will revert to an IP address.

    5. SysName, Host File

      6. Checks the sysName first. If the SysName contains invalid characters, or if there are duplicate sysName’s Statseeker checks the current contents of the Host File. If there is no entry in the Host File, the naming convention will not be altered.

    6. SysName, Host File, IP Address

      7. Check the sysName first. If the sysName contains invalid characters, or if there are duplicate sysName’s Statseeker will check the current contents of the Host File. If there is no entry in the Host File, the device name reverts to an IP address.

    7. IP Address

      8. Ignore the sysName, Host File, or existing Name and change every device to an IP Address.

  2. History

    3. The following options are available:

    1. Keep Syslog History For (90 day default)

      Keep syslog history for the specified number of days. Data older than this value will automatically be purged. A value of 0 keeps syslog history forever.

    2. Keep Traps History For (90 day default)

      Keep SNMP traps history for the specified number of days. Data older than this value will automatically be purged. A value of 0 keeps SNMP traps history forever.

    3. Keep Interface Event History For (0 default)

      Keep Interface Event history for the specified number of days. Data older than this value will automatically be purged. A value of 0 keeps Interface Event history forever.

      * Please note that if Users lower the amount of history required to be kept for any of the above, then the historical data beyond the new value will be pruned overnight.

  3. Discovery

    4. The following options are available:

    1. OperStatus Polling Default (Off by default)

      Define whether OperStatus polling will be enabled or disabled for newly discovered interfaces.

    2. Foundry Specific Objects (Off by default)

      Enable or disable whether Foundry specific SNMP objects will be discovered/rewalked.

    3. Juniper Specific Objects (Off by default)

      Enable or disable whether Juniper specific SNMP objects will be discovered/rewalked.

    4. NetScreen Specific Objects (Off by default)

      Enable or disable whether NetScreen specific SNMP objects will be discovered/rewalked.

  4. Grouping

    5. Automated Grouping (On by default)

    When this feature is enabled, which Statseeker recommends, Administrators can turn individual Groups on or off, which will determine whether these groups will appear in the Group Filter.

    Interfaces will automatically be inserted into groups by speed and type at the end of a discover or rewalk.

    Before disabling any individual groups it is advised that Users first check the contents of the group.

    Note: Using automated Groups is an excellent method for auditing the network. For example, Cisco tunnel interfaces by default report as having 9k or 100k interface speeds.

    To check the contents of a group and make appropriate speed changes:

    1. Go to the Network Infrastructure Monitor, select the appropriate group from the Group Filter;
    2. Run the Interfaces> Details report.

  5. Reports

    • MAC/IP Switch Port report (On by default)

      Enable or disable the script that generates the MAC/IP Switch Port report. Please note that under Version 3.5 Statseeker introduced the ability to fine tune the polling for this data via the command line. This provides Users with the ability to tune or turn off this polling on a per device basis.

    • Report Hiding (On by default)

      Enables or disables the script that automatically hides unused reports in both Network Infrastructure Monitor Consoles.

    • Admin Show All Reports (Off by default)

      When set to on, the Admin User will see all reports in both Network Infrastructure Monitor Consoles. When Admin Show All Reports is off and Report Hiding is on, unused reports will be hidden from the Admin User.

    • Network Summary Top X (set to 5 by default)

      This sets the number of devices/interfaces to be displayed for each table in the Network Summary Report. This is a global change for all Users. Note: The Current Device Outage Status view is excluded from this as it displays every unreachable device that applies to the selected filters.

    Deleting Devices

    There are two options for Statseeker Administrators to delete devices:

    1. Delete an individual device;
    2. Bulk Delete devices.

    1. Delete an Individual Device

      1. Go to the Network Infrastructure Monitor> General> Device Details report;
      2. Find the device to delete. Note that the Device column of this report is the default sort for this report;
      3. Select the device name;
      4. Click on Delete.

      2. Note: There is no warning message after the ‘Delete” button is pressed. Once ‘Delete’ is selected, devices are removed from the configuration immediately.

    2. Bulk Delete Devices

      1. Go to Network Infrastructure Monitor> Administration Tool> Network Discovery> Delete Devices;
      2. Find the device or devices to delete. Note that the list can be sorted by Device Name/IP Address/sysDescr;
      3. Multiple select the devices by pressing the control or shift key, and then select the devices;
      4. Click on Delete.

    Note: There is no warning message after the ‘Delete” button is pressed. Once ‘Delete’ is selected, devices are removed from the configuration immediately.

© 1998-2012 Statseeker Pty Ltd. All rights reserved.