Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - tristanbob

Pages: [1] 2 3
Installation / Missing dependencies on "Install" instructions for Ubuntu
« on: September 16, 2016, 07:55:22 PM »
I recently used the Ubuntu instructions here:


Nedi was working fine for the most part, but then I tried to initiate a backup using the web-interface.


That page caused Nedi to complain about some missing Perl modules.   I fixed it by installing these packages:


I noticed my Nodes feature has been getting slower and slower, so I checked on the quantity of nodes:

New    2,171
Active    4,525,308
Wlan    4,796,687
IP Change    1,063,297
IF Change    15,805,663
No Name    18,231
No IP    16,408
Discover Once    167,450

Total    24,563,767

There is no way there are that many nodes on our network! And these numbers keep growing.  My theory is that Nedi is creating a new Node entry any time there is a unique "DNS name + IP + MAC" combo.  On our wireless, we have 15 min DHCP leases so users could be seen on hundreds of different IPs.

I searched for one node with DNS name of "amelia-pond", and it came up with the 527 results.  The DNS name name was always the same, but the MAC address (including vendors) and IPs varied a lot. 

I am running Nedi version 1.5.225.  We didn't have this explosive growth problem with previous versions.



Discovery / SSH discovery fails if keys change... but I have a solution!
« on: January 21, 2015, 07:31:42 PM »
I keep seeing several email alerts from Nedi 1.4 that say this:

22) blg-100-sw1 CLI Bridge Fwd error: no working user

I found out that this is because SSH is warning that the key is different from the one in "~/.ssh/known_hosts"


ssh -o 'StrictHostKeyChecking no' -l nedi


ssh -o 'UserKnownHostsFile /dev/null' -o 'StrictHostKeyChecking no' -l nedi

Please add this change to Nedi so that it can still find devices with changed SSH keys!

/inc/libcli.pm, line 518 on Nedi 1.4
              my $known = "-o 'UserKnownHostsFile /dev/null' -o 'StrictHostKeyChecking no'";


GUI / Creating amazingly cool network maps with Nedi!
« on: January 13, 2015, 07:36:03 PM »
I have been having the time of my life playing with the new mapping capabilities inside Nedi.  I think many people don't understand how powerful they are, since it requires some tweaking to get results.

Here are some pointers to get you started:

Filter: (Used to restrict which devices are drawn on the map)

Here are some examples:

Device != ap   
(Hundreds of wireless access points (AP) can make a campus map too crowded, so don't display them.  This requires that you use "ap" in the name of your APs.)

Device = buildingname
(Great for getting a view of devices in one area)

Size and Format

I like to choose the biggest size that fits on my screen, which is currently "1920x1200".  If you want to use a custom size, you can manually edit the part of the URL for this.  For example: "&dim=1920x1920".

"SVG" format is great for a static map, that can be zoomed into using the browser's built in zoom function.

"JSON" is a REALLY fun output that is dynamic and interactive.  You will see the nodes bounce about trying to find the optimal design, and you can click and drag on nodes to make them move.

Map Type

We do not use customized SNMP location strings, so the only useful option for us here is "Devices" and "Flat".

Connection End

I can't figure out what "Connection" setting does, it doesn't seem to affect anything.  I do know that "Metric" is used to specify how spread apart the map will be.  Low numbers will make devices bunch up, and big numbers will spread everything apart.   (Note: These settings are ONLY used with the JSON format.)

Connection format

You can play with these, but I like the "Arc" and "Straight" lines the best.  "Length" is another setting used to specify how spread apart the map will be.  (Note: This setting does NOT have any affect when using the JSON format.)

Connection Information

This will add information about the links, such as link type (100 Mbps/1 Gbps/10Gbps) and link usage as percentage of the total link capacity.  (Note: This setting does NOT have any affect when using the JSON format.)

Node Configuration

This is probably my favorite feature of this tool.  I like to select "CPU Load" or "Tempurature".  This colors the devices based on the values of those sensors.  For example, Red devices have High CPU or High Temp.  "Image Large" can be used to show your manager what devices are on your network.   


Those are all the settings I use.  What settings do you use?

Database / monthly DB cleanup?
« on: January 13, 2015, 03:51:39 PM »
I saw this entry in the example crontab with 1.4:

# monthly DB cleanup on the 1st at 1:00 with output in /tmp
#0 1 1 * *      /var/nedi/contrib/nedio_db_maintenance.sh /var/nedi/nedi.conf /tmp/nedi-dbcleanup

However, the 1.4 tar file didn't include the contrib directory, so I can't see what this script does.  Anyone know what this is?


tristanrhodes@nedi:/opt/nedi$ ./nedi.pl -vpr

****** TRUNCATED OUTPUT *******

FWDC:000ffee62808 on Gi1/20     Vl999   1G-FD
FWDC:10604b70c201 on Gi1/26     Vl999   1G-FD
FWDC:d4ca6ddaeb5f on Gi2/32     Vl999   1G-FD
FWDC:00152cfa9f80 on Po51       Vl      2G--
FWDC:0 bridge forwarding entries found

Write Nodes ------------------------------------------------------------------
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node b0faeb8885ec appeared on Po3 Vl100
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad748993c0 appeared on Po3 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad748986ff appeared on Po2 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad74898480 appeared on Po5 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 4403a7a31d0e appeared on Gi1/21 Vl100
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 34dbfd48f6c1 appeared on Po52 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node b0faeb888ca0 appeared on Po4 Vl100
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 4c4e35c733e8 appeared on Po1 Vl100
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad748993ff appeared on Po3 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 4c4e35c733a7 appeared on Po2 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad74899340 appeared on Po4 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node b0faeb888d41 appeared on Po4 Vl100
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad748986c0 appeared on Po2 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad7418966d appeared on Po5 Vl900
EVNT:MOD=F/1 L=100 CL=secn TGT=d-9-gw1 MSG=Node 7cad748984bf appeared on Po5 Vl900
DBD::mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ifchanges=2,metric='HHH',noduser='' WHERE mac='00152cfa9f80'' at line 1 at ./inc/libdb.pm line 1902.
DBD::mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ifchanges=2,metric='HHH',noduser='' WHERE mac='00152cfa9f80'' at line 1 at ./inc/libdb.pm line 1902.

Not sure what happened, but it might be related to us manually importing node information from an older version of Nedi.  This is the format we used (we left out a field called "metric" because it didn't match between versions):

INSERT INTO `nodes` (`mac`, `oui`, `firstseen`, `lastseen`, `device`, `ifname`, `vlanid`, `ifupdate`, `ifchanges`) VALUES
('000000000001', 'XEROX CORPORATION', 1389906901, 1392938101, 'te-dc-dellblade-sw1', 'Po1', 10, 1392938101, 1),

Installation / Database error when initializing Nedi 1.0.9 on MySQL 5.5.38
« on: December 20, 2014, 01:30:44 AM »
Code: [Select]
tristanrhodes@nedi:/opt/nedi$ sudo ./nedi.pl -i

Initialize NeDi DB!!!
mysql admin user: root
mysql admin pass: NotMyRealPassword
NeDi host (where the discovery runs on: mysql.mgmt.domain.com
DB Version      : 5.5.38-0ubuntu0.12.04.1-log
DBD::mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-109' at line 1 at ./inc/libdb.pm line 132, <STDIN> line 3.
DBD::mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-109' at line 1 at ./inc/libdb.pm line 132, <STDIN> line 3.
tristanrhodes@nedi:/opt/nedi$ sudo ./nedi.pl
DBI connect('dbname=nedi-109;host=mysql.mgmt.domain.com','nedi',...) failed: Access denied for user 'nedi'@'nedi.domain.com' to database 'nedi-109' at ./inc/libdb.pm line 46

Here are my relavent settings:

Code: [Select]
# Choose backend (mysql or Pg)
backend         mysql

# DB params
dbname          nedi-109
dbuser          nedi
dbpass          DatabaseUserPassword
dbhost          mysql.mgmt.domain.com

GUI / Nedi integration with Observium?
« on: December 14, 2014, 12:24:15 AM »
As a 10-year user of Nedi, I have loved the amazing features that we get for free.  These include:

  • automated discovery of network devices by crawling the CDP/LLDP network
  • sending bulk commands to devices
  • backing up device configs
  • automatic network maps
  • inventory reporting (models, software, port utilization)
  • IPAM (networks, IPs, routes being used)
  • email alerts on high CPU, low memory, config changes
  • real-time traffic graphs on swithports
  • tracking computers (nodes) by DNS, IP address, MAC address, vendor, open ports (NMAP)

One area that Nedi has not been successful for us is monitoring interfaces on a short time-frame (5 mins).  This is mainly because Nedi takes over an hour for our discovery to complete.  Therefore, we have been using Cacti for years to provide performance monitoring.  The downside is that Cacti does not have auto-discovery, so we manually added a subset of our devices using their basic template for switches.  Nedi has basic integration with Cacti (I think by linking to the graphic generated by Cacti) but we don't use this feature.

However, a few months ago we started testing Observium to see what it can do.

Here is what Observium does very well:

  • automated discovery of network devices by crawling the CDP/LLDP network
  • polling and graphing of every component in the device
  • capable of 5-minute polling of hundreds of devices using multiple threads
  • alerting based on device availability and performance thresholds (paid subscription only)

Observium does collect basic information about end nodes (ARP table, MAC address table) but this information is hard to search, and it show every port that a MAC address was seen on, including uplinks and trunks.

My question is whether it makes sense to take the best of both Nedi and Observium, similar to the current Cacti integration, so that Observium graphs can be seen in Nedi?  (This may not work the same as Cacti, because I don't know the details)

Here is the URL of an interface graph in Observium:




Discovery / How does Nedi you determine the final location of node?
« on: September 11, 2014, 05:51:05 PM »
I am curious how Nedi determines the final location of a node. 

If you only queried the MAC tables, you would see the MAC address on a lot of interfaces. 

Do you simply "rule-out" interfaces that are known to be neighbors of other network devices? 

And thus you are only left with the interface that face the end node?

This list is entirely based on the contents of .def files in /nedi/sysobj.  I couldn't find this information anywhere else and I want Google to find it.    12410PRP   1822n  2526T-PWR  325-24T  350-24T  350F-HD  3Com-2924-PWR     3Com-4500G-PWR26     3Com-4500-PWR50     3Com-4800G-PWR-24     3Com-4800G-PWR48     3Com-5500G-EI-24      3Com-5500G-EI-24     3Com-5500G-EI 48 3Com-NJ2000  3Com-Officeconnect     3Com-S4500G-48     3Com-S5500-28-EI    3Com-S5500-28-EI  3Com-SS3-3870-48     3Com SS3-4500-50   3Com-SuperStack3-3300   3Com-SuperStack3-4400-24PWR  410-24T  420-24T  425-24T  450-24T  4550T-PWR  470-24T  470-48T  470-48T-PWR  5520-24T-PWR        A1000R   ACE10-6500-K9   ACE10-6500-K9    ACE10-6500-K9   Actelis-ml624    AIR-AP1100    AIR-AP1131AG-E-K9    AIR-AP1220    AIR-AP1230    AIR-AP1240    AIR-AP1252    AIR-AP350    AIR-BR1310    AIR-BR1410   AIR-CT5508   AIR-SAP2602E-E-K9    AIR-WLC2112-K9      AIR-WLC4404-100-K9     akcp-HHMSS     AKCP-SP2      Alteon-3408E     AlterPath_ACS    ALU-OS6400-24    ALU-OS6400-48    ALU-OS6400-U24    ALU-OS6450-10    ALU-OS6450-24    ALU-OS6850E-24X     ALU-OS6855-14  Anue 5236   AP1120 APC AP7721        APC SmartUPS1500       APC SmartUPS3000       APC SmartUPS5000       Aruba3200       Aruba3400       Aruba650    ASA5505    ASA5510    ASA5520    ASA5550    ASA5580    Avaya ERS8610 BC-AV1200        BC-SG510-ProxySG   Bigiron       BigIron8000        BlueCoat SG 300        BlueCoat SG 810    bluesocket    bluesocket       BNT110Gb       BNT6p10Gb        BNT Layer 23 Copper    Brocade-FCX624     C2500-DS40-L    Cat4006    Cat4503    Cat4503-E    Cat4507    catalyst2912MfXL    catalyst2912XL    catalyst2924CXLv    catalyst2924MXL    catalyst2924XLv    Catalyst-2960-48    catalyst6kMsfc2    catalyst8540msr    CBS3020-HPQ CBS31X0    CE500    ce510      CER   Ceragon FibeAir 1500P       CGESM  Ciena-  Ciena-  Ciena-  Ciena-CN  Ciena-Cn3940  Ciena-Le310  Ciena-Le311  Ciena-Le311v    cisco1601    cisco1605    cisco1700    cisco1700    cisco1720    cisco1751    cisco1760    Cisco-1802    Cisco-1803    Cisco-1812W    cisco1841     cisco2503     cisco2511     cisco2514    cisco2610    cisco2610XM    cisco2611    cisco2611XM    cisco2612    cisco2620    cisco2621    cisco2621XM    cisco2621XM    cisco2650    cisco2651XM    cisco2691    cisco2801    Cisco-2811 Cisco-2821    Cisco-2821    cisco2851   Cisco-2911    Cisco-3620    Cisco-3640    Cisco-3662Ac    cisco3725    cisco3745    cisco3825    cisco3845     cisco4500    Cisco7201    cisco7204    cisco7204VXR    cisco7206    cisco7206VXR    CISCO7604    CISCO7606    cisco7609    cisco803    cisco831    cisco836    Cisco861    cisco870    cisco870    Cisco871   Cisco AIR-CT5760    ciscoAS2511-RJ    ciscoAS5300    ciscoAS5350    ciscoAS5350XM    ciscoIAD2420    ciscoNme16Es1Ge    ciscoOS-CIGESM-18TT-EBU    cisco WS-CBS3130    ciscoWSX5302    CSACS-1121-K9   CSS        CSS11503        D-LinkDES-1252     DS-HP-FC-K9        DSR1020       DSR2035 EIF2402CF EIF4802CF        Enterasys A-Series        Enterasys C3G124-24        Enterasys Chassis    ERS5530-24TFD    EX2200    F5 BigIP 1600      FES2402      FES4802Switch       FESX424        FESX424        FESX424        FESX448        FESX448        FESX624HF        FGS648P   FGT_100D   FGT_310B  FGT_3140B   FGT60  FGT600 FGT800      FI400Router      FI4802-PREM   FortiAnalyzer800  Fortigate1240B   Fortigate200A   Fortigate500A Fortigate500A    Fortigate50B   Fortigate800    FreeBSD    fw      FWS4802Switch    FWSM    FWSM        FWSX448  GS-2108C   GS-2124C      HP10504     HP12508        HP12518     HP1800-24G     HP1800-24G     HP1800-8G    HP1810-24G     HP1910     HP1910     HP2510-24     HP2510-24     HP2510-48     HP2510G-24     HP2512     HP2520-8G-PoE     HP2520G-8-PoE     HP2520G-8-PoE     HP2520G-8-PoE     HP2524    HP2530-24G-PoE+     HP2600-8-PWR     HP2610-24     HP2610-2412PWR     HP2610-24-POE     HP2610-48     HP2610-48-POE    HP2620-24    HP2620-48    HP2620-48PoEP     HP2626     HP2626     HP2626     HP2626     HP2650     HP2650     HP2650     HP2810-24G     HP2810-48G     HP2824     HP2848     HP2900-48G     HP2910al-24G     HP2910al-24G-PoE     HP2910al-24G-PoE     HP2910al-48G      HP3100-8     HP3400yl-24G    HP3500-24G-PoE     HP3500-48G-PoE    HP3500-48G-PoE+     HP3500yl-24G-PoE    HP3800-24G-PoEP-2SFP+     HP3800S      HP4000M      HP4100     HP4204vl-48G     HP4208vl       HP5100      HP5120-16G-SI        HP5120-24G-EI        HP5120-24G-EI-PWR      HP5120-24G-PoE+EI        HP5120-24G-SI        HP5120-48G-EI        HP5120-48G-EI        HP5120-48G-EI-PWR     HP5304xl     HP5308xl     HP5406zl     HP5412zl      HP5500-24G-SFP  HP5500-28F-EI  HP5500G-24G-EI        HP5800-24G        HP5800-48G        HP5800-48G-2Slot        HP5820-14XG      HP5820-24XG      HP5820-24XG        HP5820-24XG      HP5830AF-48G     HP5900AF-48XG-4QSFP+      HP5920AF-24XG     HP6108    HP6120XG     HP6410cl-6XG    HP6600-24G    HP6600-24G-4XG      HP6608        HP7502        HP7503       HP7506     HP8212zl        HP8805        HP9505 HPAP530WW        HPF1000-E       HPJetdirect HPJetdirect  HPMSM310  HPMSM313  HPMSM710  HPMSM720  HPMSM730  HPMSM750  HPMSM760  HPMSM765        HPMSR20-11        HPMSR20-11        HPMSR20-11        HPMSR20-13 HPMSR30-20 HPMSR30-20 HPMSR30-40 HPMSR50-40     HPNAC800 HPOA    HP Printer       HPSimware   HPSR7102dl   HPSR7203dl  HPTMS        HP U200-S HPVC      HPVC-FC      HPVC-FCeva HPVCflex10        HPWX3010

Discovery / Security reminder: Be sure to configure "netfilter"!
« on: July 09, 2013, 08:34:57 PM »
When Nedi discovers a CDP or LLDP neighbor, it will begin sending all your read-only SNMP strings to it.  If this device is a hacker on your network running CDPd, then the hacker can easily learn these SNMP communities.

Additionally, if the hacker can convince Nedi they are a valid device, then Nedi will also try to backup the device using SSH or Telnet.  This will enable a hacker to get full access to the usernames and passwords to all your devices.

The best protection for this attack is to configure your netfilter (found inside nedi.conf) to strictly match only your devices and never an IP that a user can be assigned.

# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
netfilter       172.16|172.31

Cheers and be safe!


I am using "Device Write" and running this command to upgrade my Cisco 2960S switches:

archive download-sw /imageonly tftp://

Nedi does successfully upgrade the devices, but the log file is blank.  Can we increase a timer somewhere so that we can see the feedback from the long (7 minute) upgrade?



Discovery / Changing passwords on devices....
« on: May 15, 2013, 11:02:43 PM »
It is a best practice to periodically change authentication on network devices.  If I change the SNMP or SSH credentials on all my devices, then Nedi will stop being able to contact them, unless I manually delete the devices (and lose information).

1) If a previously discovered device fails authentication, can we have Nedi try the passwords and communities listed in Nedi.conf?



Definition Files / = WS-C3560G-48PS
« on: May 14, 2013, 10:38:26 PM »
Something is wrong with the def file for  Nedi thinks the file is blank, even though it is not.  Permissions seemed to be the same as all other files that work.

My fix was to copy to and simply change the Device Type to WS-C3560G-48PS


We currently have the ability to decide how long to keep node entries in Nedi.  We use 730 days (2-years).

# Remove nodes (force IP, DNS and IF update) if inactive longer than this many days
retire          730

However, we don't have this ability with devices.  I have 1,400 devices in Nedi, and over 100 of them are from old devices, or temporary devices.  If I wasn't lazy, I could write a custom SQL query to delete these, but most users would love to simply have these auto-expire out of the database.  You could keep the existing functionality of never retiring devices by default by commenting this option in nedi.conf.

# Remove devices if inactive longer than this many days
device_retire         730

Thanks Remo!


Pages: [1] 2 3