Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - steveballantyne

Pages: [1]
Discovery / Re: Using arpwatch tables to import IP's to Nedi
« on: August 20, 2019, 03:46:42 PM »
supports reading Palo's ARP cache via SNMP

Nice work! Thanks. I will work on getting that installed.  :-)

Discovery / Using arpwatch tables to import IP's to Nedi
« on: August 12, 2019, 06:12:03 PM »
Hello all, I have a fancy new Palo Alto firewall and I have moved some VLAN's over to it. I ran into trouble with Nedi which ultimately I figured out was because Palo Alto doesn't provide MAC/ARP with SNMP (boooo!!!).

I am attempting to pull a fast one on Nedi by using Arpwatch. I wrote a shell script that connects to the Palo Alto, pulls down an ARP list, formats it into a standard Arpwatch file, and then waits for Nedi to come collect it.

When I run Nedi manually, it *seems* to be collecting the data and ingesting it ...

/usr/bin/perl /var/nedi/nedi.pl -vopN arpwatch
8< snip 8<
ARPW:b827eb772282       ups-drmckinley.kch.local.       OK
ARPW:b8ca3a7683fc     dt-dh04dx1.kch.local.   OK
ARPW:f8b156c5aa08     dt-9n4cfz1.kch.local.   OK
ARPW:000cc67ddc81     no-hostname     OK
ARPW:180373468467     dt-5smwjs1.kch.local.   OK
ARPW:3417ebaa3070     dt-1tf3v12.kch.local.   OK
ARPW:b8ca3a7f7783     dt-655phx1.kch.local.   OK
ARPW:1cdea7a0b388     vg204xm_drmckinley.kch.local.   OK
ARPW:5c260a870946     docron-pc.kch.local.    OK
ARPW:842b2b9a37c2     dt-5pgdpm1.kch.local.   OK
ARPW:b8ac6fab4ff7     dt-5pgcpm1.kch.local.   OK
ARPW:782bcb8a355a     dt-7dszdq1.kch.local.   OK
ARPW:002673c2f499       lex_murnen.kch.local.   OK
ARPW:b4b52ff56231       no-hostname     OK
ARPW:0021b7de06a8       lex_murnen2.kch.local.  OK
ARPW:f8b156c5a5bd     dt-9n69fz1.kch.local.   OK
ARPW:b083fe4feec8     dt-93rh942.kch.local.   OK
ARPW:18037327e196     dt-8ncjtv1.kch.local.   OK
ARPW:002564f75691     dt-22htql1.kch.local.   OK
ARPW:842b2baa804c     dt-ggn7nn1.kch.local.   OK
ARPW:d89ef3985718     dt-30phrr2.kch.local.   OK
ARPW:54e14034cb19     25064878.kch.local.     OK
ARPW:d89ef39856a1     dt-33skrr2.kch.local.   OK

BUT, then if I search my Nedi database for any Nodes or Devices with these IP addresses - I come up empty. If I search for the MAC address, I can find it. But the IP is blank. Is there something else that I need to do to force Nedi to connect these two pieces of information?

Pages: [1]