Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - steveballantyne

Pages: [1]
1
Discovery / Using arpwatch tables to import IP's to Nedi
« on: August 12, 2019, 06:12:03 pm »
Hello all, I have a fancy new Palo Alto firewall and I have moved some VLAN's over to it. I ran into trouble with Nedi which ultimately I figured out was because Palo Alto doesn't provide MAC/ARP with SNMP (boooo!!!).

I am attempting to pull a fast one on Nedi by using Arpwatch. I wrote a shell script that connects to the Palo Alto, pulls down an ARP list, formats it into a standard Arpwatch file, and then waits for Nedi to come collect it.

When I run Nedi manually, it *seems* to be collecting the data and ingesting it ...

Quote
/usr/bin/perl /var/nedi/nedi.pl -vopN arpwatch
8< snip 8<
ARPW:b827eb772282 10.20.11.25 10.20.11.25       ups-drmckinley.kch.local.       OK
ARPW:b8ca3a7683fc 10.20.11.101 10.20.11.101     dt-dh04dx1.kch.local.   OK
ARPW:f8b156c5aa08 10.20.11.103 10.20.11.103     dt-9n4cfz1.kch.local.   OK
ARPW:000cc67ddc81 10.20.11.104 10.20.11.104     no-hostname     OK
ARPW:180373468467 10.20.11.105 10.20.11.105     dt-5smwjs1.kch.local.   OK
ARPW:3417ebaa3070 10.20.11.106 10.20.11.106     dt-1tf3v12.kch.local.   OK
ARPW:b8ca3a7f7783 10.20.11.107 10.20.11.107     dt-655phx1.kch.local.   OK
ARPW:1cdea7a0b388 10.20.11.108 10.20.11.108     vg204xm_drmckinley.kch.local.   OK
ARPW:5c260a870946 10.20.11.109 10.20.11.109     docron-pc.kch.local.    OK
ARPW:842b2b9a37c2 10.20.11.110 10.20.11.110     dt-5pgdpm1.kch.local.   OK
ARPW:b8ac6fab4ff7 10.20.11.112 10.20.11.112     dt-5pgcpm1.kch.local.   OK
ARPW:782bcb8a355a 10.20.11.113 10.20.11.113     dt-7dszdq1.kch.local.   OK
ARPW:002673c2f499 10.20.12.10 10.20.12.10       lex_murnen.kch.local.   OK
ARPW:b4b52ff56231 10.20.12.11 10.20.12.11       no-hostname     OK
ARPW:0021b7de06a8 10.20.12.12 10.20.12.12       lex_murnen2.kch.local.  OK
ARPW:f8b156c5a5bd 10.20.12.101 10.20.12.101     dt-9n69fz1.kch.local.   OK
ARPW:b083fe4feec8 10.20.12.102 10.20.12.102     dt-93rh942.kch.local.   OK
ARPW:18037327e196 10.20.12.103 10.20.12.103     dt-8ncjtv1.kch.local.   OK
ARPW:002564f75691 10.20.12.105 10.20.12.105     dt-22htql1.kch.local.   OK
ARPW:842b2baa804c 10.20.12.108 10.20.12.108     dt-ggn7nn1.kch.local.   OK
ARPW:d89ef3985718 10.20.12.109 10.20.12.109     dt-30phrr2.kch.local.   OK
ARPW:54e14034cb19 10.20.12.110 10.20.12.110     25064878.kch.local.     OK
ARPW:d89ef39856a1 10.20.12.111 10.20.12.111     dt-33skrr2.kch.local.   OK

BUT, then if I search my Nedi database for any Nodes or Devices with these IP addresses - I come up empty. If I search for the MAC address, I can find it. But the IP is blank. Is there something else that I need to do to force Nedi to connect these two pieces of information?

Pages: [1]