Welcome, Guest. Please login or register.

Author Topic: error message after fresh install of 1.4 with 1.4p5  (Read 3304 times)

lostsoul77

  • Newbie
  • *
  • Posts: 17
    • View Profile
error message after fresh install of 1.4 with 1.4p5
« on: September 08, 2015, 07:32:59 PM »
DISC:10.255.254.255 ID 10.255.254.255
Use of uninitialized value $misc::netfilter in regexp compilation at ./inc/libmisc.pm line 1289.
Use of uninitialized value $misc::netfilter in concatenation (.) or string at ./inc/libmisc.pm line 1291.
Use of uninitialized value $misc::netfilter in concatenation (.) or string at ./inc/libmisc.pm line 1291.
DISC:Not matching netfilter
DISC:ToDo/Done-Time                                        0/0-0s

===============================================================================
Nothing discovered, nothing written...
END :Took 0 minutes



[root@netflowapp01 nedi]# more seedlist
# List of devices to be discovered by nedi.pl
# You can also specify communities and read version for
# individual devices separated by tab(s).
# If list is empty, the default gateway will be used.
;192.168.1.1            pablic
;192.168.1.2            peblic
;router17.nedi.ch       poblic  1
10.255.254.254  public 2
10.255.2.0-255  public 2
10.255.94.0-255 public 2
10.255.254.0-255        public 2



[root@netflowapp01 nedi]# more nedi.conf
# NeDi 1.0.9 configuration file
#============================================================================
# Device Access
#============================================================================

# Set SNMP communities (preferred ones first).
# If authentication protocol is set, it will be treated as v3
#
#       name    aprot   apass           pprot   ppass
comm    N0t43vRl0gRq4Sl
comm    public
comm    private
;comm   paranod md5     ver3pa55        aes     ver3pa55
;comm   initial md5     ver3pa55        des     ver3pa55
;comm   initial md5     ver3pa55

# Set SNMP policy for write access:
# 3             = requires SNMP v3 for write access
# 2             = also allow SNMP v2 write access
# commented     = disable write access
snmpwrite       2

# Timeout for SNMP and telnet communication. Extra time will be added
# for certain tasks (e.g. building the config).
# If you have problems getting information from busy devices, you can add a retry option.
# Be aware that this can slow down the discovery considerably (as in timeout*retries)
#timeout                2       2
timeout         2

# - you can map IP address, telnet port, device name, location, contact serial or group
[root@netflowapp01 nedi]# more nedi.conf
# NeDi 1.0.9 configuration file
#============================================================================
# Device Access
#============================================================================

# Set SNMP communities (preferred ones first).
# If authentication protocol is set, it will be treated as v3
#
#       name    aprot   apass           pprot   ppass
comm    public
comm    private
;comm   paranod md5     ver3pa55        aes     ver3pa55
;comm   initial md5     ver3pa55        des     ver3pa55
;comm   initial md5     ver3pa55

# Set SNMP policy for write access:
# 3             = requires SNMP v3 for write access
# 2             = also allow SNMP v2 write access
# commented     = disable write access
snmpwrite       2

# Timeout for SNMP and telnet communication. Extra time will be added
# for certain tasks (e.g. building the config).
# If you have problems getting information from busy devices, you can add a retry option.
# Be aware that this can slow down the discovery considerably (as in timeout*retries)
#timeout                2       2
timeout         2

# - you can map IP address, telnet port, device name, location, contact serial or group
# - If you map the ip to 0.0.0.0, the device will be ignored.
# - 16 and 24 bit subnet wide mappings are possible too (e.g. 10.10.10)
# - If you map the name to "map2DNS" the DNS name will be used
# - If you map the name to "map2IP" the IP address will be used
# - Use all instead of an IP to globally map an attribute (e.g. replace contact info)
;mapip          192.168.1.1     0.0.0.0
;maptp          192.168.2.1     2323
;mapna          192.168.3.1     preferredname
;maplo          192.168.4.1     preferredlocation
;mapco          192.168.4.1     preferredcontact
;mapco          all             -
;mapsn          192.168.5.1     3.1415927
;mapgr          10.10.10        Group10

# Using name pattern to map location (Quotes around replacement string are rquired)
#nam2loc        ^(\w+)-(\w+)-(\w+)-(\w+)        "$2;$3;$4"

# The users for telnet and ssh access:
# - Put most frequent ones first.
# - Leave enablepass empty, if the user is priviledged already.
# - Use a dummy pass (and proper enablepass) if no login is required to connect.
# - Use a dummy enablepass if no pw is required to enable, but you still need send enable
# - Append ;1 ;2 etc. to user, if different pw are used with same login.
# - Use public-key authentication with ssh, if you don't want to have pw here in cleartext.
# - Nortel CLI capable devices may require to configure cmd-interface cli to avoid menus!
# - To access the cli of a mikrotik, use +cte after user name (e.g. admin+cte)
#
#       user    pass    enablepass
;usr    nedi    pa55    enpa55
;usr    admin   Enpa55
;usr    edmin   enterasys
;usr    xmin    extreme

# Regexp to match username prompts (useful if you set something else on auth server)
# The cryptic stuff at the end are escape sequences for ProCurve
uselogin        (User|username|login|(User|Login)\sName)\s?:\s?(\x1b\[[;\?0-9A-Za-z]+)*$

# Regexp to match sensitive configuration lines, which should not be included in backup
;ignoreconf     password\s

# Set ssh policy for CLI access:
# always        = only explicitly mapped ports will be used with telnet
# never         = never try ssh
# known         = only connects when hostkey is known (add with nedi.pl -k, keyscan or manually with ssh)
# commented     = try whatever will work
;usessh         always-known
;usessh         never

# Set policy how poe delivery should be tracked. Comment to ignore:
# disprot       use the discovery protocol
# ifmib         get real value from the interfaces
usepoe          ifmib

# Use IP address based on order of the following letters per device type,
# or default for all (will only be assigned if pingable and unique):
# e             ethernet
# l             loopback
# v             virtual (vlan)
# n             resolve DNS name (evaluated after the above)
# commented     always use original IP
;useip          default lev

# Skip policy (just like -S) per 'device type', or 'default' for all:
# commented     doesn't skip any info
# This complies with older NeDi versions:
;skippol        default dbo

#============================================================================
# Discovery
#============================================================================

# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
;netfilter      ^10\.255\.0|^10\.0
# To avoid networks
;netfilter      ^(?!192.168.1).*$
;netfilter      .

# Regular expression to match discovery protocol description of non-SNMP
# platforms (like lightweight/controlled APs).
nosnmpdev       IP\s(Phone|Telephone)|^ATA|AIR-[CL]AP|MAP-|AP(\s|_)Controlled|MSM\d{3}|armv5tejl/Linux

# Define OUI vendor strings which NeDi should try to discover on MAC based discovery.
# Make sure you do not include CDP devices here, if you are using CDP discovery as well.
ouidev          bay|nortel|netics|xylogics|foundry|XYLAN|Netgear|Hew

# Do not discover devices containing these strings in the description (e.g. Printers etc.)
;ignoredesc     LaserJet|JETDIRECT|HP-UX|Linux

# You can specify a pattern to match the neighbor's name where the discovery should stop.
# For oui discovery, vendors or MAC addresses
# Some clients generate CDP packets (W2K12 sends LLDP)
;border         WAN-router
border          Windows

# This value needs to be set to the discovery interval in seconds. Make sure it
# corresponds to the NeDi crontab entry (e.g. hourly 1 * * *  => 3600).
rrdstep         3600

# This value lets you adjust how many samples you want within an RRD. With the default of
# 1000 and hourly discoveries you get 1000h ~ 42 days worth of samples. Those will be aggregated
# by a factor of 10, and stored again in 1000 spots, providing more than a year of long term data.
rrdsize         1000

#============================================================================
# Backend & Libraries
#============================================================================

# Choose backend (mysql or Pg)
backend         mysql

# DB params
dbname          nedi
dbuser          nedi
dbpass          dbpa55
dbhost          localhost

# Points to executable (leave empty to disable graphs)
rrdcmd          rrdtool

# Location of NeDi
nedipath        /opt/nedi

# Prefix to call Cacti CLI tools for adding graphs in Topology-Graph
;cacticli       /usr/bin/php /usr/share/cacti/site/cli

# Cacti integration. Uncomment, if you want Devices-Status to link to Cacti.
# You will need to have the NeDi device names as host (or description) in cacti,
# with that a link can be established.
;cactihost      localhost
;cactidb        cacti
;cactiuser      cacti
;cactipass      cactipa55
;cactiurl       /cacti

# Redirect NeDi events into nagios
;nagpipe        /Data/nagios/rw/nagios.cmd

#============================================================================
# Messaging & Monitoring
#============================================================================

# Generate events during discovery (uppercase also sends mail where shown)
# a/A   IF admin status change
# b/B   Backup new configs, changes & errors
# c/C   Failed CLI commands
# d/D   Discovery related (D sends mails on loops & new devices)
# e/E   Interface errors warning threshold 1/min, alert 1/sec (excluding radios)
# g/G   Interface discards using fixed threshold 1000/s (excluding radios)
# f/F   Firstseen nodes
# l/L   Link related (discovery protocol, speed- duplexchange, no traffic and discards > 1s)
# m/M   Module related (includes supplies and stacks)
# n/N   Stolen nodes, flood & ARP tracking
# o/O   IF oper status change
# p     Scanning change in open ports
# s/S   System and environment based events, see thresholds below
# t/T   Traffic based on traf-alert and broadcasts below
# i/I   New, changed or duplicate IP addresses on devices
# j/J   Changed or duplicate IP addresses on nodes
# w/W   Average PoE exceeding poe-warn
# x     Xtra debug events for discovery, nodelock and adds timestamp fore each device in discovery output
notify          abcdefijlmnopstw

# Time in secondes between monitoring polls. Note its sequencial for now, due to new design.
# Should be threaded soon, but for now use a bigger pause...
pause           180

# Thresholds for monitored values:
# - noreply how many missing replies to trigger the alert
# - latency-warn in ms for monitoring checks
# - mem-alert if below kBytes/percent free
# - temp-alert in degrees Celsius
# - cpu-alert % usage
# - traffic-alert in % of speed
# - broadcast-alert in 1/s
# - errors alert when > 1/s or warn when > 1/min)
# - poe-warn relative poe load in % of budget (should also work for stack members)
# - supply-alert relative print supply level in % or available access ports

noreply         2
latency-warn    100
cpu-alert       75
mem-alert       1024/10
temp-alert      60
traf-alert      75
bcast-alert     100
poe-warn        75
supply-alert    5

# Smtpserver to send notification emails to
smtpserver      sendmail

# Address where notification emails are sent from
mailfrom        info@nedi.ch

# Adds a footer to mails sent by NeDi
mailfooter      Visit http://www.nedi.ch NeDi for more information\n\nKind regards & lots of fun\n-Remo\n

# SMS Gateway (SPOOL file, gammu-inject or smtp server)
;sms    spool   /var/spool/sms/outgoing
;sms    gammu   gammu-smsd-inject
;sms    smtp    smsgw.your.net

#============================================================================
# Nodes Related
#============================================================================

# Read MAC address tables from switches:
# dyn  = Dynamic forwarding on supported devices
# sec  = Read Port Security entries in addition
# snmp = Use SNMP only (will be used as fallback as well)
getfwd          dyn

# A regular expression matching the vlanids which should not be checked for nodes.
;ignoredvlans   ^(10[01][0-9])$

# Ignore special MAC addresses
# HSRP 00-00-0c-07-ac-{HSRP group number (0 to 255)}
# HSRPv2 00-00-0C9F-F{HSRP group number (0 to 4096) as Hex}
# GLBP 00-07-b4-00-01
# VRRP (RFC 2338) 00-00-5e-00-01-{VRID}
# Microsoft WLBS 02bf-{last four octets are IP address}
# Ethernet broadcast ffffffffffff
ignoredmacs     ^(0000c07ac|00000c9ff|0007b40001|00005e0001|02bf|[f]{12}|[0]{12})

# regular expression matching the vlids where independant vlan learning is desired.
# This can be very useful, when the same MAC address appears in different vlans.
# Since MAC and vlanid will be used as primary key, the Router needs to return
# the vlanid in its ARP table or IP resolution will fail!
;useivl         ^2[012]0$

# Remove nodes (force IP, DNS and IF update) if inactive longer than this many days
retire          30

# Uncomment and specify path, if you want to use arpwatch for address resolution
# Use wildcard, if you want to use several files (e.g. in case of several vlans/IF)
arpwatch        /var/arpwatch/arp*

# ARP entries per IP to detect poisoning on routers
arppoison       1

# MACs per interface  threshold to detect switch flooding
macflood        50

#============================================================================
# GUI Settings
#============================================================================

# Define the modules you wish to include in the menu and
# assign groups if you want.
#               Section         Module                  Icon    Group
module  Devices         List                    dev     net
module  Devices         Modules                 cubs    net
module  Devices         Interfaces              port    net
module  Devices         Vlans                   vlan    net
module  Devices         Status                  sys     net
module  Devices         Config                  conf    net
module  Devices         Doctor                  info    net
module  Devices         Graph                   grph    net
module  Devices         Write                   wrte    adm

module  Assets          List                    list    oth
module  Assets          Inventory               pkg     mgr
module  Assets          Locations               home    oth
module  Assets          Loced                   ncfg    mgr

module  Topology        Table                   icon    net
module  Topology        Map                     paint   net
module  Topology        Routes                  rout    net
module  Topology        Multicast               cam     net
module  Topology        Spanningtree            traf    net
module  Topology        Networks                net     net
module  Topology        Links                   link    net
module  Topology        Linked                  ncon    mgr

module  Nodes           List                    nods    dsk
module  Nodes           Status                  node    dsk
module  Nodes           Toolbox                 tool    dsk
module  Nodes           Stolen                  step    dsk
module  Nodes           Track                   note    dsk
module  Nodes           Create                  kons    adm

module  Reports         Combination             chrt    mgr
module  Reports         Devices                 ddev    mgr
module  Reports         Modules                 dcub    mgr
module  Reports         Interfaces              dif     mgr
module  Reports         Nodes                   dnod    mgr
module  Reports         Monitoring              dbin    mgr
module  Reports         Wlan                    wlan    mgr

module  Monitoring      Health                  hlth    mon
module  Monitoring      Events                  bell    mon
module  Monitoring      Timeline                news    mon
module  Monitoring      Incidents               bomb    mon
#module Monitoring      Master                  hat3    mon
module  Monitoring      Setup                   bino    adm

module  System          NeDi                    radr    adm
module  System          Files                   file    adm
# System-Export allows creating queries, which can circumvent currently used sanitization.
# Therefore the default is changed back to admin!
module  System          Export                  flop    adm
module  System          Services                cog     adm
module  System          Snapshot                foto    adm

module  User            Accounts                ugrp    adm
#module User            Guests                  walk    dsk WIP
module  User            Profile                 user
module  User            Chat                    say
module  User            Logout                  exit

module  Other           Noodle                  find    oth
module  Other           Defgen                  geom    net
module  Other           Calculator              calc    net
module  Other           Info                    php     oth
#module Other           Flower                  fan     oth
module  Other           Converter               hat2    oth
module  Other           Invoice                 cash
#module Other           Nagios                  cinf    oth

# Authentication for GUI users can be set to:
# local, sso, pam, radius, ldap or none
# Append -pass to use the session user (entering pw each time) for device access (e.g. in Devices-Write)
guiauth         local

# Set Radiusserver(s) parameters, if selected above
#               host            port    secret          timeout retries
;radserver      localhost       1812    testing123      2       1

# Set Ldapserver parameters, if selected above:
#               host                    port    rootpw          basedn          rootdn  loginattr
;ldapsrv        ldaps://host.domain     636     PASSWORD        DC=XX,DC=YYY    USER    uid

# Map attributes, if desired
# For ldap authentification without authorization keep this commented
#               adm     net     dsk     mon     mgr     oth     mail    phone
;ldapmap        cisco   cisco   cisco   support manager users   mail    telephoneNumber

# Disclaimer or what ever you want people to see upon login. The default is my statement to every NeDi user:
disclaimer      NeDi has not caused any damage yet! I will not take any responsibility, if you mess up your network with NeDi!

# SNMP locations need to be formatted like this now:
# Region;City;Building;Floor;Room;Rack;RU
# This separator defaults to a space if commented
# The 2nd separator can be used for sub-buildings at the same address
locsep          ;       _

# Pattern to match for buildings to be marked red (e.g. HQ|Main).
redbuild        HQ|Main





rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2496
    • View Profile
    • NeDi
Re: error message after fresh install of 1.4 with 1.4p5
« Reply #1 on: September 09, 2015, 10:26:44 PM »
uncomment the last netfilter line (with a dot)
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

lostsoul77

  • Newbie
  • *
  • Posts: 17
    • View Profile
Re: error message after fresh install of 1.4 with 1.4p5
« Reply #2 on: September 14, 2015, 08:14:02 PM »
Thank you....that did the trick!

cyberdude

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: error message after fresh install of 1.4 with 1.4p5
« Reply #3 on: December 30, 2015, 07:41:39 PM »
I recently reloaded my nedi server and set it back up. I am having the same issue but the netfilter with the . is not commented. I get the following message when trying to manually scan


Use of uninitialized value $misc::netfilter in regexp compilation at /opt/nedi/inc/libmisc.pm line 1283. Use of uninitialized value $misc::netfilter in concatenation (.) or string at /opt/nedi/inc/libmisc.pm line 1285. Use of uninitialized value $misc::netfilter in concatenation (.) or string at /opt/nedi/inc/libmisc.pm line 1285. DISC:Not matching netfilter

cyberdude

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: error message after fresh install of 1.4 with 1.4p5
« Reply #4 on: December 30, 2015, 10:26:46 PM »
Update, below is the discovery section of nedi.conf. For testing purposes i commented out everything to see if that would work but it did not. I even tried adding the netfilter   . and removing but neither option worked. It is like there is a netfilter issue but nothing in the netfilter is being used as far as I can tell. On the events page I get message that 'not matching netfilter' for the devices i have setup.


#============================================================================
# Discovery
#============================================================================

# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
;netfilter   ^192\.168\.0|^172\.16
;netfilter   ^10\.200\.255|^10\.128\.1
;netfilter   10.200.255
;netfilter   10.128.1
# To avoid networks
;netfilter   ^(?!192.168.1).*$
 ;netfilter   ^(?!10.160.1).*$
 ;netfilter      ^(?!10.180.1).*$

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2496
    • View Profile
    • NeDi
Re: error message after fresh install of 1.4 with 1.4p5
« Reply #5 on: December 31, 2015, 12:44:35 PM »
If netfilter is not defined, it wasn't found in nedi.conf. Can you check for leading spaces etc?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo