Welcome, Guest. Please login or register.

Author Topic: Using arpwatch tables to import IP's to Nedi  (Read 16 times)

steveballantyne

  • Newbie
  • *
  • Posts: 1
    • View Profile
Using arpwatch tables to import IP's to Nedi
« on: August 12, 2019, 06:12:03 PM »
Hello all, I have a fancy new Palo Alto firewall and I have moved some VLAN's over to it. I ran into trouble with Nedi which ultimately I figured out was because Palo Alto doesn't provide MAC/ARP with SNMP (boooo!!!).

I am attempting to pull a fast one on Nedi by using Arpwatch. I wrote a shell script that connects to the Palo Alto, pulls down an ARP list, formats it into a standard Arpwatch file, and then waits for Nedi to come collect it.

When I run Nedi manually, it *seems* to be collecting the data and ingesting it ...

Quote
/usr/bin/perl /var/nedi/nedi.pl -vopN arpwatch
8< snip 8<
ARPW:b827eb772282 10.20.11.25 10.20.11.25       ups-drmckinley.kch.local.       OK
ARPW:b8ca3a7683fc 10.20.11.101 10.20.11.101     dt-dh04dx1.kch.local.   OK
ARPW:f8b156c5aa08 10.20.11.103 10.20.11.103     dt-9n4cfz1.kch.local.   OK
ARPW:000cc67ddc81 10.20.11.104 10.20.11.104     no-hostname     OK
ARPW:180373468467 10.20.11.105 10.20.11.105     dt-5smwjs1.kch.local.   OK
ARPW:3417ebaa3070 10.20.11.106 10.20.11.106     dt-1tf3v12.kch.local.   OK
ARPW:b8ca3a7f7783 10.20.11.107 10.20.11.107     dt-655phx1.kch.local.   OK
ARPW:1cdea7a0b388 10.20.11.108 10.20.11.108     vg204xm_drmckinley.kch.local.   OK
ARPW:5c260a870946 10.20.11.109 10.20.11.109     docron-pc.kch.local.    OK
ARPW:842b2b9a37c2 10.20.11.110 10.20.11.110     dt-5pgdpm1.kch.local.   OK
ARPW:b8ac6fab4ff7 10.20.11.112 10.20.11.112     dt-5pgcpm1.kch.local.   OK
ARPW:782bcb8a355a 10.20.11.113 10.20.11.113     dt-7dszdq1.kch.local.   OK
ARPW:002673c2f499 10.20.12.10 10.20.12.10       lex_murnen.kch.local.   OK
ARPW:b4b52ff56231 10.20.12.11 10.20.12.11       no-hostname     OK
ARPW:0021b7de06a8 10.20.12.12 10.20.12.12       lex_murnen2.kch.local.  OK
ARPW:f8b156c5a5bd 10.20.12.101 10.20.12.101     dt-9n69fz1.kch.local.   OK
ARPW:b083fe4feec8 10.20.12.102 10.20.12.102     dt-93rh942.kch.local.   OK
ARPW:18037327e196 10.20.12.103 10.20.12.103     dt-8ncjtv1.kch.local.   OK
ARPW:002564f75691 10.20.12.105 10.20.12.105     dt-22htql1.kch.local.   OK
ARPW:842b2baa804c 10.20.12.108 10.20.12.108     dt-ggn7nn1.kch.local.   OK
ARPW:d89ef3985718 10.20.12.109 10.20.12.109     dt-30phrr2.kch.local.   OK
ARPW:54e14034cb19 10.20.12.110 10.20.12.110     25064878.kch.local.     OK
ARPW:d89ef39856a1 10.20.12.111 10.20.12.111     dt-33skrr2.kch.local.   OK

BUT, then if I search my Nedi database for any Nodes or Devices with these IP addresses - I come up empty. If I search for the MAC address, I can find it. But the IP is blank. Is there something else that I need to do to force Nedi to connect these two pieces of information?