Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - tristanbob

Pages: 1 [2] 3
Discovery / Security reminder: Be sure to configure "netfilter"!
« on: July 09, 2013, 08:34:57 PM »
When Nedi discovers a CDP or LLDP neighbor, it will begin sending all your read-only SNMP strings to it.  If this device is a hacker on your network running CDPd, then the hacker can easily learn these SNMP communities.

Additionally, if the hacker can convince Nedi they are a valid device, then Nedi will also try to backup the device using SSH or Telnet.  This will enable a hacker to get full access to the usernames and passwords to all your devices.

The best protection for this attack is to configure your netfilter (found inside nedi.conf) to strictly match only your devices and never an IP that a user can be assigned.

# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
netfilter       172.16|172.31

Cheers and be safe!


I am using "Device Write" and running this command to upgrade my Cisco 2960S switches:

archive download-sw /imageonly tftp://

Nedi does successfully upgrade the devices, but the log file is blank.  Can we increase a timer somewhere so that we can see the feedback from the long (7 minute) upgrade?



Discovery / Changing passwords on devices....
« on: May 15, 2013, 11:02:43 PM »
It is a best practice to periodically change authentication on network devices.  If I change the SNMP or SSH credentials on all my devices, then Nedi will stop being able to contact them, unless I manually delete the devices (and lose information).

1) If a previously discovered device fails authentication, can we have Nedi try the passwords and communities listed in Nedi.conf?



Definition Files / = WS-C3560G-48PS
« on: May 14, 2013, 10:38:26 PM »
Something is wrong with the def file for  Nedi thinks the file is blank, even though it is not.  Permissions seemed to be the same as all other files that work.

My fix was to copy to and simply change the Device Type to WS-C3560G-48PS


We currently have the ability to decide how long to keep node entries in Nedi.  We use 730 days (2-years).

# Remove nodes (force IP, DNS and IF update) if inactive longer than this many days
retire          730

However, we don't have this ability with devices.  I have 1,400 devices in Nedi, and over 100 of them are from old devices, or temporary devices.  If I wasn't lazy, I could write a custom SQL query to delete these, but most users would love to simply have these auto-expire out of the database.  You could keep the existing functionality of never retiring devices by default by commenting this option in nedi.conf.

# Remove devices if inactive longer than this many days
device_retire         730

Thanks Remo!


I just fired off my first discovery using 1.0.8 and this is what I get:

NeDiVA:/var/nedi # ./nedi.pl

Discovery (1.0.8-309) with 1 seed at Tue Nov 13 22:06:02 2012
Device                          Status                          Todo/Done-Time
===============================================================================    core6500  v108St i343        Jv p0/0     f470    0/1-34s
 Building nodes nonodddnoinonodnodnonodnonodnonodnodnoddnononoddnononononodnonodinonodnoddnononodnoiddnononodnodddnoddnonodiddnonodnonononodnoddddnodnonoinononodnodnonodnodnoiiiinonoinonodnoddnoddidddnonononononodnodnonononoiddnonodddnodnoidnoddnodnodnonodnodnoddddiinononononoiddnononoddinonodnonononoddnononoddnonodiidnonoddnonononoinononononoinononononodnoddnodinodddnodnononodnonoidinonononodnononodddddnodnononoddnoinononoddnonononononononoiinonodnodnodnonodnononodnodinodnodddnonononoddddnodnoddnoinononononoinonononodnoinonoidnononoddnoddnononononodnonodnodidddnonononononoddnonononononodnodnodnononoiiinonoddnodddnodnononononoddnonodnodnonodnonodnoddnoddinononodnodnodnoinononodnodddidnonoinonononononodnoddnoddnonoddnonodnodinononoidddnodnodnononononodnodnonodnoiddnoddnoddnononoddnonodnononononoiinononononoinodddidnodnononoddnononoddddnonoddnodinodnoddinodnoinonodnonodddinonononoidiidnodd done
Use of uninitialized value $lck in numeric gt (>) at ./inc/libmisc.pm line 1544.
END :Took 0 minutes

I am testing Device-Write again, and it seems to wait for all commands to be done before updating the web-page.  I swear that previously it would update after each device was completed.  This feedback was re-assuring and allowed me to know if things were going as planned.  Am I crazy?



I love the device write module in Nedi.  However, I don't like the current version of Nedi that always adds "conf t" and "wr mem" before and after the custom command.  Here are my reasons:

1) I like to make changes and then verify that they were successful BEFORE I do a "write mem" and seal my fate.

2) Some times I want to do a "show" command without doing a "write mem".

3) If you want to make this tool work on other platforms, "wr mem" is Cisco specific.

Please let us use this amazing tool with our own commands.  If we needed help with "wr mem", we shouldn't be using such a powerful tool that can destroy our networks in seconds.

Thanks for listening!


Definition Files / Possible typo in 3750 temperature OID?
« on: February 08, 2012, 01:31:20 AM »
I was researching why my 3750s didn't show any temperature readings.  The default OID for 3750 temperature is: = Temperature

I have found that changing the last digit to a 5 will make temperature start working: = Temperature



Discovery / Verbose option breaks some discoveries...(-a and -t)
« on: January 10, 2012, 01:29:29 AM »
I tried using the verbose option (./nedi.pl -v) with the -a and -t options and I get errors.

nedi@NeDiVA:/var/nedi> ./nedi.pl -av
Use of uninitialized value in unpack at ./inc/libmisc.pm line 596.

nedi@NeDiVA:/var/nedi> ./nedi.pl -tv
Use of uninitialized value in unpack at ./inc/libmisc.pm line 591.



GUI / Small patch to show CPU load on Nedi server
« on: December 22, 2011, 07:03:40 PM »
By default, Nedi was not showing the output from "top" in System-Services.   I changed the options on "top" to make this work.  See below:

NeDiVA:/var/nedi/html # diff -u System-Services.php.old System-Services.php
--- System-Services.php.old     2011-12-22 17:59:10.000000000 +0000
+++ System-Services.php 2011-12-22 17:58:04.000000000 +0000
@@ -133,7 +133,7 @@
        if(PHP_OS == "OpenBSD"){
                system("/usr/bin/top -d1");
        }elseif(PHP_OS == "Linux"){
-               system("/usr/bin/top -n1");
+               system("/usr/bin/top -bn1");
        }elseif( strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ){

GUI / Notification when a device configuration changes
« on: December 21, 2011, 07:48:13 PM »
Similar to what we use RANCID for; could you give Nedi the ability to send an email (or other notification) when it discovers that the current device configuration doesn't match the previous one?



GUI / New Report: "Devices with unsaved configuration changes"
« on: December 21, 2011, 07:46:43 PM »
It would be useful if Nedi could compare running and startup configurations to determine if there are unsaved changes on devices.  This happens when someone forgets to "wr mem" and then network problems "magically" appear after a power-outage.



Definition Files / DEF file for Cisco WS-C4510R+E
« on: December 19, 2011, 09:23:40 PM »
This is based on other 4500 files, but I had to Google find a working CPU OID:


Anyway, that worked!


Definition Files / DEF file for Cisco WS-C3560CG-8PC-S
« on: December 19, 2011, 07:48:54 PM »
This is also based on Rufer's DEF files, and tested to work correctly.



Pages: 1 [2] 3