Welcome, Guest. Please login or register.
Forums

Recent Posts

Pages: [1] 2 3 ... 10
1
Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by ggessler on June 07, 2024, 11:45:55 am »
Hi Rickli,

sorry for the late reply, I was out on vacation.
Yes, I have tried this already several times. Also changed the CLI port in the database to 22 to ensure that SSH is used - but this did not change anything here.

Cheers, Gerhard
2
Discovery / Re: No ARP table data collected from PaloAlto firewalls
« Last post by ruehlb on June 03, 2024, 06:38:27 pm »
My alternatives for finding a solution for this were not working out so I circuled back to see if I could find a resolution on my own. I think I have figure out part of the problem, not sure if it is the fix for everything yet. In the file /var/nedi/inc/libcli.pm, starting at line 1285, it appears the columns are off by 1. This is what the file has:

Code: [Select]
}elsif( $main::dev{$na}{os} eq 'PANOS' ){                                       # Palo Alto FW
    $ix = 0;
    $mx = 1;
    $px = 2;
}
Looking at the output of the CLI on a Palo Alto, these identifiers are incorrect. They are 1 column off. The correct code should be:

Code: [Select]
}elsif( $main::dev{$na}{os} eq 'PANOS' ){                                       # Palo Alto FW
    $ix = 1;
    $mx = 2;
    $px = 3;
}
Once I changed these variables, when I run the "Discover Now", there is a full arp table discovered on the device. Being this is in a lab environment, I don't have further equipment discovered to see if this fixes everything. I am going to test with a couple more devices and see if this is the full fix.
3
Discovery / Re: No ARP table data collected from PaloAlto firewalls
« Last post by ruehlb on May 22, 2024, 02:30:52 pm »
I agree. I have seen these pauses as well, primarily with config collection. One change I have made to accommodate for that is up the SNMP timeout to 10 seconds which allows for the collection of data. This appears to be different. When using the "Discover Now" button on the device, there is a couple second pause only at the login section. The CLI commands flow by with no hesitation. It is almost like the output is not matching what is expected therefor resulting in a 0 count table. I have tried to decipher the language in inc/libcli.pm but since coding is not my strong point, I can't for sure determine if that is the issue. My thought was if the CLI output changed at some point and the table is displayed differently than what is expected.
4
Discovery / Re: No ARP table data collected from PaloAlto firewalls
« Last post by rickli on May 21, 2024, 10:30:09 am »
I noticed different behavior (like very long pauses) on some devices when NeDi connects with SSH. Strangely enough a user can connect manually without any issues...
5
Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by rickli on May 21, 2024, 10:20:21 am »
Have you tried CLI reset in Devices-Status by clicking on red icon next to CLI? Only then will NeDi retry CLI access. Also I don't think it's related to the update as there were no changes in 2.3...
6
Discovery / No ARP table data collected from PaloAlto firewalls
« Last post by ruehlb on May 20, 2024, 06:26:04 pm »
We have several PaloAlto firewalls that function as the default gateway for protected subnets. When setting up the .def file, I have selected PANOS for the Operating System and CLI for the ARP collection. It appears that it runs without any problem as I am getting this is the output:

Code: [Select]
CMDR:show arp all dns no result is OK
ARPC:0 ARP entries found
I have verified that I can run 'show arp all dns no' on the firewalls with the same account that Nedi is using. When running manually, I get a CLI output like this followed by all the entries:

Code: [Select]
user@pa-firewall> show arp all dns no

maximum of entries supported :      5000
default timeout:                    1800 seconds
total ARP entries in table :        178
total ARP entries shown :           178
I am failing to figure out why the table is not being collected. This is starting to become more critical as this prevents the "Nodes" section of Nedi from identifying where the device is connected. Any help with identifying an issue is appreciated.
7
Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by ggessler on May 17, 2024, 05:48:49 pm »
Dear Rickli,
thank you very much, this did the trick.

But now I run into another problem:
Nedi is no longer able to access the switches with SSH. No matter if I discover a new switch or want to backup the configuration of an existing switch, I always receive error message that usessh policy:

During a backup:
Config (CLI)   ----------------------------------------------------------------  Fri May 17 16:50:52 2024
CLI :ssh connection prohibited by usessh policy
EVNT:MOD=B/1 L=150 CL=cfge TGT=bghsw-700e-IT310-01 MSG=Config backup error: Connection prohibited by usessh policy

During discovery:
GG: usessh == never --
TEL :Connect NeDiService;1@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;2@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;3@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;4@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;5@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
EVNT:MOD=B/1 L=150 CL=cfge TGT=bghsw-700e-IT210-01 MSG=Config backup error: can't start session

My standard setting in nedi.conf was to have usessh commented out so that is tries first SSH then Telnet:
# Set ssh policy for CLI access:
# always        = only explicitly mapped ports will be used with telnet
# never         = never try ssh
# known         = only connects when hostkey is known (add with nedi.pl -k, keyscan or manually with ssh)
# commented     = try whatever will work
;usessh         always-known
;usessh         never

After upgrade to 2.3C it and the new host OS SUSE SLES seems it does not honor what usessh option I set. I started with the above commented out variant of usessh but also tried to set "usessh always". But nothing seem to work.
As perl installation on SLES 15 is a bit unclear, I tried already with different SLES package but also with SSH from CPAN.

Cheers, Gerhard
8
Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by rickli on May 10, 2024, 09:56:17 am »
You seem to be missing the vendorinfo table, as it wasn't created when updating from previous versions. NeDi 2.4 will create it with the DB update. Alternatively, you can download the table at http://www.nedi.ch/services/customer-area/index.html and add it via System-Files -> Import Database.
9
Discovery / Re: snmpdev
« Last post by Westy_87 on May 10, 2024, 05:48:01 am »
Just want to say thanks. This has bugged me for ages. We have a lot of Polycom devices that were still being scheduled for discovery and showing up in logs as 'Device ID SEP........' so I had tried adding SEP to the nosnmpdev list but it did nothing.

Went and checked lldp descriptions and added those, which stopped some but not all. Then I realised some were doing cdp as well as lldp so I had to add the cdp 'Platform' description.

This is how it looks now

nosnmpdev   IP\s(Phone|Telephone)|Poly|Trio|Desk Pro|Kronos
10
Installation / Problems with NeDi 2.3C and PHP 8.0 / 8.1
« Last post by ggessler on May 03, 2024, 01:27:28 pm »
Dear all,

I have upgraded our NeDi 2.0 installation on CentOS to NeDi 2.3 on SLES 15 by upgrading 2.0 -> 2.1 -> 2.3 and have problems with all PHP pages which show e.g. device details (e.g. Devices-List.php or Devices-Status.php).
Both PHP pages are not fully loading, they are both stopping at the table cell which displays device serial number.

Devices-List.php breaks in line 319
Apache error log shows:
[Fri May 03 12:23:09.872768 2024] [php:error] [pid 2947] [client 10.200.249.67:40209] PHP Fatal error:  Uncaught mysqli_sql_exception: Table 'nedi.vendorinfo' doesn't exist in /var/nedi/html/inc/libdb-mysql.php:335\nStack trace:\n#0 /var/nedi/html/inc/libdb-mysql.php(335): mysqli_query()\n#1 /var/nedi/html/inc/libdev.php(1035): DbQuery()\n#2 /var/nedi/html/Devices-List.php(319): InvCheck()\n#3 {main}\n  thrown in /var/nedi/html/inc/libdb-mysql.php on line 335, referer: http://xxxx.xxxx.xxxx/Devices-List.php

Devices-Status.php breaks in line 525 + 1328
Apache error log shows:
[Fri May 03 13:21:32.987417 2024] [php:error] [pid 2959] [client 10.200.249.67:40803] PHP Fatal error:  Uncaught mysqli_sql_exception: Table 'nedi.vendorinfo' doesn't exist in /var/nedi/html/inc/libdb-mysql.php:335\nStack trace:\n#0 /var/nedi/html/inc/libdb-mysql.php(335): mysqli_query()\n#1 /var/nedi/html/inc/libdev.php(1035): DbQuery()\n#2 /var/nedi/html/Devices-Status.php(525): InvCheck()\n#3 {main}\n  thrown in /var/nedi/html/inc/libdb-mysql.php on line 335, referer: http://xxxx.xxxx.xxxx/Devices-Modules.php

[Fri May 03 12:23:38.586608 2024] [php:error] [pid 2950] [client 10.200.249.67:40212] PHP Fatal error:  Uncaught mysqli_sql_exception: Table 'nedi.vendorinfo' doesn't exist in /var/nedi/html/inc/libdb-mysql.php:335\nStack trace:\n#0 /var/nedi/html/inc/libdb-mysql.php(335): mysqli_query()\n#1 /var/nedi/html/inc/libdev.php(1035): DbQuery()\n#2 /var/nedi/html/Devices-Status.php(1328): InvCheck()\n#3 {main}\n  thrown in /var/nedi/html/inc/libdb-mysql.php on line 335, referer: http://xxxx.xxxx.xxxx/Devices-Modules.php

Commenting out all three lines allows the PHP pages to fully render, but obviously the device serial number is missing.

When looking at the "devices" table directly in the database, I cannot see any problem with the content.

Does anyone have a solution / fix for this?

Thanks, Gerhard
Pages: [1] 2 3 ... 10