Recent Posts

31

Discovery / Re: No ARP table data collected from PaloAlto firewalls

« Last post by rickli on May 21, 2024, 10:30:09 am »

I noticed different behavior (like very long pauses) on some devices when NeDi connects with SSH. Strangely enough a user can connect manually without any issues...

32

Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1

« Last post by rickli on May 21, 2024, 10:20:21 am »

Have you tried CLI reset in Devices-Status by clicking on red icon next to CLI? Only then will NeDi retry CLI access. Also I don't think it's related to the update as there were no changes in 2.3...

33

Discovery / No ARP table data collected from PaloAlto firewalls

« Last post by ruehlb on May 20, 2024, 06:26:04 pm »

We have several PaloAlto firewalls that function as the default gateway for protected subnets. When setting up the .def file, I have selected PANOS for the Operating System and CLI for the ARP collection. It appears that it runs without any problem as I am getting this is the output:

Code: [Select]

CMDR:show arp all dns no result is OK
ARPC:0 ARP entries found
I have verified that I can run 'show arp all dns no' on the firewalls with the same account that Nedi is using. When running manually, I get a CLI output like this followed by all the entries:

Code: [Select]

user@pa-firewall> show arp all dns no

maximum of entries supported :      5000
default timeout:                    1800 seconds
total ARP entries in table :        178
total ARP entries shown :           178
I am failing to figure out why the table is not being collected. This is starting to become more critical as this prevents the "Nodes" section of Nedi from identifying where the device is connected. Any help with identifying an issue is appreciated.

34

Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1

« Last post by ggessler on May 17, 2024, 05:48:49 pm »

Dear Rickli,
thank you very much, this did the trick.

But now I run into another problem:
Nedi is no longer able to access the switches with SSH. No matter if I discover a new switch or want to backup the configuration of an existing switch, I always receive error message that usessh policy:

During a backup:
Config (CLI)   ----------------------------------------------------------------  Fri May 17 16:50:52 2024
CLI :ssh connection prohibited by usessh policy
EVNT:MOD=B/1 L=150 CL=cfge TGT=bghsw-700e-IT310-01 MSG=Config backup error: Connection prohibited by usessh policy

During discovery:
GG: usessh == never --
TEL :Connect NeDiService;1@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;2@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;3@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;4@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
TEL :Connect admin;5@10.202.22.20:23 Tout:10s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
EVNT:MOD=B/1 L=150 CL=cfge TGT=bghsw-700e-IT210-01 MSG=Config backup error: can't start session

My standard setting in nedi.conf was to have usessh commented out so that is tries first SSH then Telnet:
# Set ssh policy for CLI access:
# always        = only explicitly mapped ports will be used with telnet
# never         = never try ssh
# known         = only connects when hostkey is known (add with nedi.pl -k, keyscan or manually with ssh)
# commented     = try whatever will work
;usessh         always-known
;usessh         never

After upgrade to 2.3C it and the new host OS SUSE SLES seems it does not honor what usessh option I set. I started with the above commented out variant of usessh but also tried to set "usessh always". But nothing seem to work.
As perl installation on SLES 15 is a bit unclear, I tried already with different SLES package but also with SSH from CPAN.

Cheers, Gerhard

35

Installation / Re: Problems with NeDi 2.3C and PHP 8.0 / 8.1

« Last post by rickli on May 10, 2024, 09:56:17 am »

You seem to be missing the vendorinfo table, as it wasn't created when updating from previous versions. NeDi 2.4 will create it with the DB update. Alternatively, you can download the table at http://www.nedi.ch/services/customer-area/index.html and add it via System-Files -> Import Database.

36

Discovery / Re: snmpdev

« Last post by Westy_87 on May 10, 2024, 05:48:01 am »

Just want to say thanks. This has bugged me for ages. We have a lot of Polycom devices that were still being scheduled for discovery and showing up in logs as 'Device ID SEP........' so I had tried adding SEP to the nosnmpdev list but it did nothing.

Went and checked lldp descriptions and added those, which stopped some but not all. Then I realised some were doing cdp as well as lldp so I had to add the cdp 'Platform' description.

This is how it looks now

nosnmpdev   IP\s(Phone|Telephone)|Poly|Trio|Desk Pro|Kronos

37

Installation / Problems with NeDi 2.3C and PHP 8.0 / 8.1

« Last post by ggessler on May 03, 2024, 01:27:28 pm »

Dear all,

I have upgraded our NeDi 2.0 installation on CentOS to NeDi 2.3 on SLES 15 by upgrading 2.0 -> 2.1 -> 2.3 and have problems with all PHP pages which show e.g. device details (e.g. Devices-List.php or Devices-Status.php).
Both PHP pages are not fully loading, they are both stopping at the table cell which displays device serial number.

Devices-List.php breaks in line 319
Apache error log shows:
[Fri May 03 12:23:09.872768 2024] [php:error] [pid 2947] [client 10.200.249.67:40209] PHP Fatal error:  Uncaught mysqli_sql_exception: Table 'nedi.vendorinfo' doesn't exist in /var/nedi/html/inc/libdb-mysql.php:335\nStack trace:\n#0 /var/nedi/html/inc/libdb-mysql.php(335): mysqli_query()\n#1 /var/nedi/html/inc/libdev.php(1035): DbQuery()\n#2 /var/nedi/html/Devices-List.php(319): InvCheck()\n#3 {main}\n  thrown in /var/nedi/html/inc/libdb-mysql.php on line 335, referer: http://xxxx.xxxx.xxxx/Devices-List.php

Devices-Status.php breaks in line 525 + 1328
Apache error log shows:
[Fri May 03 13:21:32.987417 2024] [php:error] [pid 2959] [client 10.200.249.67:40803] PHP Fatal error:  Uncaught mysqli_sql_exception: Table 'nedi.vendorinfo' doesn't exist in /var/nedi/html/inc/libdb-mysql.php:335\nStack trace:\n#0 /var/nedi/html/inc/libdb-mysql.php(335): mysqli_query()\n#1 /var/nedi/html/inc/libdev.php(1035): DbQuery()\n#2 /var/nedi/html/Devices-Status.php(525): InvCheck()\n#3 {main}\n  thrown in /var/nedi/html/inc/libdb-mysql.php on line 335, referer: http://xxxx.xxxx.xxxx/Devices-Modules.php

[Fri May 03 12:23:38.586608 2024] [php:error] [pid 2950] [client 10.200.249.67:40212] PHP Fatal error:  Uncaught mysqli_sql_exception: Table 'nedi.vendorinfo' doesn't exist in /var/nedi/html/inc/libdb-mysql.php:335\nStack trace:\n#0 /var/nedi/html/inc/libdb-mysql.php(335): mysqli_query()\n#1 /var/nedi/html/inc/libdev.php(1035): DbQuery()\n#2 /var/nedi/html/Devices-Status.php(1328): InvCheck()\n#3 {main}\n  thrown in /var/nedi/html/inc/libdb-mysql.php on line 335, referer: http://xxxx.xxxx.xxxx/Devices-Modules.php

Commenting out all three lines allows the PHP pages to fully render, but obviously the device serial number is missing.

When looking at the "devices" table directly in the database, I cannot see any problem with the content.

Does anyone have a solution / fix for this?

Thanks, Gerhard

38

Discovery / Re: Permissions for discovery only

« Last post by rickli on April 23, 2024, 01:56:26 pm »

The user needs to be in the manager group by default. You can change that in nedi.conf like this:

module   System      NeDi         radr   net

39

Installation / Re: crontab not in correct location

« Last post by Westy_87 on April 02, 2024, 07:13:42 am »

Thanks.

When I make a change in the crontab section in the gui, it says

Write /var/nedi/inc/crontab (21 bytes) OK

then it says

Crontab Update Errors


I can see the file is being updated, but then the system command to update the actual cron isn't working I guess. Any idea how to troubleshoot that?

Edit:
I can see in /var/spool/cron/crontabs/ is a file www-data that contains the crontab entries from before the link was somehow broken.

permissions issue or anything?

nedi:~$ sudo ls -l /var/nedi/inc/crontab
-rw-r--r-- 1 www-data www-data 21 Apr  2 05:11 /var/nedi/inc/crontab
nedi:~$ sudo ls -l /var/spool/cron/crontabs/www-data
-rw------- 1 www-data crontab 1569 Jan 18 03:27 /var/spool/cron/crontabs/www-data

40

Discovery / Re: Permissions for discovery only

« Last post by Westy_87 on April 02, 2024, 05:43:59 am »

With my test user, I gave it the same privs as the site-techs: network and support.

When I try and go to Devices, Add with my test user I get the following:

Access Errors: You're not authorized for this!