Date: Fri, 29 Mar 2024 07:18:33 +0000 (UTC) Message-ID: <1554123079.4039.1711696713603@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4038_616903664.1711696713603" ------=_Part_4038_616903664.1711696713603 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Please note that as at Open-AudIT 4.2.0, this page is no longer = relevant. Please see the Integrations<= /a> page.
So you want to integrate the devices discovered in Open-AudIT with NMIS = for network monitoring. But you don't want every device, and you don't want= to have to manually flag devices for monitoring - you know you want every Juniper switch in Open-AudIT being monitored by NMIS. How = can we do that without the painful effort of flagging individual devices wi= th nmis_manage =3D y (even using Bulk Edit)?
As an aside, we could make a rule that states "if manufacturer = LIKE Juniper, then set nmis_manage =3D y' and then use the default NMIS Int= egration query to solve it.
But what if we want to go one step further? What if we want Accedian rou= ters managed by NMIS Poller A and Juniper switches monitored by NMIS P= oller B? And because Poller A & B are just NMIS Pollers with no Open-Au= dIT installed, what gives?
Well, I'm glad you asked, read on
Integrations work by selecting a list of devices to be integrated. That = list of devices is provided by a Query inside Open-AudIT. Our default query= simply retrieves any devices with nmis_manage =3D y. But what if we create= a new query to select any devices manufactured by Accedian? Well, go to me= nu =E2=86=92 Queries =E2=86=92 List Queries and select the query named "Int= egration Default for NMIS". You will see the SQL used. It is below.
SELECT system.id A= S `system.id`, system.name AS `system.name`, system.hostname AS `system.hos= tname`, system.dns_hostname AS `system.dns_hostname`, system.fqdn AS `syste= m.fqdn`, system.dns_fqdn AS `system.dns_fqdn`, system.ip AS `system.ip`, sy= stem.type AS `system.type`, system.credentials AS `system.credentials`, sys= tem.nmis_group AS `system.nmis_group`, system.nmis_name AS `system.nmis_nam= e`, system.nmis_role AS `system.nmis_role`, system.nmis_manage AS `system.n= mis_manage`, system.nmis_business_service AS `system.nmis_business_service`= , system.nmis_customer AS `system.nmis_customer`, system.nmis_poller AS `sy= stem.nmis_poller`, system.snmp_version AS `system.snmp_version`, system.omk= _uuid AS `system.omk_uuid`, locations.name AS `locations.name`, IF(system.s= nmp_version !=3D '', 'true', 'false') AS `system.collect_snmp`, IF(system.o= s_group LIKE '%windows%', 'true', 'false') AS `system.collect_wmi` FROM `sy= stem` LEFT JOIN `locations` ON system.location_id =3D locations.id WHERE @f= ilter AND system.nmis_manage =3D 'y'
It's a simple matter of replacing the AND system.nmis_manage =3D 'y' wit= h another condition. Our new query to select devices made by Accedian is be= low.
SELECT system.id A= S `system.id`, system.name AS `system.name`, system.hostname AS `system.hos= tname`, system.dns_hostname AS `system.dns_hostname`, system.fqdn AS `syste= m.fqdn`, system.dns_fqdn AS `system.dns_fqdn`, system.ip AS `system.ip`, sy= stem.type AS `system.type`, system.credentials AS `system.credentials`, sys= tem.nmis_group AS `system.nmis_group`, system.nmis_name AS `system.nmis_nam= e`, system.nmis_role AS `system.nmis_role`, system.nmis_manage AS `system.n= mis_manage`, system.nmis_business_service AS `system.nmis_business_service`= , system.nmis_customer AS `system.nmis_customer`, system.nmis_poller AS `sy= stem.nmis_poller`, system.snmp_version AS `system.snmp_version`, system.omk= _uuid AS `system.omk_uuid`, locations.name AS `locations.name`, IF(system.s= nmp_version !=3D '', 'true', 'false') AS `system.collect_snmp`, IF(system.o= s_group LIKE '%windows%', 'true', 'false') AS `system.collect_wmi` FROM `sy= stem` LEFT JOIN `locations` ON system.location_id =3D locations.id WHERE @f= ilter AND system.manufacturer LIKE 'Accedian%'
So make a new query by menu =E2=86=92 Manage =E2=86=92 Queries =E2=86=92= Create Queries and name it Integration for Accedian Devices. Paste in the SQL above and we're done.
If you want another integration for Juniper devices, repeat the above, o= bviously substituting Juniper for Accedian.
Now that we have our queries defined, it might be wise to test them. Jus= t go to menu =E2=86=92 Manage =E2=86=92 Queries =E2=86=92 List Queries and = Execute both of them, just to confirm the results are as expected.
Done? Great. Now make a note of the ID of each of these queries. You can= see the ID on the queries read page (or in the URL when you execute the qu= ery).
Now we need to go to the Pollers (assuming they're not on the same machi= ne), and setup the individual integrations. They will work exactly the same= , the only exception being the queries each runs (using the query IDs from = above).
The details on how to do that are explained on the wiki page OpenAudIT-NMIS Integrati= on, but I'll run you through it here using our example queries.
An integration run has the following steps:
The following is a sample configuration file for the integration. The co= nfiguration is written in the .nmis format commo= n to other Opmantek products and is placed in, /usr/local/omk/conf/= nmisIntegration.nmis
Details of the below fields can be found on the page linked above. Obvio= usly you will need to use your own host, password and user values. You'll n= eed to use one of the query IDs from your newly created queries, above (rep= lace 36 with it).
%hash =3D ( 'integration_rules_path' = =3D> 'conf/integration_rules.nmis', 'log_path' =3D> 'log/nmisintegration.log', 'node_admin_path' =3D> '/usr/local/nmis9/admin/node_admin.pl', 'node_file_path' =3D> '/usr/local/nmis9/conf/Nodes.nmis', 'open_audit_details' =3D> { 'host' =3D> 'http://YOUR_SERVER', 'log_path' =3D> 'log/openauditapi.log', 'password' =3D> 'YOUR_OA_PASSWORD', 'user' =3D> 'YOUR_OA_USER' }, 'open_audit_lookup_path' =3D> 'conf/oa_nmis_lookup.nmis', 'open_audit_query_ids' =3D> [36] ); |
The default integration rules can be left as is, and are below. These sh= ould be placed in the file /usr/local/omk/conf/int= egration_rules.nmis.
%hash =3D ( 'nmis' =3D> { 'create' =3D> { 'active' =3D> ['true'], 'authkey' =3D> [], 'authpassword' =3D> ['$DEVICE.credentials.snmp_v3.authentication_p= assphrase'], 'authprotocol' =3D> ['$DEVICE.credentials.snmp_v3.authentication_p= rotocol'], 'businessService' =3D> ['$DEVICE.system.nmis_business_service'], 'collect' =3D> ['$DEVICE.system.collect'], 'collect_snmp' =3D> ['$DEVICE.system.collect_snmp'], 'collect_wmi' =3D> ['$DEVICE.system.collect_wmi'], 'community' =3D> ['$DEVICE.credentials.snmp.community'], 'customer' =3D> ['$DEVICE.system.nmis_customer'], 'display_name' =3D> ['$DEVICE.system.name'], 'group' =3D> ['$DEVICE.system.nmis_group','Open-AudIT'], 'host' =3D> ['$DEVICE.system.ip','$DEVICE.system.dns_fqdn'], 'location' =3D> ['$DEVICE.locations.name'], 'model' =3D> ['automatic'], 'name' =3D> ['$DEVICE.system.name'], 'netType' =3D> ['wan'], 'notes' =3D> [], 'ping' =3D> ['true'], 'port' =3D> [161], 'privkey' =3D> [], 'privpassword' =3D> ['$DEVICE.credentials.snmp_v3.privacy_passphra= se'], 'privprotocol' =3D> ['$DEVICE.credentials.snmp_v3.privacy_protocol= '], 'roleType' =3D> ['$DEVICE.system.nmis_role','core'], 'threshold' =3D> [], 'username' =3D> ['$DEVICE.credentials.snmp_v3.security_name'], 'uuid' =3D> ['$DEVICE.system.omk_uuid'], 'version' =3D> ['$DEVICE.system.snmp_version'], 'wmipassword' =3D> ['$DEVICE.credentials.windows.password'], 'wmiusername' =3D> ['$DEVICE.credentials.windows.username'] }, 'update' =3D> { 'active' =3D> ['true'], 'authpassword' =3D> ['$DEVICE.credentials.snmp_v3.authentication_p= assphrase'], 'authprotocol' =3D> ['$DEVICE.credentials.snmp_v3.authentication_p= rotocol'], 'businessService' =3D> ['$DEVICE.system.nmis_business_service'], 'collect' =3D> ['$DEVICE.system.collect'], 'collect_snmp' =3D> ['$DEVICE.system.collect_snmp'], 'collect_wmi' =3D> ['$DEVICE.system.collect_wmi'], 'community' =3D> ['$DEVICE.credentials.snmp.community'], 'customer' =3D> ['$DEVICE.system.nmis_customer'], 'display_name' =3D> ['$DEVICE.system.name'], 'group' =3D> ['$DEVICE.system.nmis_group','Open-AudIT'], 'host' =3D> ['$DEVICE.system.ip','$DEVICE.system.dns_fqdn'], 'location' =3D> ['$DEVICE.locations.name'], 'model' =3D> ['automatic'], 'name' =3D> ['$DEVICE.system.name'], 'netType' =3D> ['wan'], 'ping' =3D> ['true'], 'port' =3D> [161], 'privpassword' =3D> ['$DEVICE.credentials.snmp_v3.privacy_passphra= se'], 'privprotocol' =3D> ['$DEVICE.credentials.snmp_v3.privacy_protocol= '], 'roleType' =3D> ['$DEVICE.system.nmis_role','core'], 'username' =3D> ['$DEVICE.credentials.snmp_v3.security_name'], 'version' =3D> ['$DEVICE.system.snmp_version'], 'wmipassword' =3D> ['$DEVICE.credentials.windows.password'], 'wmiusername' =3D> ['$DEVICE.credentials.windows.username'] } } ); |
You will need a blank file credted in /usr/local/omk/conf/oa_nmis_lookup= .json
To run the integration, simply invoke the executable and pass it a confi= guration file as described in the previous section. You can also invoke the= tool by itself, which will look for a configuration file at /= usr/local/omk/conf/nmisIntegration.nmis by defaul= t.
While most of the integration is driven by the options set in the config= uration file, additional options can be passed at runtime. These options ca= n be seen in the usage instructions for the integration script.
|
And that's it!
No, not really - one more step. You'll need to create a cron job for the= se to run on your poller(s) at the time of your choosing.
To enable the integration to run daily at 11:05am, place the following i= n a suitable cron job file.
5 11 * * * /usr/local/omk/bin/oa-nmis-integration.exe conf= =3D/usr/local/omk/conf/my_custom_config.nmis
NOW you're done
If you have any questions relating to this, Opmantek are only too happy = to assist.
Mark Unwin.