Child pages
  • How opAddress discovers information

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Interface listing for each host

    • IP address
    • Subnet Mask
    • interface details such as type and speed
    • Subnet information which is inferred from the above - when/if the subnet is scanned this also generates an IP address for every possible IP in the subnet 
    • Device name
    • Location information
    • Gateways - if the device has two or more interfaces and has location information it is added as a gateway for it's subnets.
    • NOTES

...

for OAE \ NMIS imports (as of release 1.0.5)

      • The time and frequency of the import is controlled through cron (/etc/cron.d/opaddress) the default being at 01:11 and 01:21. 
      • OpenAudit must be Enterprise edition as we make use of the API feature for import
      • Gateways are only added if they have a location
      • NMIS import is only known to work with localhost not remote hosts (it may operate for opHA enabled servers but not currently tested ver1.0.5
    • NOTES for opAddress 2.0.0

      • Open-AudIT must have a query with the name opAddress in order for opAddress to import Open-AudIT information. This query will be built in to Open-AudIT as at the next release after May 2021. If you do not have this query, but do have opAddress 2.0.0 and want to import Open-AudIT data, please see opAddress 2.0 -> Open-AudIT 4.x Query for importing.


30 minute interval subnet_scan process

  • Every IP address in every known subnet is pinged

    • This is done in batches of 50 addresses to limit impact
    • The kick of the batch process is what creates "Addresses" in the address table if they do not already exist.
    • At the end of each scan batch the ARP tables of the gateways for that subnet are queried for MAC addresses and these MACs are created as endpoints
  • If a live IP is found 

    • The address "Operational Status" is changed to "reachable"

    • The address "Administrative Status" is changed - what it changes to is configurable in opCommon.nmis  / 'opaddress_default_address_state'.  I recommend changing this to "allocated" from the default undef/"unkonwn"

    • The address is associated with an endpoint / MAC address found from the ARP entry / endpoint table

  • At the end of the subnet_scan the DNS lookups are completed for the live IPs to attempt to find a name.  

  • NOTES

    :

    • The subnet will only be scanned if it's "admin status" is "allocated" or "unallocated" 
      • auto added subnets default to Allocated
      • manually added subnets default to unknown or rather the dropdown when adding subnets manually defaults to unknown.
      • If you do not want an automatically added subnet to be scanned then change the admin status to something such as delegated or unmanaged.
    • An IP address will NOT be pinged if the address has had it's "administrative status" changed to "unmanaged", "delegated" or "reserved"

...