SNMP Discovery Tools


Network Discovery

A SNMP Discovery Tools task aims to scan the network and reports devices found on the GLPI server so that they can be added to the known assets list. More information is available from SNMP-enabled devices using a network inventory task when it is part of the list of known assets.
This task uses the following protocols to scan IP networks:

• ICMP scan (if nmap)
• NetBIOS scan (if Net :: NBName is available and appropriate credits are provided)
• SNMP scan (if Net :: SNMP is available and appropriate credits provided)

Any device that responds to at least one of these protocols will be discovered with minimal information, such as the mac address and the host name. Furthermore, if the device responds to SNMP, the agent will try to identify it using a variety of methods. The primary method is to retrieve the value of the given SNMP variable (SNMPv2-MIB :: sysObjectID.0); this is a constructor-specific OID that defines a particular device model, and the agent is described in the agent database (comparison of sysobject.ids) in the agent database. 

If a match is found, the model, type, and manufacturer that allow a simple description of the information reported to the GLPI server is added. If no match is found, various heuristic scans are performed to identify the device with lower reliability. The discovered devices are then reported to the GLPI servers and the import rules are applied. Devices that do not comply with any import criteria will be retained from the list of ignored devices.

Preliminary Operation

The tasking tool must have a network discovery module installed. Most Linux distributions send broker modules in different packages to reduce dependency load. And the module itself has more than one additional software dependency, as previously mentioned. The task-performing means need control access to the target networks for the above-mentioned protocols as well as SNMP: The ability to send UDP packets to a device is not sufficient if it is configured to ignore them only withSNMP Discovery Tools.

For any other server-controlled task, the agent must use either a managed or semi-managed mode as described in the tool usage. If the task is triggered by the server, the agent must run in managed mode and the HTTP port must be accessible from the server.

Server Execution Module Activation

To assign a network discovery task to an agent, the network discovery module must first be enabled for this agent because it is not the default.

Multiple agents
  1. From the FusionInventory plug-in welcome screen, select General> General configuration menu.
  2. Select the Agents modules tab
You can then enable the module for any number of agents, and even configure it to be enabled by default, as shown in the following screenshot.

Single Agent

  1. From the FusionInventory plug-in welcome screen, select General> Agents management menu item
  2. Select a specific agent from the list
  3. Select the Agents modules tab
Then, you can enable the network discovery module for this agent, as shown in the following screenshot.

Target Networking

You now need to define an IP range element that corresponds to the network to be scanned:

From the FusionInventory plug-in welcome screen, select the Network> IP ranges menu item. Then, you can create a new item as shown in the following screenshot. If you want to associate SNMP credentials with this network, you must use the Associated SNMP authentication tab to explore SNMP devices during discovery. Warning: each associated credential means an additional authentication attempt and another network timeout if it is not successful. See Efficiency concerns for SNMP Discovery Tools details.

Download SNMP Discovery Tools

SNMP Discovery Tools
Free Driver

Create a Task

You must now define a task, including a network discovery type job:
1. On the FusionInventory plug-in welcome screen, select the Tasks> Task management menu item
2. Create and save a new task with an arbitrary name (for example, reconnaissance task) in the active state
3. Select the Job Configuration tab
4. Create and save a new job using a random name (for example, a discovery job) using network discovery as a module method
5. Configure this job and update the current configuration by assigning a target (previously created IP range item) and a player (selected agent)

Analysis of Results

Devices that meet import rules must be added immediately to the list of known assets. Others are kept in the list of ignored devices, where they can be reviewed manually and, if appropriate, imported:
From the FusionInventory plugin welcome screen, select the Rules> Ignored import device menu item.

CommandLline Execution

However, there is currently no way to inject the result in GLPI. To scan multiple addresses simultaneously, the tool can use multiple discovery threads. This allows multiple requests at the same time, but also increases resource utilization in the host. Also, if TLS is used in any way (including agent / server communication through HTTPS), increase the probability of multiplication because perl TLS bindings are not 100% thread safe. Unfortunately, at present there is no way to completely avoid using the thread, because the current application always uses a single control thread in addition to a configurable number of threads.

Troubleshooting

The delegate may be devoid of the Net Discovery module: run the fusioninventory-agent-list-tasks to check. There may be a server / broker communication problem: check that you can access the agent port (62354 by default) from the server host. The agent may be ignoring server requests because of a trust issue: Check the logs for the message [sun http server] invalid request (untrusted address) ler.

The task runs, but the broker logs indicate that SNMP is not used, the agent may lack the required Net :: SNMP perl module: run perl -MNet :: SNMP on the agent host to check, blocks are required. You may not have SNMP credentials associated with the scanned network, check your server-side IP range definition (Network> IP Ranges menu item).

The task is Running, but no Devices are Added to my Inventory

The reported items were not properly defined for import; check the list of ignored devices (Rules> Ignored device reception menu menu item) and list of import rules (Rules> Equipment retrieval and connection rules menu item) according to your current import rules server side wit SNMP Discovery Tools. The tool probably lacks the device SNMP identifier in the internal database. Use the fusioninventory-netdiscovery command that can be run with the debug option on the device;
  • The fusioninventory-netdiscovery - first 192.168.0.1 - Last 192.168.0.1 - Credentials version: 2c, community: public - debug 
  • [debug] sysobjectID .1.3.6.1.4.1.311.1.1.3.1.1 partial mapping in the database: unknown device ID

Tool Crashes

This is likely to be a TLS multi-threading issue. There are many ways to reduce the likelihood of such collapse:
  • Make sure that only one TLS perl stack is in the broker, preferably IO :: Socket :: SSL + Net :: SSLeay. IO :: Socket :: SSL + Net :: SSLeay - Net :: SSL + Crypt :: SSLeay also results in unexpected results even without thread usage
  • Use the latest IO :: Socket :: SSL versions even if you have not
  • Reduce the number of threads during network discovery tasks
However, the only solution currently available is to disable SSL completely by using plain HTTP for agent / server communication. If the agent is running on the server, this is usually not a problem in SNMP Discovery Tools.


Discussion: