Node Discovery

Started by lindeamon, July 24, 2012, 10:03:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

lindeamon

July 24, 2012, 10:03:52 AM
hi victor,

something really strange is happening.
i have enabled snmp on a hyper-v server {this is the last change that i can remember enabling} and when i came this morning the server have discovered ip's that are not assigned to anything and are not even in the dhcp scope. my subnet consist of no vlans and i use 172.16.0.0 255.255.0.0 for all the ip address.
all the unassigned ip that the server discovered are presented as nodes in critical state

what seems to be the problem ?
Lindeamon

lindeamon

#1
July 24, 2012, 10:32:46 PM
hi victor,

is there any way to know where the server found those ip address from ?
this could be a feature request, display the source of the node/ip discovery.

Best Regards,
Lindeamon

Victor Kirhenshtein

#2
July 24, 2012, 11:16:11 PM
Hi!

Currently there are no way to find how particular IP address was discovered, except for looking at debug log, level 6 at least. I agree that discovery source information should be available. Added to my todo list. :)

Best regards,
Victor

lindeamon

#3
July 25, 2012, 10:06:57 AM
hi victor,

this is great.i am about to install the new version.
still, what causing the problem described in the 1st post ?

Best Regards,
Lindeamon

lindeamon

#4
July 25, 2012, 02:57:46 PM Last Edit: July 27, 2012, 10:04:18 PM by lindeamon
hi victor,

i have configured the server to run in debug 9 and could not find the source from which the server collect the nodes to insert.
i am attaching the log and screenshots so you could try and look for the reason.if i have a mistake in the network discovery configuration then just remember that i did not do any change in the discovery config and the server suddenly added the nodes.

Best Regards,
Lindeamon

lindeamon

#5
July 25, 2012, 04:38:21 PM
hi victor,

i have tried clearing all the config from the network discovery and let it run and the problem is still there.
btw i am using 1.2.2 but the problem occurred in 1.2.1 too.
i do not remember what i have changed or which snmp agent i have opened that caused this problem.

waiting for your help,
Lindeamon

Victor Kirhenshtein

#6
July 26, 2012, 11:09:29 PM
Hi!

From the logs looks like a lot of IP addresses coming from node ormanage.orion.local (172.16.0.7). Log is wrapped, so I don't see beginning of the poll, but there are a lot of IPs from 172.16.47.xxx for example, almost each IP address. All these addresses coming from ARP cache. Check what this node really reports as it's ARP cache. To prevent this from happening you can disable discovery polling for that problematic node.

Best regards,
Victor

lindeamon

#7
July 27, 2012, 10:08:38 PM
hi victor,

i have searched the file before posting it and i haven't saw this.
i will check the node's arp table.
i wonder what application could have done it
i have mcafee epo and windows deployment services and wsus.

thanks for the lead in the solution,
Best Regards,
Lindeamon
Print
Go Up Pages1
User actions