To run a network
scan you must first configure a scan. To do this, click on the ‘Network
Scan’ button which will load a modal window, as per the screen shown below:
The modal window is
split into two sections or drawers; “Basic” and “Detection Mapping”, with all mandatory
fields denoted with a red star, such as the ‘Job Title’ and ‘Run On’ fields.
In the Basic drawer, the following fields are
Job Title: A name for the network scan. This is displayed within the Scan
Run On: This is a drop-down of all available monitoring servers within
the Opsview Monitor system. This allows you to run an auto-discovery scan from
a slave server that may have access to different networks.
Network Addresses: Enter the network addresses that are to be
scanned. Ranges can be added in either CIDR notation (i.e. /24),
or via a range (192.168.2.0 – 192.168.2.20).
Default Host Icon: The Host icon to apply to all discovered Hosts (can be amended later). By default, this is set to ‘SYMBOL – Server’.
Default Host Group: The initial Host Group used for all
discovered Hosts (can be amended later).
Default Template: The Host template to apply to all
discovered Hosts (can be amended later). By default, this is set to ‘Network –
Primary Address Based On (IP Address/DNS Name):
Within the scan results, if
the primary address is based on IP then the IP will be used as the ‘Primary Hostname/IP’.
Otherwise, the ‘Primary Hostname/IP’ will be the DNS name.
Strip Base Domains for Host Title: If ‘DNS name’ is used in ‘Primary Address
Based On’, then the list of base domains entered will be removed from any DNS
name found. This will convert ‘cisco2611.opsview.com’ to ‘cisco2611’ if we
enter ‘opsview.com’ here.
In the Detection Mapping section, there are five
Detect network services: If this option is checked, then the following
services will be automatically detected: FTP (TCP port 21), SSH (TCP port 22),
SMTP (TCP port 25), DNS (TCP port 53), HTTP (TCP port 80), Kerberos (TCP port
88), POP3 (TCP port 110), NNTP (TCP port 119), NTP (TCP port 123), IMAP (TCP
port 143), LDAP (TCP port 389), HTTPS (TCP port 443) and RDP (TCP port 3389).
These ports are non-editable, and are used purely to provide an insight into
the Hosts, so that you can choose to add the relevant Host templates to the Hosts
once the scan has completed.
Detect SNMP agents: If this option is checked, then the Auto
Discovery scanner will attempt to authenticate and communicate with each Host
via SNMP, using the credentials specified. If the Auto Discovery scanner is
successful in authenticating and communicating, it will apply the specified Host
template, which is ‘SNMP – MIB-II’ by default.
Detect Host agents: If this option is checked, then the Auto
Discovery scanner will check each discovered Host to see if it is running
either an Opsview Agent or a version of NRPE/NSClient. If the Auto Discovery scanner
detects an Opsview Agent on Windows, for example, it will apply the ‘OS –
Windows Base’ template by default.
Detect WMI Hosts (Agentless Windows): If this option is checked the Auto
Discovery scanner will check if the Host is running WMI and that it can
authenticate using the credentials provided. If the Auto Discovery scanner is
successful in authenticating against the detected Host it will apply the specified Host template; ‘OS – Windows Server
2008 WMI – Base’ by default.
Detect VMware Hosts: If this option is checked the Auto
Discovery scanner will check if the Host discovered is a VMware Host. If it is,
it will assign the specified Host template; ‘OS – VMware vSphere – Host’. To run a ‘VMware scan’, a VMware Host must be added to Opsview Monitor
first as this is the Host that will be scanned for VMware guests.
Once the options have
been configured within the scan, click on ‘Save’ which will close the
modal window and return you back to the Scan Management page. You will now be able to view your newly-created scan as below:
Note: The scan will attempt to contact each IP by using check_icmp. If
a Host responds to ICMP, then detection of services and agents will be attempted.
If no response by ICMP, the IP is considered to be not available.
Here the new ‘Test
Scan’ can be viewed, in the status of ‘CONFIGURED’, which means it has been
created but not yet executed (i.e. ‘run’). At this stage, the following options
are available at the far right of the scan’s row:
Options available when scan is
‘CONFIGURED’: Start, Edit, Clone and Delete.
To start the scan, click on the green ‘Play’ button. This will change the scan status from
‘CONFIGURED’ to ‘PENDING’, and then to ‘RUNNING’ as it progresses:
At this stage of the
scan the only options
available at the far right of the scans row are:
Options available when scan is
‘CONFIGURED’: Cancel, View Log and Clone.
If the scan is
running against a large number of Hosts or detecting agents/SNMP/etc for each Host,
it is prudent to ‘View Log’ to see what is actually happening. To view the log, click on the ‘View Log’ icon in the scan’s row or right click on the
scan’ and click ‘View Log’. This will load a modal window, as below:
Here the output highlights what has been detected during
the course of the scan.
Once the scan has finished the status will change to ‘COMPLETED’:
At this stage the
following options are available at the far right of the scans row:
Options available when scan is
‘COMPLETED’: View Log, Open Results, Clone and Delete.
To view the Hosts
detected via the Auto Discovery scan, click on ‘Open Results’ which will
load the results of the scan into a new tab. These tabs are commonly referred
to as a ‘Sandbox’:
Results window displaying the Hosts
discovered during the ‘Test Scan’
As can be seen above,
the Auto Discovery scan ‘Test Scan’ has detected and profiled 21 Hosts on the
given network range. For eight of those Hosts, it was able to authenticate via SNMP
and has applied the ‘SNMP – MIB-II’ Host template. By default, the columns above are shown,
however extra columns are available by clicking on the column headers
Toolbar within the Scan results
Within the sandbox /
results window, there are three options available from the toolbar at the top
of the screen:
into Opsview allows you to select one or more Hosts by checking the
checkbox next to the Host and clicking the ‘import into Opsview’ button. This
converts the discovered Hosts into ‘real’ Hosts that appear within ‘Settings
> Hosts Settings’ in the main Opsview Monitor software.
/ Bulk Update provides you with the ability to change one or more fields for a Host/group
of Hosts before performing an Import into Opsview Monitor. The options available are:
Update Parents: Add a parent to the Hosts selected or replace
the parents on the Hosts selected with a new option.
Update Host Group: Change the Host Group that the Host belongs
Update Host Icon: Change the icon that the Host will display.
Update Host Templates: Add a Host template to the selected Hosts, or
choose to replace all Host templates currently on the selected Hosts with one
or more new Host templates which are multi-selectable via the drop-down menu.
Delete / Bulk Delete will delete the Hosts that have had their checkboxes checked. On press of the ‘Delete’/’Bulk Delete’ button, a message box will
appear asking for confirmation of the delete action:
Bulk delete / Delete message box
Once a Host / series
of Hosts have been imported into Opsview an icon will appear next to the them
in the column next to the checkboxes. This column is sortable and contains a
hyperlink through to the Host within the ‘Settings > Host Settings’ view:
2 imported Hosts, with hyperlink going to
‘Settings > Host Settings > switch3.opsera.com’
Hyperlink clicked, the imported Host
is now editable within the Settings section
Note: There is a maximum of 100,000 IP’s that can be
scanned in a single Auto Discovery scan.
Hosts within the scan
result ‘sandbox’ can also be right-clicked, which loads a contextual menu as
Contextual menu of a discovered Host
From this contextual menu, you
can choose to ‘Import’, ‘Update’ or ‘Delete’ on a Host by Host basis. You can
also choose to add individual Hosts to the Exclusion List which was discussed
earlier in Section 18.104.22.168, ‘Configuring Auto Discovery’.