GuidesREST APISlack CommunitySupport PortalOpsview 6.8+ Documentation
Hey! These docs are for version 6.4, which is no longer officially supported. Click here for the latest version, 6.7!

Troubleshooting NetAudit

Suggest Edits

Troubleshooting

Log Files

If you are encountering any issues with NetAudit, please view system logs in /var/log/opsview/opsview.log.

I've added a new host, but there isn't an SVN entry created

When a 'Apply Changes' occurs, Opsview Monitor will generate a list of all the hosts that have RANCID enabled. However, if the websvn repository doesn't show the host, check whether 'opsview-netaudit' service is running or not with opsview-monit:

# /opt/opsview/watchdog/bin/opsview-monit -B summary | grep netaudit
 opsview-netaudit                 Running                     Process

Host appears in WebSVN, but it is empty

The flow of data for NetAudit is:

  • rancid collection is invoked on NetAudit Collector every 4 hours via a cron job

  • a message with configuration data is sent to NetAudit master where opsview-netaudit service runs

  • opsview-netaudit will process message and run an "svn commit" to commit the changes to svn

If your host file is listed in WebSVN (NetAudit page) under 'rancid' repository but it is empty, it might be because the NetAudit Collector hasn't run yet since it runs every 4 hours. You can run NetAudit Collector manually by connecting NetAudit Collector and run the following command as 'opsview' user:

[opsview]% /opt/opsview/netauditcollector/bin/run_rancid_collect
Starting at Thu Nov  8 12:07:14 UTC 2018
Created lockfile /opt/opsview/netauditcollector/var/collect/lock/run_rancid_collect.lock
NetAudit Collection Done. Number of collections: 1 Number of publishes: 1
Finished at Thu Nov  8 12:07:31 UTC 2018

Where are the rancid configuration files?

/opt/opsview/netauditcollector/var/

routers.conf is the main configuration file for collections.

/opt/opsview/netaudit/var/

definition.xml is the configuration file for NetAudit hosts being monitored and the notification emails.

Has the router configuration reached SVN?

Look in /opt/opsview/netaudit/var/svn/ on NetAudit master. If the file here contains information, then this is what should be in subversion. You can run an "svn status" to check compared with the subversion repository.

SVN shows the file, but WebSVN shows a blank file

This could be due to enscript. In /opt/opsview/repository/include/config.php, make sure the following line is uncommented (e.g. doesn't have # at the beginning):

$config->useEnscript(); If websvn now shows the router configuration, then there is probably an issue with enscript software.

Where are the latest files?

On the NetAudit master, in /opt/opsview/netaudit/var/svn/ will be all the latest versions of the RANCID router output files.

Troubleshooting NetAudit tab test connection

This simulates running the code to test the NetAudit connection with credentials:

su - opsview
cd /opt/opsview/netauditcollector/bin
./run_check_rancid_connection -t cisco -H <host_ip> -u <username> -p "<password>" -c telnet

Change 'cisco' with your vendor type, and 'telnet' with your connection method. You can add "-A" option at the end if you are using RANCID "autoenable" feature.

NetAudit is installed but NetAudit page and menus are not visible in Opsview Web UI

NetAudit postinstall script might not have been run properly. You can run it manually as below as root user:

[root]% /opt/opsview/netaudit/installer/postinstall_root

Error: no matching cypher type found

When testing a connection you may see this error:

spawn ssh -c 3des -x -L <username> <ipaddress> Unable to negotiate with <ip> port 22: no matching cypher found.

This means the SSH protocol is unable to agree on a common cypher between the Collector and the network device (in this case 3des is not available on the device). To amend the cypher used you can edit /opt/opsview/netaudit/var/cloginrc_local on the Orchestrator with a line such as 

add cyphertype <hostname_in_opsview> <cypher>

where <hostname_in_opsview> is the configured hostname (as seen in the error) and <cypher> is an available option on the network device. You can list available cypher on the Collector by running ssh -Q cipher to pick one that both sides can use.

This change is distributed to all Collectors when an Apply Changes is performed in the UI.

Updated almost 3 years ago