12-02-2016 10:24 AM
It seems we have an issue with seeing the correct user under Network Analysis>Changes when the device in question is a virtual context. It displays "enable_15". For example a Cisco 6800 in VSS, or ASA 5585 with virtual contexts. Shouldn't it actually show the user that logged in and made the change? It shows the correct user for non virtual devices.
Solved! Go to Solution.
12-02-2016 10:32 AM
12-02-2016 11:35 AM
I think it’s best you open a support case. You can add syslog message formats via a Device Support Bundle yourself, too, if necessary.
12-02-2016 12:00 PM - edited 12-02-2016 12:01 PM
Yes, I believe there is an active case open on this but not much progress. I'm sort of taking the reins on this from someone else.
How does the device support bundles work? I'm new to Infoblox.
12-02-2016 12:21 PM - edited 12-02-2016 12:24 PM
I just looked at a test change I made on a 6800 VSS and it actually listed the user as "N/A" not enable_15. However, still not my username. I also did a packet capture and verified that the syslog messages were indeed sent with my correct username.
12-02-2016 12:46 PM - edited 12-09-2016 06:56 AM
N/A means it wasn’t able to get it out of the syslog message. More typically that is seen when the syslog has not been configured to be sent to the NetMRI at all, or is blocked by a firewall (it’s UDP so you won’t get an error usually). You can check if NetMRI got the syslog by looking at the ”Change Method” - it should list Syslog in there (there may also be other methods listed). You can also click on the gear and choose View Change Details - it will show you the actual syslog message if there is one.
If you know syslog is getting to the NetMRI, then it’s likely a syslog message format issue. You can see the list of defined syslog formats here:
(Note: this is NOT an officially support API!)
The logic is that first syslogs are filtered by a simple string match on the MessageFilterString. Any non-matching syslog are ignored. Any matching syslogs are then parsed according to the MessageParsePattern. Only rows for the matching vendor for the specified device (determined by the source IP of the syslog) will be tried, and they will be tried based on the MessageParseOrder with the first match winning.
I myself haven’t spent much time doing DSBs, but there is a way to add entries to this list via a DSB. You’ll have to check the docs to figure out how to do that (unless someone else on here knows and replies…)
12-09-2016 05:21 AM - edited 12-09-2016 05:22 AM
Yeah, I tried that but it's returning a 404. I've tried both Name and IP. I've got a call with Infoblox today so hopefully that will clear some of this up. Thanks for your help.
12-09-2016 06:52 AM
You're sure it wasn't a 401? You need to be authenticated - so you login to NetMRI then just change the URL in the browser. Still, a support case is probably best here.
12-09-2016 06:55 AM
Oh, wait, I see the problem, it should be:
I used angle brackets around the hostname and the forum stripped them out as bad HTML...
I will update the answer above too.