Reply

How to alert on dangerous ports?

PSiemsen
Techie
Posts: 6
2806     0

I just enabled port scanning in my new NetMRI box.  Things look good.  Now I want to cause an issue to be raised for devices that have open ports that I don't like.  I'm sure it's possible, I just need a hint about what to do next.

 

 

Oh that would be great. It

JCook
Techie
Posts: 19
2807     0
Oh that would be great. It would be awesome if that could be targeted by group. For example port 80 on a web server no big deal, but on a PC, something is wrong. I don't know of a way to do this. The only thing I can think of is a custom Perl script that runs daily to look for this on all the devices and creates an issue if needed.

Yes, you would need a custom

Adviser
Posts: 353
2807     0

Yes, you would need a custom Perl script for this:

1. Create a custom issue in Config Mgmt > Job Mgmt > Custom Issues

2. Use a Perl script to query the device service ports API (see /api/2.8/device_ports/docs on your NetMRI); you can query that by device group and port number. 

3. Raise the issue on all such devices (see /api/2.8/issue_adhocs/docs, particularly the generate_issue method).

The job engine requires that you run against a device, which is not exactly what you are trying to do here. So, you can do one of these workarounds:

1. You can run the script as an external Perl script (not using the job engine). This could be on any Perl environment, as long as you install the Perl modules. Or you could put the script on the sandbox and create a cron job, if you don't have another environment. The caveat here is you will not see the job in your Job History or anywhere in your UI for that matter. If you do this, you would omit the BatchID parameter in the generate_issue call.

2. You can run the script against each device in question. Then, you can use NetMRI_Easy to raise the issue, and in your query of device_ports you would just use the DeviceID of the specific job detail instance (ie, the one in NetMRI_Easy). This would allow you to see the job results per device in the UI. But since you would be running a separate process for each device, it puts more demand on the system.

3. You can run the script against a single (arbitrary) device, but still do the query and issue raising as in #1. This allows you to see the results in the UI, but will just run a single process. But it's a little awkward and not as easily understood by others (why is this job running against this device an not even talking to it?).

John

 

 

Would there be a license

JCook
Techie
Posts: 19
2807     0
Would there be a license issue for option 2. Running this on all devices when only the network devices are licensed.

Good question. We used to

Adviser
Posts: 353
2807     0

Good question. We used to only allow running jobs against devices that are licensed. I think you can run them against any device now; but you won't be able to interact with the device unless it is licensed. But you'll have to give it a try to be sure.

Hmm. Actually, I am not sure

Adviser
Posts: 353
2807     0

Hmm. Actually, I am not sure you can raise an issue against unlicensed devices. So, you may have to just email rather than use the issue functionality. Or license all the devices Smiley Happy

I do know that NetMRI does

JCook
Techie
Posts: 19
2807     0

I do know that NetMRI does create issues for unlicneded devices.  I find issues for new found non network devices, but I don't know if htat is somehting we can trigger or only the core of hte system can.  

I think that "new non-network

Adviser
Posts: 353
2807     0

I think that "new non-network device found" may be the one exception to the rule of no analysis on unlicensed devices.

Showing results for 
Search instead for 
Do you mean 

Recommended for You