Those Prying Probes...

If you're using or trying out our Discovery product, one thing you've almost certainly run into is the notion of a probe. Discovery comes with almost 100 different probes, and you can add your own as well. But what exactly is a probe?

A probe specifies a technology (SNMP, WMI, SSH, etc.) and a query. When a probe is actually run, each run specifies one or more devices. For example, Discovery includes a simple probe called "UNIX - Classify". This probe specifies SSH as the technology and "uname -a" as the query. When this probe is run, it takes a single IP address as the device to run it against. What actually happens when that probe runs is that the MID server will open an SSH session to the specified IP address, then run "uname -a" as a command with the SSH shell, and send the results from that command back to the Service-now instance. That's really all there is to it.

Some probe technologies require more elaborate query specification — WMI and SNMP are two good examples of this. Many simple probes specify the query in the ECC Queue name field; others use probe parameters. But in the end, those query specifications, simple or complex, all do the same thing: they just tell the probe exactly which information to go get.

Most probes query a single, specific IP address for information. A few probes (such as Ping) query ranges of IP addresses; these probes return a collection of results back to the Service-now instance, instead of just a single result.

Something important to keep in mind about probes is that they do not attempt to "understand" the results of the probe — they simply send them back to the Service-now instance. On the instance, sensors (a topic for another post) analyze and record the results of probes.

I encourage you to think about adding probes of your own for the special needs that your organization might have. Some of our customers have already done this. For example, one customer is probing workstations for the version of anti-virus patterns installed (by querying a particular registry key). Another customer is probing for the contents of a specific file on workstations (it contains provisioning information from when the workstation was built). Drop us a line if you've got a special information-gathering need, and we'll give you some hints on how to go about it...