Discovery - Using SNMP only behavior for network device ranges

Ravish Shetty
Tera Guru

hi all,

I am using SNMP only behaviour for the network device and the good thing is that I see fewer warnings (which reduces the noise) and the same number of devices discovered (compared to non behaviour discovery) for a given range which has network devices only (that's what I assume).

let me know if there is any issue with this or something that I need to be aware of.

 

find_real_file.png

6 REPLIES 6

VaranAwesomenow
Mega Sage

Nice approach, dont see any issue with it, but in order to make use of load balancing capability of the behavior, I would add more than one midserver in the behavior functionality.

 

FYI, it is also possible to have a single behavior with different behavior functionalities to handle windows and non windows devices, if the IP range is not specific to a device type.

https://docs.servicenow.com/bundle/london-it-operations-management/page/product/discovery/reference/...

Ryan Zulli
ServiceNow Employee
ServiceNow Employee

Hi Ravish,

  when you say "reduce noise" I believe you are referring to the SSH authentication errors when discovering network gear right?  This is due to two things...1) on most network gear the management port is 22, which triggers our SSH classification, and 2) how we Prioritize our classification ports. 

If you answered yes - read on, if not please let me know what you meant by "reduce noise" ::

If you go to Discovery Definition --> Port Probes and use the Gear to modify your list view to include a field called "Classification Priority"

here you'll notice that 1 = WMI / 2 = SSH / 3 = snmp, in this case our best practice is to switch 2 and 3, that way SNMP will trigger  first, and being UDP (stateless) it will not throw an error.

 

Let me know if this helps.

Thanks,

-Ryan

yes, I was referring to the SSH warnings. first, we tried with changing the classification priority but it still didn't work for us.

 

find_real_file.png

anusha_narapura
Tera Expert

Hi Ravish, The phase should be 1 instead of 100 to avoid Unix classify probe and have only SNMP Classify Probe. This is the only thing i see here. 

Regards,

Anusha