How to validate if the Ip address is included in a discovery schedule?

kalyani8 · ‎02-24-2022

Hello All,

We have set up around 100 discovery schedules. While validating inventory with CMDB, we found some ci's are not in CMDB. How can we check if an IP is included in a discovery schedule?

Please assist.

Thanks,

Kalyani

Thomas Vorster · ‎02-24-2022

Hi there

You will need to check if the IP address or Subnet Range has been included in your range sets.

If not you will need to add it

Regards

Thomas

Phil Scherry · ‎02-24-2022

Thomas is correct. Look on the discovery_range_item table.

Also, you need to check if the IP is excluded (discovery_range_item_exclude table).

tim_broberg · ‎02-24-2022

1 - Looking at ranges discovered

Go to the status record for your discovery and look at the ecc_queue related list, and then pick a Shazzam probe off the list.

You should find a parameter in the payload, full_range, which describes what IPs are being scanned.

2 - Looking at port scan results

You can also search the ecc_queue records for

- topic = shazzam
- queue = input
- payload contains <your IP address>

If you get a hit, look in the payload of that record to see what Shazzam found when it scanned your IP to get an idea why it didn't discover.

3 - Looking for classification / identification

You can also search the ecc_queue related list for probes on that IP.

Search for source = <your IP>

If you see no probes, it didn't port-scan. You may find details in the relevant shazzam response. (See #2 above)
If you see classify only, it didn't authenticate. Look at the ecc_queue input of the classify probe to see debug info on the auth failure.
If you see classify and identify, but no exploration, the identifier engine thinks this is a duplicate of another IP through which the device was discovered. (Try looking at the Discovery Device History related list.)

- Tim.