Struggling with network SNMP discovery - ID on class/serial number

cyked · ‎04-21-2016

We are starting to get more traction from the infrastructure teams in managing their inventory solely in CMDB and define/follow an inventory process. On the network side I've had to create some SNMP classifiers and OID entries to properly classify models on discovery. The issue I'm having is when serial number becomes available during discovery. I'm able to skate by in a sense, adding and OID for classification when needed, but not familiar enough with SNMP from a discovery standpoint to ensure Serial Number is returned from a device to be used during identification. In some cases i've resorted to writing a probe and sensor to populate SN on a CI, but this happens after identification.

This means identification happens on CI name and Class Name because serial number is not yet "known". This is a problem because normally the asset process works by having a CI created on the target table (network gear, IP router, etc) when an asset is received and loaded where we know class, model, and serial number (so the name of the CI is populated as the model ID). When discovery occurs a match on the table can be found by class and serial number.

What am I missing? Thanks!

cyked · ‎04-22-2016

The OIDs from the device (looking at XML payload after an unsuccessfuly classification discovery) and the one provided by the MIB and the network team I've added to the SNMP classifiers for switch and router and disabled the stand alone one I created.

1.3.6.1.4.1.14823.1.1.32 and 1.3.6.1.4.1.14823.2.2.1.1.1.2. I think its the second one that is working on the router classifier, but need to test some more and remove unneeded entries.

I updated the script for SnmpIdentityInfoParser as well and it works given serial is populated. otherwise it will populate serial and will match and ID on subsequent discoveries.

this.addSerial('aruba',snmp.getOIDText('iso.org.dod.internet.private.enterprises.unk_14823.unk_2.unk_2.unk_1.unk_1.unk_1.unk_12'));

Thanks!!

View solution in original post

ggarcia1 · ‎02-12-2019

hello

i'm trying to get serial number to return for BlueCoats

I've updated SNMP - Identify Info probe with a walk

iso.org.dod.internet.private.enterprises.blueCoat.blueCoatMgmt.bluecoatSGProxyMIB.sgProxyConfig.sgProxySerialNumber

I've updated SnmpIdentityInfoParser with

// GGarcia 2-12-19 check for BlueCoat Serial Number...
this.addSerial('blueCoatProxy', snmp.getOIDText('iso.org.dod.internet.private.enterprises.blueCoat.blueCoatMgmt.bluecoatSGProxyMIB.sgProxyConfig.sgProxySerialNumber'));

I've validated via snmpget that this value is populated on my test bluecoat device.

First, I cannot see how to validate that the probe is even asking the new question with the walk.

Second, every discovery I've run on this device returns a "skipped identifier" for the serial number check.

Any suggestions or missing elements?

cyked · ‎02-12-2019

Here's the steps.

Create a probe with:
1. probe type = SNMP Probe
2. stage = Explore
3. topic = SNMP
4. ecc queue = SNMP - Bluecoat or something similar
5. in the SNMP fields related list, enter the OIDs you want to walk (e.g. the one to return the serial numbers from classified Bluecoat devices)
6. add a multisensor script like below, as an example this is the code to get the SN back from a fireeye appliance
```
function(result, ciData, debug, sensor) {
	var Serial = 'iso.org.dod.internet.private.enterprises.fireeye.feCommon.feSystem.feSystemInfo.feSerialNumber';
	var idutil = new IDSensorUtil();
	var serialNumber = idutil.calculateSnmpSerialNumber(result, Serial, null, 'SNMP - fireeye');
	idutil.addToSerialNumberTable(serialNumber, ciData);
}
```
Create a new multiprobe
1. Name = whatever you want
2. probe type = multiProbe
3. ecc queue topic = multiprobe
4. ecc queue name = SNMP - Bluecoat or something similar
5. in the includes probes related list ad your probe above + SNMP - Identity Info
6. add a sensor with script = new DiscoveryIDSensor({});

these probes/scripts should be what you need to pass the SN from the SNMP probe to the out of the box identity engine so match will happen on serial number instead something else.

Note, in the probe sensor code I pasted above result, Serial, null, 'SNMP - fireeye'.. The item in single quotes is the name of the sensor in your multiprobe.

ggarcia1 · ‎02-13-2019

Thank you!

This worked AFTER I found and added a MIB for the BlueCoats.

I suppose that was a prerequisite that I overlooked.

They now return serial number.

Thanks again.

SimonDi · ‎02-11-2020

Hi,

This is also something that we are looking into at the moment and the answers above are helpful to advancing us.
One question: What table have you populated your Bluecoat CIs into?

Did you create a new table or insert into existing?

ggarcia1 · ‎03-30-2020

We left them on IP Switch, more out of that's where we put them and we just haven't moved them; getting discovered was the goal at the time.

We've entertained either creating another class or just using the Device Type attribute that already exists.

Having asked our network engineers, they don't really care how it's classified, just that it's captured; so there's not a lot of urgency.

Have you had this discussion with anyone else? I'd love some input.