addmi 16.5-discovery troubleshooting

of 58 /58
© 2009 BMC Educational Services Discovery Troubleshooting Understanding the Discovery Access Page

Author: odanyboy

Post on 12-Jun-2015

396 views

Category:

Technology


2 download

Embed Size (px)

TRANSCRIPT

  • 1. Discovery Troubleshooting Understanding the Discovery Access Page

2. Outline

  • Monitoring Discovery
    • Current/Recent Runs
    • Discovery Dashboard
    • Credential/Slave usage feedback
  • Troubleshooting Discovery
    • Metadata page
    • Specific Reports
  • Additional Discovery Reference Material
    • Appendix A
    • Appendix B

3. Introduction

  • Keeping Foundations access to your environment in tip top shape is important for the best quality data
  • This module covers how to monitor Foundations Access and how to troubleshoot problems

4. Discovery Troubleshooting Understanding the Discovery Access Page 5. Understanding the Discovery Access view

  • The Discovery Access view is the key page for troubleshooting discovery
  • It provides a summary view of the Directly Discovered Data for this access
    • Device Type
    • Session Results
    • Methods and Scripts used
    • Script Failure Feedback

6. Terminology UNIX Scripts

  • Method/Script

7. Terminology Windows Scripts

  • Method/Script

8. Discovery Access Page

  • Data is summarised into collapsible sections

9. Endpoint section

  • Shows data about when and why an endpoint was accessed
  • Links to related Host nodes
  • Device Summary field to improve context
  • Next and Previous Accesses

10. Device Summary Field - Examples

  • Example Device Summary fields from a range of device types

11. Status section

  • Shows data about the state of the Discovery Access
    • Session Results only appear if there have been failures establishing a session

12. Status section - Examples

  • Example Status sections from a variety of scenarios

13. Status section Detail on UNIX

  • Click on the link to see the session results in sequence

14. Status section Detail on Windows

  • Click on the link to see the session results in sequence

15. Discovery Details section

  • Shows the credential/slave used if for successful discovery
    • Also shows if the data came from a scanning appliance or from scanner files

16. Standard Discovery section

  • Shows the outcome of Standard Discovery
    • That is the discovery we do automatically for a Host even without patterns loaded

17. Standard Discovery Details (1)

  • Click through to see discovery results

18. Standard Discovery Details (2)

  • Status shows the overall status

19. Standard Discovery Details (3)

  • Shows the script that succeeded

20. Standard Discovery Details (4)

  • Summarises up any script failure reports

21. Standard Discovery Details (5)

  • Shows successful access route

22. Standard Discovery Details (6)

  • The increased detail is needed to reflect the complexity of Windows discovery
    • More Scripts
    • Multiple access routes during the same scan

23. Additional Discovery section

  • Records discovery done by patterns
  • Slightly different as these methods can be called multiple times by many different patterns

24. Integrations section

  • Integrations (SQL Discovery currently) has a dedicated section

25. Mapping to Platform Page

  • The information on the Discovery Access page has been arranged to allow you to find the commands on the Platform Pages.

26. Mapping to Platform Page

  • First use the device summary to find the right platform

27. Mapping to Platform Page

  • The use the Method

28. Mapping to Platform Page

  • The use the Method, Access

29. Mapping to Platform Page

  • The use the Method, Access, Script

30. Mapping to Platform Page

  • For WMI there is an extra page showing the script

31. Mapping to Platform Page

  • For WMI there is an extra page showing the script

32. Mapping to Platform Page

  • For WMI there is an extra page showing the script

33. Mapping to Platform Page

  • First use the device summary to find the right platform

34. Mapping to Platform Page

  • For UNIX the scripts are common across ssh/telnet/rlogin

35. Understanding Script Failures

  • Any script that fails to return useful output will be logged as a Script Failure
  • Sometimes this is normal behaviour as in methods with more than one script scripts are tried in priority order

36. Script Failures Details (1)

  • Script name

37. Script Failures Details (1)

  • Access

38. Script Failures Details (1)

  • Slave Used

39. Script Failures Details (1)

  • Error Message

40. Discovery Troubleshooting Specific Reports 41. Discovery Conditions

  • Look for specific conditions where action can be taken to improve data quality
  • Links to vendor patches and additional detail on the Tideway website

42. Discovery Conditions Locations (1)

  • In the Discovery Tab

43. Discovery Conditions Locations (2)

  • On the Discovery Dashboard

44. Discovery Conditions Locations (3)

  • On impacted Hosts

45. Possible Process To Port Issues

  • A frequent area of discovery troubleshooting is gather Process to Port connections
  • This data assist in understanding network dependencies and improves the detail of the Automatic Grouping
  • There is a specific report available to assist
    • We will also cover how to instrument UNIX scripts for further troubleshooting

46. Port to Process Locations (1)

  • In the Discovery Tab

47. Port to Process Locations (2)

  • On the Discovery Dashboard

48. Port to Process Locations (3)

  • Contextual reports on the Discovery Run

49. Instrumenting UNIX Script

  • Edit the script to add instrumentation
    • Doesnt happen out of the box
  • Precede the command withtw_capture
    • tw_capture [..]
    • needs to be a unique identifier within that script
  • tw_capturewill record theexit codeandstderr
  • This will result in a CommandFailure node being created and linked to the discovery result
    • ButONLYif the command fails

50. CommandFailure Details

  • tw_capture can be used in a pipeline or subprocess (e.g. backticks)
  • The /tmp directory must be writeable for the feature to be enabled
    • Otherwise you will get a CommandFailure with the message Unable to write to /tmp
  • tw_capture can also be used in scripts run from TPL patterns

51. CommandFailure attributes command_name The name given to tw_capturestatus The exit code (integer) error Any text written to stderr 52. CommandFailure: Enable

  • tw_capture [..]
      • needs to be a unique identifier within that script
  • If used with PRIV_XXXX the tw_capture must go first
    • tw_capture lsof_i PRIV_LSOF lsof -l -n -P -F ptPTn -i 2>/dev/null

53. CommandFailure Results (1) 54. CommandFailure Results (2) 55. Other useful discovery reports (1)

  • Which Host IPs didnt update last access?
    • Host Endpoints Not Updating report
    • Filters just to Host devices
  • Which Host IPs had session establishment issues last access?
    • Host Endpoints With Session Issues report
    • Filters out first access to any IP to remove initial noise on deployment

56. Other useful discovery reports (2)

  • What Hosts were scanned but not accessed at last access?
    • Possible Endpoint Host Devices (Detailed) report
    • Includes both the raw OS estimate list and the discovery refined classification
  • What other devices have been scanned?
    • Possible Endpoint Non Host Devices report
    • Includes both the raw OS estimate list and the discovery refined classification
    • INCLUDES Other, Embedded and Unknown OS Classes
    • Handy for displaying the non Host device discovery
    • Also handy for checking for heavily firewalled Hosts!

57. Other useful discovery reports (3)

  • What other IPs should be scanned?
    • Seen but unscanned IPs report
    • Seen but unscanned IPs with Ports report
      • More detail for investigation but start with summary
    • Shows a count of the IPs that the system has seen connections to but has not accessed

58. Further Resourses

  • Tideways Online Documentation:
    • http://www.tideway.com/confluence/display/81/Discovery

Tideway Foundation Version 7.2 Documentation Title