Upload File

addmi 16.5-discovery troubleshooting

of 58 /58
© 2009 BMC Educational Services Discovery Troubleshooting Understanding the Discovery Access Page

Author: odanyboy

Post on 12-Jun-2015

396 views

Category:

Technology


2 download

Report

Tags:

Embed Size (px)

TRANSCRIPT

  • 1. Discovery Troubleshooting Understanding the Discovery Access Page

2. Outline

  • Monitoring Discovery
    • Current/Recent Runs
    • Discovery Dashboard
    • Credential/Slave usage feedback
  • Troubleshooting Discovery
    • Metadata page
    • Specific Reports
  • Additional Discovery Reference Material
    • Appendix A
    • Appendix B

3. Introduction

  • Keeping Foundations access to your environment in tip top shape is important for the best quality data
  • This module covers how to monitor Foundations Access and how to troubleshoot problems

4. Discovery Troubleshooting Understanding the Discovery Access Page 5. Understanding the Discovery Access view

  • The Discovery Access view is the key page for troubleshooting discovery
  • It provides a summary view of the Directly Discovered Data for this access
    • Device Type
    • Session Results
    • Methods and Scripts used
    • Script Failure Feedback

6. Terminology UNIX Scripts

  • Method/Script

7. Terminology Windows Scripts

  • Method/Script

8. Discovery Access Page

  • Data is summarised into collapsible sections

9. Endpoint section

  • Shows data about when and why an endpoint was accessed
  • Links to related Host nodes
  • Device Summary field to improve context
  • Next and Previous Accesses

10. Device Summary Field - Examples

  • Example Device Summary fields from a range of device types

11. Status section

  • Shows data about the state of the Discovery Access
    • Session Results only appear if there have been failures establishing a session

12. Status section - Examples

  • Example Status sections from a variety of scenarios

13. Status section Detail on UNIX

  • Click on the link to see the session results in sequence

14. Status section Detail on Windows

  • Click on the link to see the session results in sequence

15. Discovery Details section

  • Shows the credential/slave used if for successful discovery
    • Also shows if the data came from a scanning appliance or from scanner files

16. Standard Discovery section

  • Shows the outcome of Standard Discovery
    • That is the discovery we do automatically for a Host even without patterns loaded

17. Standard Discovery Details (1)

  • Click through to see discovery results

18. Standard Discovery Details (2)

  • Status shows the overall status

19. Standard Discovery Details (3)

  • Shows the script that succeeded

20. Standard Discovery Details (4)

  • Summarises up any script failure reports

21. Standard Discovery Details (5)

  • Shows successful access route

22. Standard Discovery Details (6)

  • The increased detail is needed to reflect the complexity of Windows discovery
    • More Scripts
    • Multiple access routes during the same scan

23. Additional Discovery section

  • Records discovery done by patterns
  • Slightly different as these methods can be called multiple times by many different patterns

24. Integrations section

  • Integrations (SQL Discovery currently) has a dedicated section

25. Mapping to Platform Page

  • The information on the Discovery Access page has been arranged to allow you to find the commands on the Platform Pages.

26. Mapping to Platform Page

  • First use the device summary to find the right platform

27. Mapping to Platform Page

  • The use the Method

28. Mapping to Platform Page

  • The use the Method, Access

29. Mapping to Platform Page

  • The use the Method, Access, Script

30. Mapping to Platform Page

  • For WMI there is an extra page showing the script

31. Mapping to Platform Page

  • For WMI there is an extra page showing the script

32. Mapping to Platform Page

  • For WMI there is an extra page showing the script

33. Mapping to Platform Page

  • First use the device summary to find the right platform

34. Mapping to Platform Page

  • For UNIX the scripts are common across ssh/telnet/rlogin

35. Understanding Script Failures

  • Any script that fails to return useful output will be logged as a Script Failure
  • Sometimes this is normal behaviour as in methods with more than one script scripts are tried in priority order

36. Script Failures Details (1)

  • Script name

37. Script Failures Details (1)

  • Access

38. Script Failures Details (1)

  • Slave Used

39. Script Failures Details (1)

  • Error Message

40. Discovery Troubleshooting Specific Reports 41. Discovery Conditions

  • Look for specific conditions where action can be taken to improve data quality
  • Links to vendor patches and additional detail on the Tideway website

42. Discovery Conditions Locations (1)

  • In the Discovery Tab

43. Discovery Conditions Locations (2)

  • On the Discovery Dashboard

44. Discovery Conditions Locations (3)

  • On impacted Hosts

45. Possible Process To Port Issues

  • A frequent area of discovery troubleshooting is gather Process to Port connections
  • This data assist in understanding network dependencies and improves the detail of the Automatic Grouping
  • There is a specific report available to assist
    • We will also cover how to instrument UNIX scripts for further troubleshooting

46. Port to Process Locations (1)

  • In the Discovery Tab

47. Port to Process Locations (2)

  • On the Discovery Dashboard

48. Port to Process Locations (3)

  • Contextual reports on the Discovery Run

49. Instrumenting UNIX Script

  • Edit the script to add instrumentation
    • Doesnt happen out of the box
  • Precede the command withtw_capture
    • tw_capture [..]
    • needs to be a unique identifier within that script
  • tw_capturewill record theexit codeandstderr
  • This will result in a CommandFailure node being created and linked to the discovery result
    • ButONLYif the command fails

50. CommandFailure Details

  • tw_capture can be used in a pipeline or subprocess (e.g. backticks)
  • The /tmp directory must be writeable for the feature to be enabled
    • Otherwise you will get a CommandFailure with the message Unable to write to /tmp
  • tw_capture can also be used in scripts run from TPL patterns

51. CommandFailure attributes command_name The name given to tw_capturestatus The exit code (integer) error Any text written to stderr 52. CommandFailure: Enable

  • tw_capture [..]
      • needs to be a unique identifier within that script
  • If used with PRIV_XXXX the tw_capture must go first
    • tw_capture lsof_i PRIV_LSOF lsof -l -n -P -F ptPTn -i 2>/dev/null

53. CommandFailure Results (1) 54. CommandFailure Results (2) 55. Other useful discovery reports (1)

  • Which Host IPs didnt update last access?
    • Host Endpoints Not Updating report
    • Filters just to Host devices
  • Which Host IPs had session establishment issues last access?
    • Host Endpoints With Session Issues report
    • Filters out first access to any IP to remove initial noise on deployment

56. Other useful discovery reports (2)

  • What Hosts were scanned but not accessed at last access?
    • Possible Endpoint Host Devices (Detailed) report
    • Includes both the raw OS estimate list and the discovery refined classification
  • What other devices have been scanned?
    • Possible Endpoint Non Host Devices report
    • Includes both the raw OS estimate list and the discovery refined classification
    • INCLUDES Other, Embedded and Unknown OS Classes
    • Handy for displaying the non Host device discovery
    • Also handy for checking for heavily firewalled Hosts!

57. Other useful discovery reports (3)

  • What other IPs should be scanned?
    • Seen but unscanned IPs report
    • Seen but unscanned IPs with Ports report
      • More detail for investigation but start with summary
    • Shows a count of the IPs that the system has seen connections to but has not accessed

58. Further Resourses

  • Tideways Online Documentation:
    • http://www.tideway.com/confluence/display/81/Discovery

Tideway Foundation Version 7.2 Documentation Title


Addmi 06-security mgmt
Addmi 16-discovery monitoring
16.5 Russia Emerges
Addmi 07-taxonomy
Addmi 09.5-analysis ui-host-grouping
Addmi 11-intro to-patterns
Industrial Cable Glands - Raptors Trading & Contractingraptorsqatar.com/wp-content/uploads/2019/07/Glands... · 2019. 7. 15. · M50S M50 M63S M63 M75S M75 M90 16.5 16.5 16.5 16.5
Addmi 09-analysis ui-reporting
Addmi 12-basic scan
POWERDESGINER 16.5 SP2
Addmi 23-cmdb sync
16.5. 18.5 - Visitestonia.com
Addmi 14-discovery credentials
SmartPipe Product Catalog and Installation Guideus.kaeser.com/Images/USPIPECATLOG_SmartPipeProd... · 10 16.5 16.5 16.5 25 25 25 25 25 25 25 25 25 25
Chapter 16.5 Conservation
PowerDesigner 16.5
Addmi 15-discovery scripts
Addmi 17-snapshot
AD574A (Rev. B) - Mixed-signal and digital signal ...€¦ · CC +11.4 +16.5 +11.4 +16.5 +11.4 +16.5 Volts V EE –11.4 –16.5 –11.4 –16.5 –11.4 –16.5 Volts Operating Current
LISTA DE PRECIOS 16.5
PDFAD6E - gass.edu.vn chuan CTXH.pdf · Ðð NgQC Scm Nguyên Tán Nhurt NguyCn Thi Tuán Anh Nguyên Tuðng Long Tóng diem 17.5 17.0 16.5 16.5 16.5 16.5 16.0 ... NguyCn Trung Thuân
16.5 Comparing depreciation methods
ASME B.16.5
Infos 16.5 km
Troubleshooting · Troubleshooting • Troubleshooting,page1 Troubleshooting Recovering a Lost Password
Tables_ASME B 16.5
Addmi 13-discovery overview
Addmi 05-windows slave-installation_and_management
MDaemon Messaging Server 16.5
Addmi 01-why addm
Activación orcad 16.5
574 16.5 31.3 1X
Addmi 02-addm overview
Addmi 13-discovery overview (patrick ryan's conflicted copy 2011-01-27)
Addmi 10.5-basic query-language