Nav-users

nav-users@lister.sikt.no

2 participants
1355 discussions

Netmap is empty
by onygaard＠tryggheim.no 24 Feb '23

24 Feb '23

Hi, We are running NAV 5.6.0 (from av Debian package) on a local Debian 11 machine, set up with postgresql and apache2. Initially we had some problem with the error message "Graphite unreachable", but followed the solution suggested by datagutten: https://github.com/Uninett/nav/discussions/2535 Now, a lot looks nice. Graphs display fine, but we have problems with Netmap, which is empty. For the router e.g. the "Ports" tab is missing info about "To Device" and "To Port". "Port details" do not provide any options for "Two IP device". Regards, Ole Harald

3 5

Re: Netmap is empty
by Ole Harald Nygård 21 Feb '23

21 Feb '23

1 0

Alert Profiles, filters and options
by BERGELIN SABADELL, IVAR-ERIC 16 Feb '23

16 Feb '23

Hello, My name is Ivar and I work at Universitat Pompeu Fabra of Barcelona. I sent an email a few days ago asking about the API's options of NAV (no responses yet). Now I'm trying to get the link status of a switch using filters, but I have three questions. - Is it possible to get this information using filters? My idea is to send a daily email with a list of the ports of a specific switch which has link status down through NAV's "Alert Profiles" tool. - What is the difference between these two tabs? [image: image.png] [image: image.png] - Is this second option checking if a port has an ethernet cable plugged to the ethernet card of a computer at that moment? Thanks again -- *Ivar Bergelin* Tècnic de suport informàtic Unitat d'Informàtica del Campus del Poblenou Roc Boronat 138 | 08018 - Barcelona [Tel.] (+34) 93 542 23 58 http://www.upf.edu

2 1

Fwd: A question about computers connectivity
by BERGELIN SABADELL, IVAR-ERIC 16 Feb '23

16 Feb '23

Hello, My name is Ivar, I work at Universitat Pompeu Fabra of Barcelona and we use NAV 4.5.2. I have a question about the NAV's API functionalities. We are looking to see if it's possible to check whether a group of computers connected to a specific switch have "link signal status" even when they are turned off (all the computers have WOL enabled as well). I found an example to get the state (active) of a computer. Here in this following link of your documentation URL: http://navscc-upf.x.upf.edu/doc/howto/using_the_api.html You show a specific scenario titled: We want to know the interface a computer is connected to right now. We have the ip-address of the computer. So, when it says "We want to know the interface a computer *is connected to right now*" means the computer is turned on or it works even if the computer is off? it would help us a lot. Thank you. -- *Ivar Bergelin* Tècnic de suport informàtic Unitat d'Informàtica del Campus del Poblenou Roc Boronat 138 | 08018 - Barcelona [Tel.] (+34) 93 542 23 58 http://www.upf.edu

2 1

How to filter reports on Attributes
by Ingeborg Hellemo 08 Feb '23

08 Feb '23

Filter reports gives you the option to filter on "Attributes". What is the correct incantation to fill in that will give something else than "There was an unhandled SQL error!"? --Ingeborg -- Ingeborg Østrem Hellemo -- ingeborg.hellemo(a)uit.no Dep. of Information Technology --- Univ. of Tromsø

3 5

Re: Fortigate firewall
by Morten Brekkevold 23 Jan '23

23 Jan '23

On Tue, 10 Jan 2023 17:23:08 +0100 Biselx Nicolas <nicolas.biselx(a)epfl.ch> wrote: > I'm not sure but I think that's what you asked me... > See in attachement Yes, the attachment is perfect, showing an snmpwalk of the `ipAddressTable` :) > D:\>snmpwalk.exe -v 2c -c XXXXX forti-noc.epfl.ch 1.3.6.1.2.1.4.34 > iso.3.6.1.2.1.4.34.1.3.1.10.0.2.49.143 = INTEGER: 143 All the responses seem to show the same problem, but we only need this one response for me to claim that the Fortigate device has an incorrect implementation of the IP-MIB. This is the definition of an entry in the ipAddressTable: > IP-MIB::ipAddressEntry > ipAddressEntry OBJECT-TYPE > -- FROM IP-MIB > MAX-ACCESS not-accessible > STATUS current > INDEX { ipAddressAddrType, ipAddressAddr } > DESCRIPTION "An address mapping for a particular interface." > ::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) ip(4) ipAddressTable(34) 1 } `iso.3.6.1.2.1.4.34.1.3` from above is a result from the `ipAddressIfIndex` column (column no. 3). The row index is given as `.1.10.0.2.49.143`. The `.1` indicates an address type of IPv4, which according to spec should occupy 4 octets. However, the remaining row index contains 5 octets - An invalid IPv4 address: `10.0.2.49.143`. This is the type definition: > InetAddressIPv4 ::= TEXTUAL-CONVENTION > DISPLAY-HINT "1d.1d.1d.1d" > STATUS current > DESCRIPTION > "Represents an IPv4 network address: > > Octets Contents Encoding > 1-4 IPv4 address network-byte order > > The corresponding InetAddressType value is ipv4(1). > > This textual convention SHOULD NOT be used directly in object > definitions, as it restricts addresses to a specific format. > However, if it is used, it MAY be used either on its own or in > conjunction with InetAddressType, as a pair." > SYNTAX OCTET STRING (SIZE (4)) This response perfectly explains the warning/error given by ipdevpoll: > device has strange SNMP implementation of IP-MIB; ignoring retrieved IP > address data: IPv4 address length is not 4: OID('.1.10.0.2.49.143') It seems to me like the Fortigate device appends an actual `ifIndex` value (143, in this case) to all the IP addresses, and is therefore in violation of the MIB definition. We could potentially work around this in NAV by ignoring the extra data and just interpret the first four octets, but this might cause problems with other devices that have faulty IP-MIB implementations, or it could cause potential problems if the same IP address appears multiple times with different ifIndex values attached to it. I would at the very least report this as a bug to Fortigate. -- Sincerely, Morten Brekkevold Sikt – Norwegian Agency for Shared Services in Education and Research

4 4

Re: Fortigate firewall
by Morten Brekkevold 10 Jan '23

10 Jan '23

On Mon, 9 Jan 2023 11:42:42 +0100 Biselx Nicolas <nicolas.biselx(a)epfl.ch> wrote: > In attachement, the debug with the list of ports It did find some 118 interfaces on the Fortigate, but no IP address information. Apparently, if found nothing useful in the IP-MIB: > 2023-01-09 11:27:03,353 [DEBUG plugins.prefix.prefix] [inventory fortigate] Trying address tables from IP-MIB > 2023-01-09 11:27:03,371 [WARNING plugins.prefix.prefix] [inventory fortigate] device has strange SNMP implementation of IP-MIB; ignoring retrieved IP address data: IPv4 address length is not 4: OID('.1.10.0.2.49.143') > 2023-01-09 11:27:03,371 [DEBUG plugins.prefix.prefix] [inventory fortigate] Found 0 addresses in IP-MIB: set() That is, it seems to have found *something*, but it didn't quite conform to that is expected in the MIB (the 1.10.0.2.49.143 value is invalid, as it is marked as a 4-octet IP address, but it contains 5 octets). Do you have the NET-SNMP command line tools and basic MIBs available on your system? Might be interesting to get a raw view of that the device presents, using something like these two commands: snmptable -v2c <community> <fortigate-ip-addr> IP-MIB::ipAddrTable snmptable -v2c <community> <fortigate-ip-addr> IP-MIB::ipAddressTable -- Sincerely, Morten Brekkevold Sikt – Norwegian Agency for Shared Services in Education and Research

1 0

Fortigate firewall
by Biselx Nicolas 02 Jan '23

02 Jan '23

Hi, We have a Fortigate firewall that I introduced with the GW category (routers layer 3 device), all information seems ok according to the capture. But when I look at the tools > watchdog there is a problem with the routing interfaces not being recognized ? It's a same with GSW Is there a solution to fix this? Regards, Nicolas

2 3

Correcting NAV topology after a physical reconfiguration
by tom.daae＠lom.kommune.no 21 Des '22

21 Des '22

Hi, I'm a new user of NAV and have found it to be a very useful tool. Among other things, it has helped us discover and plan improvements to our network topology. After implementing said improvements however, I find myself in a bit of a predicament. Two of my switches were previously connected via a link (in practice a daisy-chain), which is no longer physically present. NAV, of course, does not know the difference between a link that is temporarily down and one that is never coming back up, so the link remains in our netmap. I have not found a way of removing this link from NAV, short of deleting and re-registering the switches on either end of the link. This would of course mean losing a lot of traffic stats, so I'm wondering if there is any way to tell NAV do forget this specific link? Am I just misunderstanding something fundamental here?

2 1

Fortigate firewall
by Biselx Nicolas 20 Des '22

20 Des '22

1 0

← Newer
1
2
3
4
5
6
7
8
...
136
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Nav-users