Can someone see if I'm understanding this correctly. Been diving in for several days and want to see if I'm thinking in the proper way.
Am trying to set up discovery so as to minimize the post-discovery work.
First observation is that you must do all of your own actions. I didn't see any out-of-the-box actions, and haven't found much floating around. Maybe because they are easy, but I'm finding them to be a bit hard, because...
Second observation is that discovery appears to have a rather vague, arcane but quite limited amount of logic available to select templates. As a simple example, I have devices whose community strings are "public" (and cannot be reset) and others that are only V1 (V2c won't work at all), and others that have been set to another community string.
I managed to get the string itself taken care of by doing a separate discovery for just that string, adding a template that had ONLY a macro in it, then attach the same SNMP templates on both the "public" and non-public ones. No problem. I could not manage to figure out how to tell V1 from V2c, since the V2c hosts respond to V1 as well.
I tried doing a =V1 check and <>V2c check but with no luck, I got inconsistent results. In fact anytime I tried to refer to two different checks (in the same rule) I got inconsistent results, maybe it's not doing all the checks before executing the rules?
Third observation and biggest concern is that the logic in the checks is tied to the subnets, and the actions are tied to the checks (which means they are tied to subnets). It would APPEAR that if you get a pretty complex but working setup for discovery, you then have to clone EVERYTHING to apply to other subnets. Or you have to go in and change the one you have. There's no real segregation between subnet, rules and actions.
So where I ended up is that I got a nicely working set of rules and actions for some common devices, not terribly complex but not simple either, and now if I want to expand to other subnets I copy-copy-copy. as I (inevitably) add complexity I must copy all that complexity into the rules and actions in each subnet.
It's as though I'm missing a level of abstraction?
Or am I?
Or am I over-analyzing it- do most people do a cursory discovery then hand-edit everything and so don't care about discovery accuracy?
Am trying to set up discovery so as to minimize the post-discovery work.
First observation is that you must do all of your own actions. I didn't see any out-of-the-box actions, and haven't found much floating around. Maybe because they are easy, but I'm finding them to be a bit hard, because...
Second observation is that discovery appears to have a rather vague, arcane but quite limited amount of logic available to select templates. As a simple example, I have devices whose community strings are "public" (and cannot be reset) and others that are only V1 (V2c won't work at all), and others that have been set to another community string.
I managed to get the string itself taken care of by doing a separate discovery for just that string, adding a template that had ONLY a macro in it, then attach the same SNMP templates on both the "public" and non-public ones. No problem. I could not manage to figure out how to tell V1 from V2c, since the V2c hosts respond to V1 as well.
I tried doing a =V1 check and <>V2c check but with no luck, I got inconsistent results. In fact anytime I tried to refer to two different checks (in the same rule) I got inconsistent results, maybe it's not doing all the checks before executing the rules?
Third observation and biggest concern is that the logic in the checks is tied to the subnets, and the actions are tied to the checks (which means they are tied to subnets). It would APPEAR that if you get a pretty complex but working setup for discovery, you then have to clone EVERYTHING to apply to other subnets. Or you have to go in and change the one you have. There's no real segregation between subnet, rules and actions.
So where I ended up is that I got a nicely working set of rules and actions for some common devices, not terribly complex but not simple either, and now if I want to expand to other subnets I copy-copy-copy. as I (inevitably) add complexity I must copy all that complexity into the rules and actions in each subnet.
It's as though I'm missing a level of abstraction?
Or am I?
Or am I over-analyzing it- do most people do a cursory discovery then hand-edit everything and so don't care about discovery accuracy?
Comment