I built a system some years ago that helped me maintain a list of active ip addresses on my class B network. Initially it did somethng similar to the way Zabbix currently does auto-discovery. I used NMap to scan ranges and detect systems for profiling and adding to the database.
This method was fine until the network grew to such a size that periodic scanning of an entire class b range became really innefficient. I had to find a different method for detecting and profiling hosts.
Enter ArpWatch (http://packages.qa.debian.org/a/arpwatch.html)
Using the arp.dat file generated by arpwatch I was able to detect and begin profiling hosts on my networks without the need for periodic scanning of the entire subnet or range of subnets. This reduced the overhead hugely and allowed me to target devices more directly as they appeared on the network.
I'm a huge fan of Zabbix but I have to say that the current auto-discovery "scanning" mechanism only works for small ip ranges and is not really viable (in my opinion) for enterprise level discovery due to the arp "noise" that scanning in this way creates. It is also cumbersome and requires multiple discovery rulesets to enable class b scanning at an efficient level.
I personally think it would be better to redesign the auto-discovery within Zabbix to adopt arpwatch as it's primary detection mechanism.
I may have a go at integrating it myself using my existing ip monitoring system and will share the results with the community if successful. However, I am interested in others thoughts on the matter.
Rgs
onslo
This method was fine until the network grew to such a size that periodic scanning of an entire class b range became really innefficient. I had to find a different method for detecting and profiling hosts.
Enter ArpWatch (http://packages.qa.debian.org/a/arpwatch.html)
Using the arp.dat file generated by arpwatch I was able to detect and begin profiling hosts on my networks without the need for periodic scanning of the entire subnet or range of subnets. This reduced the overhead hugely and allowed me to target devices more directly as they appeared on the network.
I'm a huge fan of Zabbix but I have to say that the current auto-discovery "scanning" mechanism only works for small ip ranges and is not really viable (in my opinion) for enterprise level discovery due to the arp "noise" that scanning in this way creates. It is also cumbersome and requires multiple discovery rulesets to enable class b scanning at an efficient level.
I personally think it would be better to redesign the auto-discovery within Zabbix to adopt arpwatch as it's primary detection mechanism.
I may have a go at integrating it myself using my existing ip monitoring system and will share the results with the community if successful. However, I am interested in others thoughts on the matter.
Rgs
onslo
Comment