[auto discovery] SSH false positives?
Hi,
I'm near a consequent Zabbix agents deployment, and I'm doing last refinements to my server settings.
During my tests, I find out that if I use the embedded "ssh service type" (ie SSH (22)) as matching criteria to discover hosts (with the adequate discovery action: Service type = "SSH"), I get many false positives. Many Windows boxes (that I "discover" using TS service port) shows up as SSH boxes too.
Whereas if I redefine the SSH service type (as a simple TCP (22) for the discovery rule and the discovery action Service type = "TCP" && Service port = "22"), I get rid of these false positives.
As I don't know how is the embedded SSH service type is defined, I can't analyse this.
Has someone observed a similar bahaviour?
I'm near a consequent Zabbix agents deployment, and I'm doing last refinements to my server settings.
During my tests, I find out that if I use the embedded "ssh service type" (ie SSH (22)) as matching criteria to discover hosts (with the adequate discovery action: Service type = "SSH"), I get many false positives. Many Windows boxes (that I "discover" using TS service port) shows up as SSH boxes too.
Whereas if I redefine the SSH service type (as a simple TCP (22) for the discovery rule and the discovery action Service type = "TCP" && Service port = "22"), I get rid of these false positives.
As I don't know how is the embedded SSH service type is defined, I can't analyse this.
Has someone observed a similar bahaviour?