Inventory customization

August 24, 2012, 9:13 am

≫ Next: Can we Upgrade code for Cisco Voice Gateway with NCM???

≪ Previous: Baselining questions

$

0

0

Is it possible to customize the inventory collection?

 

To add new things:

It seems as if this is driven through templates in C:\Program Files (x86)\SolarWinds\Orion\NCM\Inventory one for the collection, and another for the display

Specifically I'd like to collect the LLDP information (we don't run CDP), but I can't find documentation on this.

 

To not inventory certain things on certain nodes:

Some of our routers are gigaPOP routers with a couple of hundred BGP peers and well over half a million entries in their routing tables.... I don't really want to collect the routing tables from them. But others of our routers support the campus and I would like to get a snapshot of their tables.

 

Thanks

 

/RjL

---

Can we Upgrade code for Cisco Voice Gateway with NCM???

August 21, 2014, 8:15 am

≫ Next: Using NCM to change F5 local passwords

≪ Previous: Inventory customization

$

0

0

Hi there,

 

I would like to upgrade code on multiple Cisco voice gate way VG202,VG224,VG350.

 

So I am wondering If I can accomplish this goal with NCM and How??? I have it more than 100 VG to upgrade and its very hard to do it manually.

Using NCM to change F5 local passwords

August 21, 2014, 8:25 am

≫ Next: SolarWindsDiagnostics.exe

≪ Previous: Can we Upgrade code for Cisco Voice Gateway with NCM???

$

0

0

I am trying to build a NCM config template to change the F5 LTM local user account passwords. I have the bash script for this, but how do I build this into a template to allow for user input defined variables?

 

echo -e "Password1\nPassword1" | passwd admin

SolarWindsDiagnostics.exe

March 21, 2012, 4:19 am

≫ Next: Need a command for F5 to remote copy to server

≪ Previous: Using NCM to change F5 local passwords

$

0

0

Hi,

After a recent problem with our NCM installation I was asked to run SolarWindsDiagnostics.exe and then send the created zipfile to Support. This program ran without any need for authorisation so it bypassed any login security we have set within NCM. We use NCM to backup our network device configs and log changes etc. The created zipfile contained so much detail about our network devices, including routing tables, arp caches and vlans that it poses a real security risk. I was therefore very reluctant to send this file outside the building. Should this program not at least require the user to authenticate before it runs? You should also be able to choose what info is collected, most of the confidential info I'm talking about is not required to diagnose the fault.

Thanks

Andy

Need a command for F5 to remote copy to server

May 22, 2014, 11:43 am

≫ Next: VTP Domain inventory

≪ Previous: SolarWindsDiagnostics.exe

$

0

0

Hello,

I'm able in NCM to connect to the F5 Big-IP and issue a command to create a archive file (.ucs file) and it works great. I need help in finding a command that will be able to take that archive file and copy or move it to a remote share. Any suggestions?

Thanks.

VTP Domain inventory

August 21, 2014, 4:57 am

≫ Next: Change detection notification but no change made

≪ Previous: Need a command for F5 to remote copy to server

$

0

0

Hi all,

 

I'm searching to create an VTP domain invetory allowing me to create an Visio file with the differents VTP domain containing its devices ?

 

I hope my sentence is correct.

 

Thank you.

Fabien GRAGLIA

Change detection notification but no change made

August 21, 2014, 12:56 am

≫ Next: Help: Detailed Node Inventory Reports including Serial Numbers

≪ Previous: VTP Domain inventory

$

0

0

We seem to be receiving change notification emails, when no config has been saved or change made.  The only visual difference shown in the email are the lines concerned with last login.

 

We are using syslog to automate this process, which seemed to be preferred over using snmp which we had assumed was the way to do this.

 

We had also assumed that only saving/writing the config which stimulate this automation process.  Are there any other circumstances that would trigger a change notification other, as we don't know why this might be happening.

 

 

Cheers

Help: Detailed Node Inventory Reports including Serial Numbers

August 22, 2014, 1:07 pm

≫ Next: Using Config Change Script to Identify Switch Interface Mode

≪ Previous: Change detection notification but no change made

$

0

0

All..

 

I am having some issues with report creation in NCM 7.3.1.  I am fairly OK in SQL, so designing them manually was not a task. The task is being able to create a single report that shows ALL managed nodes with some details, and must show the serial number of the node. What I have been able to do thus far is create two separate SQL based reports that list all non-Juniper nodes, and another that lists just the Juniper nodes.

This is due to the fact that Juniper nodes are stored in their own table Physical_Entities(Juniper) with column names that begin with jnx*.

 

I really need to be able to design one report that shows everything managed by NCM, including serial numbers, but everything needs to be sorted/grouped by location.  The latter part is already doable, the first part, pulling data from two different tables, and aligning them properly per location.

 

Does this make sense?

 

Can someone help me with this if it is possible?

 

Thanks,

Jeff Singleton

Motorola Solutions, Inc.

---

Using Config Change Script to Identify Switch Interface Mode

May 30, 2013, 4:32 pm

≫ Next: Help with regular expressions and config change reports

≪ Previous: Help: Detailed Node Inventory Reports including Serial Numbers

$

0

0

Hello Everyone,

I recently found out about the Config Change Scripts, and it is magnificent. I started using the (out-of-the-box) ones and tweaking them. Then started to write some for my own and testing them on the LAB setup that we have. However, I hit a wall when I could not identify a Cisco switch port if it is in Access mode or in Trunk mode.

The scenario I have is that there are many switches and I need to enable (bpduguard) and (root guard) on the switches' access ports. But in order to that, I have to identify the switch mode (Acces / Trunk) and I could not figure it out from NCM Admin guide.

If anyone has tried it or know about this, it would be great to help.

I use NCM 7.0.2

 

BTW, here is a script I wrote in order to create a dummy VLAN and assign all of the unused ports to it, plus some standard SSH security configuration.  Please, be gentle as this is my first time trying to write those scripts. And any enhancements are more that welcomed.

 

/*

.CHANGE_TEMPLATE_DESCRIPTION

  This change template configures dummy VLAN and assign unused switch ports (notconnect) to it . This was verified on Cisco 3750 switches.

.CHANGE_TEMPLATE_TAGS

  Cisco, IOS, VLAN Membership , unused ports

.PLATFORM_DESCRIPTION

  Cisco IOS

.PARAMETER_LABEL @ContextNode

  NCM Node

.PARAMETER_DESCRIPTION @ContextNode

  The node the template will operate on. (Cisco Switch)

.PARAMETER_LABEL @DummyVLAN

  Dummy VLAN ID to add and assign

.PARAMETER_DESCRIPTION @DummyVLAN

  Dummy VLAN ID you would like to add and assign.

*/

 

script ConfigureDummyVLANCiscoIOS (

NCM.Nodes @ContextNode,

int @DummyVLAN )

{

int @flag

@flag = 0

CLI

  {

  configure terminal

  vlan @DummyVLAN

  name Blackhole

  exit

  }

foreach(@itf in @ContextNode.Interfaces)

  {

 

       if (@itf.OperStatus == 'Up')

       {

            @flag=1

       }

       if (@itf.InterfaceDescription contains 'vlan')

       {

       @flag=1

       }

       if (@itf.InterfaceType != 6)

       {

       @flag=1

       }

 

       if (@flag==0)

       {

            CLI

            {

                 interface @itf.InterfaceDescription

                 switchport vlan @DummyVLAN

                 exit

            }

       }

       @flag=0

 

   }

 

}

Help with regular expressions and config change reports

August 11, 2008, 6:53 am

≫ Next: PCI Compliance templates

≪ Previous: Using Config Change Script to Identify Switch Interface Mode

$

0

0

I could use some help with creating a regular expression that the config change report ignores during it's comparison.  Basically, I have Cirrus comparing the most recent config downloaded with the latest baseline.  The problem is that the running configuration of my cisco devices has the crypto key listed in the config, and in the startup, the crypto key doesn't exist.  I would like to exclude this section from even being compared, but my regular expression knowledge is severely lacking.  I'm guessing there is a way for me to exclude the following:

crypto ca certificate chain TP-self-signed-1667691779
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31363637 36393137 3739301E 170D3036 30383036 31303234
  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36363736
  39313737 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B4CA F3563FC5 43010A48 B075619E A7DE4790 AF982EF5 5402B501 207DB313
  67C78E80 CCD4CBA7 D2214222 055D8CBF A676A6A3 64C0B6C2 2247D76C C4C60202
  EFCA453E 5848D707 16D2940D C7384BBE 6BA52028 5F1CD47F C66CFD7B EF51188D
  8AF9B9E9 D4DFB645 1D36E2B0 1D2B6BDE CF00F2FB 149AA487 7CF2FD66 74A4D032
  CDFB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14797F79 CD395C9D 9BBBF477 BE2CB863 2BD9D2B3 DA301D06
  03551D0E 04160414 797F79CD 395C9D9B BBF477BE 2CB8632B D9D2B3DA 300D0609
  2A864886 F70D0101 04050003 8181007B 9EB45922 73A18372 A31736D2 DA9089FD
  760DE6D1 0B50007E 05BA8328 D8A48A76 5B68D3EE 69BA29BD 89D63CE8 6BEF5ECE
  05DC7804 FAE7DA90 716CB0C5 40BBCB21 8BFDE99D AF3E4D35 796BFA05 FF5F3000
  78368944 B9BA15C8 F017126D 7AF337D0 88F38689 57F73A18 7509491A F3060E3A
  D0F1BCE8 4C110ECF 9A016242 7758E3
  quit

Is there a way to exclude everything to "quit" and what would it look like?  Any help would be appreciated.

PCI Compliance templates

August 22, 2014, 2:56 pm

≫ Next: REGEX assistance

≪ Previous: Help with regular expressions and config change reports

$

0

0

Where can we download the PCI compliance templates for NCM?

REGEX assistance

August 26, 2014, 8:13 am

≫ Next: Connection Refused : Problem with NCM downloading Juniper configs

≪ Previous: PCI Compliance templates

$

0

0

Hi Everyone,

 

Have little or no experience with regex, and I am trying to create a query for a policy that would check for

 

logging  1.1.1.1

or

logging 2.2.2.2

or

logging server 1.1.1.1

or

logging server 2.2.2.2

 

In short.. am looking for a query that would look for the word logging AND have 1 of thee ip addresses following it, and might or might not have the word host or server in between ?

Connection Refused : Problem with NCM downloading Juniper configs

August 18, 2011, 12:36 pm

≫ Next: Cabletron mtExpanded SSR 2000

≪ Previous: REGEX assistance

$

0

0

Hi,

I have problems downloading Juniper config files. It seems this a common issue with downloading config files using SSH. The configuration looks fine (SSH auto, no enable) but whenever I try to download it says connection refused. I searched everywhere but I could not find any answer. I wonder if someone from solarwinds can answer this question.

Regards,

Rayan

Cabletron mtExpanded SSR 2000

August 25, 2014, 4:53 am

≫ Next: Help with user access:

≪ Previous: Connection Refused : Problem with NCM downloading Juniper configs

$

0

0

Have somebody got a device Template for a Cabletron mtExpanded "SSR 2000 - Enterasys Networks Firmware Version: E9.0.7.4 PROM Version: prom-E3.2.0.0" or is someone able to develop it for me?

The SysObjectID is 1.3.6.1.4.1.52.3.9.33.1.1.

 

I had written my own one, but it doesn't work. Here is my version (maybe someone knows whats wrong with that):

 

<!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by () -->

<!--SolarWinds Network Management Tools-->

<!--Copyright 2005 SolarWinds.Net All rights reserved-->

<Configuration-Management Device="Enterasys Cabletron SSR2000" SystemOID="1.3.6.1.4.1.52.3.9.33.1.1">

    <Commands>

        <Command Name="Reboot" Value="reboot${CRLF}y${CRLF}y"/>

        <Command Name="EnterConfigMode" Value="configure"/>

        <Command Name="ExitConfigMode" Value="exit"/>

        <Command Name="Startup" Value="startup"/>

        <Command Name="Running" Value="active"/>

        <Command Name="DownloadConfig" Value="${EnterConfigMode}${CRLF}show ${ConfigType}"/>

        <Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>

        <Command Name="DownloadConfigIndirect" Value="copy ${ConfigType} to tftp-server${CRLF}${StorageAddress}${CRLF}${StorageFilename}${CRLF}${CRLF}"/>

        <Command Name="UploadConfigIndirect" Value="copy tftp-server to startup${CRLF}${StorageAddress}${CRLF}${StorageFilename}${CRLF}yes${CRLF}${CRLF}"/>

        <Command Name="EraseConfig" Value="write erase${CRLF}Y"/>

        <Command Name="SaveConfig" Value="save startup"/>

        <Command Name="Version" Value="system show version"/>

    </Commands>

</Configuration-Management>

 

The Test in the Profile Manager is successful but the down and upload fail with the following message:

 

Connectivity issues, discarding configuration (or configuration is too short)

I have the newest version of NCM.

Help with user access:

August 27, 2014, 12:42 pm

≫ Next: NCM remediation very slow

≪ Previous: Cabletron mtExpanded SSR 2000

$

0

0

Is it possible to grant rights to a user or group of user and allow them to create and manage node groups without giving them access to the admin tab or network discovery?  So far from what I see the Allow Node management and allow admin rights are pretty much it granting all or nothing.

---

NCM remediation very slow

August 27, 2014, 5:38 am

≫ Next: Bug Alert: Name Changes in NCM

≪ Previous: Help with user access:

$

0

0

Hello,

 

we are dealing with some remediation scripts for installing Cisco Custom Macros and Cisco Login Banners, they are running very slow

on the devices they even get timeouts.Is there a way to speed them up?

Could be a possible reason for this, that NCM is waiting for a '#' character  at the prompt of the switch cli?

 

Kind Regards

Erich

Bug Alert: Name Changes in NCM

December 28, 2012, 3:49 pm

≫ Next: Cisco SNMP trap for Realtime Change Detection

≪ Previous: NCM remediation very slow

$

0

0

Just noticed this: in NCM 7.1 with NPM 10.4, changing a node name in NPM updates the name in the NCM web integration, but not in the NCM console application. I haven't found any way to get the node name updated in the Windows console app.

Cisco SNMP trap for Realtime Change Detection

October 1, 2009, 11:45 am

≫ Next: 'Execute Script' Jobs Stuck On "Cancelling"

≪ Previous: Bug Alert: Name Changes in NCM

$

0

0

I am working on getting RTCD working. I have my cisco devices configured to send SNMP traps:

snmp-server enable traps config

However, a trap is sent when a user enters config mode, not if they actually change anything or when they exit config mode. This is useless since none of the changes are downloaded. Is it possible to use SNMP to send a trap when the config is changed? It seems syslog will log an entry when it's changed, but I'd rather rely on SNMP.

'Execute Script' Jobs Stuck On "Cancelling"

July 9, 2010, 2:59 am

≫ Next: Change detection notification but no change made

≪ Previous: Cisco SNMP trap for Realtime Change Detection

$

0

0

Morning all, I was pushing out an IOS update to a load of switches this morning using the Configuration Management/Execute Script functionality of NCM when the Solarwinds Information Service seemed to crash on the server running NCM. Although the script ran okay on all the switches (I manually logged into each of them to check) the jobs appeared to keep running in the web interface. I clicked the blue X 'Cancel' button and all the jobs are now stuck on "Cancelling".

I've already tried restarting all the Orion services on the machine and even rebooting the machine but the jobs' status persists between reboots.

Any idea how I can get rid of them?

Change detection notification but no change made

August 21, 2014, 12:56 am

≫ Next: Help with user access:

≪ Previous: 'Execute Script' Jobs Stuck On "Cancelling"

$

0

0

We seem to be receiving change notification emails, when no config has been saved or change made.  The only visual difference shown in the email are the lines concerned with last login.

 

We are using syslog to automate this process, which seemed to be preferred over using snmp which we had assumed was the way to do this.

 

We had also assumed that only saving/writing the config which stimulate this automation process.  Are there any other circumstances that would trigger a change notification other, as we don't know why this might be happening.

 

 

Cheers