Send netdisco-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Netdisco and Arpwatch like feature (Enrico Becchetti)
--- Begin Message ---
yes !!! thanks a lot to Brain and Christian
Best Regards
Enrico
Il 24/10/2018 01:59, Brian Marshall ha scritto:
I have the following bash script to email me daily changes on the
network.
Theres a bit of special sauce to deal with our corporate network, but
that's easy enough to modify or remove if you so desire.
It shows new MAC/IP pair and associated switchport, node not seen for
a week and new switch discovered in an html table. There is no email
generated if no changes were seen:
#!/bin/bash
output=`sudo -u netdisco /usr/bin/psql netdisco netdisco -c "select
'Connected' as Change_Type, d.ip as Switch_IP, d.name as switch_name,
d.location as switch_location, ni.ip as discovered_ip, nbt.nbname as
computer_name, n.port, ni.mac, oui.company from device as d join node
as n on d.ip = n.switch inner join (select mac, max(time_last) as
time_last from node where active = 't' group by mac) as niu on n.mac =
niu.mac and n.time_last = niu.time_last join node_ip as ni on n.mac =
ni.mac left outer join node_nbt as nbt on ni.mac = nbt.mac left outer
join oui on n.oui = oui.oui where ni.mac <> '00:00:00:00:00:00' and
ni.active = 't' and ni.time_first > now() - interval '1 day' and inet
'10.$1.0.0/16' >> d.ip and text(d.ip) || '_' || text(n.port) not in
(select text(ip) || '_' || text(port) from device_port where
remote_type like '%AP%' or remote_type like '%MSM4%') UNION ALL
select 'Disconnected' as Change_Type, d.ip as Switch_IP, d.name as
switch_name, d.location as switch_location, ni.ip as discovered_ip,
nbt.nbname as computer_name, n.port, ni.mac, oui.company from device
as d join node as n on d.ip = n.switch join node_ip as ni on n.mac =
ni.mac inner join (select mac, max(time_last) as time_last from node
where active = 't' group by mac) as niu on n.mac = niu.mac and
n.time_last = niu.time_last left outer join node_nbt as nbt on ni.mac
= nbt.mac left outer join oui on n.oui = oui.oui where ni.time_last
between now() - interval '7 days' and now() - interval '6 day' and
inet '10.$1.0.0/16' >> d.ip and text(d.ip) || '_' || text(n.port) not
in (select text(ip) || '_' || text(port) from device_port where
remote_type like '%AP%' or remote_type like '%MSM4%') and ni.mac not
in (select mac from node where time_last > now() - interval '6 day')
and nbt.nbname not in (select nbname from node_nbt where time_last >
now() - interval '6 day') union all select 'New switch' as
change_type, ip as switch_ip, name as switch_name, location as
switch_location,null as discovered_ip, null as computer_name, null as
port, mac as mac, vendor as company from device as d where creation >
now() - interval '1 day' and inet '10.$1.0.0/16' >> d.ip;" -H | sed
'1i<html>' | sed ' $a <\/html>'`
if (echo $output | grep '<p>(0 rows)<br />' >> /dev/null); then
echo "No rows!" >> /dev/null
else
echo $output | mail -s "Daily Switch Change Digest - $3" -a
'Content-type: text/html; charset="iso-8859-1"' $2
fi
On 10/23/2018 02:53 PM, Christian Ramseyer wrote:
Hi Enrico
I need to check arp address vs IP, in particular I'd like to store
both
of them.
Also can I use netdisco to send me a notify when there are some
changes ?
I don't know what Arpwatch exactly does, but it sounds like you want to
know when a mac and ip pair (dis)appeared on your network?
I don't think Netdisco currently has the option to notify you, but the
information is there. In the database, you can find a table called
node_ip that looks like this:
Table "public.node_ip"
Column | Type | Modifiers
------------+-----------------------------+---------------
mac | macaddr | not null
ip | inet | not null
active | boolean |
time_first | timestamp without time zone | default now()
time_last | timestamp without time zone | default now()
dns | text |
It's essentially a log of the ARP tables on your devices.
However, depending on your network size, this table will be very big, so
notifying every chance might be overkill. If you want to see what
changed in the last day, you could use a query similar to:
-- new arp entries
select 'new arp entry' entrytype, mac, ip, dns,
to_char(time_first, 'YYYY-MM-DD HH24:MI') time_first,
to_char(time_last, 'YYYY-MM-DD HH24:MI') time_last
from node_ip where time_first > current_timestamp - '24
hours'::interval
union
-- arp entries that disappeared in the last 24 hours
select 'vanished arp entry', mac, ip, dns,
to_char(time_first, 'YYYY-MM-DD HH24:MI') time_first,
to_char(time_last, 'YYYY-MM-DD HH24:MI') time_last
from node_ip where time_last between current_timestamp - '48
hours'::interval and current_timestamp - '24 hours'::interval
order by 1,2,3
Which will get you a list of all recently appeared or no longer visible
mac:ip pairs in the following format (I shortened most columns to
prevent line-wrap):
type | mac | ip | dns | time_first | time_last
------+-------+---------+--------+----------------+---------------
new | d4:.. | 10...80 | x1.dns | 18-10-23 04:50 | 18-10-23 21:19
new | 00:.. | 10...38 | x9.dns | 18-10-23 05:04 | 18-10-23 21:04
vanish| aa:.. | 12...22 | x2.dns | 17-12-01 04:32 | 18-10-22 21:19
vanish| a2:.. | 10...19 | x8.dns | 16-01-19 20:33 | 18-10-22 14:50
I hope that's kinda what you had in mind. If so, to connect to the
database, use "netdisco-do psql". Then with some elementary shell
scripting, you can mail the changes daily somewhere by putting a command
like this crontab:
netdisco-do psql -e query.sql | mail -s "Netdisco Report" me@domain
Cheers
Christian
On 22.10.18 12:02, Enrico Becchetti wrote:
Dear all,
I'm using Netdisco from some years and it works fine but now to manage
my lan
Thanks a lot
Best Regards
Enrico
_______________________________________________
Netdisco mailing list
[email protected]
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
_______________________________________________
Netdisco mailing list
[email protected]
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
_______________________________________________
Netdisco mailing list
[email protected]
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
[email protected]
https://lists.sourceforge.net/lists/listinfo/netdisco-users
