Upload
odanyboy
View
412
Download
2
Tags:
Embed Size (px)
Citation preview
© 2009 BMC Educational Services
Discovery Troubleshooting
Understanding the Discovery Access Page
© 2010 BMC Educational Services
Outline
Monitoring Discovery Current/Recent Runs Discovery Dashboard Credential/Slave usage feedback
Troubleshooting Discovery Metadata page Specific Reports
Additional Discovery Reference Material Appendix A Appendix B
© 2010 BMC Educational Services
Introduction
Keeping Foundations access to your environment in tip top shape is important for the best quality data
This module covers how tomonitor Foundation’s Accessand how to troubleshootproblems
© 2009 BMC Educational Services
Discovery Troubleshooting
Understanding the Discovery Access Page
© 2010 BMC Educational Services
Understanding the Discovery Access view
The Discovery Access view is the key page for troubleshooting discovery
It provides a summary view of the Directly Discovered Data for this access Device Type Session Results Methods and Scripts used Script Failure Feedback
© 2010 BMC Educational Services
Terminology – UNIX Scripts
Method / Script
© 2010 BMC Educational Services
Terminology – Windows Scripts
Method / Script
© 2010 BMC Educational Services
Discovery Access Page
Data is summarised into collapsible sections
© 2010 BMC Educational Services
Endpoint section
Shows data about when and why an endpoint was accessedLinks to related Host nodesDevice Summary field to improve contextNext and Previous Accesses
© 2010 BMC Educational Services
Device Summary Field - Examples
Example Device Summary fields from a range of device types
© 2010 BMC Educational Services
Status section
Shows data about the state of the Discovery Access Session Results only appear if there have been failures establishing a
session
© 2010 BMC Educational Services
Status section - Examples
Example Status sections from a variety of scenarios
© 2010 BMC Educational Services
Status section – Detail on UNIX
Click on the link to see the session results in sequence
© 2010 BMC Educational Services
Status section – Detail on Windows
Click on the link to see the session results in sequence
© 2010 BMC Educational Services
Discovery Details section
Shows the credential/slave used if for successful discovery Also shows if the data came from a scanning appliance or from scanner
files
© 2010 BMC Educational Services
Standard Discovery section
Shows the outcome of “Standard Discovery” That is the discovery we do automatically for a Host even without
patterns loaded
© 2010 BMC Educational Services
Standard Discovery – Details (1)
Click through to see discovery results
© 2010 BMC Educational Services
Standard Discovery – Details (2)
Status shows the overall status
© 2010 BMC Educational Services
Standard Discovery – Details (3)
Shows the script that succeeded
© 2010 BMC Educational Services
Standard Discovery – Details (4)
Summarises up any script failure reports
© 2010 BMC Educational Services
Standard Discovery – Details (5)
Shows successful access route
© 2010 BMC Educational Services
Standard Discovery – Details (6)
The increased detail is needed to reflect the complexity of Windows discovery More Scripts Multiple access routes during the same scan
© 2010 BMC Educational Services
Additional Discovery section
Records discovery done by patternsSlightly different as these methods can be called multiple times by
many different patterns
© 2010 BMC Educational Services
Integrations section
Integrations (SQL Discovery currently) has a dedicated section
© 2010 BMC Educational Services
Mapping to Platform Page
The information on the Discovery Access page has been arranged to allow you to find the commands on the Platform Pages.
© 2010 BMC Educational Services
Mapping to Platform Page
First use the device summary to find the right platform
© 2010 BMC Educational Services
Mapping to Platform Page
The use the Method
© 2010 BMC Educational Services
Mapping to Platform Page
The use the Method, Access
© 2010 BMC Educational Services
Mapping to Platform Page
The use the Method, Access, Script
© 2010 BMC Educational Services
Mapping to Platform Page
For WMI there is an extra page showing the script
© 2010 BMC Educational Services
Mapping to Platform Page
For WMI there is an extra page showing the script
© 2010 BMC Educational Services
Mapping to Platform Page
For WMI there is an extra page showing the script
© 2010 BMC Educational Services
Mapping to Platform Page
First use the device summary to find the right platform
© 2010 BMC Educational Services
Mapping to Platform Page
For UNIX the scripts are common across ssh/telnet/rlogin
© 2010 BMC Educational Services
Understanding Script Failures
Any script that fails to return useful output will be logged as a Script Failure
Sometimes this is normal behaviour as in methods with more than one script scripts are tried in priority order
© 2010 BMC Educational Services
Script Failures – Details (1)
Script name
© 2010 BMC Educational Services
Script Failures – Details (1)
Access
© 2010 BMC Educational Services
Script Failures – Details (1)
Slave Used
© 2010 BMC Educational Services
Script Failures – Details (1)
Error Message
© 2009 BMC Educational Services
Discovery Troubleshooting
Specific Reports
© 2010 BMC Educational Services
Discovery Conditions
Look for specific conditions where action can be taken to improve data quality
Links to vendor patches and additional detail on the Tideway website
© 2010 BMC Educational Services
Discovery Conditions – Locations (1)
In the Discovery Tab
© 2010 BMC Educational Services
Discovery Conditions – Locations (2)
On the Discovery Dashboard
© 2010 BMC Educational Services
Discovery Conditions – Locations (3)
On impacted Hosts
© 2010 BMC Educational Services
Possible Process To Port Issues
A frequent area of discovery troubleshooting is gather Process to Port connections
This data assist in understanding network dependencies and improves the detail of the Automatic Grouping
There is a specific report available to assist We will also cover how to instrument UNIX scripts for further
troubleshooting
© 2010 BMC Educational Services
Port to Process – Locations (1)
In the Discovery Tab
© 2010 BMC Educational Services
Port to Process– Locations (2)
On the Discovery Dashboard
© 2010 BMC Educational Services
Port to Process– Locations (3)
Contextual reports on the Discovery Run
© 2010 BMC Educational Services
Instrumenting UNIX Script
Edit the script to add instrumentation Doesn’t happen out of the box
Precede the command with tw_capture tw_capture <name> <command> [<args>..] <name> needs to be a unique identifier within that script
tw_capture will record the exit code and stderr
This will result in a CommandFailure node being created and linked to the discovery result But ONLY if the command fails
© 2010 BMC Educational Services
CommandFailure Details
tw_capture can be used in a pipeline or subprocess (e.g. backticks)
The /tmp directory must be writeable for the feature to be enabled Otherwise you will get a CommandFailure with the message “Unable to
write to /tmp”
tw_capture can also be used in scripts run from TPL patterns
© 2010 BMC Educational Services
CommandFailure attributes
command_name The name given to tw_capture
status The exit code (integer)
error Any text written to stderr
© 2010 BMC Educational Services
CommandFailure: Enable
tw_capture <name> <command> [<args>..]<name> needs to be a unique identifier within that script
If used with PRIV_XXXX the tw_capture must go first tw_capture lsof_i PRIV_LSOF lsof -l -n -P -F ptPTn -i 2>/dev/null
© 2010 BMC Educational Services
CommandFailure – Results (1)
© 2010 BMC Educational Services
CommandFailure – Results (2)
© 2010 BMC Educational Services
Other useful discovery reports (1)
Which Host IPs didn’t update last access? “Host Endpoints Not Updating” report Filters just to Host devices
Which Host IPs had session establishment issues last access? “Host Endpoints With Session Issues” report Filters out first access to any IP to remove initial noise on deployment
© 2010 BMC Educational Services
Other useful discovery reports (2)
What Hosts were scanned but not accessed at last access? “Possible Endpoint Host Devices (Detailed)” report Includes both the raw OS estimate list and the discovery refined
classification
What other devices have been scanned? “Possible Endpoint Non Host Devices” report Includes both the raw OS estimate list and the discovery refined
classification INCLUDES ‘Other’, ‘Embedded’ and ‘Unknown’ OS Classes Handy for displaying the non Host device discovery Also handy for checking for heavily firewalled Hosts!
© 2010 BMC Educational Services
Other useful discovery reports (3)
What other IPs should be scanned? “Seen but unscanned IPs” report “Seen but unscanned IPs with Ports” report
More detail for investigation but start with summary Shows a count of the IPs that the system has seen connections to but
has not accessed
© 2010 BMC Educational Services
Further Resourses
Tideway’s Online Documentation: http://www.tideway.com/confluence/display/81/Discovery
Tideway Foundation
Version 7.2
Documentation
Title