New suspect event

From OpenNMS
Jump to navigation Jump to search

newSuspect events are generated by the Discovery Process using ICMP pings to the include-range and include-host lists in etc/discovery-configuration.xml. New suspects are then passed on to Provisiond for scanning.

If the host you wish to monitor is not accessible by ICMP you can create your own newSuspects.

To generate newSuspects yourself:

WEB-CONSOLE > Admin > Add Interface for Scanning. Type in an IP address and it will be added to the list of hosts to consider (there must be a listening port on the host that ONMS understands for the host to be added. Watch your Events to see the state of play.)

You can also use a provided Perl script to do this from the command line eg:

bin/send-event.pl --interface 192.168.100.10 uei.opennms.org/internal/discovery/newSuspect

The above is correct for v1.2.2 and later versions. Previous versions used a different UEI, which can be found by looking for newSuspect in eventconf.xml

The following script in bash will scan a subnet based on CIDR or subnet notation and create new suspects for all the possible ip's its kind of a manual way to trigger a discovery . without pinging first to see if the node exists it just creates it and then scans it.

#!/bin/bash

# Paul Cole omdreams@gmail.com Sept 2014
# intention : accept commandline args of a list of subnets and create new suspects for every IP
# should accept files piped to it or also  a list on the same command line
# shoudld accept CIDR notation as well as ip ranges with subnets echo ${ips[@]}
# example 10.1.0/255.255.255.240  or   10.1.0.0/24 should yield same result

############################
##  Methods and functions
############################

prefix_to_bit_netmask() {
        prefix=$1;
        shift=$(( 32 - prefix ));

        bitmask=""
        for (( i=0; i < 32; i++ )); do
            num=0
            if [ $i -lt $prefix ]; then
                num=1
            fi

            space=
            if [ $(( i % 8 )) -eq 0 ]; then
                space=" ";
            fi

            bitmask="${bitmask}${space}${num}"
        done
        echo $bitmask
    }

bit_netmask_to_wildcard_netmask() {
        bitmask=$1;
        wildcard_mask=
        for octet in $bitmask; do
            wildcard_mask="${wildcard_mask} $(( 255 - 2#$octet ))"
        done
        echo $wildcard_mask;
    }

check_net_boundary() {
        net=$1;
        wildcard_mask=$2;
        is_correct=1;
        for (( i = 1; i <= 4; i++ )); do
            net_octet=$(echo $net | cut -d '.' -f $i)
            mask_octet=$(echo $wildcard_mask | cut -d ' ' -f $i)
            if [ $mask_octet -gt 0 ]; then
                if [ $(( $net_octet&$mask_octet )) -ne 0 ]; then
                            is_correct=0;
                    fi
            fi
        done
        echo $is_correct;
    }

################################################
#   Begin code
################################################

## TODO Check if  -f (force)   or -T (test) modes are asked for as first arguments and act accordingly
##      if TEST is on then skip the actual makign of suspects. and say  "one would have been made)
##      if FORCED then disregard integrity check of ip or cidr notation validity  and try to run anyway

## TODO make logging feature and default data source files

## TODO extend features to  check if ip is live  or already exists in opennms before creating suspects.

## TODO extend ip check to force update/rescan node  or to delete and recreate node if already exists

OPTIND=1;
usage() {
         echo "Usage: $0 [-f] [-t] 131.235.132.1/22 [10.0.1.1/255.255.255.0]" 1>&2
         echo " must supply at least one  ip subnet in CIDR or IP/Mask format or pipe a list from a file">&2
         exit 1

} # USAGE()

while getopts ":ft" o; do
    case "${o}" in
        f)
            force='f'
                echo "forcing Y to options"
            ;;
        t)
            trial=1
                echo "trial mode on. NO suspects will be created"
            ;;
        h)
            usage
            break
            ;;
    esac
done
shift $((OPTIND-1))



echo "welcome : iterating through arguments"
echo "$@"
echo "--- begin ----"
for subnet in "$@"; do
        net=$(echo $subnet| cut -d '/' -f 1);
        prefix=$(echo $subnet | cut -d '/' -f 2);
        do_processing=1;

        bit_netmask=$(prefix_to_bit_netmask $prefix);

        wildcard_mask=$(bit_netmask_to_wildcard_netmask "$bit_netmask");

        is_net_boundary=$(check_net_boundary $net "$wildcard_mask");

        if [ "$force" != 'f' ] && [ "$is_net_boundary" != "1" ]; then
                read -p "Not a network boundary! Continue anyway (y/N)? " -n 1 -r
                echo    ## move to a new line
                if [[ $REPLY =~ ^[Yy]$ ]]; then
                    do_processing=1;
                else
                        do_processing=0;
                fi
        fi

        if [ "$do_processing" == "1" ]; then
            str=
            for (( i = 1; i <= 4; i++ )); do
                range=$(echo $net | cut -d '.' -f $i)
                mask_octet=$(echo $wildcard_mask | cut -d ' ' -f $i)
                if [ $mask_octet -gt 0 ]; then
                    range="{$range..$(( $range | $mask_octet ))}";
                fi
                str="${str} $range"
            done
            ips=$(echo $str | sed "s, ,\\.,g"); ## replace spaces with periods, a join...

#                echo "sending new suspects for the following ip addresses"
#               eval echo $ips #| tr ' ' '\012'
                ipb=(`eval echo $ips`)
#               echo "${ipb[@]}"
        fi

# old   network_address_to_ips "$subnet"
if [ "$trial" == "1" ]; then
        echo "a new suspect would have been created for the following ip's:"
        echo "${ipb[@]}"
        exit=1
        break

else
        for i in "${ipb[@]}" ; do
                echo "Sending New Suspect for $i"
                ../bin/send-event.pl --interface "$i" uei.opennms.org/internal/discovery/newSuspect
        done # $i
fi
        done # $subnet

echo "--- fini -----"