End Device Tracking Add-On for Cacti

jforman · Joined: 29 Sep 2004 Posts: 27

i think i found somethign very odd.

in my mac_track_ips table, under the "ip_address" column, none of the IP's have the last octet, it is just the network part of the address.

all i see are 192.168.36 or 172.16.24 (never the last part of the IP address)

any ideas?

TheWitness · Posted: Tue Jul 11, 2006 9:27 pm Post subject:

That does seem quite odd. Have you run a debug run of the host by hand and viewed the output?

There may be a parsing error in the code that is specific to your router device. It is likely that the arp table is not being returned correctly. You may have to create a new scanning function for the device.

What type of device is it? Can you please run a snmpwalk of the arp table and post it here?

TheWitness

jforman · Joined: 29 Sep 2004 Posts: 27

[quote="TheWitness"]That does seem quite odd. Have you run a debug run of the host by hand and viewed the output?

There may be a parsing error in the code that is specific to your router device. It is likely that the arp table is not being returned correctly. You may have to create a new scanning function for the device.

What type of device is it? Can you please run a snmpwalk of the arp table and post it here?

TheWitness[/quote]

The devices I am trying to scan are Cisco 2950 and 3560 Catalyst switches, along with a 6509 and 4500 series chassis with 48 port copper gig blades in them.

Do you happen to know the OID I can use to scan the devices?

TheWitness · Posted: Tue Jul 11, 2006 9:32 pm Post subject:

Well, what is your layer3 device for that site? Please advise.

TheWitness

pincher · Joined: 31 May 2006 Posts: 11

Hello!
I'm setingup mactrack, but find mactrack tab.

#php mactrack_scanner.php -d
Notice: Undefined variable: device_id in /usr/local/share/cacti/plugins/mactrack/mactrack_scanner.php on line 104
Notice: Undefined variable: device_id in /usr/local/share/cacti/plugins/mactrack/mactrack_scanner.php on line 108
Notice: Undefined variable: device_id in /usr/local/share/cacti/plugins/mactrack/mactrack_scanner.php on line 110
DEBUG: ERROR: Device with Id of '' not found in database. Can not continue.
Notice: Undefined variable: device_id in /usr/local/share/cacti/plugins/mactrack/mactrack_scanner.php on line 111

In log look like:
07/12/2006 01:56:41 PM - CMDPHP: Poller[0] ERROR: SQL Exec Failed "INSERT INTO mac_track_processes (device_id, process_id, status, start_date) VALUES ('', '79816', 'Running', NOW())"
07/12/2006 01:56:41 PM - CMDPHP: Poller[0] ERROR: SQL Row Failed "SELECT * FROM mac_track_devices WHERE device_id ="
07/12/2006 01:56:41 PM - MACTRACK: Poller[0] ERROR: Device with Id of '' not found in database. Can not continue.
07/12/2006 01:56:41 PM - CMDPHP: Poller[0] ERROR: SQL Exec Failed "DELETE FROM mac_track_processes WHERE device_id=''"

How i'm understand my problem as example of situation Mr. Ddonohue and Mr.Jforman.
Please help me tuning mactrack.
THX.

jforman · Joined: 29 Sep 2004 Posts: 27

[quote="TheWitness"]Well, what is your layer3 device for that site? Please advise.

TheWitness[/quote]

My router is a Cisco MSFC3 6000 series router, C6MSFC3-PSV-M, which is listed in the device tables

As for the switches which have user ports plugged into them:
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
jforman@nms04 ~ $ snmpwalk -v 1 -c public 192.168.1.22 .1.3.6.1.2.1.4.22.1.2
IP-MIB::ipNetToMediaPhysAddress.52.192.168.1.1 = STRING: 0:0:c:7:ac:0
IP-MIB::ipNetToMediaPhysAddress.52.192.168.1.2 = STRING: 0:d0:2b:d9:24:fc
IP-MIB::ipNetToMediaPhysAddress.52.192.168.1.3 = STRING: 0:d0:2b:d9:30:fc
IP-MIB::ipNetToMediaPhysAddress.52.192.168.1.22 = STRING: 0:f:23:8c:de:c0
IP-MIB::ipNetToMediaPhysAddress.52.192.168.1.206 = STRING: 0:3:b2:13:db:c0
IP-MIB::ipNetToMediaPhysAddress.52.192.168.1.207 = STRING: 0:3:b2:14:7:40

Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(25)SED1, RELEASE SOFTWARE (fc1)
jforman@nms04 ~ $ snmpwalk -v 1 -c public 192.168.1.24 .1.3.6.1.2.1.4.22.1.2
IP-MIB::ipNetToMediaPhysAddress.1.192.168.1.1 = STRING: 0:0:c:7:ac:0
IP-MIB::ipNetToMediaPhysAddress.1.192.168.1.2 = STRING: 0:d0:2b:d9:24:fc
IP-MIB::ipNetToMediaPhysAddress.1.192.168.1.3 = STRING: 0:d0:2b:d9:30:fc
IP-MIB::ipNetToMediaPhysAddress.1.192.168.1.11 = STRING: 0:d0:2b:d9:30:ff
IP-MIB::ipNetToMediaPhysAddress.1.192.168.1.24 = STRING: 0:16:46:1d:39:c0
IP-MIB::ipNetToMediaPhysAddress.1.192.168.1.206 = STRING: 0:3:b2:13:db:c0
IP-MIB::ipNetToMediaPhysAddress.1.192.168.1.207 = STRING: 0:3:b2:14:7:40

Odd thing is, I know there are a ton more users plugged into both the 192.168.1.{22,24} switches.

jforman · Joined: 29 Sep 2004 Posts: 27

I am making some very good progress as of late. I found that the SNMP version in all devices, must be set to version 2.

But now I've got another interesting issue. In what would be the MAC/IP Report, under "Network Hostname", it shows the corresponding IP of the switch the user is connected to, but in the following column, "End Device IP Address", it is blank.

Under the "Devices" list, the column of "Total IP's" shows "N/A" for each switch.

All other information in the table looks correct (which I was very pleased to see)

Any information about why the end device IP address would be blank?

ddonohue · Cacti User Joined: 10 Jul 2006 Posts: 75

The issue w/ the scanner, is i don't thin it's getting back the right device id's from the database. ie, it's just feeding back blank, i can reproduce this. If you run the scanner and start at 1 with id=1 and then go up from there, you can at elast get the scans done.

donohue

ddonohue · Cacti User Joined: 10 Jul 2006 Posts: 75

jforman · Joined: 29 Sep 2004 Posts: 27

TheWitness · Posted: Wed Jul 12, 2006 7:48 pm Post subject:

Ok everyone here are some basics:

1) A Hub/Switch - Will NOT show IP's, but should show Ports
2) A Switch/Router (L3 Switch) - Will show Trunks, IP's and Ports
3) A Router - Will show IP's, but will NOT show Trunks or Ports

A Site is a group of any of the above services by one or more routers, either traditional or L3 switches. To show the association between MAC's and IP's, you must have at least one router at the site.

Does that help?

TheWitness

jforman · Joined: 29 Sep 2004 Posts: 27

[quote="TheWitness"]Ok everyone here are some basics:

1) A Hub/Switch - Will NOT show IP's, but should show Ports
2) A Switch/Router (L3 Switch) - Will show Trunks, IP's and Ports
3) A Router - Will show IP's, but will NOT show Trunks or Ports

A Site is a group of any of the above services by one or more routers, either traditional or L3 switches. To show the association between MAC's and IP's, you must have at least one router at the site.

Does that help?

TheWitness[/quote]

Yes, I understand what is what. I've attached two graphics of a switch and a router, whose filenames are indicative of what they are.

SS-01 is a 4500 series switch running IOS
CR-01 is a 6500 series SUP 720 running CatOS

TheWitness · Posted: Wed Jul 12, 2006 8:50 pm Post subject:

Ok, so here's the trick, you need to open a console and run each device in debug mode. Here is the syntax:

jforman · Joined: 29 Sep 2004 Posts: 27

attached you will find the output for both 192.168.1.3 and 192.168.1.13

command was
php mactrack_scanner.php -id=# -d > ~/$ip-scanner.txt

TheWitness · Posted: Wed Jul 12, 2006 9:40 pm Post subject:

Your IP's appear to be IPv6. Is this correct. I currently do not support IPv6. Please respond.

TheWitness