Mactrack Rogue Mac Reporting MOD

[MagicOneXXX]

Thought that the MAC address rogue reporting was an interesting feature, so I wrote the mod this weekend

PLEASE NOTE THAT THIS MOD IS BETA!!

This MOD creates a new table that holds all of the "known" mac addresses, as well as adds a column in the mac_track_ports table that tracks whether the MAC was known when the poller ran. In addition, this plugin will send out an email, per poller cycle, of any MACS it finds that are "unknown" EDIT: the email functionality is now a setting under settings->device tracking->unknown mac alerting. Please note that the email feature REQUIRES threshold, and uses the threshold email settings (including the email address configured there). I may expand this functionality later.

Features/Modifications:
- New table, mac_track_known_macs
- Altered table, mac_track_ports, to add known_mac column
- Filter/sort by All/Known/Unknown MACS
- Modified site "N/A" to "All", added site name to the mac/ip report list.
- Email alerting for unknown MACS, per polling cycle

Todo:
- Clean up look/feel of email report
- Clean up some code
- Implement known MAC data sync between GLPI and mactrack (my own personal feature request)

How to implement this mod:

For current installations, unzip the php files into your mactrack folder, overwriting all. Then, you will need to run the mactrack_knownmac_mod.sql file to create the new table and alter the other.

For new installations, unzip the php files into the mactrack folder, then run the mactrack.sql file, which contains the updated SQL statements. I have zipped the entire mactrack directory, so you shouldn't have to download the original version first, it should all be here.

Again, this is BETA, so please precede carefully. I haven't run into any bugs on my corporate installation yet, though. Let me know if you find any bugs.

Happy mactracking!

[TheWitness]

I will be incorporating a "modified" version of this Mod in MacTrack v1. I just have to figure out "how" I will mod the mod to be happy happy

TheWitness

ps. Thanks for your contribution!!

[cigamit]

Hum... exactly what I was looking for actually. I do need to strip the mail functions out of thold, and create a "Mail" plugin, so that all plugins can take advantage of it with requiring others like thold.

[TheWitness]

No, you need to create an "Event Management" plugin that includes e-mailing.

TheWitness

[MagicOneXXX]

Glad I could contribute Like I said i'll be releasing an update to this to clean up some code. As you could probably already tell, I have a different coding style If you want, I can re-write some of this to fit into your V 1.0, although I don't know how you envision the V 1.0 plugin.

I think that implementing a sync between this and an Asset-tracking package would be icing. I'm looking to implement glpi (http://glpi-project.org/spip.php?lang=en) in my company. Any thoughts on other packages / other data that could be synced with mactrack?

[TheWitness]

Like I said, I have not reviewed your code yet. Actually, I am looking forward to the review. It give me a different perspective on styles every time I review someone elses code. The glass is definately half full

TheWitness

[TheWitness]

Please run the following command from your command prompt and send me the output file. It will contain your database structures and not DATA, Ok.

mysqldump -d cacti > mactrack_sql_changes.sql

TheWitness

[TheWitness]

How do you build your list of known MAC's? Are you populating from an asset management system, or going through one at a time?

Also, you query to compare MAC's is WAY EXPENSIVE (CPU/IO). I'll fix that. Please advise. Otherwise, outside of the coding idiosyncrasies, it's not half bad. Pretty strait forward in fact.

TheWitness

[MagicOneXXX]

here you go. Any problems with the database code? I wrote it this morning and seems to have worked fine on my system.

EDIT: sorry, missed the fact that it rejected the .sql extension :-p

[TheWitness]

You missed the attachment

TheWitness

[MagicOneXXX]

Known macs is currently built by hand. When viewing mactrack, I added the option of selecting a row (or rows) and clicking on "add to known macs" then hitting go. They can also remove macs this way.

The data sync between Asset tracking is an idea for a future feature.

As far as the query, I did notice a slight hit to speed. I was going to optimize that in the future... wanted to get this plugin out there and see how it went over first.

[MagicOneXXX]

Please, let me know how I can improve upon this mod to make it more useful. I'll be cleaning this mod up shortly and expanding it's functionality.

Currently, I'm looking for input on what Asset Tracking packages everyone would like to see synced to the known mac table.

[Linegod]

There has been some discussion WRT syncing to asset tracking DBs.

What follows is my opinion:

What if you just assume the data is going to be somewhere that the plugin can interpret - ie: a 'push' from the CI DB and would end up in a MySQL table, CSV, what have you - pick one of these and create the functions that would compare the two sets of data.

Once that set of functions is created, it is then easy enough for other people to extend it to pull from their Asset Managment/Config Item DBs. To me this is more logical, since it would be highly unlikely that a single SELECT statement would be able to pull all of the MACs from something like HP Service Desk.

[MagicOneXXX]

Here is my thoughts on this:

A basic framework should be established for allowing users to create "Asset templates" or "Asset Sources". These templates would be very similar to the Data templates cacti currently has, allowing the user to configure what type of Asset DB they are trying to pull from (Be it MySQL, CSV, Excel, the Network Techs' Brains), where it is located, and how to access it (Via SQL calls, file reads, etc). Whether it is a direct pull from the DB or a push probably doesn't matter.

Because of the variety of packages available, I think it would be a good idea to see what the majority of the Cacti user base currently uses. That way, any developers working on this can get an overview of the scope of the plugin (are most users using the same package? Does anyone really need CSV support?) and code V 1.0 accordingly.

In addition, you may find that users are interesting in the sync for more than just MACs. Why not IP to MAC bindings? Why not Hostname to IP to Mac bindings? How about syncing certain device types over to cacti so that a user can import a slew of devices at once? Perhaps the discover plugin could be tied in to rogue device tracking?

I'm curious as to what others are interested in seeing. Personally, I see a breadth of possibilities here, expanding beyond just mactrack (without getting overzealous, of course )