Addmi 16.5-discovery troubleshooting

Discovery Troubleshooting

Understanding the Discovery Access Page

Outline

Monitoring Discovery Current/Recent Runs Discovery Dashboard Credential/Slave usage feedback

Troubleshooting Discovery Metadata page Specific Reports

Additional Discovery Reference Material Appendix A Appendix B

Introduction

Keeping Foundations access to your environment in tip top shape is important for the best quality data

This module covers how tomonitor Foundation’s Accessand how to troubleshootproblems

Understanding the Discovery Access Page

Understanding the Discovery Access view

The Discovery Access view is the key page for troubleshooting discovery

It provides a summary view of the Directly Discovered Data for this access Device Type Session Results Methods and Scripts used Script Failure Feedback

Terminology – UNIX Scripts

Method / Script

Terminology – Windows Scripts

Method / Script

Discovery Access Page

Data is summarised into collapsible sections

Endpoint section

Shows data about when and why an endpoint was accessedLinks to related Host nodesDevice Summary field to improve contextNext and Previous Accesses

Device Summary Field - Examples

Example Device Summary fields from a range of device types

Status section

Shows data about the state of the Discovery Access Session Results only appear if there have been failures establishing a

session

Status section - Examples

Example Status sections from a variety of scenarios

Status section – Detail on UNIX

Click on the link to see the session results in sequence

Status section – Detail on Windows

Click on the link to see the session results in sequence

Discovery Details section

Shows the credential/slave used if for successful discovery Also shows if the data came from a scanning appliance or from scanner

Standard Discovery section

Shows the outcome of “Standard Discovery” That is the discovery we do automatically for a Host even without

patterns loaded

Standard Discovery – Details (1)

Click through to see discovery results

Status shows the overall status

Shows the script that succeeded

Summarises up any script failure reports

Shows successful access route

The increased detail is needed to reflect the complexity of Windows discovery More Scripts Multiple access routes during the same scan

Additional Discovery section

Records discovery done by patternsSlightly different as these methods can be called multiple times by

many different patterns

Integrations section

Integrations (SQL Discovery currently) has a dedicated section

Mapping to Platform Page

The information on the Discovery Access page has been arranged to allow you to find the commands on the Platform Pages.

First use the device summary to find the right platform

The use the Method

The use the Method, Access

The use the Method, Access, Script

For WMI there is an extra page showing the script

First use the device summary to find the right platform

For UNIX the scripts are common across ssh/telnet/rlogin

Understanding Script Failures

Any script that fails to return useful output will be logged as a Script Failure

Sometimes this is normal behaviour as in methods with more than one script scripts are tried in priority order

Script Failures – Details (1)

Script name

Access

Slave Used

Error Message

Specific Reports

Discovery Conditions

Look for specific conditions where action can be taken to improve data quality

Links to vendor patches and additional detail on the Tideway website

Discovery Conditions – Locations (1)

In the Discovery Tab

On the Discovery Dashboard

On impacted Hosts

Possible Process To Port Issues

A frequent area of discovery troubleshooting is gather Process to Port connections

This data assist in understanding network dependencies and improves the detail of the Automatic Grouping

There is a specific report available to assist We will also cover how to instrument UNIX scripts for further

troubleshooting

Port to Process – Locations (1)

In the Discovery Tab

Port to Process– Locations (2)

On the Discovery Dashboard

Port to Process– Locations (3)

Contextual reports on the Discovery Run

Instrumenting UNIX Script

Edit the script to add instrumentation Doesn’t happen out of the box

Precede the command with tw_capture tw_capture <name> <command> [<args>..] <name> needs to be a unique identifier within that script

tw_capture will record the exit code and stderr

This will result in a CommandFailure node being created and linked to the discovery result But ONLY if the command fails

CommandFailure Details

tw_capture can be used in a pipeline or subprocess (e.g. backticks)

The /tmp directory must be writeable for the feature to be enabled Otherwise you will get a CommandFailure with the message “Unable to

write to /tmp”

tw_capture can also be used in scripts run from TPL patterns

CommandFailure attributes

command_name The name given to tw_capture

status The exit code (integer)

error Any text written to stderr

CommandFailure: Enable

tw_capture <name> <command> [<args>..]<name> needs to be a unique identifier within that script

If used with PRIV_XXXX the tw_capture must go first tw_capture lsof_i PRIV_LSOF lsof -l -n -P -F ptPTn -i 2>/dev/null

CommandFailure – Results (1)

CommandFailure – Results (2)

Other useful discovery reports (1)

Which Host IPs didn’t update last access? “Host Endpoints Not Updating” report Filters just to Host devices

Which Host IPs had session establishment issues last access? “Host Endpoints With Session Issues” report Filters out first access to any IP to remove initial noise on deployment

What Hosts were scanned but not accessed at last access? “Possible Endpoint Host Devices (Detailed)” report Includes both the raw OS estimate list and the discovery refined

classification

What other devices have been scanned? “Possible Endpoint Non Host Devices” report Includes both the raw OS estimate list and the discovery refined

classification INCLUDES ‘Other’, ‘Embedded’ and ‘Unknown’ OS Classes Handy for displaying the non Host device discovery Also handy for checking for heavily firewalled Hosts!

What other IPs should be scanned? “Seen but unscanned IPs” report “Seen but unscanned IPs with Ports” report

More detail for investigation but start with summary Shows a count of the IPs that the system has seen connections to but

has not accessed

Further Resourses

Tideway’s Online Documentation: http://www.tideway.com/confluence/display/81/Discovery

Tideway Foundation

Version 7.2

Documentation

Addmi 16.5-discovery troubleshooting

Technology

Troubleshooting and Maintenance...Troubleshooting and Maintenance • TroubleshootingandMaintenanceOverview,page1 • Troubleshooting,page1 • Maintenance,page23 Troubleshooting …

Addmi 09-analysis ui-reporting

POWERDESGINER 16.5 SP2

Addmi 11-intro to-patterns

Addmi 13-discovery overview (patrick ryan's conflicted copy 2011-01-27)

Win Win 16.5. do 31.5.2011

Industrial Cable Glands - Raptors Trading & Contractingraptorsqatar.com/wp-content/uploads/2019/07/Glands... · 2019. 7. 15. · M50S M50 M63S M63 M75S M75 M90 16.5 16.5 16.5 16.5

Addmi 05-windows slave-installation_and_management

Addmi 06-security mgmt

Addmi 15-discovery scripts

1 Troubleshooting Troubleshooting

AU_HOSBAS_W_ENU 16.5

View PDF(16.5 MB)

Addmi 10-query builder

Section 16.5 Simple d.c. Motor

Double Grill Cabin - Viking Industriervikingindustrier.com/sites/default/files/double-16.5-_16.5.pdfoctagonal Inside area, m2 16.5 + 3.76 + 16.5 Total height, m 3.56 ... and chimney

ASME B 16.5 Interpretations

Addmi 18-appliance baseline

MSGW 16.5. do 10.6.2011

Addmi 08-dashboards