Aim
The discovery module allows you to discover hosts on a computer network and to use the information collected. It can be used to view basic information about machines (IP address, type, name, services in operation, etc.), or to bring hosts under management.
In this document, we will see how to use all the features offered by this module.
Accessing discovery
To access the discovery interface, Navigate to Configuration > Hosts > Discovery.
Figure 1 - Elements of the discovery screen
As shown in Figure 1, the discovery feature is composed of the elements :
- A search area
- A discovery launch area
- A filter bar
- A table control bar
- A table of results
Launching a discovery
A discovery is started from the button, Discovery.
Figure 2 - Discovery configuration page
Several pieces of information can be provided to configure a discovery:
- Tab Network discovery parameters
- BoxSelect the monitoring box from which the discovery will be performed.
- IP addresses IP addresses on which network discovery is to be carried out. It is possible to specify either a range or a list of IP addresses (separated by a comma).
- PurgeIf this box is checked, all data from previous discoveries will be deleted before starting the new one.
- Tab Accounts
- SNMP and SNMP v3 connection Communities to be used to retrieve information via the SNMP protocol. This entry is not mandatory but the information obtained will be more complete if it is correctly supplied. It is possible to enter multiple communities separated by commas. In this case, the box will retrieve the information using the community that provides the most information.
- Windows Login - Admin Provide an account to be used to test the WMI connection. This must be a host or domain administrator account. The format of a domain account is: domain/account. Caution : these two fields are case-sensitive.
- VMware Connection Enter the account to be used to test the VMware connection. This account must be a member of the "user" group and need only have Read Only rights on the hypervisor.
- Hyper-V connection Hyper-V hypervisor connection test: Fill in the account to be used to test the connection to a Hyper-V hypervisor.
- Citrix XEN Connection : fill in the account to be used to test the connection to a Xen hypervisor.
Note There can be no duplicate IP addresses in the discovery results. Thus, if an old census had reported information for an IP address and a new discovery must report information for the same IP address, any old information will be deleted and replaced.
Click on Apply to start the discovery. A progress bar appears. It is automatically refreshed every 15 seconds. This allows you to follow the progress of the discovery.
Figure 3 - Progress bar
Unlike the progress bar, discovery data isnot automatically refreshed in the results table. You can, however, explicitly request this using the "play" button.
Search the results
Searching the results is possible using the search form :
Figure 4 - Search form
This form allows you to search for hosts subject to several criteria:
- Name / addressOnly devices whose name or IP address contains the entered string will be displayed.
- Protocols without response Permits you to display hosts that have not responded to Ping, SNMP or WMI. Note WMI connection is only appropriate to Windows type hosts (Microsoft technology). Checking this box does not affect other types of host.
- Monitoring status : allows you to display only hosts already monitored / not yet monitored / both. If neither box is checked, both are displayed.
Note all these fields are cumulative. So, if we search for the IP address 192.168.0.14 by checking the status Not monitoredIf the IP address is not available, the IP address will only be searched for among hosts that are not monitored.
Filter by host type
Filtering according to the type of device can be done from the filter bar. This can be seen as complementary to the search form.
Figure 5 - Filter bar
The following host types can be selected:
- All no filtering is performed, all hosts are displayed
- Windows Server Servers with Windows operating system installed
- Linux Server : servers with the Linux operating system installed
- Server (other)servers with another operating system installed
- Hypervisor
- Storage
- Box
- Router
- Switch
- Workstation
- Printer printers accessible from the network
- Phone : IP phones, connected to the network
- UPS
- Camera IP cameras, connected to the network
- Other devices the type if which could not be identified
Note : just like the options in the search form, the filtering of hosts is carried out cumulatively : if a search has been validated and you click on Routersthe search will only be performed on routers.
Controlling the table
These bars are used to control the results table.
Figure 6 - Table control bar
Refreshing the data
Figure 7 - Data refresh buttons
These three buttons allow you to control the refreshing of the data in the table:
- The first launches an immediate refresh of the data.
- The second allows an automatic refresh: every 30 seconds, the data is automatically reloaded.
- The last one stops the automatic update.
Pagination
Figure 8 - Pagination
When too many lines are displayed, the data is paginated. The current page displayed is indicated in green. The numbers not highlighted show the other available pages and allow access to them. The double arrow allows you to go to the last page of the table.
Perform an action on the selection
Figure 9 - Action on selection
The buttons Add to monitoring Delete from IT discovery allow hosts to be monitored or hosts to be removed from discovery.
Note : the action is launched as soon as the button is selected. It is therefore necessary to have previously selected the hosts on which the action is to be performed.
Number of hosts per page
Figure 10 - Selecting the number of lines per page
The last element of the control bar allows you to choose the number of rows to be displayed on each page.
Using the table, the data reported
The results table is the central are of discovery. It enables the data collected by discovery of the network to be viewed and used.
Figure 11 - Results Table
Each line in the table corresponds to a host present on the network. The main information about hosts is displayed directly in this table :
- Actions If the host is not yet monitored, this column allows you to select the host in order to perform an action to it. Next to the check box, a button in the form of an image displays more detailed monitoring details. Alternatively if the host is already monitored, an alternative icon indicates it.
- IP address IP address of the host from which it was collected.
Note If a machine has more than one IP address, it may appear more than once in the table.
- Name of the host : displays the name retrieved via NMAP. If no name has been retrieved, the IP address is displayed.
- Description : description of the host. If it is a server, its operating system is displayed.
- Services List of services in operation on the device.
Note Some services may be in operation even though their port is closed. This information is displayed in the detailed information window.
- Protocols : Indicates if the host has responded to ping, SNMP or WMI protocols.
1. Green means that the SNB has:
- ping: received a reply to the ping
- snmp: succeeded in establishing an SNMP connection
- wmi: successfully established a WMI connection
2. Red The protocol in question did not allow communication with the machine in question.
3. Grey and crossed out protocol not available for the machine concerned
Detailed information window
A window displaying the machine's detailed information appears when you click its IP address.
Figure 12 - Detailed Information Window
This information is grouped into four categories:
- General identification, hardware, operating system and discovery information.
- Network Displays information about the machine's network interfaces.
Note : available only if SNMP responded.
- Services services in operation when the discovery was undertaken. Also shows the port number associated with the service, its status (closed, open, filtered) and the service protocol (udp, tcp).
Note : available only if NMAP responded.
Note 2 Service list: this tab can be directly displayed by clicking on the list of services in the results table.
- Storage :Displays the partitions mounted on the host along with their total space.
Note : available only if SNMP responded.