Documentation

Configuring Inventory Function

On the page

Need some help?

Aim

The purpose of the inventory module is to collect hardware and software information on Microsoft Windows operating system equipment.

This procedure explains how to set up the inventory on a fleet of machines.

This module is accessible from the user interface by clicking on the module Inventory.

 

General principles

 

Warning 2 The inventory requires the implementation of at least one collection point in the network of machines to be inventoried.

This collection point is either located on the ServiceNav Boxeither on a Windows device supervised with ServiceNav Agent.

From the inventoried machines to the collection point

A share is published on Windows Active Directory.

Each of the inventoried machines runs a program available on this share at regular intervals (in the form of a scheduled task) or during particular events (starting the machine, connecting a user).

No executable is therefore installed on the inventoried machine.

The inventory program lasts on average between 20 and 30s and consumes ~20% of CPU power. This execution is transparent compared to the classical user. Once finished, the inventory results are directly uploaded to the collection point via sharing. The share also allows to store log files and a list of identifiers.

A unique identifier per machine is used to allow the evolution of the machine to be followed. This identifier is generated during the first inventory and is stored on the machine as well as in the list of share identifiers.

In case of software reinstallation on the machine, it is necessary to retrieve these identifiers and reinstall them in the same directory as originally, otherwise the inventory information will be duplicated.

 

From the collection point to the ServiceNav web-based monitoring platform

The collection point is located on the ServiceNav Box

A program runs on the monitoring box every five minutes and uploads the inventory results to the web-based monitoring platform. The results are inserted in a database.

The collection point is located on a supervised equipment with ServiceNav Agent

 ServiceNav Agent sends inventory data over the Internet to a shared ServiceNav Box. In most cases, the ServiceNav Box responsible for collecting supervision data also assumes this role. A program runs on the box every minute and uploads the inventory results to the web-based monitoring platform. The results are inserted into a database.

 

Implementation of the inventory - collection point

ServiceNav Box

This preparation operation consists in declaring the share in the Windows Active Directory.

This configuration can only be done when the ServiceNav Box is installed at the customer's premises.

The ServiceNav Box hosting the share (example: snb-supervision) must be declared in the DNS before running the installation script.

To declare the necessary share for the inventory module, you also need to have a Windows Active Directory domain account.

An installation script exists, on each ServiceNav Box in the folder :

/usr/local/nagios/bin/installationInventory/

The script to launch the installation is : installation_inventory.sh

Options :

-h: Displays help

-V: Displays the version

-W: Workgroup or domain name. Example : COSERVIT

-P: Netbios name of the ServiceNav Box hosting the Samba share. Example: : snb-supervision

-D: Domain name. For example : COSERVIT.LOCAL

-A: Name of the Active Directory server without the domain extension. Example : COSVGRE01

-U: Domain Administrator

-X: Domain administrator password

 

Login to the ServiceNav Box and run the following command:

cd /usr/local/nagios/bin/installationInventory/

Execute for example (WARNING DO NOT COPY/PASTE the command, it is misinterpreted, you must TAP it from the console.) :

./installation_Inventory.sh -W COSERVIT -P snb-supervision -D COSERVIT.LOCAL -A COSVGRE01 -U administrator -X *******

If the password contains a character interpreted under the Linux shell (such as the & character), encapsulate the password between quote characters.

Example (WARNING DO NOT COPY/PASTE the command, it is misinterpreted, you must TAP it from the console.) :

./installation_Inventory.sh -W COSERVIT -P snb-supervision -D COSERVIT.LOCAL -A COSVGRE01 -U administrator -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv' -X 'Oiu&ErfGv

To check if a Kerberos ticket is recovered: enter klist after installation.

Warning 2 From version 3.13.1, and for a ServiceNav Box running Ubuntu 16.04, it is necessary to modify the /etc/init.d/iptables.sh file to authorize the NETBIOS flow.

Uncomment these two lines:

## Acceptance of SAMBA connections
#iptables -A INPUT -p tcp -dport $PORT_SAMBA_NETBIOS -j ACCEPT
#iptables -A INPUT -p tcp -dport $PORT_SAMBA_MICROSOFT_DS -j ACCEPT

Then execute:

/etc/init.d/iptables.sh

 

To test the installation, run the following command on the ServiceNav Box getent passwd. Sf users of the AD are present, the connection to the Windows Active Directory is successful.

 Tip To check that the sharing is in place, connect to a machine of the network inventoried, and in Windows explorer, enter \inventory: you must visualize the inventory program. inventory_windows.exe

Inventory - Windows Sharing

 

ServiceNav Agent

Verify that the ServiceNav Box that receives inventory information from the ServiceNav Agent of the park is initialized.

 Warning The ServiceNav Box must expose a web service accessible from the ServiceNav Agents. This web service is defined by a port, and a URL.

The rest of this section describes how to create this web service.

Box side

A. Configuration of the web service

  1. Configuration in HTTP

From version 3.13.1, and for a ServiceNav Box running Ubuntu 16.04, the serviceNav site is already configured and activated, so the section below is obsolete.

On the other hand, you have to activate and start apache2 which is stopped by default.

systemctl enable apache2
service apache2 restart

Ubuntu ServiceNavBox 16.04, version 3.13.1 and higher: by default, ports 80 and 443
are not open on the stalls.

To check the firewall configuration, run the following command:

iptables -L -v

To change the allowed port for HTTP or HTTPS, edit the file /etc/init.d/iptables.sh :

nano /etc/init.d/iptables.sh

Modify the following variable(s) with the desired value(s) :

PORT_HTTP="80"
 PORT_HTTPS="443"

Apply changes :

/etc/init.d/iptables.sh

Up to and including version 3.13.0, create a new VirtualHost :

nano /etc/apache2/sites-available/viadeisServices

Here are the contents of the file to be copied :

 Warning 2 The values in red represent the port that will be used by the web service. If you want to use a particular port you have to change these values by your port number.
NameVirtualHost *:80
	
	DocumentRoot /usr/local/pasi/www/
		
	

Activate the virtualhost that will allow access to the Web Service :

a2dissite default
a2ensite viadeisServices

Restart the Apache service to apply the new configuration:

/etc/init.d/apache2 restart

       2. HTTPS configuration

Activate the Apache ssl module with the command :

a2enmod ssl

Then create the folder containing the certificates if it does not already exist:

mkdir /etc/apache2/cert

To create the certificates, you have to connect to the SNP server which has a self-signed certification authority.

ssh 172.238.0.1

We then go into the directory that will contain our certificates:

mkdir /root/genAutosignCertificate
cd /root/genAutosignCertificate

Certificates are generated for Web Services replacing the value of the by the right one.

openssl genrsa 1024 > _ws.key
openssl req -new -key _ws.key > _ws.csr

You will be asked for information. Please make sure to adapt them to your installation:

Country Name (2 letter code) [AU]:EN
State or Province Name (full name) [Some-State]:ISERE
Locality Name (eg, city) []:GRENOBLE
Organization Name (eg, company) [Internet Widgits Pty Ltd]:COSERVIT
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:supervision.coservit.fr
Email Address []:

You don't need to enter any more. Validate the default values by typing enter until the command prompt appears again.

CA signature of the server certificate

openssl x509 -req -in _ws.csr -out _ws.crt -CA /root/openvpn/easy-rsa/2.0/keys/ca.crt -CAkey /root/openvpn/easy-rsa/2.0/keys/ca.key -CAcreateserial -CAserial ca.srl

We go back to the SNM box to complete the configuration:

exit

Once on the box, we retrieve the certificates we just generated.

scp 172.238.0.1:/root/genAutosignCertificate/_ws.key /etc/apache2/cert/
scp 172.238.0.1:/root/genAutosignCertificate/_ws.crt /etc/apache2/cert/
scp 172.238.0.1:/root/openvpn/easy-rsa/2.0/keys /ca.crt /etc/apache2/cert/

 

On a ServiceNav Box running Ubuntu 16.04, from version 3.13.1 :

nano /etc/apache2/sites-available/serviceNavSecured.conf

Listen 443
 
	DocumentRoot /usr/local/pasi/www/
	ServerName localhost

	# Active HTTPS
	SSLEngine on
	SSLCertificateFile /etc/apache2/cert/_ws.key
	SSLCertificateKeyFile /etc/apache2/cert/_ws.key
	SSLCertificateChainFile /etc/apache2/cert/ca.crt
 
	

Restart the Apache service to apply the new configuration

a2ensite serviceNavSecured
systemctl enable apache2
service apache2 restart

Ubuntu ServiceNavBox 16.04, version 3.13.1 and higher: by default, ports 80 and 443
are not open on the stalls.

To check the firewall configuration, run the following command:

iptables -L -v

To change the allowed port for HTTP or HTTPS, edit the file /etc/init.d/iptables.sh :

nano /etc/init.d/iptables.sh

Modify the following variable(s) with the desired value(s) :

PORT_HTTP="80"
 PORT_HTTPS="443"

Apply changes :

/etc/init.d/iptables.sh

 

On a ServiceNavBox running Ubuntu 12.04 (up to version 3.13.0), here are the contents of the file to copy :

 Warning 2 The values in red represent the port that will be used by the web service. If you want to use a particular port you have to change these values by your port number.
nano /etc/apache2/sites-available/viadeisServicesSecured
NameVirtualHost *:443
	
		DocumentRoot /usr/local/pasi/www/
		SSLEngine On
		SSLCACertificateFile /etc/apache2/cert/ca.crt
		SSLCertificateFile /etc/apache2/cert/_ws.crt
		SSLCertificateKeyFile /etc/apache2/cert/_ws.key
		
	

Activate the virtualhost that will allow access to the Web Service.

a2dissite default
a2ensite viadeisServicesSecured

Restart the Apache service to apply the new configuration

/etc/init.d/apache2 restart

       3. Configuration with a specific port

If you have changed the default ports in the virtual host configuration, you must complete the configuration below, otherwise proceed directly to the next step.

Also modify the file /etc/apache2/ports.conf

nano /etc/apache2/ports.conf

If the configuration is in HTTP, change the value in red to your port number :

Listen 80
Listen 443

If the configuration is in HTTPS, change the value in red to your port number :

Listen 80
Listen 443


 

B. Test of the web service

To test if the web service is functional you can enter one of the following URLs from the browser of the server hosting the Collection Agent depending on your configuration:

In HTTP mode :

http:///api/ws_VS_Agent.php

In HTTPS mode :

https:///api/ws_VS_Agent.php

In HTTP mode with a specific port:

http://:/api/ws_VS_Agent.php

In https mode with a specific port:

https://:/api/ws_VS_Agent.php

 

The following web page should appear:

Inventory - Web Test

If this is not the case, check your configuration.

If you are stuck then you can contact product support.

Web interface side

1. Configuration of the supervision box

To configure the ServiceNav Box, follow the steps below.

  • Login to the ServiceNav monitoring website
  • Click Configuration Supervision > General > Box
  • Position yourself in the company tree at the level of the company to which the ServiceNav Box is attached.

ServiceNav - SNM Box

  • Click on the name of the ServiceNav Box
  • Fill in the fields in the section Agent mode inventory configuration :

Example HTTP mode :

- URL: http:///api/ws_VS_Agent.php

- Port: 80

Example HTTPS mode :

- URL: https:///api/ws_VS_Agent.php

- Port: 443

Inventory - Agent mode configuration

  • Click Apply

 

2. Manifold configuration

Activation of equipment monitored by ServiceNav Agent as a collection point for inventory information is done by logging on to the ServiceNav monitoring website.

  • Login to the ServiceNav monitoring website
  • Click Inventory > Configuration > Collector
  • In the company code tree, go to the company code on which you want to carry out the inventory
  • Click Edit host

 

Inventory - Collector Configuration1

  • Click on Yes
  • Choose the collection point from the list of supervised equipment.

 

Inventory - Collector Configuration 2

  • Choose from the list a domain account that can declare the network share needed for the inventory

 

Inventory - Collector Configuration 3

  • Click Apply

Please read the following instructions:

Inventory - Agent mode activation

 Tip To check that the sharing is well in place, connect to a machine of the network to be inventoried, and in Windows explorer, enter \inventory: you must visualize the inventory program. inventory_windows.exe

Inventory - Windows Sharing

 

This may also be of interest to you

Welcome to ServiceNav!

Need help? More information about our products? Write to us!
You have taken note of our privacy policy.

[COVID - 19 ] - TELEWORKING, TARGET AVAILABILITY 100% !

While the epidemic lasts, ensure the availability and performance of your IT services for teleworking, with ServiceNav!

Following the government's call to mobilize to help businesses overcome the current health and economic context, we help you, free of charge, to ensure the complete monitoring of your teleworking environments: VPN, VDI, Teams, Skype Enterprise, Citrix... Objectives: collection, availability and usage indicators, dashboards to support your communication.
We use cookies to ensure that you have the best possible experience on our site, and if you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.