Introduction
The inventory module is designed to collect hardware and software information on Microsoft Windows operating system equipment.
This procedure explains how to set up the inventory on a fleet of machines.
This module is accessible from the user interface by clicking on the Inventory.
General principles
 |
The inventory requires the implementation of at least one collection point in the network of machines to be inventoried.
This collection point is either located on the ServiceNav Boxor on a supervised Windows device with ServiceNav Agent. |
From the inventoried machines to the collection point
A share is published on Windows Active Directory.
Each of the inventoried machines runs a program available on this share at regular intervals (in the form of a scheduled task) or during particular events (machine startup, user login).
No executable is therefore installed on the inventoried machine.
The inventory program lasts on average between 20 and 30s and consumes ~20% of the processor. This execution is transparent to the typical user. Once completed, the inventory results are sent directly to the collection point via the share. The share also stores log files and a list of identifiers.
A unique identifier per machine is used to track the evolution of the machine. This identifier is generated during the first inventory and is stored on the machine as well as in the list of identifiers of the share.
If you reinstall software on the machine, you must retrieve these credentials and reinstall them in the same directory as the original or you will duplicate the inventory information.
From the collection point to the ServiceNav web-based monitoring platform
The collection point is located on the ServiceNav Box
A program runs on the supervision box every five minutes and sends the inventory results to the supervision web platform. The results are inserted into the database.
The collection point is located on a supervised equipment with ServiceNav Agent
ServiceNav Agent sends the inventory data over the Internet to a shared ServiceNav Box. In most cases, the ServiceNav Box responsible for collecting the monitoring data also takes on this role. A program runs on the box every minute and uploads the inventory results to the web-based monitoring platform. The results are inserted into the database.
Implementation of the inventory - collection point
ServiceNav Box
This preparation operation consists in declaring the share in the Windows Active Directory.
This configuration can only be done when the ServiceNav Box is installed at the customer's site.
The ServiceNav Box hosting the share (example: snb-supervision) must be declared in the DNS before running the installation script.
To declare the share required for the inventory module, you also need a Windows Active Directory domain account.
An installation script exists, on each ServiceNav Box in the folder :
/usr/local/nagios/bin/installationInventory/
The script to launch the installation is : installation_inventory.sh
Options :
-h: Displays the help
-V: Displays the version
-W: Workgroup or domain name. Example: COSERVIT
-P: Netbios name of the ServiceNav Box hosting the Samba share. Example : snb-supervision
-D: Domain name. Example: COSERVIT.LOCAL
-A: Active Directory server name without the domain extension. Example: COSVGRE01
-U: Domain administrator
-X: Domain administrator's password
Connect to the ServiceNav Box and run the following command:
cd /usr/local/nagios/bin/installationInventory/
Run for example (WARNING DO NOT COPY/TEXT the command, it is misinterpreted, it must be typed from the console) :
./installation_Inventory.sh -W COSERVIT -P snb-supervision -D COSERVIT.LOCAL -A COSVGRE01 -U administrator -X *********
If the password contains a character interpreted under the Linux shell (such as the & character), enclose the password in quote characters.
Example (WARNING DO NOT COPY/TEXT the command, it is misinterpreted, it must be typed from the console) :
./installation_Inventory.sh -W COSERVIT -P snb-supervision -D COSERVIT.LOCAL -A COSVGRE01 -U administrator -X 'Oiu&ErfGv
To check if a Kerberos ticket is retrieved: enter klist after installation.
|
Starting with version 3.13.1, and for a ServiceNav Box running Ubuntu 16.04, the /etc/init.d/iptables.sh file must be modified to allow the NETBIOS flow.
Uncomment these two lines: ## SAMBA connection acceptance Then execute : /etc/init.d/iptables.sh |
To test the installation, run the command on the ServiceNav Box getent passwd. SIf AD users are present, the link with the Windows Active Directory is successful.
 |
To check that the share is in place, connect to a machine on the inventoried network, and in Windows Explorer, enter \inventory : you should see the inventory program inventory_windows.exe
|
ServiceNav Agent
Check that the ServiceNav Box that receives inventory information from the ServiceNav Agents in the fleet is initialized.
 |
The ServiceNav Box must expose a web service that can be accessed from the ServiceNav Agent. This web service is defined by a port, and a URL. |
The rest of this section describes how to create this web service.
Box side
A. Web service configuration
- Configuration in HTTP
As of version 3.13.1, and for a ServiceNav Box running Ubuntu 16.04, the serviceNav site is already configured and activated, so the section below is obsolete.
It is necessary on the other hand to activate and start apache2 which is stopped by default.
systemctl enable apache2 service apache2 restart
ServiceNavBox Ubuntu 16.04, version 3.13.1 and higher: by default, ports 80 and 443
are not open on the boxes.
To check the firewall configuration, run the following command:
iptables -L -v
To change the allowed port for HTTP or HTTPS, edit /etc/init.d/iptables.sh :
nano /etc/init.d/iptables.sh
Modify the following variable(s) with the desired value(s):
PORT_HTTP="80" PORT_HTTPS="443"
Apply changes :
/etc/init.d/iptables.sh
Up to and including version 3.13.0, create a new VirtualHost :
nano /etc/apache2/sites-available/viadeisServices
Here are the contents of the file to be copied:
| |
The red values represent the port that will be used by the web service. If you want to use a particular port you must change these values to your port number. |
NameVirtualHost *:80 DocumentRoot /usr/local/pasi/www/ Options -Indexes FollowSymLinks AllowOverride All Order deny,allow Allow from all
Enable the virtualhost that will allow access to the Web Service:
a2dissite default a2ensite viadeisServices
Restart the Apache service to apply the new configuration:
/etc/init.d/apache2 restart
2. HTTPS configuration
Activate the Apache ssl module with the command :
a2enmod ssl
Then create the folder where the certificates will be stored if it does not already exist:
mkdir /etc/apache2/cert
To create the certificates, you need to connect to the SNP server which has a self-signed certificate authority.
ssh 172.238.0.1
We then move to the directory that will contain our certificates:
mkdir /root/genAutosignCertificate cd /root/genAutosignCertificate
The certificates for the Web Services are generated by replacing the value by the appropriate one.
openssl genrsa 2048 > _ws.key openssl req -new -key _ws.key > _ws.csr
You will be asked for information. Please make sure to adapt them to your installation:
Country Name (2 letter code) [AU]:FRState or Province Name (full name) [Some-State]:ISERELocality Name (eg, city) []:GRENOBLEOrganization Name (eg, company) [Internet Widgits Pty Ltd]:COSERVITOrganizational Unit Name (eg, section) []:Common Name (eg, YOUR name) []:supervision.coservit.frEmail Address []:
It is not necessary to enter more. Validate the default values by typing enter until you find the command prompt.
Signature of the server certificate by the CA
openssl x509 -req -in _ws.csr -out _ws.crt -CA /root/openvpn/easy-rsa/2.0/keys/ca.crt -CAkey /root/openvpn/easy-rsa/2.0/keys/ca.key -CAcreateserial -CAserial ca.srl
We return to the SNM box to finish the configuration:
exit
Once on the box, we retrieve the certificates we just generated.
scp 172.238.0.1:/root/genAutosignCertificate/_ws.key /etc/apache2/cert/scp 172.238.0.1:/root/genAutosignCertificate/_ws.crt /etc/apache2/cert/scp 172.238.0.1:/root/genAutosignCertificate/ca.srl /etc/apache2/cert/
On a ServiceNav Box running Ubuntu 16.04, from version 3.13.1:
nano /etc/apache2/sites-available/serviceNavSecured.conf
DocumentRoot /usr/local/pasi/www/ ServerName localhost # Active HTTPS SSLEngine on SSLCertificateFile /etc/apache2/cert/_ws.crt SSLCertificateKeyFile /etc/apache2/cert/_ws.key SSLCertificateChainFile /etc/apache2/cert/ca.srl Options -Indexes -FollowSymLinks AllowOverride All Require all granted
Restart the Apache service to apply the new configuration
a2ensite serviceNavSecured systemctl enable apache2 service apache2 restart
ServiceNavBox Ubuntu 16.04, version 3.13.1 and higher: by default, ports 80 and 443
are not open on the boxes.
To check the firewall configuration, run the following command:
iptables -L -v
To change the allowed port for HTTP or HTTPS, edit /etc/init.d/iptables.sh :
nano /etc/init.d/iptables.sh
Modify the following variable(s) with the desired value(s):
PORT_HTTP="80" PORT_HTTPS="443"
Apply changes :
/etc/init.d/iptables.sh
On a ServiceNavBox running Ubuntu 12.04 (up to version 3.13.0), here is the content of the file to copy:
| |
The red values represent the port that will be used by the web service. If you want to use a particular port you must change these values to your port number. |
nano /etc/apache2/sites-available/viadeisServicesSecured NameVirtualHost *:443 DocumentRoot /usr/local/pasi/www/ SSLEngine On SSLCACertificateFile /etc/apache2/cert/ca.crt SSLCertificateFile /etc/apache2/cert/_ws.crt SSLCertificateKeyFile /etc/apache2/cert/_ws.key Options -Indexes FollowSymLinks AllowOverride All Order deny,allow Allow from all
Enable the virtualhost that will allow access to the Web Service
a2dissite default a2ensite viadeisServicesSecured
Restart the Apache service to apply the new configuration
/etc/init.d/apache2 restart
3. Configuration with a specific port
If you have changed the default ports in the virtual host configuration, you should complete the configuration below, otherwise go directly to the next step.
Also modify /etc/apache2/ports.conf
nano /etc/apache2/ports.conf
If the configuration is in HTTP, change the value in red by your port number:
Listen 80Listen 443
If the configuration is in HTTPS, change the value in red by your port number:
Listen 80Listen 443
To test if the web service is functional you can from the browser of the server hosting the collection agent, enter one of the following URLs depending on your configuration:
In HTTP mode:
http:///api/ws_VS_Agent.php
In HTTPS mode:
https:///api/ws_VS_Agent.php
In HTTP mode with a specific port:
http://:<Port number/api/ws_VS_Agent.php
In https mode with a specific port:
https://:<Port number/api/ws_VS_Agent.php
The following web page should be displayed:
If this is not the case, check your configuration.
If you are stuck then you can contact product support.
Web interface side
1. Configuration of the supervision box
To configure the ServiceNav Box, proceed as follows.
- Login to the ServiceNav monitoring website
- Click on Configuration Supervision > General > Box
- Position yourself in the company tree at the level of the company to which the ServiceNav Box is attached
- Click on the name of the ServiceNav Box
- Fill in the fields in the Agent mode inventory configuration :
Example HTTP mode :
- URL: http:///api/ws_VS_Agent.php
- Port : 80
Example HTTPS mode :
- URL: https:///api/ws_VS_Agent.php
- Port : 443
- Click on Click Apply
2. Manifold configuration
Activating a ServiceNav Agent monitored device as an inventory information collection point is done by logging into the ServiceNav monitoring website.
- Login to the ServiceNav monitoring website
- Click on Inventory > Configuration > Collector
- In the company tree, go to the company on which you want to set up the inventory
- Click on Modify the
- Click on Yes
- Choose the collection point from the list of supervised equipment
- Select a domain account from the list that can declare the network share needed for the inventory
- Click on Click Apply
Please note the following instructions:
| |
To check that the share is in place, connect to a machine on the network to be inventoried, and in Windows Explorer, enter \inventory : you should see the inventory program inventory_windows.exe
|
