Documentations

Configure the inventory functionality

On the page

Do you need help?

Introduction

The inventory module is designed to collect hardware and software information on Microsoft Windows operating system equipment.

This procedure explains how to set up the inventory on a fleet of machines.

This module is accessible from the user interface by clicking on the Inventory.

General principles

Warning 2 The inventory requires the implementation of at least one collection point in the network of machines to be inventoried.

This collection point is either located on the ServiceNav Boxor on a supervised Windows device with ServiceNav Agent.

From the inventoried machines to the collection point

A share is published on Windows Active Directory.

Each of the inventoried machines runs a program available on this share at regular intervals (in the form of a scheduled task) or during particular events (machine startup, user login).

No executable is therefore installed on the inventoried machine.

The inventory program lasts on average between 20 and 30s and consumes ~20% of the processor. This execution is transparent to the typical user. Once completed, the inventory results are sent directly to the collection point via the share. The share also stores log files and a list of identifiers.

A unique identifier per machine is used to track the evolution of the machine. This identifier is generated during the first inventory and is stored on the machine as well as in the list of identifiers of the share.

If you reinstall software on the machine, you must retrieve these credentials and reinstall them in the same directory as the original or you will duplicate the inventory information.

From the collection point to the ServiceNav web-based monitoring platform

The collection point is located on the ServiceNav Box

A program runs on the supervision box every five minutes and sends the inventory results to the supervision web platform. The results are inserted into the database.

The collection point is located on a supervised equipment with ServiceNav Agent

 ServiceNav Agent sends the inventory data over the Internet to a shared ServiceNav Box. In most cases, the ServiceNav Box responsible for collecting the monitoring data also takes on this role. A program runs on the box every minute and uploads the inventory results to the web-based monitoring platform. The results are inserted into the database.

Implementation of the inventory - collection point

ServiceNav Box

This preparation operation consists in declaring the share in the Windows Active Directory.

This configuration can only be done when the ServiceNav Box is installed at the customer's site.

The ServiceNav Box hosting the share (example: snb-supervision) must be declared in the DNS before running the installation script.

To declare the share required for the inventory module, you also need a Windows Active Directory domain account.

An installation script exists, on each ServiceNav Box in the folder :

/usr/local/nagios/bin/installationInventory/

The script to launch the installation is : installation_inventory.sh

Options :

-h: Displays the help

-V: Displays the version

-W: Workgroup or domain name. Example: COSERVIT

-P: Netbios name of the ServiceNav Box hosting the Samba share. Example : snb-supervision

-D: Domain name. Example: COSERVIT.LOCAL

-A: Active Directory server name without the domain extension. Example: COSVGRE01

-U: Domain administrator

-X: Domain administrator's password

Connect to the ServiceNav Box and run the following command:

cd /usr/local/nagios/bin/installationInventory/

Run for example (WARNING DO NOT COPY/TEXT the command, it is misinterpreted, it must be typed from the console) :

./installation_Inventory.sh -W COSERVIT -P snb-supervision -D COSERVIT.LOCAL -A COSVGRE01 -U administrator -X *********

If the password contains a character interpreted under the Linux shell (such as the & character), enclose the password in quote characters.

Example (WARNING DO NOT COPY/TEXT the command, it is misinterpreted, it must be typed from the console) :

./installation_Inventory.sh -W COSERVIT -P snb-supervision -D COSERVIT.LOCAL -A COSVGRE01 -U administrator -X 'Oiu&ErfGv

To check if a Kerberos ticket is retrieved: enter klist after installation.

Warning 2 Starting with version 3.13.1, and for a ServiceNav Box running Ubuntu 16.04, the /etc/init.d/iptables.sh file must be modified to allow the NETBIOS flow.

Uncomment these two lines:

## SAMBA connection acceptance
#iptables -A INPUT -p tcp -dport $PORT_SAMBA_NETBIOS -j ACCEPT
#iptables -A INPUT -p tcp -dport $PORT_SAMBA_MICROSOFT_DS -j ACCEPT

Then execute :

/etc/init.d/iptables.sh

To test the installation, run the command on the ServiceNav Box getent passwd. SIf AD users are present, the link with the Windows Active Directory is successful.

 Tip To check that the share is in place, connect to a machine on the inventoried network, and in Windows Explorer, enter \inventory : you should see the inventory program inventory_windows.exe

Inventory - Windows Sharing

ServiceNav Agent

Check that the ServiceNav Box that receives inventory information from the ServiceNav Agents in the fleet is initialized.

 Warning The ServiceNav Box must expose a web service that can be accessed from the ServiceNav Agent. This web service is defined by a port, and a URL.

The rest of this section describes how to create this web service.

Box side

A. Web service configuration

  1. Configuration in HTTP

As of version 3.13.1, and for a ServiceNav Box running Ubuntu 16.04, the serviceNav site is already configured and activated, so the section below is obsolete.

It is necessary on the other hand to activate and start apache2 which is stopped by default.

systemctl enable apache2
service apache2 restart

ServiceNavBox Ubuntu 16.04, version 3.13.1 and higher: by default, ports 80 and 443
are not open on the boxes.

To check the firewall configuration, run the following command:

iptables -L -v

To change the allowed port for HTTP or HTTPS, edit /etc/init.d/iptables.sh :

nano /etc/init.d/iptables.sh

Modify the following variable(s) with the desired value(s):

PORT_HTTP="80"
 PORT_HTTPS="443"

Apply changes :

/etc/init.d/iptables.sh

Up to and including version 3.13.0, create a new VirtualHost :

nano /etc/apache2/sites-available/viadeisServices

Here are the contents of the file to be copied:

 Warning 2 The red values represent the port that will be used by the web service. If you want to use a particular port you must change these values to your port number.
NameVirtualHost *:80
	
	DocumentRoot /usr/local/pasi/www/
		
			Options -Indexes FollowSymLinks
			AllowOverride All
			Order deny,allow
			Allow from all
		
	

Enable the virtualhost that will allow access to the Web Service:

a2dissite default
a2ensite viadeisServices

Restart the Apache service to apply the new configuration:

/etc/init.d/apache2 restart

       2. HTTPS configuration

Activate the Apache ssl module with the command :

a2enmod ssl

Then create the folder where the certificates will be stored if it does not already exist:

mkdir /etc/apache2/cert

To create the certificates, you need to connect to the SNP server which has a self-signed certificate authority.

ssh 172.238.0.1

We then move to the directory that will contain our certificates:

mkdir /root/genAutosignCertificate
cd /root/genAutosignCertificate

The certificates for the Web Services are generated by replacing the value by the appropriate one.

openssl genrsa 2048 > _ws.key
openssl req -new -key _ws.key > _ws.csr

You will be asked for information. Please make sure to adapt them to your installation:

Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:ISERE
Locality Name (eg, city) []:GRENOBLE
Organization Name (eg, company) [Internet Widgits Pty Ltd]:COSERVIT
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:supervision.coservit.fr
Email Address []:

It is not necessary to enter more. Validate the default values by typing enter until you find the command prompt.

Signature of the server certificate by the CA

openssl x509 -req -in _ws.csr -out _ws.crt -CA /root/openvpn/easy-rsa/2.0/keys/ca.crt -CAkey /root/openvpn/easy-rsa/2.0/keys/ca.key -CAcreateserial -CAserial ca.srl

We return to the SNM box to finish the configuration:

exit

Once on the box, we retrieve the certificates we just generated.

scp 172.238.0.1:/root/genAutosignCertificate/_ws.key /etc/apache2/cert/
scp 172.238.0.1:/root/genAutosignCertificate/_ws.crt /etc/apache2/cert/
scp 172.238.0.1:/root/genAutosignCertificate/ca.srl /etc/apache2/cert/

On a ServiceNav Box running Ubuntu 16.04, from version 3.13.1:

nano /etc/apache2/sites-available/serviceNavSecured.conf

	DocumentRoot /usr/local/pasi/www/
	ServerName localhost

	# Active HTTPS
	SSLEngine on
	SSLCertificateFile /etc/apache2/cert/_ws.crt
	SSLCertificateKeyFile /etc/apache2/cert/_ws.key
	SSLCertificateChainFile /etc/apache2/cert/ca.srl
 
	
		Options -Indexes -FollowSymLinks
		AllowOverride All
		Require all granted
	

Restart the Apache service to apply the new configuration

a2ensite serviceNavSecured
systemctl enable apache2
service apache2 restart

ServiceNavBox Ubuntu 16.04, version 3.13.1 and higher: by default, ports 80 and 443
are not open on the boxes.

To check the firewall configuration, run the following command:

iptables -L -v

To change the allowed port for HTTP or HTTPS, edit /etc/init.d/iptables.sh :

nano /etc/init.d/iptables.sh

Modify the following variable(s) with the desired value(s):

PORT_HTTP="80"
 PORT_HTTPS="443"

Apply changes :

/etc/init.d/iptables.sh

On a ServiceNavBox running Ubuntu 12.04 (up to version 3.13.0), here is the content of the file to copy:

 Warning 2 The red values represent the port that will be used by the web service. If you want to use a particular port you must change these values to your port number.
nano /etc/apache2/sites-available/viadeisServicesSecured
NameVirtualHost *:443
	
		DocumentRoot /usr/local/pasi/www/
		SSLEngine On
		SSLCACertificateFile /etc/apache2/cert/ca.crt
		SSLCertificateFile /etc/apache2/cert/_ws.crt
		SSLCertificateKeyFile /etc/apache2/cert/_ws.key
		
			Options -Indexes FollowSymLinks
			AllowOverride All
			Order deny,allow
			Allow from all
		
	

Enable the virtualhost that will allow access to the Web Service

a2dissite default
a2ensite viadeisServicesSecured

Restart the Apache service to apply the new configuration

/etc/init.d/apache2 restart

       3. Configuration with a specific port

If you have changed the default ports in the virtual host configuration, you should complete the configuration below, otherwise go directly to the next step.

Also modify /etc/apache2/ports.conf

nano /etc/apache2/ports.conf

If the configuration is in HTTP, change the value in red by your port number:

Listen 80

Listen 443

If the configuration is in HTTPS, change the value in red by your port number:

Listen 80

Listen 443


B. Testing the web service

To test if the web service is functional you can from the browser of the server hosting the collection agent, enter one of the following URLs depending on your configuration:

In HTTP mode:

http:///api/ws_VS_Agent.php

In HTTPS mode:

https:///api/ws_VS_Agent.php

In HTTP mode with a specific port:

http://:<Port number/api/ws_VS_Agent.php

In https mode with a specific port:

https://:<Port number/api/ws_VS_Agent.php

The following web page should be displayed:

Inventory - Web test

If this is not the case, check your configuration.

If you are stuck then you can contact product support.

Web interface side

1. Configuration of the supervision box

To configure the ServiceNav Box, proceed as follows.

  • Login to the ServiceNav monitoring website
  • Click on Configuration Supervision > General > Housing
  • Position yourself in the company tree at the level of the company to which the ServiceNav Box is attached

ServiceNav - SNM Box

  • Click on the name of the ServiceNav Box
  • Fill in the fields in the Agent mode inventory configuration :

Example HTTP mode :

- URL: http:///api/ws_VS_Agent.php

- Port : 80

Example HTTPS mode :

- URL: https:///api/ws_VS_Agent.php

- Port : 443

Inventory - Agent mode configuration

  • Click on Validate

2. Manifold configuration

Activating a ServiceNav Agent monitored device as an inventory information collection point is done by logging into the ServiceNav monitoring website.

  • Login to the ServiceNav monitoring website
  • Click on Inventory > Configuration > Collector
  • In the company tree, go to the company on which you want to set up the inventory
  • Click on Edit

Inventory - Collector Configuration1

  • Click on Yes
  • Choose the collection point from the list of supervised equipment

Inventory - Collector Configuration 2

  • Select a domain account from the list that can declare the network share needed for the inventory

Inventory - Collector Configuration 3

  • Click on Validate

Please note the following instructions:

Inventory - Agent mode activation

 Tip To check that the share is in place, connect to a machine on the network to be inventoried, and in Windows Explorer, enter \inventory : you should see the inventory program inventory_windows.exe

Inventory - Windows Sharing

You may also be interested in

en_GB

Welcome to ServiceNav!

Do you need some help? More information about our products? Write to us!
You have taken note of our privacy policy.
We use cookies to ensure the best experience on our site. If you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.