Creating an Autodiscovery scan

Creating a new scan Copied

Click Create New Scan which will present you with a list of scan types:

The options between the first two are very similar, so we will describe the Network Scan. Below in the page, we will highlight the differences for VMware Scan and Windows Scan.

Configuring a Network Scan Copied

When you click on Network Scan, a modal window will appear, as per the screen shown below:

Configure Network Scan

The modal window is split into three sections: Basic, Detection Mapping and Scheduler.

Basic interface Copied

The Basic section allows you to pre-define a set of options you are likely to use to start monitoring a discovered Host. You can fine-tune those options after a scan has been ran or at any point when the host is already being monitored:

Detection Mapping Copied

Detection Mapping is a phase when Autodiscovery will try to identify what is running on an IP address. The IP must respond to a ping (ICMP) before the detection mapping is run.

Detection mapping

In the Detection Mapping section, the following are available:

Note

You will need to configure more data for VMware hosts before it is imported - details in the Updating a Single Host section below.

Scheduler Copied

You can choose to re-run the same scan on a regular basis to discover more hosts that may have been added in a certain timeframe. Within the ‘Scheduler’ drawer, you have the option to tell Autodiscovery to run the configured Network Scan at a recurring interval, e.g. every day at 23:00, or every Monday at 12:00.

You can enable or disable scheduling using the ‘Set up Schedule for Scan’ checkbox. In the example below the scan is set to run every Saturday evening at 19:00 and only the last 10 scan results will be preserved:

Scheduler in Network Scan

With scheduled scans, the time specified will be based on your browser’s time zone. When this is saved to Opsview, this will be stored in the UTC time zone. Scheduled scans will have the time of execution appended to the scan name, e.g. My Scan (2018-09-10 16:05) - this time will be in the UTC time zone.

Saving your Scan configuration Copied

Once the options have been configured within the scan, click on Save. Your new scan appears in the Scan Management grid.

Saving Scan management

Configuring a VMware Scan Copied

A VMware scan is similar to a Network Scan, but instead of specifying a network range, you point at a set of VMware hosts so Opsview will then retrieve the list of VMware guests to get a list of IP addresses to scan.

If Opsview Monitor does not have a Host with the host variable VMWAREHOSTCREDENTIALS associated to it, then the ‘VMware Scan’ button will display this window:

Configure a VMWare Scan

There are two ways to add a VMware Host:

Once a VMware Host has been added to the system, the VMware Scan button will display the modal configuration window as shown below:

Added VMware Host scan

This VMware Scan is very similar to the Network Scan, with the main difference being the ‘VMware Hosts’ drop-down option within Basic, which allows users the ability to specify which VMware Hosts they would like to run the VMware Scan against.

The Detection Mapping drawer is the same as that in Network Scan, aside from the omission of the VMware section as we cannot detect for VMware Hosts running atop of a VMware Host.

Once configured, the VMware Scan will run in the same way as a Network Scan in terms of behavior and statuses/options. The main difference for VMware Scans vs Network Scans is that a VMware Scan detects guests via the API and not via ping, meaning that if a VMware guest has ping disabled but is ‘online’, the VMware scan will still detect and display it within the scan results.

VMware SDK The monitoring and Autodiscovery of VMware Hosts/guests is performed via the VMware SDK. If you attempt to run a VMware Scan without first installing the VMware SDK, a warning message will appear:

VMware SDK

To remedy this issue, see the OS - VMware vSphere - Guest integrations page for instructions on how to install the VMware SDK.

Configuring a Windows Scan Copied

A Windows scan builds on a Network Scan and a VMware Scan, but makes it easier to configure as basic options are chosen for you. All you have to do is point it at a preconfigured Windows Active Directory server so Opsview Monitor can retrieve a list of IP addresses to scan.

If the Opsview system does not have a Host with the host variable WINLDAP_CREDENTIALS associated to it, then the Windows Scan button will display this window:

Configure a Windows Scan

Click on the Create Host button to be taken to Opsview Monitor’s Host Edit screen, with some fields prepopulated:

Windows Scan

You will need to enter a hostname or IP address, the name and, in the Variables tab, the username and password to connect to the Windows server:

New Host Variables tab

After submitting the changes, you will be taken back to Autodiscovery and the configuration window for a Windows Scan is displayed:

Windows Scan

Select the Windows Active Directory server and press Start Scan.

In the background, this will work as a Network Scan but with the following options preconfigured:

When you press Start Scan, the scan is automatically moved from a Configured state to a Pending state and will be picked up by the Autodiscovery scanner.

At the end of the scan, the results window will be available, as with other types of scans. It is not possible to schedule Windows scanning at this point.

Note

One of the prerequisites for a successful Windows Scan is a properly configured DNS. If a hostname or IP address cannot be resolved via either DNS or the /etc/hosts file of the master/collector performing the scan then the following error will be shown: WARNING: Failed to resolve 'host.ad.domain.com': Authentication may also fail.

If DNS cannot resolve your Windows Active Directory server then it is necessary to manually add an entry for the Windows Active Directory server into the /etc/hosts file on the master and all collectors performing Windows Scans.

Other actions Copied

There are two other buttons in the top toolbar:

Stop All Scans Copied

Stops all scans that are currently running. This does not affect scans that have been created (‘Configured’) but not run, nor scans that have completed

Exclusion List Copied

You can configure a list of IP addresses to be excluded from being scanned. This list is designed to provide you with the ability to specify single IPs or IP ranges that are omitted when a Scan is running. Valid syntax examples include ‘10.10.10.10’ (single IP), or ‘10.10.10.10/24’ (IP range using CIDR notation).

When clicking on the Exclusion List button, this will load:

Network Scan Exclusion List

In the above example, we have chosen to add the IP address 192.168.11.1 to the Exclusion List. This means that if you configured a scan in the future for a subnet containing 192.168.11.1, such as ‘192.168.11.0/24’, then the Autodiscovery scan will skip that IP address. This is a great piece of functionality for customers who have IDS (Intrusion Detection Systems) or IPS (Intrusion Prevention Systems) that have the ability to generate notifications or black-list IP’s when Autodiscovery is run against sensitive Hosts (as Opsview is effectively a network and port scanner).

["Opsview"] ["User Guide"]

Was this topic helpful?