NetAudit

Log Files Copied

If you are encountering any issues with NetAudit, please view system logs in /var/log/opsview/opsview.log.

Error: Corrupt XML Copied

Opsview will attempt to filter out unwanted characters in data retrieved from hosts. However, if Opsview is still unable to process the data, the entire block of data will be saved to a file on the Orchestrator and a warning will be written to the opsview.log:

Oct  6 11:30:22 servername opsview.netaudit.netauditdata : [WARNING] Corrupt XML detected; written to '/opt/opsview/netaudit/var/error_logs/netaudit.1665055822560851432.xml': not well-formed (invalid token): line 57, column 5

By default the file is stored within /opt/opsview/netaudit/var/error_logs - this can be overridden using the error_directory field in /opt/opsview/netaudit/etc/netaudit.yaml, see NetAudit configuration.

Added a new host, but there was no SVN entry created Copied

When a ‘Apply Changes’ occurs, Opsview Monitor will generate a list of all the hosts that have RANCID enabled. However, if the websvn repository doesn’t show the host, check whether ‘opsview-netaudit’ service is running or not with opsview-monit:

# /opt/opsview/watchdog/bin/opsview-monit -B summary | grep netaudit
 opsview-netaudit                 Running                     Process

Host appears in WebSVN, but it is empty Copied

The flow of data for NetAudit is:

If your host file is listed in WebSVN (NetAudit page) under ‘rancid’ repository but it is empty, it might be because the NetAudit Collector hasn’t run yet since it runs every 4 hours. You can run NetAudit Collector manually by connecting NetAudit Collector and run the following command as ‘opsview’ user:

[opsview]% /opt/opsview/netauditcollector/bin/run_rancid_collect
Starting at Thu Nov  8 12:07:14 UTC 2018
Created lockfile /opt/opsview/netauditcollector/var/collect/lock/run_rancid_collect.lock
NetAudit Collection Done. Number of collections: 1 Number of publishes: 1
Finished at Thu Nov  8 12:07:31 UTC 2018

Where are the rancid configuration files? Copied

Has the router configuration reached SVN? Copied

Look in /opt/opsview/netaudit/var/svn/ on NetAudit master. If the file here contains information, then this is what should be in subversion. You can run an “svn status” to check compared with the subversion repository.

SVN shows the file, but WebSVN shows a blank file Copied

This could be due to enscript. In /opt/opsview/repository/include/config.php, make sure the following line is uncommented (e.g. doesn’t have # at the beginning):

$config->useEnscript() If websvn now shows the router configuration, then there is probably an issue with enscript software.

Where are the latest files? Copied

On the NetAudit master, in /opt/opsview/netaudit/var/svn/ will be all the latest versions of the RANCID router output files.

NetAudit tab test connection Copied

This simulates running the code to test the NetAudit connection with credentials:

su - opsview
cd /opt/opsview/netauditcollector/bin
./run_check_rancid_connection -t cisco -H <host_ip> -u <username> -p "<password>" -c telnet

Change ‘cisco’ with your vendor type, and ’telnet’ with your connection method. You can add “-A” option at the end if you are using RANCID “autoenable” feature.

NetAudit is installed but NetAudit page and menus are not visible in Opsview Web UI Copied

NetAudit postinstall script might not have been run properly. You can run it manually as below as root user:

[root]% /opt/opsview/netaudit/installer/postinstall_root

No matching cypher type found Copied

When testing a connection you may see this error:

spawn ssh -c 3des -x -L <username> <ipaddress> Unable to negotiate with <ip> port 22: no matching cypher found. 

This means the SSH protocol is unable to agree on a common cypher between the Collector and the network device (in this case 3des is not available on the device). To amend the cypher used you can edit /opt/opsview/netaudit/var/cloginrc_local on the Orchestrator with a line such as

add cyphertype <hostname_in_opsview> <cypher>

where <hostname_in_opsview> is the configured hostname (as seen in the error) and <cypher> is an available option on the network device. You can list available cypher on the Collector by running ssh -Q cipher to pick one that both sides can use.

This change is distributed to all Collectors when an Apply Changes is performed in the UI.

["Opsview"] ["User Guide", "Troubleshooting"]

Was this topic helpful?