Auto-discovery in a given subnet

Howells, Bruce E bruce.e.howells at intel.com
Fri Feb 4 11:12:13 EST 2011 

Sounds like you want to combine the executable-as-map feature with something like nmap, which can ping-sweep a subnet and do DNS lookups for found hosts.  If you use the IP address as the uname, you'll keep override and history even if the display name changes when the DNS record shows up.

-----Original Message-----
From: arguslist-bounces at tcp4me.com [mailto:arguslist-bounces at tcp4me.com] On Behalf Of chirag.parikh at thomsonreuters.com
Sent: Friday, February 04, 2011 11:04 AM
To: arguslist at tcp4me.com
Subject: RE: Auto-discovery in a given subnet

Thanks Jeremy for your prompt response.

My requirement is actually quite simple. Let's say we want to monitor
10.0.0.0/24 and if someone puts up a system with IP, 10.0.0.2, Let Argus
call it the same, 10.0.0.2 and start monitoring it with default Service
Ping, HTTP and send necessary HUP to argusctl so new entry shows up in
web (or by any other means). Later, DNS name can be updated in Argus
config manually, once DNS push has been updated on our DNS servers. It
would be further nice if Argus can check periodically if DNS name is
updated or not on DNS servers (say by nslookup ??) and update its name
for 10.0.0.2 host accordingly in Argus config. Am I clear? Thanks again
for your help.

-Chirag.


-----Original Message-----
From: arguslist-bounces at tcp4me.com [mailto:arguslist-bounces at tcp4me.com]
On Behalf Of Jeremy Kister
Sent: Thursday, February 03, 2011 9:21 PM
To: Discussion about Argus
Subject: Re: Auto-discovery in a given subnet

On 2/3/2011 6:24 PM, chirag.parikh at thomsonreuters.com wrote:
> encountered a scenario where I'm stuck. I need to configure so a
> specific subnet is being scanned and report the objects that respond
to
> ping. That is if someone adds a machine in the network it should show
up
> in argus and start monitoring it with default services Ping and HTTP,

Argus will execute any files it finds in your config/ directory if you 
have made them executable.  if you have one big config file instead of a

directory of little files, i recommend you start by making one file 
called 000_defins that has your standard Argus definitions.

you can make another file called 001_servers that is executable. in 
that, you can script in whatever language you want and output Argus
config.

what you want sounds rather easy, so if you want to give me some more 
details I might be able to whip something up.

supposing we're scanning 10.0.0.0/24, and we find 10.0.0.2 is alive via 
ping, what should argus call this host?  do you have reverse dns 
configured ?

-- 

Jeremy Kister
http://jeremy.kister.net./

_______________________________________________
http://argus.tcp4me.com/
Arguslist at tcp4me.com
http://www.tcp4me.com/mailman/listinfo/arguslist
_______________________________________________
http://argus.tcp4me.com/
Arguslist at tcp4me.com
http://www.tcp4me.com/mailman/listinfo/arguslist

More information about the Arguslist mailing list