-
Notifications
You must be signed in to change notification settings - Fork 8
/
netdb.conf
379 lines (304 loc) · 12.6 KB
/
netdb.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
## NetDB's Configuration File
# Normally installed at /etc/netdb.conf
####################
# Database Details #
####################
dbname = netdb # DB must be created using createnetdb.sql first
dbhost = localhost # Host MySQL is running on
dbuser = netdbadmin # R/W User
dbpass = netdbadminpass
dbuserRO = netdbuser # Can use the same dbuser and pass from above or restrict to a SELECT only user
dbpassRO = netdb1234
###############################################
# Device Credentials for routers and switches #
###############################################
devuser = switch_user # Level 5 cisco user (show commands only)
devpass = yourpasswd
devuser2 = alt_user # Alternate Username (local user if radius fails)
devpass2 = yourpasswd
# Enable mode or priviledged access required for changing vlans
#enablepass = yourenablepasswd # Will not try to enable if commented out
#########################
# Authentication Groups #
#########################
# If you have multiple sets of login credentials, you can setup groups of
# usernames, passwords and enable passwords here. To add a device to a group
# called group1 in the example, specify the device under authgroup or add
# ,authgroup=group1 in your devicelist.csv file.
#authgroup_user group1 = group1username
#authgroup_pass group1 = group1password
#authgroup_enable group1 = enablepass # Will not try to enable if not defined
# Append ,authgroup=group1 in your devicelist.csv or add the device name here to
# the authgroup
#
# authgroup group1 = switch1 switch2 switch3
##############################
# Update Interval in minutes #
################################################################################
# Set this to be the number of minutes between updates in your crontab (default
# 15minutes) to keep track of how long a device has been on a port.
################################################################################
update_interval = 15
################################################################################
# Mac Address Display Format: In the database, everything is stored in the cisco
# format. The display format can be overridden from CLI options or the CGI
# config, for CSV reports or for other reasons.
################################################################################
# Options:
# cisco -> xxxx.xxxx.xxxx
# ieee_colon -> xx:xx:xx:xx:xx:xx
# ieee_dash -> xx-xx-xx-xx-xx-xx
# no_format -> xxxxxxxxxxxx
mac_format = ieee_colon
######################################################################
# Use Fully Qualified Domain Name for switches instead of hostname #
######################################################################
# Do not change this if you have historical data you want to preserve.
# This will change all of the names of your switches, for example
# switch1.domain.com will be used instead of just switch1
#
# You must also add use_fqdn = 1 to your netdb-cgi.conf file
#
# use_fqdn = 1
############################
# Get hostname from switch #
############################
#
# For best performance, all of your switches should be registered in DNS and you
# should be using those FQDNs in the devicelist.csv file rather than IP
# addresses. Those hostnames should also match the switch's configured
# hostname.
#
# If you are using IP addresses in your devicelist.csv file instead, you can
# enable this option to grab the hostname from the switch. This will
# significantly slow down SSH scraping performance.
#
# Supported on ios and nxos devices only
#
# gethost = 1
###############################################
# Disable Reverse DNS Lookups on ARP Table Data
###############################################
# Note: This is useful for troubleshooting slow import performance. You may also
# use it if your reverse zones are broken and out of your control.
#
# netdbctl -f, which forces hostname updates, does not pay attention to this
# flag. This may be useful if you want fast ARP updates and only occasional DNS
# lookups once a day for instance. Control this through cron.
#
#disable_DNS = 1
#disable_v6_DNS = 0
###########################
# Device Scraper Settings #
###########################
# By default, SSH is enabled, telnet is disabled (even if these options are
# commented out). You can add ,forcetelnet or ,forcessh in your devicelist.csv
# file for specific devices to override these global settings.
# Enable SSH Support
use_ssh = 1
# Enable Telnet Support (SSH Falls back to telnet if enabled)
use_telnet = 0
# The default device type is ios, but you can change it to the scraper of your
# choice (junos,aruba,ciscowlc,asa,ios):
#
# devtype = ios
# Neighbor Discovery: Gather LLDP/CDP/FDP data if available
#
# Optionally append ,nd to individual devices in the devicelist.csv file
#
use_nd = 1
## Multi-process scraper options, increases load on server but can
## increase performance by launching more sessions in parallel.
# Number of processes to spawn when capturing data from devices
# 100 works well on many machines for faster performance
scraper_count = 20
# Seconds of delay before launching another process (default 0.5s)
# Enable this for more aggressive polling
#proc_delay = 0.2
# SSH Timeout (Default 10sec)
#
# Only adjust this if you are having performance issues or missing data.
#
# ssh_timeout = 10
# Login Timeout for SSH
#
# Logins always take as long as the ssh_timeout, if you want faster logins but
# want to give more time for commands to return for large ARP tables etc, adjust
# this for faster logins. SSH Commands should look for the hostprompt and
# return as soon as a command finishes, but logins take a set amount of time.
# For faster times with hostprompt matching, set the ssh_timeout as high as it
# needs to be for any command to return given that it will usually return
# faster. Then set the login_timeout as low as logins take for faster logins.
#
# Note: Can pass individual login_timeouts to device via devicelist.csv
# Add: ,login_time=XX
#
# login_timeout = 12
# SSH Port
#
# Set an alternative SSH Port for all devices
# Alternatively, add ,ssh_port=XX to individual devices via devicelist.csv
#
# ssh_port = 22
# SSH Options
#
# Use this to set additional SSH Options
# Older Cisco iOS versions don't support ssh connections with older ciphers, thus you can set them here globally
# If you want to set it for single devices only, this can also be added to devicelist.csv as ssh_options=...
# i.e. the following line allows sha1 ssh logins, older devices will fail with SSHConnectionAborted for both logins.
# Check if you're affected by this when manually connecting via ssh, it should give an error like
# no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
# ssh_options = -oKexAlgorithms=+diffie-hellman-group1-sha1
# Telnet timeout in seconds (default is 20 seconds)
# If the timeout is too short, commands can timeout on big tables
#
# telnet_timeout = 20
# Maximum macs on a port to accept in to database (start with default)
#
# You can override this value on any individual switch by appending max_macs=XX
# in the devicelist file:
# switchname.domain.com,max_macs=100
#
# If you have a lot of hubs and unmanaged switches on your network, you can
# raise the number of macs to accept on a port before it's considered an uplink
# port and discarded.
#
# Mac address data on trunk ports is discarded by default. You can choose to
# include data from edge trunk ports below for VMWare servers or other such
# configurations.
#
# If you are using custom data sources for switchport mac data and do not have
# interface status information, this setting will prevent uplink port data from
# being imported.
#
max_macs = 30
# Importing from Edge Trunk Ports
#
# Import mac data from trunk ports in to the database on these switches if they
# don't exceed the max_macs count. Use this for scenarios such as vmware servers
# on trunk ports or non-managed downstream switches. Make sure that the
# max_macs setting is set below the number of macs on your upstream trunk port
# or you could flood the database with bad data.
#
# A setting of use_trunks = DEFAULT will include trunk data from all switches
#
# You can also add use_trunks to individual switches in the devicelist.csv file
#
# Another option is to select specific ports with use_port below
#
# Do not include the full domain name here, just the hostname (unless use_fqdn
# is set)
#
#use_trunks = switch1
#use_trunks = switch2
# Skip Specific Ports
#
# If you need to exclude a port for any reason from tracking, include the switch
# and ports here. Alternatively you can put
# switch,skip_port=Gi5/1,skip_port=Gi5/2 in the devicelist.csv file
#
# skip_port switch1 = Gi1/1 Gi2/2 Gi3/3
# Use Specific Ports
#
# If you want to force importing data from certain ports, you can use use_port
# which will override all options except skip_port. The syntax is the same as
# skip port.
#
# use_port switch1 = Gi1/1 Fa2/2
# IPv6 Max Age: Only include IPv6 entries less than this age (1-120+)
#
# Note: By default all entries included, a setting of 1 only included active
# entries with an age of 0. Comment out or set to 0 to include all entries in
# the neighbor table.
#
#ipv6_maxage = 1
# Kill Timeout
#
# Kill -9 any scrapers still running after this time to prevent hung processes
# from locking up NetDB. Default is 3600
#
# kill_timeout = 3600
#########################
# NAC Registration Data #
###############################################################################
# It's possible to import custom registration data in a CSV format for matching
# mac addresses with usernames, email addresses etc.
#
# If you are using Bradford NAC, use the client utility to export your clients
# to a file. Place that file in /opt/netdb/data and define the
# bradford_client_file as that file below. Follow the rest of the NAC
# instructions.
#
## To enable NAC, uncomment nac_file below and set useNAC = 1 in netdb-cgi.conf
#
# See the INSTALL Document and bclientdump.pl for full instructions.
###############################################################################
## To enable, uncomment nac_file below and set useNAC = 1 in netdb-cgi.conf
## Optional if using Bradford NAC
#bradford_host = nac1-ctrl.domain.com
#bradford_user = netdb
#bradford_pass = netdbpass
##########################
# NetDB System Variables #
##########################
# System level user, must have r/w file permissions to directories and files below
netdb_user = netdb
# Static Addresses from your DHCP server (one ip per line)
statics_file = /opt/netdb/data/statics.txt
# Base directory of NetDB Install
rootdir = /opt/netdb
# Data directory to write data files to
datadir = /opt/netdb/data
# Device list
device_file = /opt/netdb/data/devicelist.csv
# Control log to output script results to and errors
control_log = /var/log/netdb/control.log
# NetDB Library Error log
error_log = /var/log/netdb/netdb.error
# Lock file to make sure only one copy of netdbctl is running at once
lock_file = /var/lock/netdb/netdbctl.lock
# File from IEEE containing MAC vendor codes, recommended to schedule a cron job to update
# Setup crontab entry to update automatically, netdb/extra/crontab
ouifile = /opt/netdb/data/oui.txt
##############################################################
# Data Files (best left alone)
# Note: don't list directories, all data files kept in datadir
##############################################################
# ARP File
arp_file = arptable.txt
# MAC File
mac_file = mactable.txt
# Int Status File
int_file = intstatus.txt
# NAC Data File (Requires custom data source)
#nac_file = nac.csv
# Bradford Client Dump File (Bradford NAC Specific)
#bradford_client_file = pod1.txt
# IPv6 Neighbor Table
ipv6_file = ipv6nt.csv
# Neighbor Discovery File
nd_file = nd.csv
###############
# NetDB Library
###############
# Max Switchport Status Age
#
# Basically, when you upgrade switches to new hardware with different port
# configuration, and keep the same name, the old Fast Ethernet etc ports will
# not long show up in switch reports after this amount of time.
#
# If a device remains offline for more than 7 days and then shows back up
# online, the switch status information will be repopulated, no data is lost.
max_switch_age = 7
# Don't Use switchstatus (intstatus) data for switch reports if unavailable
no_switchstatus = 0
###########################################################################
# Debug Level:
# 0 = no debugging, errors only
# 1 = netdbctl launch control process debugging
# 2 = + Scraper Verbose Debugging
# 3 = + Extensive Scraper Debugging
# 4 = + Basic Library Debugging
# 5 = + NetDB Full Debugging (always check netdb.error for errors)
###########################################################################
debug = 0