To insert mac value in macvendor table:
insert into system.macvendor(prefix, vendor,hi, lo) values ('90:6C:AC','ARUBA NETWORKS', -1, -1);
Once done, import a macvendor pattern with expression set to ‘ARUBA NETWORKS’ (vendor name that you inserted with above sql) along with other profiling attributes.
Example:
<patterns xmlns="urn:lumeta:pattern:6.0" user-provided="true" version="3.2.7.10623">
<pattern priority="10000">
<source>macvendor</source>
<expression>ARUBA NETWORKS</expression>
<attributes>
<attribute type="Model" confidence="69">(Aruba Networks)</attribute>
<attribute type="OS" confidence="69">(Aruba Networks)</attribute>
<attribute type="DeviceType" confidence="83">Firewall</attribute>
<attribute type="Version" confidence="69">(Aruba Networks)</attribute>
<attribute type="Vendor" confidence="83">Aruba Networks</attribute>
</attributes>
</pattern>
</patterns>
1) Ping the Scout from CC to verify that we can ping the Scout (or to see if Scout is up and running and CC can get a response back from it). On CLI, run:
i. system ping <interface> <Scout IP> (please choose CC interface)
2) If ping returns you 0% packet loss, then try to delete and reconnect the scout back. On CLI, run:
i. esi delete <Scout name>
ii. esi connect <Scout IP>
3) If the above error is "ERROR: connect timed out" then we don't seem to have full connectivity between the CC and Scout. In this case, please send /var/log/discovery-agent.log file and /var/log/lumeta-webapp.out file to Lumeta.
If your Spectre CC VM is running out of disk space, there are certain tables in the database that can be cleaned up to make more space. Please login to your CC as admin and run “support db” or login to your CC as root from console and run “db” (in both cases, you will be entering database mode). Then execute:
If for some reason, you cannot delete the zone via GUI or CLI (because it is timing out or resulting in an error), you will need to login to db and delete it
NOTE: In the above example, even though the zone id is 35, in hex it becomes 0023.
Here are the manual steps to disable NTP for ESI:
1. Log into the CLI as admin (or any superuser)
2. Get a bash shell using command "support bash"
3. Become root by running "su" and giving the root password
4. Stop the NTP daemon: "service ntpd stop"
5. Make sure daemon won't be started on reboot: "chkconfig ntpd off"
Command to check if port on a device is open. From command center
a. echo "foo\n\n" > /dev/tcp/ip/port
b. You'll get 3 types of responses: Connection refused, timeout (or hang), and finally a successful connection displayed by line return.
c. When we get a "Connection timed out" reply, we consider that port to be neither open or closed.
d. When we get a "Connection refused" reply from a port, we consider that port to be closed.
e. When we get a "Connection success" reply from a port, we consider that port to be open.
f. If a port comes up as open and later on we get a "Connection timed out" reply from that port we do not clear up that port from open port list. This is the functionality in ESI 3.2.6 and prior. (ESI 3.2.7 will introduce a data retention policy that will allow clear up data based on the reply that we get back).
If for some reason, the hostname under database and application filesystem is not in sync, then you will need to reboot the system.
In more depth, here's a bit more about the two names, how to see them, and how you might change them (these assume you're at a root shell prompt)
1) CentOS
2) Spectre
All these changes should occur automatically via the "system hostname" CLI command, but that's where you can look if that doesn't work out.
As root, run the command: /usr/local/lumeta/bin/observer_pki enable false
|