Document toolboxDocument toolbox

Defining Config Management Settings

Owned by Aliaksei Shautsou (Deactivated)
Sept 26, 2019
3 min read

This topic describes the data collection methods that NetMRI uses to acquire its database of configuration files. Those methods include SSH, Telnet, and SNMP, all of which should be enabled to ensure a complete collection.

Note

Configuration data collection settings (for Telnet, SSH, and SNMP) can also be defined through the Setup Wizard (Settings icon –> Setup –> Setup Wizard) in Step 9, Device Interrogation Techniques.

Under Settings, the Collection and Groups panel (Settings icon –> Setup –> Collection and Groups –> Global tab –> Config Management side tab) controls configuration collection for all devices in the network. Config Management settings define the protocols used for communicating with network devices.

Ensure established communications protocols (SSH, Telnet, SNMP) to all managed devices. If Use Telnet Protocol and Use SSH Protocol are both disabled, NetMRI cannot collect configuration files from any device.

Note

You can override settings in this panel at more granular levels, through Device Group and Interface Group communications settings specified in the Groups tab of this page.

The Collection and Groups panel consists of the following:

  • Config Collection: If enabled, configuration files are collected from network devices. All settings apply globally Config Locked. If enabled, configuration changes to network devices are not authorized.
  • Use Telnet Protocol: If enabled, NetMRI automatically attempts to access a device via telnet when it is discovered, using the list of passwords in Settings icon –> Setup –> Credentials. If disabled, the system performs no telnet configuration collection, password guessing, or vendor default username/password checking for any monitored device.
  • Use SSH Protocol: If enabled, NetMRI automatically attempts to access an SSH via telnet when it is discovered, using the list of passwords in Settings icon –> Setup –> Credentials. If disabled, the system performs no SSH configuration collection, password guessing, or vendor default username/password checking for any monitored device.

Note

Many devices generate log messages for SSH access attempts coming from unknown IP addresses. To avoid confusion, add the IP address assigned to NetMRI to all appropriate access control lists and security logs.

  • Use HTTP Protocol: NetMRI can use the HTTP protocol to access a discovered device for configuration collection. If disabled, the system performs no HTTP-based configuration collection, password guessing, or vendor default username/password checking for any device.
  • Use Vendor Default Credentials: NetMRI can use passwords marked as Use Vendor when trying to determine a login to devices for configuration collection. If enabled, the passwords entered as Local Users in Settings icon –> Setup –> Credentials are attempted first, then those marked as Use Vendor. If disabled, the system attempts only username/passwords marked as Use Local (for organizations that do not want the additional traffic of the Vendor Default password set).
  • Script Execution: If enabled, NetMRI users with the correct privileges can execute Configuration Command Scripts or Perl scripts.
  • Vendor Default Credential Collection: If enabled, NetMRI will automatically check for default vendor credentials at the interval specified in Frequency. Checking for vendor default credentials ensures that the network meets compliance standards.

Note

NetMRI comes pre-loaded with a list of vendor default community strings; you can add more at Settings icon –> Setup –> Credentials.

  • Frequency: If set to Weekly, NetMRI will check for vendor default credentials once per week. If set to Daily, the appliance will check for vendor default credentials once per day, at the Hour and Minute specified in the box below the Daily option.