I'm trying to get SNMP scanning to work in my lab environment.
I have set up Fedora 30 server following this guide
http://wiki.ocsinventory-ng.org/03.Basic-documentation/Setting-up-a-OCS-Inventory-Server/
When I got the server installed, I configured apache to use SSL with this guide:
https://fedoraproject.org/wiki/Https
After configuring SSL I installed OCS agent to OCS server using this guide:
https://wiki.ocsinventory-ng.org/03.Basic-documentation/Setting-up-the-UNIX-agent-on-client-computers/#installing-unix-agent-with-rpm
There were problems with some optional packages and those I managed to install manually, for example these packages
monitor-edid, samba
From this point on I was not 100% how the SSL needs to be configured. Anyway I got the agent communication to work using these guides.
Guide 1
http://ask.ocsinventory-ng.org/5999/cannot-establish-communication-certificate-verify-failed
You must get server cert from server:
openssl s_client -showcerts -connect domain.hostname.not.ip:443 </dev/null 2>/dev/null | openssl x509 -outform PEM >/etc/ocsinventory/cacert.pem
Add to /etc/ocsinventory/ocsinventory-agent.cfg
server=https://domain.hostname.not.ip/ocsinventory
ssl=1
ca=/etc/ocsinventory/cacert.pem
voilĂ !
Good luck!
Guide 2
https://ninjanichols.com/2011/06/ocs-inventory-where-do-i-put-cacert-pem/
So after following these guides I now have cacert.pem file in both of these locations. At first I had problems with SSL communication so I tried both of these guides. This is just for the background info if this has affect how the IpDiscover / SNMP is working.
cacert.pem locations
/var/lib/ocsinventory-agent/https\:__server.demo.local_ocsinventory/cacert.pem
and
/etc/ocsinventory/cacert.pem
Well that's for background story, as I said, the configuration seems to be working. I have tested inventory with Linux agent (the OCS server itself) and few Windows agents (Servers and Workstations). The IpDiscover seems to be working, at least there seems to be uninventoried IP's appearing there, but I guess that is done by Windows agent.
I tried to set up SNMP communities like this (the ocssnmp is configured to one of devices for testing purposes):
Is this the way it's supposed to be configured? If there SNMP community name is "default" in network devices?
Well anyway I can't get this working. At first I tried to Force IpDiscover to OCS server and let the server be for a day. Nothing appeared to IpDiscover or SNMP.
This is where I configured OCS server to do IpScanning: OCS Server Configuration -> IpDiscover behaviour -> Force IpDiscover (my network here 192.168.43.0)
After a day I set up few Windows clients to network and uninventoried ip's appeared to IpDiscover. So I guess this was done by Windows clients, not OCS Linux agent. I tried to run linux agent in debug mode and got this.
[Sat Sep 21 21:52:59 2019][debug] [download] Writing config file.
[Sat Sep 21 21:52:59 2019][info] [download] Download is off.
[Sat Sep 21 21:52:59 2019][debug] [snmp] Calling snmp_prolog_reader
[Sat Sep 21 21:52:59 2019][debug] Ocsinventory::Agent::Backend::IpDiscover::IpDiscover ignored
[Sat Sep 21 21:52:59 2019][debug] - nmap found
[Sat Sep 21 21:52:59 2019][debug] Ocsinventory::Agent::Backend::IpDiscover::Nmap ignored
[Sat Sep 21 21:52:59 2019][debug] Ocsinventory::Agent::Backend::OS::AIX ignored
[Sat Sep 21 21:52:59 2019][debug] Ocsinventory::Agent::Backend::OS::BSD ignored
[Sat Sep 21 21:52:59 2019][debug] - dmidecode found
[Sat Sep 21 21:52:59 2019][debug] - dmidecode found
[Sat Sep 21 21:53:00 2019][debug] - Sys::Hostname loaded
[Sat Sep 21 21:53:00 2019][debug] Ocsinventory::Agent::Backend::OS::Generic::Ipmi ignored
[Sat Sep 21 21:53:00 2019][debug] - lspci found
[Sat Sep 21 21:53:00 2019][debug] - lspci found
[Sat Sep 21 21:53:00 2019][debug] - lsusb found
Why is IpDiscover and SNMP ignored?
Also I get this error when running the client in debug mode:
Use of uninitialized value $password in concatenation (.) or string at /usr/share/perl5/vendor_perl/Ocsinventory/Agent/Network.pm line 53.
Is this related to SNMP / IpDiscover?