General OpenNMS Discussion.

Cyrille Bollu | 22 Jun 2012 16:05

matching on hostname with MatchingIpInterfacePolicy provisioning policy

Hi all,

I've the following provisioning policy:

    <policies>
        <policy class="org.opennms.netmgt.provision.persist.policies.MatchingIpInterfacePolicy" name="auto_discovery">
            <parameter value="MANAGE" key="action"/>
            <parameter value="ALL_PARAMETERS" key="matchBehavior"/>
            <parameter value="*" key="ipAddress"/>
        </policy>
        <policy class="org.opennms.netmgt.provision.persist.policies.MatchingIpInterfacePolicy" name="block_128_classA_subnet">
            <parameter value="UNMANAGE" key="action"/>
            <parameter value="ALL_PARAMETERS" key="matchBehavior"/>
            <parameter value="~128\..*" key="ipAddress"/>
        </policy>
        <policy class="org.opennms.netmgt.provision.persist.policies.MatchingIpInterfacePolicy" name="block_test_servers">
            <parameter value="DO_NOT_PERSIST" key="action"/>
            <parameter value="ALL_PARAMETERS" key="matchBehavior"/>
            <parameter value="~.*test.*" key="hostName"/>
        </policy>
    </policies>

New interfaces are correctly discovered, and interfaces in the range 128.0.0.0/8 are correctly set to UNMANAGE. But, interfaces whose IP address resolves to a hostname containing the word 'text' are still persisted in the DB.

Does anyone know what I'm doing wrong?

Best regards,

Cyrille

PS: I've activated DEBUG log level on PROVISIOND, but can't see there where in the code this matching is performed:

2012-06-20 15:32:04,260 INFO [Provisiond:EventListener] EventIpcManagerDefaultImpl: run: calling onEvent on Provisiond:EventListener for event uei.opennms.org/internal/discovery/newSuspect dbid 222315 with time mercredi 20 juin 2012 13:32:04 GMT
2012-06-20 15:32:04,260 INFO [pool-1-thread-4] Provisioner: createNewSuspectScan called
2012-06-20 15:32:04,260 INFO [scanExecutor-6] NewSuspectScan: Attempting to scan new suspect address 10...........
2012-06-20 15:32:04,352 INFO [scanExecutor-6] AddEventVisitor: Sending nodeAdded Event for [OnmsNode <at> 5fd1102f id = 160, label = 'linservtest.fw.......', parent.id = 'null', createTime = Wed Jun 20 15:32:04 CEST 2012, sysObjectId = [null], sysName = [null], sysDescription = [null], sysLocation = [null], sysContact = [null], type = 'A', operatingSystem = [null]]

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

headers

Jim Jones | 22 Jun 2012 16:15

Re: matching on hostname with MatchingIpInterfacePolicy provisioning policy

Are you trying to find “text” or “test”? Your rule says the latter.

Thanks,

~Jim

From: Cyrille Bollu [mailto:cyrille.bollu <at> gmail.com]
Sent: Friday, June 22, 2012 10:05 AM
To: General OpenNMS Discussion
Subject: [opennms-discuss] matching on hostname with MatchingIpInterfacePolicy provisioning policy

DISCLAIMER: This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission . This email may contain information that is privileged,confidential, or protected by law and may be subject to the attorney-client privilege. If you are not the intended recipient you are hereby notified that any dissemination,copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. If you are the intended recipient and you do not wish to receive similar electronic messages from us in the future then please respond to the sender to this effect.

Internet communications are not assured to be secure or clear of inaccuracies as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this email, or any attachment, that have arisen as a result of e-mail transmission.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

headers

Cyrille Bollu | 25 Jun 2012 08:18

Re: matching on hostname with MatchingIpInterfacePolicy provisioning policy

hi,

yes, I'm looking for the word 'test' (not 'text'). Sorry for the mistake :-p

Cyr

On Fri, Jun 22, 2012 at 4:15 PM, Jim Jones <JJones <at> wvhdf.com> wrote:

Are you trying to find “text” or “test”? Your rule says the latter.

Thanks,

     ~Jim

From: Cyrille Bollu [mailto:cyrille.bollu <at> gmail.com]
Sent: Friday, June 22, 2012 10:05 AM
To: General OpenNMS Discussion
Subject: [opennms-discuss] matching on hostname with MatchingIpInterfacePolicy provisioning policy

Hi all,

I've the following provisioning policy:

    <policies>
        <policy class="org.opennms.netmgt.provision.persist.policies.MatchingIpInterfacePolicy" name="auto_discovery">
            <parameter value="MANAGE" key="action"/>
            <parameter value="ALL_PARAMETERS" key="matchBehavior"/>
            <parameter value="*" key="ipAddress"/>
        </policy>
        <policy class="org.opennms.netmgt.provision.persist.policies.MatchingIpInterfacePolicy" name="block_128_classA_subnet">
            <parameter value="UNMANAGE" key="action"/>
            <parameter value="ALL_PARAMETERS" key="matchBehavior"/>
            <parameter value="~128\..*" key="ipAddress"/>
        </policy>
        <policy class="org.opennms.netmgt.provision.persist.policies.MatchingIpInterfacePolicy" name="block_test_servers">
            <parameter value="DO_NOT_PERSIST" key="action"/>
            <parameter value="ALL_PARAMETERS" key="matchBehavior"/>
            <parameter value="~.*test.*" key="hostName"/>
        </policy>
    </policies>

New interfaces are correctly discovered, and interfaces in the range 128.0.0.0/8 are correctly set to UNMANAGE. But, interfaces whose IP address resolves to a hostname containing the word 'text' are still persisted in the DB.

Does anyone know what I'm doing wrong?

Best regards,

Cyrille

PS: I've activated DEBUG log level on PROVISIOND, but can't see there where in the code this matching is performed:

2012-06-20 15:32:04,260 INFO [Provisiond:EventListener] EventIpcManagerDefaultImpl: run: calling onEvent on Provisiond:EventListener for event uei.opennms.org/internal/discovery/newSuspect dbid 222315 with time mercredi 20 juin 2012 13:32:04 GMT
2012-06-20 15:32:04,260 INFO [pool-1-thread-4] Provisioner: createNewSuspectScan called
2012-06-20 15:32:04,260 INFO [scanExecutor-6] NewSuspectScan: Attempting to scan new suspect address 10...........
2012-06-20 15:32:04,352 INFO [scanExecutor-6] AddEventVisitor: Sending nodeAdded Event for [OnmsNode <at> 5fd1102f id = 160, label = 'linservtest.fw.......', parent.id = 'null', createTime = Wed Jun 20 15:32:04 CEST 2012, sysObjectId = [null], sysName = [null], sysDescription = [null], sysLocation = [null], sysContact = [null], type = 'A', operatingSystem = [null]]

DISCLAIMER: This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission . This email may contain information that is privileged,confidential, or protected by law and may be subject to the attorney-client privilege. If you are not the intended recipient you are hereby notified that any dissemination,copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. If you are the intended recipient and you do not wish to receive similar electronic messages from us in the future then please respond to the sender to this effect.

Internet communications are not assured to be secure or clear of inaccuracies as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this email, or any attachment, that have arisen as a result of e-mail transmission.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss