Creating NetScans (New UI)

Overview

NetScans are processes in which LogicMonitor Collectors periodically look for and automatically discover resources in your network. NetScans streamline the adding of resources to your LogicMonitor account, which helps ensure your entire environment is properly monitored.

When setting up a NetScan, you can create a basic NetScan or advanced NetScan. A basic NetScan is simplified and intended for use during initial set up. An advanced NetScan has more options and supports additional methods for discovering resources.

Creating a Basic NetScan

To create a basic NetScan, navigate to the Resources page select the Add button and then select Basic NetScan.

To create a basic NetScan, configure the following:

IP address range

In the IP address range field, enter the IP address range. The accepted syntax for this field is as follows:

  • Hyphenated range—0.9.8.2-10.9.8.240
  • CIDR notation—192.168.1.0/24 (i.e. 192.168.1.1 through 192.168.1.254)
  • Comma separated list—10.9.8.4, 10.9.8.8
  • Mixture separated by commas—10.9.8.2, 10.9.7.2-10.9.7.22, 10.9.6.0/24

Exclude IP Addresses

Use the Exclude field to specify a range and/or comma separated list of IP addresses to exclude.

Put this into a group

Choose how you want LogicMonitor to group discovered resources in the Resource tree. There are three options for auto-assigning discovered devices to designated groups:

  • Auto – group for each Resource type—Recommended for new users, this option allows you to dynamically group resources based on the following types: Windows, Linux, VMware, Hyper-V, Network, SQL databases, Misc., NetApp, and EMC. These dynamic groups use AppliesTo scripting. See AppliesTo Scripting Overview. The grouping process is tied to the Devices By Type parent resource group which contains the default dynamic groups. If you deleted these groups, they are restored if you select this option.
  • Create a group—This option prompts you to create a new resource group. All resources discovered via this NetScan will be placed into this group, regardless of their properties.
  • Unmonitored group—This option places all discovered resources into the Unmonitored Resources group. Available from both the Resource Tree and Settings > Unmonitored Devices, this group acts as a holding area from which you can decide which resources to start monitoring.

Note: In addition to the resource group option selected here, LogicMonitor also automatically places newly discovered resources into any previously-created dynamic resource groups with matching criteria. Resources cannot be manually added to dynamic groups, and are automatically removed when they no longer meet group criteria. See Resource Groups Overview.

Naming

You can choose to either name discovered resources using DNS name (reverse DNS) which uses your DNS resolution, or IP address. If you select Use DNS name (reverse DNS), ensure your DNS is clean and accurate before starting a NetScan.

Collector Group

Select a Collector group to filter the available Collectors.

Collector

Select the Collector that will run the NetScan.

Note: The results of a NetScan can show the manufacturer of network interface based on MAC address lookup. This feature requires NPCAP which is available as an option during install beginning with Collector 25.3xx, or can be obtained separately and installed along with your existing Collector.

Ports

The Use global default switched is enabled by default. If you would like to modify the global default list of ports, toggle the switch. If you know which TCP ports are open on a resource, it helps you determine what type of resource it is (e.g., Windows usually has port 135 and 3389 open while Linux does not.)

Schedule

For a basic NetScan, scheduling is greatly simplified. Choose either Start now to run once, manually, or Start now and repeat daily to set a daily schedule.

Creating an Advanced NetScan

To create an advanced NetScan, select the Add button and then select Advanced NetScan.

Name

Use the Name field to enter a unique name for your NetScan.

Description

Use the Description field to describe the purpose of the NetScan

NetScan Group

Use the NetScan Group field to select the group you would like your new NetScan to be a member of. You can select a group from a list of existing NetScan groups or you can create a new group by entering a new group name. If you leave the NetScan Group field blank, LogicMonitor will automatically classify it under the “@default” group.

Note: The group selected here does not impact the resource group that discovered resources are assigned to in the Resource tree.

Collector Group

Select a Collector group to filter the available Collectors.

Collector

Select the Collector that will run the NetScan.

Discovery Method

From the Discovery Method dropdown menu, select the discovery method you would like your advanced NetScan to use:

  • Use ICMP ping to scan the network—The Internet Control Message Protocol (ICMP) method scans all IP addresses in the specified IP range for a ping response.
  • Upload a script or csv to discover devices—This method uses the output of a script or the contents of a comma separated value file to add resources.

Upon selection, each of the above methods has unique configurations that dynamically display. See Unique Configurations Required for ICMP, AWS, and Script/CSV Discovery Methods.

Send email notification when the scan is finished

Toggle the Send email notification when the scan is finished switch if you would like someone to be alerted when the NetScan finishes.

Exclude duplicate IP addresses

Select an option from the Exclude duplicate IP addresses dropdown menu:

  • Matching any monitored resources—This option automatically excludes any discovered resources from monitoring that have the same IP addresses as resources that are already being monitored in your portal.
  • Matching resources already discovered by this NetScan—This option excludes any discovered resources that have already been moved into monitoring via this particular NetScan.
  • Matching resources in these resource groups—This option excludes any discovered resources that have the same IP addresses as resources that are members of specific resource groups. When this option is selected, an additional field displays allowing you to specify one or more resource groups.
  • Matching resources currently assigned to these Collectors—This option excludes any discovered resources that have the same IP addresses as resources that are assigned to specific Collectors. When this option is selected, an additional field displays allowing you to specify one or more Collectors.

Rename Discovered Resources (ICMP Discovery Method Only)

You can choose to name discovered resources using a naming convention other than LogicMonitor’s default DNS naming. To accomplish this, you can use a combination of text and tokens. The following tokens are supported:

  • ##IPADDRESS##—The IP address of the resources.
  • ##SYSTEMNAME##—The system name, provided by the sysName OID if the resources responds to SNMP. This requires that either the Inherit credentials from Device Group or Use custom credentials for this scan option is set in order to retrieve the SYSTEMNAME during the NetScan.
  • ##REVERSEDNS##—The DNS name provided by your reverse DNS resolution (this is the default).

An example of using text and tokens in combination is adding a prefix to the resource’s IP address: Cisco_switch_##IPADDRESS##.

Note: Note: When a NetScan adds unique resources with duplicate names, those resources will be added with display names set to IP_CollectorID.

Schedule

If you want to run the NetScan on a schedule, enable the Run this NetScan on a schedule switch and designate an hourly, daily, weekly, or monthly schedule.

Ports (ICMP Discovery Method Only)

You can modify the global default list of ports by toggling the Custom Ports for this NetScan switch. If you know The Use global default switched is enabled by default. If you would like to modify the global default list of ports, toggle the switch. If you know which TCP ports are open on a resource, it helps you determine what type of resource it is (e.g., Windows usually has port 135 and 3389 open while Linux does not.)

Unique Configurations for ICMP and Script/CSV Discovery Methods

While many of the NetScan configurations remain the same regardless of the type of discovery method chosen in the Discovery Method field, there are some configurations that are unique per method type. These unique configurations are discussed in detail in the following sections:

Unique Configurations for the ICMP Discovery Method

Resource Credentials

If you want to name discovered resources using ##SYSTEMNAME## or you want to add only specified resource types, you must specify credentials that are used during the NetScan in order to detect resource types.

Note: These properties/credentials are not set on resources after the NetScan so it is recommended that you also specify a destination group that already has the necessary credentials.

By default, the Inherit credentials from Device Group switch is enabled. You can select an existing resource group to use the properties/credentials that have already been set. If you want to specify custom credentials for the scan, toggle the switch and add the property/credentials that you want to use.

IP address range

In the IP address range field, enter the IP address range. The accepted syntax for this field is as follows:

  • Hyphenated range—10.9.8.2-10.9.8.240
  • CIDR notation—192.168.1.0/24 (i.e. 192.168.1.1 through 192.168.1.254)
  • Comma separated list—10.9.8.4, 10.9.8.8
  • Mixture separated by commas—10.9.8.2, 10.9.7.2-10.9.7.22, 10.9.6.0/24

Specify IP addresses to exclude from the Subnets range

Toggle the Specify IP addresses to exclude from the Subnets range switch if you want to exclude any IP addresses. You can exclude a single range of IP addresses or several IP addresses separated by commas.

Ignore system.ips when checking existing resources for duplicates

The Ignore system.ips when checking existing devices for duplicates switch allows for discovery of resources that share an IP with a resource already in monitoring, determined by the system.ips property. If this option is left unselected, a resource that shares the same IP as an existing resource’s system.ips property is considered to be a duplicate and not discovered.

Included/Excluded Resources

By default, LogicMonitor includes all discovered resources and automatically assigns them to the Unmonitored Resources group, which acts as a holding area from which you can manually decide which resources to add into monitoring. You can override this setting to change the resources that are included, what groups these resources are assigned to, and/or specify what resources should be excluded.

Resources can be included or excluded based on resource type or using a custom query. The properties supported for custom queries are a subset of those typically available with AppliesTo scripting, including:

  • system.devicetype
  • system.hostname
  • system.ips
  • properties set by the LogicMonitor auto-properties feature: system.sysoid, system.sysinfo, etc.

For each set of inclusion criteria you create, you’ll also specify which resource group the discovered resources should be assigned to. Dynamic resource groups are not available for selection here because resources cannot be manually added to dynamic groups. However, LogicMonitor automatically places newly discovered resources into dynamic resource groups with matching criteria in addition to the group selected here. See Resource Groups Overview.

In addition to setting a resource group for each set of criteria, you also have the option of enabling alert generation for that set by toggling the Alerting switch.

Note: Rules for excluded resources are prioritized over rules for included resources.

Unique Configurations for the Script/CSV Discovery Method

The script/CSV discovery method lets you use a script or CSV file to specify which resources are added. This allows you to retrieve resources from a configuration database or other repository.

Note: If your script takes more than five minutes to complete and results in a Stream closed exception/Timeout exception, you can extend the script timeout value using the netscan.script.timeout.inSeconds Collector setting. This setting is set to 300 seconds by default. This setting must be updated from the agent.conf file of the Collector assigned to the NetScan. See Collector Configuration Files

.

Script Requirements

The output of your script should list the resources in the following format, one line per resource:

IP##DISPLAYNAME##[PROP_1=VALUE_1]##[HOST_GROUP]

For script output, only IP and DisplayName are required. The script can optionally specify a set of properties and their values for each resource, and optionally place the resources into a resource group. The group field, if present, must be the last field and must specify a resource group that already exists in order to add the resource to it. If the group does not exist, the resource will not be added. For example, the following script output would add a resource with the following attributes:

println "10.9.8.7##host1.somewhere.com##snmp.community=notpublic##location=Atlanta##testgroup"
  • IP: 10.9.8.7
  • DisplayName: host1.somewhere.com
  • Resource Property 1: snmp.community=notpublic
  • Resource Property 2: location=Atlanta
  • Resource Group: testgroup

External Script Files

For an external script file, you must:

  1. Upload the script.
  2. Specify the path to the uploaded script to be used by Linux and/or Windows Collectors. The path must be local to the Collector using the script.
  3. Specify any parameters needed by the uploaded script. The parameters can be passed by a combination of positional arguments and named options. If both are used, options should be passed in first, then arguments (e.g. opt1=xxx opt2=yyy argument1 argument2).

Embed a Groovy Script

To embed a Groovy script:

  1. Enter the code for your Groovy script.
  2. Specify any parameters required by your script. The parameters can be passed by a combination of positional arguments and named options. If both are used, options should be passed in first, then arguments. (e.g. opt1=xxx opt2=yyy argument1 argument2).

CSV File Requirements

The process for running a NetScan that uses a CSV file is nearly identical to that of a script-based NetScan. Since most CSV files are static, you cannot schedule a CSV NetScan.

Your CSV files must meet the following requirements:

  • The first line of the CSV file must be your column headers. There are four valid headers: “IP”, “displayname”, “hostgroup”, and “properties”. Both “IP” and “displayname” are required column headers.
  • If hostgroup is specified, it must use the full group path.
  • Multiple properties for any given resource can be added. These must be line-separated in the “properties” column and the entire property field enclosed in double quotes, as shown in the following example.
    IP,displayname,hostgroup,properties
    10.0.0.10,Device from CSV,New Target Group,"prop.one=firstproperty
    prop.two=secondproperty"
    10.0.0.11,Another Device from CSV,New Target Group,"prop.one=firstproperties
    prop.two=secondproperties"
  • Within the key-value pairing, the value can contain “=”. For example, the notation “A=B=C” represents a key=value property in which “A” is the key and “B=C” is the value.
  • As long as required headers “IP” and “displayname” are properly configured, a device will be added to your account even if properties are misconfigured.
  • By nature of CSVs being separated by commas, if you want to include a comma within an individual CSV cell, you must surround that cell with double quotation marks.
  • In the rare event that you need to include quotes within a cell, they must be escaped by surrounding the quotes with another set of double quotes per CSV standards, as shown in the following example.
    IP,displayname,hostgroup,properties
    10.0.0.10,Device from CSV,New Target Group,"prop.one=""firstproperty""
    prop.two=""secondproperty"""
  • If a cell includes a multi-line string, the entire string should be surrounded by double quotes.
  • Once added into your account, the prefix “system.” will be removed from the device’s properties. System auto-properties are the exception to this rule, including: system.ips, system.sysinfo, system.sysoid, system.db.mysql, system.db.mssql, system.db.oracle, system.db.db2, system.ec2.resourceid, system.ec2.region, and system.virtualization’. If the prefix “systems” is absent from these properties, it will be appended to them upon discovery.

LogicMonitor provides a CSV NetScan template, available here.

Parent Group

In the Parent Group field, specify which resource group the resources should be assigned to. Dynamic resource groups are not available for selection here because resources cannot be manually added to dynamic groups. However, LogicMonitor automatically places newly discovered resource into dynamic groups with matching criteria in addition to the static group selected here. See Resource Groups Overview.

In This Article