Using scanner files

A scanner file is a plain text file that is used to simulate the discovery of a system that is unreachable, or one that you are not permitted to scan. You create a scanner file by running the standard discovery commands on a host and saving the output. Only the standard discovery commands are run on the host; information that is discovered by patterns is not available.

Scanning Windows targets

For Windows targets, the downloaded discovery commands do not run WMI queries, so some host data cannot be recovered. For more complete discovery, you should use the Standalone Windows scanning tool.

Process for using scanner files

The process for using scanner files is:

  1. Create a scanner file.
    1. Download the *.sh or *.bat file from the BMC Atrium Discovery user interface.
    2. Copy the file to the remote host.
    3. Run and capture the output to a file.
  2. Load the scanner file onto the appliance.
    1. Using the SCP utility, upload the results file to the appliance as the upload user.

Creating a scanner file

To create a scanner file:

  1. From the Discovery section of the Administration tab, select Platforms.
  2. Click the operating system link corresponding to the host for which you are creating the scanning file. For Windows hosts, click Shell Scripts in the Windows Discovery section.
    The commands for the operating system are displayed. The following example illustrates creating a scanner file using the Linux operating system.
    This diagram illustrates a scanning file created for a Linux operating system.
  3. Click Download host script (named Linux.sh, in this example) and save the file to the local computer as an executable.
  4. Copy the file to the remote host.
    In the following example, the SCP utility is used to copy the files between the local host teabag and the remote host teaspoon:
    tideway@teabag:~$ scp linux.sh tideway@teaspoon:linux.sh
    tideway@teaspoon's password:
    linux.sh                                      100%   19KB  18.9KB/s   00:00
    tideway@teabag:~$
    
  5. Log on to the remote host and run the script, piping the output into a text file:
    tideway@teabag:~$ ssh teaspoon
    tideway@teaspoon's password: 
    Linux teaspoon 2.6.18-6-686 #1 SMP Sat Dec 27 09:31:05 UTC 2008 i686
    ...
    tideway@teaspoon:~$
    tideway@teaspoon:~$ ./linux.sh > teaspoon.txt
    tideway@teaspoon:~$ more teaspoon.txt 
    FORMAT Linux
    --- START device_info
    hostname: teaspoon
    fqdn: teaspoon
    dns_domain:  tideway.com
    domain:
    os: Debian Linux lenny/sid
    --- END device_info
    --- START host_info
    kernel: 2.6.25-2-amd64
    num_logical_processors: 2
    cores_per_processor: 2
    ...
    tideway@teaspoon:~$
    
  6. Copy the output text file to your local host.
    tideway@teaspoon:~$
    tideway@teaspoon:~$ scp teaspoon.txt tideway@teabag:linux.txt
    tideway@teabag's password:
    teaspoon.txt                                      100%  265KB 264.7KB/s   00:00
    tideway@teaspoon:~$
    
    The output file is copied to your local host.

Loading the scanner file onto the appliance

After you have created and copied the output file to your local host, you can copy it to the appliance. In this example, the appliance is called appliance, and the local host is called teabag. When loading scanner files onto the appliance, use the upload user, because it has a home directory that is the default location for uploading scanner files, and it has limited access to the appliance. See The upload user for information on enabling this user.

  1. Ensure the file has the group read permission set:
    dtweed@teabag:~$ chmod 640 teaspoon.txt 
    dtweed@teabag:~$
    
  2. Copy the output file to the appliance. In this example, the SCP utility is used:
    dtweed@teabag:~$ scp -p teaspoon.txt upload@appliance:~/linux.teaspoon.txt
    upload@appliance's password:
    teaspoon.txt                                      100%   265KB 262.7KB/s   00:00
    dtweed@teabag:~$
    

When you load a scanner file onto the appliance, its name must be unique; otherwise, it might get overwritten by another scanner file being uploaded at the same time. For this reason, it is helpful to use a naming scheme that enables you to correlate scanner files and created hosts. Do not use a name starting with . or ending with .ignore. If you do, that file will be ignored. File names are used only for internal purposes.

Using scanner files with consolidating appliances

If you are using scanner files with consolidating appliances, upload the scanner files to the consolidating appliance, rather than to the scanning appliance. Doing so correctly identifies the hosts as "Read from scanner file", rather than as "Retrieved by scanning appliance".

After a scanner file is loaded, you can look at the results of the discovery and view the host, as shown in the following illustration.
This diagram illustrates the properties displayed for a scanned host.
On the DiscoveryAccess page, in the Data Source field of the Discovery Details section "Read from scanner file" is displayed. This is shown in the following illustration.
This diagram illustrates Read from scanner file displaying on the DiscoveryAcccess page.

Considerations when using scanner files

BMC Atrium Discovery initiates a scan of the IP address automatically. You do not need to initiate a scan manually. However, depending on how you set the Scanner File Polling Interval option, it may take up to an hour after the file is copied to the appliance for the scan to initiate. Scanner files are read from the $TIDEWAY/var/scanner directory periodically based on this setting. For more information on seeting this option, see Scanning settings.

When scanner files are used, BMC Atrium Discovery creates non-expiring pool data by creating a .no-expiry file
in the pool data directory $TIDEWAY/var/pool/192/168/1/100/.no-expiry, where the IP address is
192.168.1.100). The pool data will always be used for each subsequent discovery and return identical results until the scanner file is updated, or until the pool data is deleted.

Note

  • Hosts discovered by scanner files never age.
  • BMC Atrium Discovery does not handle overlapping IP ranges, which occur in rare cases. Using the Windows scanning tool might increase the likelihood of ranges overlapping; however, the tool enables you to select a specific IP to avoid one you have already selected. For more information, see Standalone Windows scanning tool.
Was this page helpful? Yes No Submitting... Thank you

Comments