All Apps and Add-ons

Asset Discovery App

rmsit
Communicator

Hi, all. I just installed the Asset Discovery App in Splunk and really like it, however, I'm having issues in my Windows environment. I understand the app is not supported by Splunk and I'm looking for a similar (free) app that is Splunk supported. Any suggestions? Thanks.

0 Karma

mw
Splunk Employee
Splunk Employee

Hello rmsit, I'm the author of that app and I'd be happy to work on this issue with you. Strictly speaking, editing of the vb script shouldn't be necessary. If you pass arguments in they should override the defaults such as -sV. Regarding the -iL argument: could you please post your relevant input stanza?

Also, if you run the search:

index=_internal sourcetype=splunkd asset_discovery error 

I'd be curious to know if there is any error output.

0 Karma

Waltersr24
New Member

i'm having trouble with getting anything into the app. I'm pretty new to Splunk and would really like to use this app for my network.

0 Karma

rmsit
Communicator

When telling nmap to use a file via input script, no results are available. I resorted to listing all of the target IPs as a workaround and removed the input containing the "-iL" argument. Also, to correct my oringal post, I edited the script to use "-sn" and not "-sc" for ping scans.

0 Karma

mw
Splunk Employee
Splunk Employee

Also, the two inputs you've specified are effectively the same -- both will perform full port scans, the one just includes OS fingerprinting. The ping scan definition should probably have some arguments to concentrate just on system availability.

0 Karma

mw
Splunk Employee
Splunk Employee

I don't see an input that contains the "-iL" argument. Do the inputs listed work as expected? What happens when you attempt to use the "-iL" argument exactly?

0 Karma

rmsit
Communicator

I have two Splunk 6.0.3 servers, 1 is deployment/indexer and 1 a search head running Windows 2008 Ent. R2 64bit. Asset Discovery app is installed on search head. I'm receiving data, just UP/Down states are not showing and issue with nmap -iL command.

Thank you for looking into this.

0 Karma

rmsit
Communicator

I tested the script (with -sc) manually from the command line and received the expected results so that works. Scripted inputs are:

[script://D:\Program Files\Splunk\etc\apps\asset_discovery\bin\nmap.cmd -t "list of IPs"
disabled = false
index = asset_discovery
interval = 300
source = nmap
sourcetype = ping_scan

[script://D:\Program Files\Splunk\etc\apps\asset_discovery\bin\nmap.cmd -t -O "list of IPs"
disabled = false
index = asset_discovery
interval = 14400
source = nmap
sourcetype = port_scan

Running nmap.cmd -iL "file" did not seem to work. No errors running the search you provided.

0 Karma

rmsit
Communicator

Thank you for responding. I’m trying to pass the -iL argument in the scripted input to use a file with target IP addresses so I do not have to list all of them in the scripted input. Also, I receive the warning "'stats' command: limit for values of field 'status' reached. Some values may have been truncated or ignored." on the overview screen and status changes are not showing. Lastly, I edited the VB script arguments to include the -sc and not -sV discovery options since -sV is not supported on nmap 6.45 so ping scans are executed.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What issues are you having? Perhaps someone here can help resolve them.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...