# This is the main configuration file for Netdisco web and backend apps # # DO NOT EDIT THIS FILE # # Overrides should go to ~/environments/deployment.yml # # https://github.com/netdisco/netdisco/wiki/Configuration has # in depth explanations about each setting. # ---------------- # GENERAL SETTINGS # ---------------- log: 'warning' logger_format: '[%P] %U %L %m' include_paths: [] template_paths: [] site_local_files: false external_databases: [] tenant_databases: [] # ------------ # WEB FRONTEND # ------------ domain_suffix: [] no_auth: false suggest_guest: false navbar_autocomplete: true trust_remote_user: false trust_x_remote_user: false validate_remote_user: false api_token_lifetime: 3600 tacacs: {} radius: {} ldap: {} # servers: [] # user_string: 'MYDOMAIN\%USER%' # base: "" # proxy_user: "" # proxy_pass: "" # opts: # debug: 3 # tls_opts: {} path: '/' web_home: '/inventory' web_plugins: - Inventory - Report::PortVLANMismatch - Report::PortAdminDown - Report::PortBlocking - Report::PortMultiNodes - Report::PortSsid - Report::PortUtilization - Report::ApChannelDist - Report::ApClients - Report::ApRadioChannelPower - Report::HalfDuplex - Report::DeviceAddrNoDNS - Report::DeviceByLocation - Report::InventoryByModelByOS - Report::DeviceDnsMismatch - Report::DevicePoeStatus - Report::DuplexMismatch - Report::IpInventory - Report::ModuleInventory - Report::Netbios - Report::NodeMultiIPs - Report::NodeVendor - Report::NodesDiscovered - Report::SsidInventory - Report::VlanInventory - Report::SubnetUtilization - Report::PortLog - AdminTask::JobQueue - AdminTask::NodeMonitor - AdminTask::Topology - AdminTask::PollerPerformance - AdminTask::PseudoDevice - AdminTask::SlowDevices - AdminTask::UndiscoveredNeighbors - AdminTask::OrphanedDevices - AdminTask::DuplicateDevices - AdminTask::TimedOutDevices - AdminTask::UserLog - AdminTask::Users - Search::Device - Search::Node - Search::VLAN - Search::Port - Device::Details - Device::Ports - Device::Modules - Device::Neighbors - Device::Addresses - Device::Vlans - Device::SNMP extra_web_plugins: [] sidebar_defaults: search_node: stamps: { default: checked } deviceports: { default: checked } show_vendor: { default: null } archived: { default: null } partial: { default: null } age_invert: { default: null } daterange: { default: null } mac_format: { default: IEEE } search_port: partial: { default: checked } uplink: { default: null } descr: { default: null } ethernet: { default: checked } search_device: matchall: { default: checked } device_ports: partial: { default: null } invert: { default: null } c_admin: { label: 'Port Control and Editing', default: null, idx: 0 } c_port: { label: 'Port', default: checked, idx: 1 } c_descr: { label: 'Description', default: null, idx: 2 } c_comment: { label: 'Last Comment', default: null, idx: 3 } c_type: { label: 'Type', default: null, idx: 4 } c_ifindex: { label: 'Interface Index', default: null, idx: 5 } c_lastchange: { label: 'Last Change', default: null, idx: 6 } c_name: { label: 'Name', default: checked, idx: 7 } c_tags: { label: 'Tags', default: null, idx: 8 } c_speed_admin: { label: 'Speed (configured)', default: null, idx: 9 } c_links: { label: 'External Links', default: checked, idx: 10 } c_speed: { label: 'Speed (running)', default: null, idx: 11 } c_duplex_admin: { label: 'Duplex (configured)', default: null, idx: 12 } c_duplex: { label: 'Duplex (running)', default: null, idx: 13 } c_error: { label: 'Error Message', default: null, idx: 14 } c_mac: { label: 'Port MAC', default: null, idx: 15 } c_mtu: { label: 'MTU', default: null, idx: 16 } c_pvid: { label: 'Native VLAN', default: checked, idx: 17 } c_vmember: { label: 'VLAN Membership', default: checked, idx: 18 } c_power: { label: 'PoE', default: null, idx: 19 } c_ssid: { label: 'SSID', default: null, idx: 20 } c_nac_summary: { label: 'NAC/802.1X Status', default: null, idx: 21 } c_nodes: { label: 'Connected Nodes', default: null, idx: 22 } c_neighbors: { label: 'Connected Devices', default: checked, idx: 23 } c_stp: { label: 'Spanning Tree', default: null, idx: 24 } c_up: { label: 'Up/Down Status', default: null, idx: 25 } mac_format: { default: IEEE } n_inventory: { label: 'Remote Inventory', default: checked, idx: 0 } n_detailed_inventory: { label: 'Remote Advertisement', default: null, idx: 1 } n_age: { label: 'Age Stamp', default: null, idx: 2 } n_ip4: { label: 'IPv4 Addresses', default: checked, idx: 3 } n_ip6: { label: 'IPv6 Addresses', default: checked, idx: 4 } n_netbios: { label: 'NetBIOS Name', default: checked, idx: 5 } n_ssid: { label: 'SSID', default: checked, idx: 6 } n_vendor: { label: 'Vendor', default: null, idx: 7 } n_archived: { label: 'Archived Data', default: null, idx: 8 } age_num: { default: 3 } age_unit: { default: months } p_vlan_names: { label: 'Use VLAN Names', default: null, idx: 0 } p_hide1002: { label: 'Hide VLAN 1002-1005', default: null, idx: 1 } p_include_hidden: { label: 'Include Hidden Ports', default: null, idx: 2 } device_netmap: showips: { default: null } showspeed: { default: null } mapshow: { default: depth } depth: { default: 1 } too_many_devices: { default: 1000 } colorby: { default: speed } dynamicsize: { default: checked } report_moduleinventory: fruonly: { default: checked } matchall: { default: checked } report_portutilization: age_num: { default: 3 } age_unit: { default: months } device_port_col_idx_left: 8 device_port_col_idx_mid: 21 device_port_col_idx_right: 25 jobqueue_refresh: 5 safe_password_store: true reports: [] system_reports: - tag: portserrordisabled label: 'Blocked - Error-Disabled' category: Port columns: - { ip: Device } - { dns: DNS } - { port: Port } - { name: Description } - { reason: Reason } query: | SELECT dp.ip, d.dns, dp.port, dp.name, properties.error_disable_cause AS reason FROM device_port dp INNER JOIN device_port_properties properties USING (ip, port) LEFT JOIN device d USING (ip) WHERE properties.error_disable_cause IS NOT NULL ORDER BY dp.ip, dp.port - tag: devicemultipleaddresses label: 'Devices with Multiple Addresses' category: Device columns: - { 'ip': 'Device IP', _searchable: true } - { 'devname': 'Name' } - { 'count': 'Addresses Count' } - { 'contact': 'Contact' } - { 'location': 'Location' } query: | SELECT ip, COALESCE(NULLIF(device.dns,''), NULLIF(name,''), '(none)') AS devname, count(alias), contact, location FROM device_ip LEFT JOIN device USING (ip) GROUP BY ip, devname, contact, location HAVING count(alias) > 1 ORDER BY count(alias) DESC, devname ASC - tag: devicesharedaddresses label: 'IPs on Multiple Devices' category: Device columns: - { 'alias': 'Interface IP', _searchable: true } - { 'count': 'Instance Count' } query: | SELECT alias, count(ip) FROM device_ip WHERE alias != '127.0.0.1' GROUP BY alias HAVING count(ip) > 1 ORDER BY count(ip) DESC, alias ASC - tag: recentlyaddeddevices category: Device label: 'Recently Added Devices' columns: - { ip: 'Device IP', _searchable: true } - { devname: 'Name' } - { model: 'Model' } - { vendor: 'Vendor' } - { creation: 'Date Added' } - { os: 'Operating System' } - { os_ver: 'OS Version' } - { location: 'Location' } - { contact: 'Contact' } - { serial: 'Serial' } bind_params: ['since'] query: | SELECT ip, COALESCE(NULLIF(dns,''), NULLIF(name,''), '') AS devname, model, vendor, creation, os, os_ver, location, contact, serial FROM device WHERE creation > (LOCALTIMESTAMP - COALESCE(NULLIF(?,''), '2 months')::interval) ORDER BY creation DESC - tag: portswithmostvlans category: Port label: 'Ports with the most VLANs' columns: - { ip: 'Device IP', _searchable: true } - { port: 'Port' } - { vlans: 'VLAN Count' } bind_params: ['threshold'] query: | SELECT ip, port, count(vlan) AS vlans FROM device_port_vlan GROUP BY ip, port HAVING count(vlan) > COALESCE(NULLIF(?,''), '1') ::integer ORDER BY vlans DESC, ip ASC, port ASC - tag: duplicateprivatenetworks category: Port label: 'Duplicate Private Networks' columns: - { subnet: 'Subnet', _searchable: true } - { count: 'Instances' } - { seen: 'Where Seen' } query: | SELECT subnet, count(subnet), array_agg(host(alias)::text || ' on ' || host(ip)::text) AS seen FROM device_ip WHERE ip <> alias AND (masklen(subnet) <> 32 AND masklen(subnet) <> 128) AND (subnet << '10.0.0.0/8' OR subnet << '172.16.0.0/12' OR subnet << '192.168.0.0/16' OR subnet << '100.64.0.0/10' OR subnet << 'fd00::/8') GROUP BY subnet HAVING count(subnet) > 1 ORDER BY subnet - tag: vlansonlyuplinks category: VLAN label: 'VLANs Only On Uplinks' columns: - { ip: 'Device IP', _searchable: true } - { vlans: 'VLAN List' } query: | SELECT ip, array_to_string(array_agg(DISTINCT vlan::integer ORDER BY vlan::integer ASC), ', ') AS vlans FROM device_port_vlan dpv WHERE native IS false AND vlan <> 1 AND ( SELECT count(*) FROM device_port_vlan dpv2 WHERE dpv2.ip = dpv.ip AND dpv2.vlan = dpv.vlan AND native IS true ) = 0 GROUP BY ip ORDER BY ip - tag: vlansneverconfigured category: VLAN label: 'VLANs Known but Not Configured' columns: - { ip: 'Device IP', _searchable: true } - { vlans: 'VLAN List' } query: | SELECT ip, array_to_string(array_agg(DISTINCT dv.vlan::integer ORDER BY dv.vlan::integer ASC), ', ') AS vlans FROM device_vlan dv WHERE NOT EXISTS ( SELECT FROM device_port_vlan dpv WHERE dpv.ip = dv.ip AND dpv.vlan = dv.vlan ) AND vlan NOT IN (1002, 1003, 1004, 1005) GROUP BY ip ORDER BY ip - tag: vlansunused category: VLAN label: 'VLANs No Longer Used' columns: - { ip: 'Device IP', _searchable: true } - { vlans: 'VLAN List' } bind_params: ['free'] query: | SELECT dpv.ip, array_to_string(array_agg(DISTINCT dpv.vlan::integer ORDER BY dpv.vlan::integer ASC), ', ') AS vlans FROM device_port_vlan dpv WHERE dpv.native IS false AND dpv.vlan <> 1 AND ( SELECT count(*) FROM device_port_vlan dpv2 LEFT JOIN device_port dp USING (ip, port) LEFT JOIN device d USING (ip) WHERE dpv2.ip = dpv.ip AND dpv2.vlan = dpv.vlan AND native IS true AND ( dp.up_admin = 'up' OR age( LOCALTIMESTAMP, to_timestamp( extract( epoch FROM d.last_discover ) - ( d.uptime - dp.lastchange ) /100 ) ::timestamp ) < COALESCE(NULLIF(?,''), '3 months') ::interval ) ) = 0 GROUP BY dpv.ip ORDER BY dpv.ip - tag: devicevlancount category: VLAN label: 'VLAN Count per Device' columns: - { ip: 'Device IP', _searchable: true } - { vlans: 'VLAN Count' } query: | SELECT ip, count(vlan) AS vlans FROM device_vlan GROUP BY ip ORDER BY vlans DESC table_pagesize: 10 table_showrecordsmenu: - [10, 25, 50, 100, '-1'] - [10, 25, 50, 100, 'All'] inventory_collapse_threshold: 0 inventory_platforms_collapse_threshold: 5 inventory_releases_collapse_threshold: 5 vlanctl: true portctl_nameonly: false portctl_no: [] portctl_only: [] portctl_nowaps: false portctl_nophones: false portctl_vlans: false portctl_uplinks: false portctl_topology: false portctl_by_role: {} system_port_control_reasons: address: 'Address Allocation Abuse' copyright: 'Copyright Violation' dos: 'Denial of Service' bandwidth: 'Excessive Bandwidth' polling: 'Excessive Polling of DNS/DHCP/SNMP' noserv: 'Not In Service' exploit: 'Remote Exploit Possible' compromised: 'System Compromised' other: 'Other' resolved: 'Issue Resolved' check_userlog: false devport_vlan_limit: 150 login_logo: "" defanged_admin: 'admin' defanged_api_admin: 'api_admin' hide_deviceports: 'group:__ANY__': - 'group:__HIDE_NOTPRESENT_TYPES__' external_links: node: [] device: [] device_port: [] # ------------- # NETDISCO CORE # ------------- # mibhome is discovered from environment # mibdirs defaults to contents of mibhome host_groups: __ANY__: - '0.0.0.0/0' - '::/0' __LOOPBACK_ADDRESSES__: - '::1' - '127.0.0.0/8' __LOCAL_ADDRESSES__: - '169.254.0.0/16' - 'fe80::/10' __LOOPBACK_WITH_NO_IP__: - 'op:and' - 'alias:' - 'type:softwareLoopback' __IGNORE_INTERFACES__: - 'port:EOBC' - 'port:unrouted VLAN(?: \d+)?' - 'port:StackPort' - 'port:Control Plane Interface' - 'port:SPAN (S|R)P Interface' - 'port:StackSub-.*' - 'port:StackPort\d+' - 'port:netflow' - 'port:Vlan\d+-mpls layer' - 'port:BRI\S+-Bearer Channel' - 'port:BRI\S+-Physical' - 'port:BRI\S+-Signalling' - 'port:BRI\S+-Signaling' - 'port:Embedded-Service-Engine\d+\/\d+' - 'port:Virtual-Template\d+' - 'port:Virtual-Access\d+' - 'port:(E|T)\d \d\/\d\/\d' - 'port:InLoopback0' - 'port:NULL\d' - 'port:Register-Tunnel\d' - 'port:Blade-Aggregation\d' - 'port:M-GigabitEthernet\d\/\d\/\d' - 'port:Ethernet(?:-| )QOS Packet Scheduler' - 'port:Ethernet(?:-| )WFP (?:802\.3|Native) MAC Layer Lightweight Filter' - 'port:ii\d\/\d\/\d+' __IGNORE_INTERFACE_TYPES__: [] __NOTPRESENT_TYPES__: - 'type:tunnel' - 'type:ieee8023adLag' __IGNORE_NOTPRESENT_TYPES__: - 'op:and' - 'up:notPresent' - 'group:__NOTPRESENT_TYPES__' __HIDE_NOTPRESENT_TYPES__: - 'op:and' - 'up:notPresent' - 'type:ethernetCsmacd' host_group_displaynames: {} device_identity: [] community: [] community_rw: [] device_auth: [] use_legacy_rancidexport: false use_legacy_sshcollector: false custom_fields: device: [] device_port: [] tags: device: {} device_port: {} hide_tags: device: [] device_port: [] get_credentials: "" bulkwalk_off: false bulkwalk_no: [] bulkwalk_repeaters: 20 nonincreasing: false snmpver: 3 snmptimeout: 3000000 snmpretries: 2 net_snmp_options: {} snmp_try_slow_connect: true snmp_remoteport: {} snmp_field_protection: device: serial: ['group:__ANY__'] devices_no: [] devices_only: [] discover_no: [] discover_only: [] discover_no_type: [] discover_waps: true discover_phones: false discover_routed_neighbors: true discover_min_age: 0 ignore_layers: [] force_macsuck: [] macsuck_no: [] macsuck_only: [] macsuck_all_vlans: false macsuck_no_unnamed: false macsuck_no_vlan: - 'SAM-vlan-appliance-management' - 'SAM-vlan-boot' - 'SAM-vlan-management' - 'fcoe-vsan-4048' - 'fddi-default' - 'fddinet-default' - 'token-ring-default' - 'trbrf-default' - 'trcrf-default' - 'trnet-default' macsuck_no_devicevlan: [] macsuck_no_deviceports: [] macsuck_unsupported: [] macsuck_unsupported_type: [] macsuck_bleed: false macsuck_min_age: 0 snmpforce_v1: [] snmpforce_v2: [] snmpforce_v3: [] force_arpnip: [] arpnip_no: [] arpnip_only: [] arpnip_min_age: 0 nbtstat_no: [] nbtstat_only: [] nbtstat_max_age: 7 nbtstat_interval: 0.02 nbtstat_response_timeout: 1 node_freshness: 0 expire_devices: 60 expire_nodes: 90 expire_nodes_archive: 60 expire_jobs: 14 expire_userlog: 365 expire_nodeip_freshness: null store_wireless_clients: true skip_modules: [] store_modules: true ignore_deviceports: 'group:__ANY__': - 'group:__IGNORE_INTERFACES__' - 'group:__IGNORE_INTERFACE_TYPES__' - 'group:__IGNORE_NOTPRESENT_TYPES__' 'vendor:juniper': - 'subnet:128\.0\.0\.0/2' - 'port:.+\.1638\d' - 'port:.+\.3276\d' ignore_interfaces: [] ignore_interface_types: [] ignore_notpresent_types: [] ignore_private_nets: false reverse_sysname: false phone_capabilities: - '(?i:phone)' phone_platforms: - '(?i:mitel.5\d{3})' - '(?i:phone)' wap_capabilities: - 'wlanAccessPoint' wap_platforms: - '(?i:\bwap\b)' - 'cisco\s+AIR-[L|C]?AP' - '-K9W8-' # -------------- # BACKEND DAEMON # -------------- workers: tasks: 'AUTO * 2' timeout: 600 sleep_time: 1 min_runtime: 0 max_deferrals: 10 retry_after: '7 days' queue: PostgreSQL # this one takes ages snapshot_timeout: 1200 primeskiplist_timeout: 1200 # 50 minutes jobs_stale_after: 3000 jobs_qdepth: 50 dns: max_outstanding: 50 hosts_file: '/etc/hosts' no: ['group:__LOCAL_ADDRESSES__','group:__LOOPBACK_ADDRESSES__'] hooks: [] schedule: discoverall: when: '5 7 * * *' macwalk: when: min: 20 arpwalk: when: min: 50 nbtwalk: when: '0 8,13,21 * * *' expire: when: '30 23 * * *' makerancidconf: null job_prio: high: - 'contact' - 'delete' - 'hook::exec' - 'hook::http' - 'location' - 'portcontrol' - 'portname' - 'power' - 'snapshot' - 'vlan' normal: - 'arpnip' - 'arpwalk' - 'discover' - 'discoverall' - 'expire' - 'macsuck' - 'macwalk' - 'nbtstat' - 'nbtwalk' - 'scheduler' - 'stats' worker_plugins: - 'Internal::BackendFQDN' - 'Internal::SNMPFastDiscover' - 'AddPseudoDevice' - 'Arpnip' - 'Arpnip::Hooks' - 'Arpnip::Nodes' - 'Arpnip::Subnets' - 'Arpwalk' - 'Contact' - 'Delete' - 'Delete::Hooks' - 'Discover' - 'Discover::CanonicalIP' - 'Discover::Entities' - 'Discover::Hooks' - 'Discover::Neighbors' - 'Discover::Neighbors::DOCSIS' - 'Discover::Neighbors::Routed' - 'Discover::PortPower' - 'Discover::PortProperties' - 'Discover::PortProperties::PortAccessEntity' - 'Discover::Properties' - 'Discover::Properties::Tags' - 'Discover::Snapshot' - 'Discover::VLANs' - 'Discover::Wireless' - 'Discover::WithNodes' - 'DiscoverAll' - 'DumpConfig' - 'Expire' - 'ExpireNodes' - 'GetAPIKey' - 'Graph' - 'Hook' - 'Hook::Exec' - 'Hook::HTTP' - 'LoadMIBs' - 'Location' - 'Macsuck' - 'Macsuck::Hooks' - 'Macsuck::Nodes' - 'Macsuck::WirelessNodes' - 'Macsuck::Nodes::PortAccessEntity' - 'Macwalk' - 'MakeRancidConf' - 'Nbtstat' - 'Nbtstat::Core' - 'Nbtwalk' - 'NodeMonitor' - 'PortControl' - 'PortName' - 'Power' - 'PrimeSkiplist' - 'Psql' - 'Renumber' - 'Scheduler' - 'Show' - 'Snapshot' - 'Stats' - 'Vlan' - 'Vlan::Core' extra_worker_plugins: [] driver_priority: direct: 1000000 restconf: 500 netconf: 400 eapi: 300 cli: 200 snmp: 100 deferrable_actions: - 'arpwalk' - 'discoverall' - 'macwalk' - 'nbtwalk' - 'primeskiplist' - 'scheduler' - 'snapshot' # --------------- # GraphViz Export # --------------- graph: # ---- Graph Settings ---- edge_color : wheat graph : 'graph/netmap.gif' graph_png : 'graph/netmap.png' graph_bg : black graph_clusters : false # try fdp layout graph_color : white graph_default : png #graph_dir : net_dir.gif graph_epsilon : 6 graph_layout : twopi # try neato or fdp too graph_map : 'graph/netmap.map' graph_overlap : scale graph_nodesep : 2 graph_ranksep : .3 graph_raw : 'graph/graph_raw.dot' graph_splines : false graph_svg : 'graph/netmap.svg' graph_timeout : 90 graph_x : 30 graph_y : 30 node_fillcolor : dimgrey node_font : lucon node_fontsize : 46.0 node_fontcolor : white node_problem : red node_shape : box node_style : filled #edge_style : setlinewidth(10) # ---- Node Maps ---- # variable:matching pattern:node attribute:attribute value:key:key name #node_map: # - 'label:cat(?!-g):fillcolor:blue:cat:Blue Box - Catalyst Device' # - 'label:-g:fillcolor:darkgreen:dev-g:Green Box - Gateway / Router' # - 'ip:^192.168\.:color:yellow:dev:Yellow Border - ResNet' # --------------- # DANCER INTERNAL # --------------- charset: 'UTF-8' warnings: false show_errors: false logger: 'console' engines: netdisco_template_toolkit: subclass: 'Template::AutoFilter' encoding: 'utf8' start_tag: '[%' end_tag: '%]' ANYCASE: 1 ABSOLUTE: 1 PRE_CHOMP: 1 INCLUDE_PATH: [] AUTO_FILTER: 'html_entity' layout: 'noop' plugins: Swagger: main_api_module: 'App::Netdisco' ui_url: '/swagger-ui' show_ui: false ui_dir: '/dev/null' Auth::Extensible: no_api_change_warning: true no_default_pages: true no_login_handler: true realms: users: provider: 'App::Netdisco::Web::Auth::Provider::DBIC' schema_name: 'netdisco' session: 'cookie' session_cookie_key: 'this_will_be_overridden_on_webapp_startup' session_same_site: 'Lax' template: 'netdisco_template_toolkit' route_cache: true appname: 'Netdisco' behind_proxy: false HTTP-Header-X-Frame-Options: 'DENY' HTTP-Header-Content-Security-Policy: 'frame-ancestors none;'