Device42 Discovery Agent
There exist special situations in which an agent simply makes more sense, and for that reason, we offer optional auto-discovery agents for many platforms (see “Supported Platforms” below).
Some situations simply cannot be discovered agentlessly either because they are unreachable from the network, or because certain rules don’t permit traffic flow. These special cases, and other security-hardened uses that may prove difficult otherwise are cases for which we recommend customers utilize agents. Note you are free to deploy and use agents as you see fit, as agents provide equivalent functionality vs. Device42’s agent-less discovery, but we do recommend the majority of users stick with agent-less.
Discovery Account WARNING: Please do not set up an auto-discovery / scan using critical [production] account credentials! Please create a separate, dedicated account to use only for discovery
Doing so, depending on permissions granted & configured password policies could result in account lock-out, therefore causing an otherwise completely avoidable outage.
Device42 Auto-discovery agents are available for deployment on the following platforms:
The client can be downloaded by going to Discovery > Agent Based Scans. Enter the URL as it will be accessed by the agent from the remote machine, and choose your platform: Windows, Mac, Linux, BSD, etc.
It can be run from the command line or can be scheduled using the relevant scheduling program per OS. When running the application, the following switches are available:
|-collect-responses||collects all shell commands responses to collected-responses.log|
|-debug||prints the data being sent and result of post operation|
|-device-customer string||default device customer|
|-device-object-category string||default device object category|
|-device-service-level string||default device service level|
|-device-tags string||default device tags|
|-dry-run||doesn’t do a post, just prints the data to be sent|
|-extended-logs||enables extended logs|
|-hostname-precedence||sets device name as new name to prevent creation of new device if only hostname was changed|
|-ignore-ipv6||ignore IPv6 addresses|
|-ignore-local-ips string||sets list of local IPs to ignore|
|-ignore-local-ports string||sets list of local ports to ignore|
|-ignore-remote-ips string||sets list of remote IPs to ignore|
|-ignore-remote-ports string||sets list of remote ports to ignore|
|-ip-vrf-group string||default IP VRF group|
|-light-mode||reduces CPU utilization by cost of discovery speed|
|-quiet||enables extended logs|
|-sudo-password string||sudo password used in some OSes (Mac, Linux) to get information about the system|
|-version||print version number and exit|
Scheduling With Crontab in Linux
Scheduling the agent as a non-root user will work fine, but for best results we recommend running the command with sudo. In order to have the cron-job run successfully with sudo, make sure to edit the sudoers file to allow the specific user you’ll be using to have permission to the agent command with sudo without a password.
1) Edit the line in the sudoers file to look something like:
greg ALL=(ALL:ALL) NOPASSWD: /home/greg/d42agent
Replacing “greg” with the user and “/home/greg/d42agent” with the absolute path to the agent.
2) In crontab for the same user, add a line like the following to set your command execution schedule:
0 0 * * * sudo /home/greg/d42agent
Be sure to replace the path above with the path to the agent. This will run the agent every minute on the machine and you should see all information. Running without sudo will prevent information such as machine serial and uuid, as well as other output from dmidecode from being discovered.
Linux and Mac Note
After downloading, if the agent is not executable – make it executable (i.e., chmod +x agentname). Sudo is required for best results, and the password may be passed using –sudo-password=”password”.
After downloading the agent, use the Windows Task Scheduler to schedule the executable file (*.exe) to run at the intervals you want.