cnorborg · Network Professional IV · ✭✭✭✭✭

Haven't looked into doing it this way. Personally I do it as part of my compliance reporting in NCM, quite easy that way!!

Yea, that is rather annoying when you don't intend it. Especially since sometimes I only want to copy the Dynamic Selection rules to populate it with my own rules, not the ones that were in the initial policy. Then you have to go delete all of the rules and the time you saved copying the policy is lost spending it deleting…

You might find this of interest... Been pretty popular... CDP_Neighbor_Resource_v2.SWQL

Not quite sure what you're looking foir, but I think if you JOIN it to the Orion.NPM.Interfaces as such, you should be able to pull any field from there quite easily... Something like: JOIN Orion.NPM.Interfaces I ON ((E0.NodeID = I.NodeID) AND (E0.Router.Nodes.IP_Address = I.IPAddress.IPAddress))

Do you have access to the server itself? If so, bring up the "Database Manager" and either select your server or just "Add default server". Go to the "NetPerfMon" database, or whatever database it is, right click on the "Auditing Events" table and choose "Query Table". You can probably just do the default query, which is…

And you've keyed in on the problem pretty well. If all the interfaces were the same name, this would be an easy task, but right now not so much... I believe in NCM 7.4, of which the beta is out right now, you can do this however. It's part of the "complaince reports and remediation", with the new feature you need being…

"and get put put back"? Not quite sure what that means... Are you asking if you can get output back? Yes, although what output you get does seem to vary a bit. You can do CLI commands a few different ways, all of them via some sort of scripting. You don't get an interactive session if that's what you're asking. One way to…

Has there been any updates on this issue? I'm getting "Unable to retrieve url using CSV type" when I schedule some reports I'm working on via the web-based report writer. We're not using HTTPS and "Anonymous/Forms/Windows" authentication is enabled on my web-server... Pretty sure I have the DST fix applied, not sure why it…

So, never got any answers to this. But, decided to do a bit more exploration recently. Figured I'd put it here rather than starting another conversation, but thought I'd get cvachovecj‌ attention!! :-) I have a Switch report, with policies divided into Security related and Management related (shown below to show they're…

Another thing that has me wondering, maybe a bit related. After importing a bunch of devices into NPM/NCM, I quickly made a compliance report to find those nodes that I needed to update my TACACS configuration on. So, I made a report and told it I wanted to include all Cisco devices of a specific type and the report was…

ETS integration is mainly for an engineer who has the ETS on their desktop to be able to launch the tools while browsing their Orion server. It's not meant for installing the toolset on the server and allowing multiple people to run it from there. That being said, someone did work on a way around that - you can find it…

Quite possible that smiffy85‌ pointed you in the right direction, but if not try more details, your question is very vague. The answer could depend on what your conditions are? My first thoughts were towards using compliance reports in NCM, but...

Yea, would still love to know how to do it! Not sure how to get the space in there...

As I said, there might be a way to do it, the question would be whether or not it's overly complex or not. Sometimes two rules just makes it easy to understand and process... As for Chris T's potential solution, looks like it might work, have you tested it? I can see 4 configs that you should test it on. One without any…

Have been doing some more work on this and have discovered a couple things. The first is that there is more configurability to RTCD than I remembered. And although I love the "Step 1 .. Step 6" instructions given, I think I'd rather see a more typical "Configuration Settings" page for the various options for RTCD, with…

Try this: <IMG SRC="http://serverp/pictures/${Cabinet}.jpg" ALT="Home"></A> I think it should work from what I've seen...

Hmm... Maybe I'm interpreting the question differently, but it sounds like they're asking how to actually do install it? The process is quite simple, just unplug the router, plug the module into one of the WIC slots, and reboot the router. If you're IOS is not at least 15.0(1)M, you'll need to upgrade it to at least that.…

Yes, if you look under "Trap Details Pattern", you should see a section for "Examples" which gives a pretty good representation on what it expects and how to use RegExp to do what you want.

Ah, ok. I'd suggest doing the opposite, have the SIEM forward syslogs to Orion, hate to say it but the built in syslog processor in Orion isn't all that powerful. That's why they sell their own SIEM. Some SIEMs want to see an untouched syslog also, making sure the source IP and such are pristine in the TCP headers and…

Hmm... What logs? Orion receives logs, I don't know of it generating any on hosts?

Yes, the fortigate has tons of settings on it, and most of them tend to remain at their defaults. But, if you want to see absolutely everything, instead of just typing in "show" to see the configuration, you type in "show full-configuration" and it shows absolutely everything including those items set to their default…

Hmm... I use syslog-ng on a unix box set up to forward syslog traffic to my Orion server and another one (Ciscoworks). With syslog-ng I filter out alot of the garbage before I forward it, keeps the Orion server running well. I also have it saving raw logs in case I need to go back for some reason. Just a simple VM so there…

Any one of them can work, but that also depends on how you're monitoring it too.. If you monitor the Ge0/1, you'll get the dialer traffic, as well as the rest of it. The dialer traffic should be rather small, so probably not a lot of different in how much traffic. If you're monitoring with Netflow (ie: NTA), you will see…

Well, there are a few things to keep in mind, first - not all Cisco devices have the ability to do SSH. On newer devices you can see this by which devices have K9 in their IOS image name, older device use "K2" in the name. I've heard some devices might have "56i" instead of either K2/K9 too... You can figure out which ones…

Yea, I like Meraki, but have read elsewhere that their Netflow implementation is a bit sloppy. This kind of re-enforces that a bit in my mind. If they don't want to fully support the egress and ingress interface portion of netflow, they could have at least allowed it to export a "default" value. Here is an article by…

I'm guessing that your working in the "Report Writer", since you're using SQL rather than SWQL. I think they were thinking you were writing a custom resource in SWQL. One thing to keep in mind is that there are a lot of examples included with the product or on line here. If you go into an existing report, like "Current…

You know, I was thinking while looking at this about how it might be nice to have the ability to ignore by a "config block" like in the compliance rules. Would make the whole matching certificates and such much easier!! Not to mention more exacting. I have had some lines start with numbers, in banners and such, which match…

Works for me ok, check and see if there are any updates you should have applied? If not, maybe open a tech case?

The easiest and most straightforward way is to include the places where case can change in your search. ie: instead of searching for "Interface", search for "[Ii]nterface". The square brackets give a range of characters that are valid. In this case the upper and lowercase I are in the brackets. You can also do things like…

Vote on solving this issue!