cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

How would you build a regular Report, or a Compliance Report, to provide counts of ports with, or without, specific configuration lines?

I've been challenged to use NPM or NCM (or any SW module) to do the following (and I don't see the way to do it yet):

Given:  NPM monitors all switch ports, and NCM backs up all Switches nightly

Tasks:  Use Solarwinds to

  • Display the total count of ports with ISE configured in "enforcement" mode.
    • Each switchport configuration requires perhaps a dozen or twenty lines to properly enable ISE in our environment.
    • The port count must display the total number of ports with ISE enabled or disabled across a thousand switches (e.g.: 47,000 ports with ISE enabled, 1,000 ports with it disabled).
      • The report could go a step deeper and list ISE ports and non-ISE ports broken down by switch.
  • Display the total count of ports with ISE configured in "monitor" mode.
    • The port count must display the total number of ports with ISE in monitor or NOT in monitor mode
      • It would be a valuable option to be able to drill in deeper and break this list down by switch, and display the ports in monitor mode or not in monitor mode
  • Display the total count of ports with ISE configured in "open authentication" mode
    • Optionally, break the list down by switch and switchport, displaying only the ports in "open auth" mode
  • Display the count of ports participating in trunks
    • It should list separately the count of ports in port-channels that are uplinks to Distribution or Core switches
      • Downlink ports, or ports to PC's requiring multiple VLAN's, must be counted separately from the uplink ports.  We'll make it easy and specify port-channel 1 will always be an uplink, and higher numbered port-channels will always be downlinks
      • The count could additionally/optionally be displayed on a per-switch basis
  • List the total number of all switchports

Is this too specific / challenging for Solarwinds products to do?  It seems like the Compliance Reporting is ideal for it, but I'm not having good luck so far.

Swift packets!

Rick Schroeder

0 Kudos
3 Replies

rschroeder

I had done something similar a while back too, only mine was probably far less formal than what you need.

These are from the land before time, but they sounded similar to what you were asking for... at least they sound similar to each other in my head.

NCM PolicyCacheResults Individual Totals

Re: Compliance Report, Summarize & Count Multiple Violations Per Device

Basically, I just made compliance reports for each thing I needed to find, then made a job to run on SQL server to count them all out. Probably also similar to option 2 from m_roberts​, but maybe not as advanced as what they did.

Let us know how you did it... once you do it.

Thank you,

-Will

Hi Rick,

There is no where in the database that this definition is stored as normalised data and therefore this is going to require something creative.

We have created something reasonably similar for a customer previously and identified two methods:

1. Create a Compliance Policy, where you create a rule for each condition you require. Use config block to search within Interfaces. Within the Cirrus.PolicyCacheResults SWQL entity you will see a column 'XMLResults'. You could use this to identify the results and perform some counts using some lovely SWQL code

2. (This is the route we took a few years ago). Created a custom SQL Function, which are called via Stored Procedure that looks within the NCM_ConfigArchive > Config table and cell. The Function parses through the config.

This is pretty heavy lifting stuff, but the data does exist within NCM, just not in a nice format.

Mark Roberts

Prosperon - UK SolarWinds Partners

Installation | Consultancy | Training | Licenses

facebook_icon.jpglinkedin.pngblogger.pngtwitter-icon.jpg 

Mark, yours is the method I thought I'd probably end up using, but I was hoping there was something someone was already using to provide a simple and fast useful output.  I"ll build a Compliance Report that searches for the required config lines and try to figure out a pretty way to count the switches and switchports.

But I'd be open for any suggestions or examples of SQL or SWQL that could  ouput the total count of ports / switches that comply or do NOT comply.

Thank you!

Rick Schroeder

0 Kudos