LibreNMS groups for Oxidized

Tags: #<Tag:0x00007f522050cc50>

Hi guys. I have different models of HP switches (1910,1920,1950) they have two different commands for enable mode - _cmdline-mode on with two possible passwords and xtd-cli-mode with one. I need to get configs from all of them. My oxidized gets devices from LibreNMS, so I was thinking of creating overrides in LibreNMS to separate devices in groups by model so I can use different credentials for different groups.
The problem is I can’t find a way to separate devices based on model, OS\hostname\location won’t work in my case. Is there a way to create such groups? Or a different way to specify different credentials for these devices?

You can try separate device by model, e.g.:
$config[‘oxidized’][‘maps’][‘group’][‘hardware’][] = array(‘regex’ => ‘/^1910/’, ‘group’ => ‘1910’);

Just what I needed, thanks!

How to do this in newer oxidized version? I’m try to make work a lot of device types, each one with your own login.

not sure if this is helpful or not Lucas, but in your oxidized config file, do this:

groups:
fortios:
username: your_username
password: your_password
model: fortios

procurve:
username: other_device_username
password: other_device_password
model: procurve

cisco:
username: cisco_username
password: cisco_password
model: cisco

also it helps to do a systemctl status oxidized -l
I’m a bit of a beginner with Linux so I usually do "systemctl status oxidized -l > /etc/oxidized/start
to dump the output of oxidized into a textfile that I can save and look over to see what’s going on.
also running:

curl -H “X-Auth-Token:YOUR_API_TOKEN” http://127.0.0.1/api/v0/oxidized
can show you what librenms is feeding into oxidized, so you can see where things are breaking down.

also I will add that it’s been my experience that oxidized is really temperamental, if oxidized doesn’t get what it expects to get, it can crash. I run a fortinet firewall and I played with it to get it to backup, but it was capturing the changing certs on the device so it was versioning something new every single time it ran. I ended up just disabling the fortinet in librenms.

Unafortunely, i havent success yet.
I have switches in multi-vendor envirolment, each witch your own diferent credentials.
The only group that show in Oxidized is “default”. But even if i configure this group in Oxidized file, dont work.

Thanks for the tips. I have an problema with Oxidized service too (dont get up), so i use always the command: oxidized --daemonize

Have any idea how i can configure credentials per-device? One diferent of another.

@Lucas_Santana I will do my best to help but I’m far from any sort of expert. I had a similar problem with oxidized when I was using observium instead of librenms. This was on a Centos box, now I run it on Debian.
What are the details of your install? How many devices are you trying to backup?

First try running your curl command “curl -H “X-Auth-Token:your_token” http://127.0.0.1/api/v0/oxidized
(this command assumes that oxidized / librenms are on the same machine)

Verify that you’re getting the correct output from this before doing anything else.

I thanks in advance for help.
The output of curl -h command show some devices but not all. The output is in this mode:
“hostname”: “10.3.2.1”,
“os”: “3com”,
“ip”: “”
},

The “~/.config/oxidized/config” i comment the initial username and passwords and try to put in groups:

#username: user
#password: pass
#model: comware
resolve_dns: false
interval: 86400
log: /home/oxidized/.config/oxidized/logs
use_syslog: true
debug: true
threads: 30
timeout: 10
retries: 1
prompt: !ruby/regexp /^([\[email protected]]+[#>]\s?)$/
rest: xxx.xx.xxx.xxx:xxxx
next_adds_job: false
vars: {}
groups:
powerconnect:
username: user
password: pass
model: powerconnect
comware:
username: user
password: pass
model: comware
comware:
username: user
password: pass
model: comware

models: {}
pid: “/opt/librenms/.config/oxidized/pid”
crash:
directory: “/opt/librenms/.config/oxidized/crashes”
hostnames: false
stats:
history_size: 10
input:
default: ssh, telnet
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
output:
default: file
file:
directory: “/opt/librenms/.config/oxidized/configs”
source:
default: http
debug: false
http:
url: http://xxx.xxx.xx.xxx/api/v0/oxidized
map:
name: hostname
model: os
group: default
headers:
X-Auth-Token: ‘myauthtoken’
model_map:
cisco: ios
3com: comware
dell: powerconnect
dell2: dnos
default: comware

When i leave the first three lines uncommented, the devices that have those credencials works.

Another thing, i have using Oxidized inside LibreNMS. All devices is show in only one group in Oxidized: “default”.
I have try already to put this group, but no success too.

@Lucas,

your output looks good. So now we have two things to do to get this working right. First, we need to modify /opt/librenms/config.php so that it changes the output of the above curl command when sending to Oxidized. The second thing we must do is tell Oxidized what to do with the groups.

This is detailed here: https://docs.librenms.org/Extensions/Oxidized/ under Creating overrides. In my config I have the following:
$config[‘oxidized’][‘maps’][‘group’][‘hostname’][] = array(‘regex’ => ‘/10.11.1.1/’, ‘group’ => ‘fortios’);
$config[‘oxidized’][‘maps’][‘group’][‘hostname’][] = array(‘regex’ => ‘/10.11.19.170/’, ‘group’ => ‘aosw’);
after saving the config I usually stop / restart web server. I’m not sure if this is necessary but I want to make sure the new configuration takes.

then when I run the curl command, I can see that these hosts are now going into those groups (fortios & aosw).

example:
“hostname”: “10.11.1.1”,
“os”: “fortios”,
“ip”: “”,
“group”: “fortios”

Now we have data going to oxidized how we want. at the bottom of my /etc/oxidized/config I have the following:

groups:
fortios:
username: admin
password: myFortiOS password
model: fortios

IMPORTANT: MODEL is what I think Oxidized uses to match for correct commands to backup device.
RB files located at /lib/oxidized/model/ (search filesystem for aosw.rb to find complete path - open rb files for additional details on what models the RB file covers.

now stop / start oxidized and also check systemctl status oxidized -l and watch oxidized connect to hosts. Keep monitoring to see oxidized is doing also check Oxidized logs you may need to enable debug mode. You can also check your librenms URL / device to see if oxidized tab appears for the device and if you are getting a successful backup. ALSO check target device logs / syslog to see if oxidized is trying to logon using credentials from /etc/oxidized/config (for group) – if logon was successful, see what commands were run (it could be the wrong RB file is being used / wrong model match), if logon was unsuccessful this could also be RB file or group matching / credentials not correct in /etc/oxidized/config

@Lucas_Santana also here is my oxidized config for you to compare. I think file is in yaml format so spaces / idents etc. are important…I think.


username: default_group_username #username for default group most of same devices on network
password: default_group_password
model: ios #most all switches/routers on network here is ios
resolve_dns: false
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\[email protected]]+[#>]\s?)$/
rest: 127.0.0.1:8888
next_adds_job: false #I think this option uses syslog to initiate a new configuration backup
vars: {}
groups: {}
models: {}
pid: "/home/oxidized/pid"
crash:
  directory: "/etc/oxidized/crashes"
  hostnames: false
stats:
  history_size: 10
nput:
  default: ssh, telnet
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true
source:
        default: http
        debug: false
        http:
          url: http://127.0.0.1/api/v0/oxidized
          map:
            name: hostname
            model: os
            group: group
            username: default_group_username
            password: default_group_password
          headers:
            X-Auth-Token: 'my_x_auth_token'

 output:
  default: git
  git:
    user: my_oxidized_user
    email: [email protected]_librenms.my_domain.edu
    repo: "var/git/network-backups/.git"

groups:
  fortios: #defined in /opt/librenms/config.php overrides verify using curl
    username: fortios_username
    password:  fortios_password
    model: fortios
  aosw: #defined in /opt/librenms/config.php overrides
    username: aosw_username
    password: aosw_password
    model: aosw

hope this helps you. Also my config might not be 100% perfect, I am not an expert with this, I just struggled for several days getting it working on my own and trying new things.