LibreNMS groups for Oxidized

Hi guys. I have different models of HP switches (1910,1920,1950) they have two different commands for enable mode - _cmdline-mode on with two possible passwords and xtd-cli-mode with one. I need to get configs from all of them. My oxidized gets devices from LibreNMS, so I was thinking of creating overrides in LibreNMS to separate devices in groups by model so I can use different credentials for different groups.
The problem is I can’t find a way to separate devices based on model, OS\hostname\location won’t work in my case. Is there a way to create such groups? Or a different way to specify different credentials for these devices?

You can try separate device by model, e.g.:
$config[‘oxidized’][‘maps’][‘group’][‘hardware’][] = array(‘regex’ => ‘/^1910/’, ‘group’ => ‘1910’);

Just what I needed, thanks!

How to do this in newer oxidized version? I’m try to make work a lot of device types, each one with your own login.

not sure if this is helpful or not Lucas, but in your oxidized config file, do this:

groups:
fortios:
username: your_username
password: your_password
model: fortios

procurve:
username: other_device_username
password: other_device_password
model: procurve

cisco:
username: cisco_username
password: cisco_password
model: cisco

also it helps to do a systemctl status oxidized -l
I’m a bit of a beginner with Linux so I usually do "systemctl status oxidized -l > /etc/oxidized/start
to dump the output of oxidized into a textfile that I can save and look over to see what’s going on.
also running:

curl -H “X-Auth-Token:YOUR_API_TOKEN” http://127.0.0.1/api/v0/oxidized
can show you what librenms is feeding into oxidized, so you can see where things are breaking down.

also I will add that it’s been my experience that oxidized is really temperamental, if oxidized doesn’t get what it expects to get, it can crash. I run a fortinet firewall and I played with it to get it to backup, but it was capturing the changing certs on the device so it was versioning something new every single time it ran. I ended up just disabling the fortinet in librenms.

Unafortunely, i havent success yet.
I have switches in multi-vendor envirolment, each witch your own diferent credentials.
The only group that show in Oxidized is “default”. But even if i configure this group in Oxidized file, dont work.

Thanks for the tips. I have an problema with Oxidized service too (dont get up), so i use always the command: oxidized --daemonize

Have any idea how i can configure credentials per-device? One diferent of another.

@Lucas_Santana I will do my best to help but I’m far from any sort of expert. I had a similar problem with oxidized when I was using observium instead of librenms. This was on a Centos box, now I run it on Debian.
What are the details of your install? How many devices are you trying to backup?

First try running your curl command “curl -H “X-Auth-Token:your_token” http://127.0.0.1/api/v0/oxidized
(this command assumes that oxidized / librenms are on the same machine)

Verify that you’re getting the correct output from this before doing anything else.

I thanks in advance for help.
The output of curl -h command show some devices but not all. The output is in this mode:
“hostname”: “10.3.2.1”,
“os”: “3com”,
“ip”: “”
},

The “~/.config/oxidized/config” i comment the initial username and passwords and try to put in groups:

#username: user
#password: pass
#model: comware
resolve_dns: false
interval: 86400
log: /home/oxidized/.config/oxidized/logs
use_syslog: true
debug: true
threads: 30
timeout: 10
retries: 1
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: xxx.xx.xxx.xxx:xxxx
next_adds_job: false
vars: {}
groups:
powerconnect:
username: user
password: pass
model: powerconnect
comware:
username: user
password: pass
model: comware
comware:
username: user
password: pass
model: comware

models: {}
pid: “/opt/librenms/.config/oxidized/pid”
crash:
directory: “/opt/librenms/.config/oxidized/crashes”
hostnames: false
stats:
history_size: 10
input:
default: ssh, telnet
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
output:
default: file
file:
directory: “/opt/librenms/.config/oxidized/configs”
source:
default: http
debug: false
http:
url: http://xxx.xxx.xx.xxx/api/v0/oxidized
map:
name: hostname
model: os
group: default
headers:
X-Auth-Token: ‘myauthtoken’
model_map:
cisco: ios
3com: comware
dell: powerconnect
dell2: dnos
default: comware

When i leave the first three lines uncommented, the devices that have those credencials works.

Another thing, i have using Oxidized inside LibreNMS. All devices is show in only one group in Oxidized: “default”.
I have try already to put this group, but no success too.

@Lucas,

your output looks good. So now we have two things to do to get this working right. First, we need to modify /opt/librenms/config.php so that it changes the output of the above curl command when sending to Oxidized. The second thing we must do is tell Oxidized what to do with the groups.

This is detailed here: https://docs.librenms.org/Extensions/Oxidized/ under Creating overrides. In my config I have the following:
$config[‘oxidized’][‘maps’][‘group’][‘hostname’][] = array(‘regex’ => ‘/10.11.1.1/’, ‘group’ => ‘fortios’);
$config[‘oxidized’][‘maps’][‘group’][‘hostname’][] = array(‘regex’ => ‘/10.11.19.170/’, ‘group’ => ‘aosw’);
after saving the config I usually stop / restart web server. I’m not sure if this is necessary but I want to make sure the new configuration takes.

then when I run the curl command, I can see that these hosts are now going into those groups (fortios & aosw).

example:
“hostname”: “10.11.1.1”,
“os”: “fortios”,
“ip”: “”,
“group”: “fortios”

Now we have data going to oxidized how we want. at the bottom of my /etc/oxidized/config I have the following:

groups:
fortios:
username: admin
password: myFortiOS password
model: fortios

IMPORTANT: MODEL is what I think Oxidized uses to match for correct commands to backup device.
RB files located at /lib/oxidized/model/ (search filesystem for aosw.rb to find complete path - open rb files for additional details on what models the RB file covers.

now stop / start oxidized and also check systemctl status oxidized -l and watch oxidized connect to hosts. Keep monitoring to see oxidized is doing also check Oxidized logs you may need to enable debug mode. You can also check your librenms URL / device to see if oxidized tab appears for the device and if you are getting a successful backup. ALSO check target device logs / syslog to see if oxidized is trying to logon using credentials from /etc/oxidized/config (for group) – if logon was successful, see what commands were run (it could be the wrong RB file is being used / wrong model match), if logon was unsuccessful this could also be RB file or group matching / credentials not correct in /etc/oxidized/config

@Lucas_Santana also here is my oxidized config for you to compare. I think file is in yaml format so spaces / idents etc. are important…I think.


username: default_group_username #username for default group most of same devices on network
password: default_group_password
model: ios #most all switches/routers on network here is ios
resolve_dns: false
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 127.0.0.1:8888
next_adds_job: false #I think this option uses syslog to initiate a new configuration backup
vars: {}
groups: {}
models: {}
pid: "/home/oxidized/pid"
crash:
  directory: "/etc/oxidized/crashes"
  hostnames: false
stats:
  history_size: 10
nput:
  default: ssh, telnet
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true
source:
        default: http
        debug: false
        http:
          url: http://127.0.0.1/api/v0/oxidized
          map:
            name: hostname
            model: os
            group: group
            username: default_group_username
            password: default_group_password
          headers:
            X-Auth-Token: 'my_x_auth_token'

 output:
  default: git
  git:
    user: my_oxidized_user
    email: my_oxidized_user@my_librenms.my_domain.edu
    repo: "var/git/network-backups/.git"

groups:
  fortios: #defined in /opt/librenms/config.php overrides verify using curl
    username: fortios_username
    password:  fortios_password
    model: fortios
  aosw: #defined in /opt/librenms/config.php overrides
    username: aosw_username
    password: aosw_password
    model: aosw

hope this helps you. Also my config might not be 100% perfect, I am not an expert with this, I just struggled for several days getting it working on my own and trying new things.

Hello! Sorry for the delay in reply, my work is being hard.
Yes, your comments and configs help me a lot! Thanks!

Well, i have try to put the “source” to csv now, for tests. With many tests, i have an better vision of the Oxidized. With CSV i can tell to Oxidized credentials per devices now.

My main problem now is 3Com devices. Oxidized dont get the configs… status show “no_connection”. I have search a lot in web, but nothing works.

@Lucas_Santana

try running:
sudo find -name “ios.rb”
it should be in a directory similar to the following: /var/lib/gems/2.5.0/gems/oxidized-0.28.0/lib/oxidized/model your ruby version and oxidized version may vary. Inside of this directory there are various RB files that oxidized uses to connect to the devices and “suck” the config off of them. I’m guessing that the correct RB file is comware.rb / flag your 3com devices as model comware and see if it works. I had a problem with an aruba wireless controller that I couldn’t get to backup. I tried the different RB files and none seemed to work and I didn’t feel like trying to figure out how to alter the RB file to make it work and I never asked anyone to write one for me.

Yes, all the 3Com Switches has set to comware already. None work… the logs files show that login is success but no more happen, like:

  • Copyright© 2004-2009 3Com Corp. and its licensors. All rights reserved. *
  • Without the owner’s prior written consent, *
  • no decompiling or reverse-engineering shall be allowed. *

Login authentication

Username:admin
Password:
<3Com_Switch>
~

He dont make the “system-view” command (like a enable in IOS).
I have try:

  • Change the OS (for HP Switches);
  • Make changes in “comware.rb” file;
  • Upgrade or downgrade the “comware.rb” file;
  • Some others things…

Searches in internet is almost done, i’m stuck…
Unfortunately, this Linux software is another one of that suffer with no documentation. In your own official documentation, is terrible…

@Lucas_Santana I wish I could help more. if the 3com switches have history or if you can make sense of the RB file, you should be able to see why the config backup is not working. I’m fortunate that the HP/Aruba switches backup fine and when we had cisco equipment, those backed up fine also. My aruba wireless control does not back up. I got my fortinet firewall backing up but the config changed multiple times per hour due to SSL keys, so this was spawning a backup. Within a few hours we had 50+ copies of the config.

How often does the config change on your 3com switches? If you cannot get oxidized to work, you could take a manual copy of the config and then flag oxidized to not back it up. I know that’s janky but sometimes we do what we have to.

Hello @Killo_RIchards !
Sorry again for delay in reponses.
Finally i’ve solve the problem with 3Com switches. was only enter in vty lines and apply the command: “screen-length 0” and optionaly " info-center source default channel 1 log state off debug state off"

After this, i’ve solve others many problems with others OS too. Finally i’ve have actually 98 devices been backup up with Oxidized!

Now i will make the documentation to present to client that i work and other documentation to an new future project. But before i have many others ideas to integrate with LibreNMS, like configure Syslog, configure Nginx to protect the Oxidized URL, integrate authentication with AD and others.

Did you manage to solve the problem with many versions of FotiOS backups? I’ve have this issue too…

Hi,

I am keeping config at LibreNMS and feed oxidized with username/password from LibreNMS:

In the oxidized “config”:

source:
  default: http
  debug: false
  http:
    url: https://localhost/api/v0/oxidized
    scheme: https
    secure: false
    map:
      name: hostname
      model: os
      group: group
      username: username
      password: password
    headers:
      X-Auth-Token: 'MySecretToken'

in “/opt/librenms/config.php”:

$config[‘oxidized’][‘ignore_os’] = array(‘linux’,‘windows’);
$config[‘oxidized’][‘ignore_types’] = array(‘server’,‘power’);
$config[‘oxidized’][‘maps’][‘group’][‘os’] = array(‘match’ => ‘ios’, ‘group’ => ‘Cisco’);
$config[‘oxidized’][‘maps’][‘group’][‘os’] = array(‘match’ => ‘iosxe’, ‘group’ => ‘Cisco’);
$config[‘oxidized’][‘maps’][‘group’][‘os’] = array(‘match’ => ‘nxos’, ‘group’ => ‘Nexus’);
$config[‘oxidized’][‘maps’][‘group’][‘os’] = array(‘match’ => ‘procurve’, ‘group’ => ‘Aruba’);
$config[‘oxidized’][‘maps’][‘group’][‘os’] = array(‘match’ => ‘arista_eos’, ‘group’ => ‘Arista’);

$config[‘oxidized’][‘maps’][‘username’][‘os’] = array(‘match’ => ‘procurve’, ‘username’ => ‘admin’);
$config[‘oxidized’][‘maps’][‘password’][‘os’] = array(‘match’ => ‘procurve’, ‘password’ => ‘PW_A’);
$config[‘oxidized’][‘maps’][‘username’][‘os’] = array(‘match’ => ‘arista_eos’, ‘username’ => ‘admin’);
$config[‘oxidized’][‘maps’][‘password’][‘os’] = array(‘match’ => ‘arista_eos’, ‘password’ => ‘PW_B’);
$config[‘oxidized’][‘maps’][‘username’][‘os’] = array(‘regex’ => ‘/ios|nxos|iosxe/’, ‘username’ => ‘oxidized’);
$config[‘oxidized’][‘maps’][‘password’][‘os’] = array(‘regex’ => ‘/ios|nxos|iosxe/’, ‘password’ => ‘PW_Z’);

$config[‘oxidized’][‘maps’][‘group’][‘os’][] = [‘match’ => ‘XXX’, ‘group’ => ‘ZZZ’];
$config[‘oxidized’][‘maps’][‘model’][‘os’][] = [‘match’ => ‘XXX’, ‘model’ => ‘YYY’];

‘group’ and ‘model’ means? so it will match XXX or ZZZ or YYY?