Automatic Device Discovery with SolarWinds

Hello SolarWinds® admin, I have a question for you: how many times has someone gone to your desk complaining about not receiving alerts from a particular faulty device, and then you realise that that particular device is not being monitored in SolarWinds, probably because no one told you that device existed, or had to be monitored?

Annoying, isn’t it? Well, there is a solution for this, a solution that will allow us to be sure that any device connected to our network is monitored in our NMS (Network Monitoring Tool). This solution takes advantage of the capabilities of SolarWinds User Device Tracker (UDT) and SolarWinds IP Address Manager (IPAM) Orion modules. A bit of background on these before we continue:

SolarWinds User Device Tracker allows you to monitor and track endpoints connected to your network, getting the following details from those endpoints:

• MAC address
• IP Address
• Vendor

SolarWinds IP Address Manager is an Orion module that monitors the usage of the IP addresses of your subnets, along with DHCP and DNS server.

Thus, with the information provided by SolarWinds UDT we can compare the list of IP addresses of the endpoints connected to our network with the list of IP addresses of the actual devices that are being monitored in SolarWinds. From this, we can compare and determine devices not monitored by Orion. Probably this list will contain lots of PCs, laptops and other types of devices that you don’t really need to monitor in SolarWinds, but it might also contain other types of devices such as switches, routers, firewalls, Wireless LAN Controllers… These are the ones that we want to monitor, and it shouldn’t be too difficult to identify these devices by cross-checking the vendor (Cisco, HP, Huawei, F5, Check Point, Palo Alto…) identity already provided by UDT.

And to double check that those discovered devices are still connected to our network, and they weren’t connected to the network just for testing, for example, we can use SolarWinds IPAM to verify that the device is still connected to the network by checking that the IP address is still being used.

Let’s recap what we need to do to solve this issue:

• Use SolarWinds UDT to monitor endpoints connected to the network
• Compare the list above with the list of devices already monitored in your SolarWinds platform
• Filter out all those devices that you don’t want to monitor
  • PCs
  • Laptops
  • Phones
• Use SolarWinds IPAM to check that the discovered devices are still connected to the network

Following all these steps you would get a nice report on devices that potentially should be monitored in your SolarWinds platform. However, now the question is, how can I get this report in SolarWinds? Is it difficult to create? Is there anything available out of the box?

Unfortunately there is not this report as such available in SolarWinds, at least out of the box, however, do not worry guys, we have you covered on this, we (Prosperon team) have created a SWQL query that shows you all devices that match the conditions defined on the list above. This SWQL query can be used primarily on a custom query resource on a dashboard. This is the report which will list devices you can review to determine if it should be added to the monitoring scope.

• Make sure you have SolarWinds User Device Tracker and SolarWinds IP Address Manager installed on the same server of your SolarWinds Network Performance Monitor (NPM) and/or SolarWinds Server and Application Monitor (SAM)
• Make sure  you are monitoring all network devices in UDTandall subnets in IPAM
• Add a Custom Query to any summary view (Customize Page -> Add Widget -> Custom Query)
• Change title to: Device connected to the network and not monitored in Orion
• Copy the content of this script in the Custom SWQL query box

• Tick Enable Search
• Copy the content of this script in the Search SWQL query box

• Change the number of rows per page to something more convenient for your environment, such as 20 or 30.
• Submit

NOTE: the script provided does not include any filter to exclude devices based on vendor. We leave this task to you guys. Steps are detailed in the scripts provided.

The screenshot below shows what the custom query configuration should look like once the steps above are completed.

I hope this blog has been informative for you guys and the query helps you to keep all your devices monitored in SolarWinds.