New Plugin: Host Status plugin (1.5.6 FOG version)
-
@Fernando-Gietz Thank you for this! I just updated to 1.5.6 recently and am very interested in using this. I made sure TCP 445 is open on my hosts. Currently showing unknown and a red exclamation on the host pages of online hosts, but I will give it time to do its thing.
-
@Fernando-Gietz I may actually have an issue here. It is still displaying the red exclamation with the message “Unknown” for my computer which is on. I verified that Windows Firewall is completely disabled on my machine.
I ran a packet capture from my FOG server with the following display filter:
tcp.port eq 445 && ip.addr == (my host IP address here)
I am basically looking for packets sent from the fog server with the destination of my PC and the destination port of TCP port 445. I started the capture and went to the host page for my PC in FOG. I waited there for a few moments and stopped the capture. There were no packets sent from the fog server during this time that fit the criteria.
Perhaps I am mistaken, but it appears that the problem lies on FOG plugin side of things and not my host denying TCP port 445 as it appears the server is not sending the packet in the first place.
Not that it matters, but all outbound traffic on my server should be allowed because I have firewalld disabled and off.
What are your thoughts? I’d love to test suggestions if you have any!
-
The script tries to create a socket from the server to the computer in the 445 TCP port, and depending the code that the computer returns, it determinates the OS.
Code values:
- 0: Windows
- 111: Linux
- 111 and active task in the database: FOS
- default: Unknown
case 0: printf($strtoupdate, 'windows', 'windows', 'green', 'Windows'); break; case 111: $taskID = self::getSubObjectIDs( 'Task', array('hostID' => $hostID, 'stateID' => 2 ), 'id' ); if (is_null($taskID)) { printf($strtoupdate, 'linux', 'linux', 'blue', 'Linux'); } else { printf($strtoupdate, 'fos', 'cogs', 'green', 'FOS'); } break; default: printf($strtoupdate, 'down', 'exclamation-circle', 'red', 'Unknown');
In your case:
- Or the server can not reach the computer
- Or the computer returns other code (neither 0 nor 111)
-
To know which code returs, you can do a little change in the code:
File: /var/www/html/fog/lib/plugins/hoststatus/hooks/addhoststatushost.hook.phpcase 0: printf($strtoupdate, 'windows', 'windows', 'green', 'Windows'); break; case 111: $taskID = self::getSubObjectIDs( 'Task', array('hostID' => $hostID, 'stateID' => 2 ), 'id' ); if (is_null($taskID)) { printf($strtoupdate, 'linux', 'linux', 'blue', 'Linux'); } else { printf($strtoupdate, 'fos', 'cogs', 'green', 'FOS'); } break; default: printf($strtoupdate, 'down', 'exclamation-circle', 'red', 'Unknown');
Change the line 114:
printf($strtoupdate, 'down', 'exclamation-circle', 'red', $ping);
Now in the host edit page will be appeared the code in the description when the mouse pass over the icon.
-
You can test if the servers tries to create the socket with the tcpdump command:
# tcpdump -i ens192 port 445 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes 16:15:06.613891 IP MyFOGServerNAME.50146 > MyClientName.microsoft-ds: Flags [S], seq 2877078362, win 29200, options [mss 1460,sackOK,TS val 949852974 ecr 0,nop,wscale 7], length 0 16:15:06.614212 IP MyClientName.microsoft-ds > MyFOGServerNAME.50146: Flags [S.], seq 3947598439, ack 2877078363, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 7027147 ecr 949852974], length 0 16:15:06.614236 IP MyFOGServerNAME.50146 > MyClientName.microsoft-ds: Flags [.], ack 1, win 229, options [nop,nop,TS val 949852974 ecr 7027147], length 0 16:15:06.614291 IP MyFOGServerNAME.50146 > MyClientName.microsoft-ds: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 949852974 ecr 7027147], length 0 16:15:06.614585 IP MyClientName.microsoft-ds > MyFOGServerNAME.50146: Flags [.], ack 2, win 2081, options [nop,nop,TS val 7027148 ecr 949852974], length 0 16:15:06.614636 IP MyClientName.microsoft-ds > MyFOGServerNAME.50146: Flags [R.], seq 1, ack 2, win 0, length 0
-
@Fernando-Gietz I am able to telnet from the fog server to the host on port 445 if that means anything. I will test these other suggestions over the next few hours.
Thanks!
-
@Fernando-Gietz For your first suggestion of modifying the PHP file with the $ping variable in the place of “Unknown”. When I hovered over the red exclamation after doing that, nothing appeared.
For the second suggestion of a tcpdump, there is quite a bit of chatter on that port for hosts all over our district. Is it possible fog is using this port for other purposes? I ran it for a 30 seconds and opened the host page and saw a lot of traffic, but none from the host I was working with.
-
For your first suggestion of modifying the PHP file with the $ping variable in the place of “Unknown”. When I hovered over the red exclamation after doing that, nothing appeared.
The $ping value is null. Lets go to do another little test. Send a inventory or download task over the computer, when the computer is running the FOS, go to the host edit page and, return anything? Must to return 111 value.
For the second suggestion of a tcpdump, there is quite a bit of chatter on that port for hosts all over our district. Is it possible fog is using this port for other purposes? I ran it for a 30 seconds and opened the host page and saw a lot of traffic, but none from the host I was working with.
No, this port is used only for detect the status. If you have enabled the FOGPingHost daemon, you must to see all attemps of the server to detect the status of all computers that are in FOG (more or less 1 attemp by second). If you see this traffic, then the problem is in the computer or in the net (firewall, …)
How many computers are in your server? When you list or search any computers, which status appears in the result list? All Unkkown? -
@Fernando-Gietz Would you like me to test this with the $ping variable in the php file? If so, I did a deploy to a laptop. It is still showing a red exclamation with no text when hovered over. If not, I can try again with the original syntax.
I have roughly 1500 hosts registered to my fog server. I ran another tcpdump and I am seeing pairs of what appears to be “calls” and “replies” from hosts to and from the server. It is pretty steady 1-2 popping up per second. I do not believe our firewall touches internal traffic but I can verify. I am also checking Antivirus at the moment.
-
Sorry!!! A little mistake in the code XD is not $ping, is $val
Change the line:
printf($strtoupdate, 'fos', 'cogs', 'green', 'FOS');
To:
printf($strtoupdate, 'fos', 'cogs', 'green', $val);
-
@Fernando-Gietz Do you want me to edit line 114 or 110 (what you just listed in your last reply)? I accidentally changed “Unknown” to $val in line 114 and it came up with a value of 6 with the red exclamation. I realized my error and went to line 110 and put in $val instead of FOS and it is showing up red exclamation and “unknown” still.
-
@Fernando-Gietz May I ask what port the host returns the call to port 445 on the client? I ran the command:
tcpdump -i ens192 dst port 445
for the destination port of 445. I saw that it seemed FOG was calling out to each host in alphabetical order about 1 per second. If I understand correctly, is this plugin supposed to check real time/on the fly when I bring up the host edit page? It does not seem to be doing that. Please see the below mockup of what is happening:
1 - TCP dump started for destination port 445.
2- I see the following happening
fogserver.domain.org—> Middleschoolroom1
fogserver.domain.org—> Middleschoolroom2
fogserver.domain.org—> Middleschoolroom3
and so on3 - I open the host edit page for my PC (HS218-fry)
4 - I check the tcp dump and I see that it never calls out to 445 on my pc and continues with:
fogserver.domain.org—> Middleschoolroom4
fogserver.domain.org—> Middleschoolroom5
fogserver.domain.org—> Middleschoolroom6
and so onIt seems to never be attempting to contact my PC when I bring up the host edit page.
Here is a real example. I brought up the host edit page for my PC right in the middle of this tcpdump pictured below.
Another oddity is that the built in host pinging on the host list page is working properly and even detecting these are windows clients. If I am not mistaken from what you said, this also uses port 445 on the client, no? I am just thinking out loud
-
@fry_p You can change both, line 110 and 114. If all works fine, when you are in FOS, must return 111 code. If you are under windows, must return 0.
which value return when you are under windows? 0 or 6?
If the value is 6, which OS are you using (Windows 7,8,10)?Another oddity is that the built in host pinging on the host list page is working properly and even detecting these are windows clients.
The hostStatus plugin uses the same code that FOGHostPing daemon, if the daemon detects fine the status, there is something that doesn´t work correctly.
You have 1500 hosts, the daemon launchs one ping per second then the status is updated every 25 minutes, in your case the status info is not very reliable. In my opinion is better disable this daemon.
-
@Fernando-Gietz Hi,
I have installed the Host Status plugin on the latest FOG stable version (1.5.8) and it is not working. Running tcpdump on the FOG server does not show any packet to any host on port 445. The FOGPingHosts is working, or at least this is seems from the servicemaster.log
I can telnet from the FOG server to the hosts on port 445.Where else can I look to debug this?
-
Hi @gn_ro ,
I tested it in the last version 1.5.8 and works fine.
Take note that you must have opened the 445 TCP port in the client and you only see the status in the host page, not in the search page.