New Plugin: Host Status plugin (1.5.6 FOG version)


  • Developer

    Hi,
    With the 1.5.6 release version is available one new plugin: Host Status.

    This plugin say you the state of the computer in the host edit page:

    Host_Edit_Page.png

    This plugin detects the OS that is running in the computer:

    • Windows windows_icon.png
    • Linux linux_icon.png
    • FOS (Fog Operative System): a FOG task is running in the PC FOS_icon.png
    • Unknown: the FOG server can not comunicate with the PC: the PC is shutdown or the firewall is closed (you must open the 445 TCP port in the computer) unknown_icon.png

    The state is detected on fly and only in the host edit page.

    NOTE: when you search one host or hosts, in the result list appears the state of the computers too, but this state is read from the database and this entry in the database is updated by FOGHostPing daemon. The daemon need time to iterate with all computers and update his state. If you have a lot of PC in your FOG server, the daemon takes one second per PC to update his state, there may be discrepancies between the two states (host status plugin and FOGHostPing daemon)


  • Developer

    @fry_p You can change both, line 110 and 114. If all works fine, when you are in FOS, must return 111 code. If you are under windows, must return 0.

    which value return when you are under windows? 0 or 6?
    If the value is 6, which OS are you using (Windows 7,8,10)?

    Another oddity is that the built in host pinging on the host list page is working properly and even detecting these are windows clients.

    The hostStatus plugin uses the same code that FOGHostPing daemon, if the daemon detects fine the status, there is something that doesn´t work correctly.

    You have 1500 hosts, the daemon launchs one ping per second then the status is updated every 25 minutes, in your case the status info is not very reliable. In my opinion is better disable this daemon.


  • Moderator

    @Fernando-Gietz May I ask what port the host returns the call to port 445 on the client? I ran the command:

    tcpdump -i ens192 dst port 445
    

    for the destination port of 445. I saw that it seemed FOG was calling out to each host in alphabetical order about 1 per second. If I understand correctly, is this plugin supposed to check real time/on the fly when I bring up the host edit page? It does not seem to be doing that. Please see the below mockup of what is happening:

    1 - TCP dump started for destination port 445.

    2- I see the following happening
    fogserver.domain.org—> Middleschoolroom1
    fogserver.domain.org—> Middleschoolroom2
    fogserver.domain.org—> Middleschoolroom3
    and so on

    3 - I open the host edit page for my PC (HS218-fry)

    4 - I check the tcp dump and I see that it never calls out to 445 on my pc and continues with:

    fogserver.domain.org—> Middleschoolroom4
    fogserver.domain.org—> Middleschoolroom5
    fogserver.domain.org—> Middleschoolroom6
    and so on

    It seems to never be attempting to contact my PC when I bring up the host edit page.

    Here is a real example. I brought up the host edit page for my PC right in the middle of this tcpdump pictured below.
    plugin.png

    Another oddity is that the built in host pinging on the host list page is working properly and even detecting these are windows clients. If I am not mistaken from what you said, this also uses port 445 on the client, no? I am just thinking out loud


  • Moderator

    @Fernando-Gietz Do you want me to edit line 114 or 110 (what you just listed in your last reply)? I accidentally changed “Unknown” to $val in line 114 and it came up with a value of 6 with the red exclamation. I realized my error and went to line 110 and put in $val instead of FOS and it is showing up red exclamation and “unknown” still.


  • Developer

    Sorry!!! A little mistake in the code XD is not $ping, is $val

    Change the line:

     printf($strtoupdate, 'fos', 'cogs', 'green', 'FOS');
    

    To:

     printf($strtoupdate, 'fos', 'cogs', 'green', $val);
    

  • Moderator

    @Fernando-Gietz Would you like me to test this with the $ping variable in the php file? If so, I did a deploy to a laptop. It is still showing a red exclamation with no text when hovered over. If not, I can try again with the original syntax.

    I have roughly 1500 hosts registered to my fog server. I ran another tcpdump and I am seeing pairs of what appears to be “calls” and “replies” from hosts to and from the server. It is pretty steady 1-2 popping up per second. I do not believe our firewall touches internal traffic but I can verify. I am also checking Antivirus at the moment.


  • Developer

    For your first suggestion of modifying the PHP file with the $ping variable in the place of “Unknown”. When I hovered over the red exclamation after doing that, nothing appeared.

    The $ping value is null. Lets go to do another little test. Send a inventory or download task over the computer, when the computer is running the FOS, go to the host edit page and, return anything? Must to return 111 value.

    For the second suggestion of a tcpdump, there is quite a bit of chatter on that port for hosts all over our district. Is it possible fog is using this port for other purposes? I ran it for a 30 seconds and opened the host page and saw a lot of traffic, but none from the host I was working with.

    No, this port is used only for detect the status. If you have enabled the FOGPingHost daemon, you must to see all attemps of the server to detect the status of all computers that are in FOG (more or less 1 attemp by second). If you see this traffic, then the problem is in the computer or in the net (firewall, …)
    How many computers are in your server? When you list or search any computers, which status appears in the result list? All Unkkown?


  • Moderator

    @Fernando-Gietz For your first suggestion of modifying the PHP file with the $ping variable in the place of “Unknown”. When I hovered over the red exclamation after doing that, nothing appeared.

    For the second suggestion of a tcpdump, there is quite a bit of chatter on that port for hosts all over our district. Is it possible fog is using this port for other purposes? I ran it for a 30 seconds and opened the host page and saw a lot of traffic, but none from the host I was working with.


  • Moderator

    @Fernando-Gietz I am able to telnet from the fog server to the host on port 445 if that means anything. I will test these other suggestions over the next few hours.

    Thanks!


  • Developer

    You can test if the servers tries to create the socket with the tcpdump command:

    # tcpdump -i ens192 port 445
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
    
    16:15:06.613891 IP MyFOGServerNAME.50146 > MyClientName.microsoft-ds: Flags [S], seq 2877078362, win 29200, options [mss 1460,sackOK,TS val 949852974 ecr 0,nop,wscale 7], length 0
    16:15:06.614212 IP MyClientName.microsoft-ds > MyFOGServerNAME.50146: Flags [S.], seq 3947598439, ack 2877078363, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 7027147 ecr 949852974], length 0
    16:15:06.614236 IP MyFOGServerNAME.50146 > MyClientName.microsoft-ds: Flags [.], ack 1, win 229, options [nop,nop,TS val 949852974 ecr 7027147], length 0
    16:15:06.614291 IP MyFOGServerNAME.50146 > MyClientName.microsoft-ds: Flags [F.], seq 1, ack 1, win 229, options [nop,nop,TS val 949852974 ecr 7027147], length 0
    16:15:06.614585 IP MyClientName.microsoft-ds > MyFOGServerNAME.50146: Flags [.], ack 2, win 2081, options [nop,nop,TS val 7027148 ecr 949852974], length 0
    16:15:06.614636 IP MyClientName.microsoft-ds > MyFOGServerNAME.50146: Flags [R.], seq 1, ack 2, win 0, length 0
    
    

  • Developer

    To know which code returs, you can do a little change in the code:
    File: /var/www/html/fog/lib/plugins/hoststatus/hooks/addhoststatushost.hook.php

    case 0:
                            printf($strtoupdate, 'windows', 'windows', 'green', 'Windows');
                            break;
                    case 111:
                            $taskID = self::getSubObjectIDs(
                                'Task',
                                array('hostID' => $hostID,
                                          'stateID' => 2
                                    ),
                                'id'
                            );
                            if (is_null($taskID)) {
                                printf($strtoupdate, 'linux', 'linux', 'blue', 'Linux');
                            } else {
                                printf($strtoupdate, 'fos', 'cogs', 'green', 'FOS');
                            }
                            break;
                    default:
                            printf($strtoupdate, 'down', 'exclamation-circle', 'red', 'Unknown');
    

    Change the line 114:

    printf($strtoupdate, 'down', 'exclamation-circle', 'red', $ping);
    

    Now in the host edit page will be appeared the code in the description when the mouse pass over the icon.


  • Developer

    The script tries to create a socket from the server to the computer in the 445 TCP port, and depending the code that the computer returns, it determinates the OS.

    Code values:

    • 0: Windows
    • 111: Linux
    • 111 and active task in the database: FOS
    • default: Unknown
                    case 0:
                            printf($strtoupdate, 'windows', 'windows', 'green', 'Windows');
                            break;
                    case 111:
                            $taskID = self::getSubObjectIDs(
                                'Task',
                                array('hostID' => $hostID,
                                          'stateID' => 2
                                    ),
                                'id'
                            );
                            if (is_null($taskID)) {
                                printf($strtoupdate, 'linux', 'linux', 'blue', 'Linux');
                            } else {
                                printf($strtoupdate, 'fos', 'cogs', 'green', 'FOS');
                            }
                            break;
                    default:
                            printf($strtoupdate, 'down', 'exclamation-circle', 'red', 'Unknown');
    
    

    In your case:

    • Or the server can not reach the computer
    • Or the computer returns other code (neither 0 nor 111)

  • Moderator

    @Fernando-Gietz I may actually have an issue here. It is still displaying the red exclamation with the message “Unknown” for my computer which is on. I verified that Windows Firewall is completely disabled on my machine.

    I ran a packet capture from my FOG server with the following display filter:

    tcp.port eq 445 && ip.addr == (my host IP address here)
    

    I am basically looking for packets sent from the fog server with the destination of my PC and the destination port of TCP port 445. I started the capture and went to the host page for my PC in FOG. I waited there for a few moments and stopped the capture. There were no packets sent from the fog server during this time that fit the criteria.

    Perhaps I am mistaken, but it appears that the problem lies on FOG plugin side of things and not my host denying TCP port 445 as it appears the server is not sending the packet in the first place.

    Not that it matters, but all outbound traffic on my server should be allowed because I have firewalld disabled and off.

    What are your thoughts? I’d love to test suggestions if you have any!


  • Moderator

    @Fernando-Gietz Thank you for this! I just updated to 1.5.6 recently and am very interested in using this. I made sure TCP 445 is open on my hosts. Currently showing unknown and a red exclamation on the host pages of online hosts, but I will give it time to do its thing.


Log in to reply
 

461
Online

6.3k
Users

13.8k
Topics

129.9k
Posts