This is intended as a guide for tuning VMware vCenter Application Discovery Manager (ADM)’s passive discovery settings. It is assumed that the desired traffic is being presented to ADM, however, for various reasons, these hosts, services, or connections are not being discovered or presented in the inventory when viewing the GUI.
Several heuristics exist in ADM’s Passive Discovery to limit discovery of hosts, services, and connections to those confirmed to be true dependencies. At times, it may be necessary to change the default settings in ADM to ensure that more items are discovered.
VMware recommends using the following settings in the Passive Discovery Scope and Plan if vCenter Application Discovery Manager (ADM) is expected to discover all connections. To change these settings, go to the vCenter ADM GUI and navigate to Manage > Passive Discovery.
These discovery plan rules also ensure that hosts, services or connections are dropped if they are discovered by the listener (aka the passive probe).
probe-params.custom.txt
file.cd /home/nlayers/Seneca/probe/
vi probe-params.custom.txt
-e
in the line as well.-CN 1 -j 2 -p 10 -U -u 20 -W -CM 2
adm_control.pl --restart listener
-CN 1
-j 2
-p 10
-U
-u 20
-W
-CM 2
(only in ADM 6.2 and above)# vi /home/nlayers/Seneca/probe/resources/base.ppt.xml
To this:
<param name="connMaturityAge" value="2">
After making the change, restart the listener by running this command:
adm_control.pl --restart listener
Modifying ADM port filters to extend TDS and TNS discovery
By default TDS and TNS are only discovered on the following ports.
TDS: 1443, 1433, 5003
TNS: 66, 1515, 1521, 1522, 1523, 1524, 1525, 1526, 1527, 1528, 1529
In order to expand the list of ports, a custom PPT (Protocol Parse Tree) file must be created.
Custom PPT files should be placed in the following location on each Collector:
# /home/nlayers/Seneca/probe/resources/
Ownership of the file should be nlayers:nlayers. Run this command:
chown nlayers:nlayers TDS.ppt.custom.xml
where TDS.ppt.custom.xml
is the name of your custom PPT file.
After custom fingerprint files are placed in the resource directory, restart the listener. Make sure the listener is running without errors by tailing the
listener.root.log
. If it is dying or will not start, there is probably a syntax error or the XML isn't well-formed.
Example: To allow TDS traffic on ports 5003, 5105 and 5780 to be discovered:
<protocol-parse-tree location="/Ethernet2/IP/TCP">
<parser name="PortFilter">
<params>
<param name="ports" value="5003,5105,5780">
</params>
<parser name="TDS"/>
</parser>
</protocol-parse-tree>
Example: To specify a range of ports for discovering TDS:
<protocol-parse-tree location="/Ethernet2/IP/TCP">
<parser name="PortFilter">
<params>
<param name="minPort" value="5220">
<param name="maxPort" value="5225">
</params>
<parser name="TDS"/>
</parser>
</protocol-parse-tree>
Example: To allow TDS traffic or traffic on any TCP port to be discovered:
<protocol-parse-tree location="/Ethernet2/IP/TCP">
<parser name="TDS"/>
</protocol-parse-tree>