“Network Neighborhood” allows you to view all the machines that have communicated over the last 30 days with the server agent you have selected. This data is passively collected every second by reading the agent's ARP cache. Depending on the types of data to be collected, the polling time may change (OS: 24h, Netbios: 20min, IP: 1s). The detected modifications are sent in near real time, the unmodified neighbors are sent back every 24 hours.
Each machine is identified by its MAC address. When a new MAC entry is detected for the first time, it is sent back to the dashboard almost in real time. A new alert is also available in the Heartbeat portion of the "Alert" page so that you can be alerted when a new item is detected.
The data in the manufacturer column is derived from the MAC address.
The displayed IP is the local IP on the network. This data is updated every second.
Detection of the operating system is an indication based on the TTL setting of the ping. Only the Windows OS can be clearly identified if its ping TTL is left by default on the machine.
The detection of OS is made at the discovery of the neighbor then every 24 hours.
Ports opening and necessary services
In order for the agent to be able to detect the operating system of neighboring machines, it is necessary that:
- On inquirer agent : File and Printer Sharing (echo request - ICMPv4-In)
- On detected neighbor : File and Printer Sharing (echo request - ICMPv4-Out)
It is possible to configure a new alert when a new neighbor is detected. The "New neighbor detected" alert is available in the Heartbeat section of the Configuration / Alert page. You can associate it with the definition of an advanced expression in order to precisely filter the characteristics of the neighbor that will trigger the alert. The list of available filterable elements is like the columns on the "Network neighborhood" page. This data is accessible from the "event" object.
ip, mac, netbios, updatedAt, createdAt, macVendor, detectedOs, hasCorrespondingAgent
Example: I only want to be alerted for HP vendor neighbors with Windows as detected OS:
event.macVendor == 'HP and event.detectedOs ==' windows'
WAKE ON LAN
It is possible to send a Wake On Lan magic packet to a network neighbor. Each package will be specifically crafted for the targeted neighbor. To do this, simply click on the action button in the form of On / Off or select several agents then click on the Wake On Lan button at the top of the page.
DEPLOYMENT OF AGENTS
It is only possible to deploy the RG agent from a well-configured Windows-type server agent (WMI-Out and DCOM-Out firewall open).
If you only have a workstation type agent, you can promote your agent to an Server agent to take advantage of this feature.
The RG Windows agent will be downloaded from the RG cloud. The weight of the RG agent remains stable over time with a size of around 10 megabyte.
Prerequisites for the proper functioning of the agent deployment on a neighboring machine:
- The target machines must run at least Windows 7 / Windows Server 2008 R2 (PowerShell 2.0 compatibility);
- The WMI Remote service must be activated on the target machine;
- Windows must be installed on the C: disk of the target machine;
- The firewall must accept WMI-In and DCOM-In connections
In order to deploy the RG agent, an Active Directory domain controller must be present in the network of the target machine. If this is not the case, a local account can be used with the following conditions:
- Either UAC is disabled on the target machines and local administrator credentials are used;
- Either the default Windows Administrator account is used without disabling UAC.
To go further on the necessary WMI configurations, you can refer to this tutorial: https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-remotely-starting-with- vista
Cases of errors
Help with resolving agent deployment errors:
Connection failed (credentials or network)
Deployment agent failed to contact the remote machine. The causes of this error can be:
- the neighbor no longer exists or is not present in the network;
- the neighboring machine is switched off;
- network problem;
- the machine is not configured correctly (see previous paragraph);
- The identifiers provided do not allow authentication to the remote machine.
- The RG-Supervision service already exists on the target machine.
Download and extract failed
- Impossible to download the RG installation zip located here https://dashboard.rg-supervision.com/download/rgsupv-win.zip (different URL for dedicated infrastructures), the server cannot be reached.
- Confirm by trying to download it from a web browser on the remote machine then contact support;
- Check and confirm that the C: \ Windows \ Temp folder exists;
- Check in C: \ Windows \ Temp that the rgsupv-win.zip file exists. If so, the download worked fine. Please check the extraction ;
- Check in C: \ Windows \ Temp that RG-Setup.exe, Tools and rgsupv_XXXXXX.txt exist: if so, the extraction worked well.
- Registration with our servers did not work, please try to run a network test via the RG agent interface from the deployer agent: C: \ Windows \ Temp \ RG-Setup.exe;
- If the deployment is done on an on-premise infrastructure, please check that the deployment agent has in its registry the key "expected-host-name" in (HKEY_LOCAL_MACHINE \ SOFTWARE \ WOW6432Node \ RG Systemes \ RG Supervision \ network) entered at the correct value. If not, please fill it in and restart the deployment.