The current minimum version working with Netdisco is 9.6. We note also that version 12 is the current oldest release maintained by the PostgreSQL project.

In general, we always recommend that all users run the latest available minor release for whatever major version is in use. It will be faster and more reliable.

This distribution (App::Netdisco) is a complete rewrite of the Netdisco application. Users often ask whether they can run both versions at the same time, and whether the database must be copied. Here are the guidelines for migrating from Netdisco 1.x:

• You can share a single database between Netdisco 1.x and App::Netdisco. The deploy script for App::Netdisco will make some schema changes to the database, but they are backwards compatible.

• You can run both Netdisco 1.x and App::Netdisco web frontends at the same time, using the same database (if safe_password_store is set to false in the config file).

• The web frontend of Netdisco 2 will have a lot of missing data if you continue to use the cron jobs (poller) from Netdisco 1.

• To complete migration, disable all your Netdisco 1 cron jobs. The backend daemon of Netdisco 2 replaces the cron jobs of Netdisco 1.

Revert a change in release 2.088002 which introduced a serious bug.

This release should build more reliably on OpenSuSE.

For users submitting arpnip or macsuck data directly to netdisco-do the -e / --extra parameter must now be used instead of -p / --port. The -e parameter also now supports data directly in the variable (in JSON format), from a local file, or from standard input.

A new neighbor_no_type setting is implemented to specify CDP/LLDP device type(s) to be ignored (globally). The neighbor relation will not be added on a port and discovery of the neighbor will not be attempted.

A new setting delete_duplicate_serials is implemented to forcibly delete any existing devices with the same serial number as a device that is currently being discovered. It is not enabled by default but might be useful in some scenarios.

The path to netdisco-do is now available as a template variable ndo in Hooks configuration, so you can more easily call netdisco-do from a Hook. This is very useful for updating Custom Fields post-discovery.

Added support for SSH transport public key authentication.

Fixes a bug in custom_fields setting implementation where if you change the setting, the fields in Netdisco are not changed on device rediscovery.

The SNMP Field Protection feature is updated to behave differently for new devices and existing devices, and to support rejection of SNMP::Info device class. See the configuration settings guide for details.

This release has some minor but useful features and several bug fixes.

The Neighbors map can now show Device Custom Fields using the new netmap_custom_fields setting.

Custom Reports could already reveal bind parameters in a sidebar, but now the parameters can have default values and an HTML5 data type.

A new report "Devices missing Model or OS" is included, and Inventory entries showing "unknown" Platform or Software Release will link to this report.

On the Device Addresses tab, the IP Prefix of the layer three interface now has an icon 💻 linking to the IP Inventory Report for the subnet.

The setting snmp_field_protection has been renamed to field_protection.

Several bugs are fixed, including the Inventory "unknown" devices count always incorrectly being one, and Device Delete jobs not running if discover_only is used but the DNS entry for the device has been removed.

A small enhancement to device searching means you now see all the serial numbers from switch stacks in search results.

The "Netdisco" text in the web header bar can be customised with the new branding_text setting.

CLI gather from Cisco NXOS devices will have Subnets retrieved.

New setting netmap_performance_limit_max_devices sets the limit at which the network neighbors map will restrict showing "all" devices. The default is 1000 known devices.

The Inventory page will now count stacked devices individually if it can.

A bug in MakeRancidConf where the "default" group was incorrectly used (even when a default was set) has been fixed.

Support added for Fortinet FortiOS Virtual Domains.

Non-admin users can now use the "Discover", "Arpnip", "Macsuck", and "NBTStat" buttons on a Device if you enable enable_nonadmin_actions. The nonadmin_actions list setting controls which are included.

A wider range of devices are identified as wireless access points, including especially the Cisco 9120 range.

Environment variables NETDISCO_DB_TENANT` and the standard PostgreSQL PG_* are now supported for netdisco-do and netdisco-deploy as well as the frontend and backend daemons.

The device snapshot and SNMP Browser functionality has been rewritten to be simpler, more efficient, and more portable.

For those running a headless update and using the SNMP Browser, please run a loadmibs job after upgrading, as in the (updated) instructions.

Moved to using a new package manager for Python dependencies, making for more reliable upgrades, but more usefully should remove the requirement for Python 3.9 to be installed on your system. Netdisco will download a version of Python for local use at installation, if needed.

A new sshcollector for OS/10 has been added, supporting both macsuck and arpnip.

Adding only or no access control lists to the custom_fields setting or the external_links setting will show or hide the field or link in web pages, according to the ACL.

Access control lists now have time-based control using crontab-style notation.

The depth control is always shown on the neighbors network map panel.

The feature to check a user’s permission for port control caused confusion when using netdisco-do as the user is probably simply netdisco. Adding the --force option to netdisco-do will skip user role access controls.

For sites deploying with a Headless Update we have a new single SQL file to update device OUI and other data. This replaces manufacturers.sql and any other SQL file. See the Wiki page for details.

If Netdisco encounters an unknown device Vendor or Model, it’ll try to look up the proper name/model in a large cache of Products. The cache is maintained in the cloud, updated once per week, and downloaded when you run netdisco-deploy.

This release fixes several bugs, including one for device renumbering to another IP address on the same device, and some web crash, custom report, and Hook bugs.

There is a new Device Inventory report as an alternative to the main Inventory.

There is ssh-collector (ARP table) support for Aruba Controllers.

A security issue in one of Netdisco’s Python dependencies makes this a recommended upgrade. Python’s pyca/cryptography library had a vulnerable OpenSSL.

This release also brings improvements to netdisco-do show and Custom Fields.

A new snmp_object parameter is added to Device Custom Field settings. Passing any SNMP leaf name will make Netdisco retrieve data and populate the field. See the Configuration Guide for details.

Adding --quiet to netdisco-do show will cause it to emit a compact JSON representation of the data, instead of pretty printing the data structure.

There is support for Device Custom Fields to contain JSON arrays, which are rendered in the web interface as a list of items. See the Configuration Guide.

When using netdisco-do to update a Custom Field (with action cf_<fieldname>) you can pipe the field value on standard input with parameters --quiet --extra '-'. This is to support values that would cause the operating system to reject a long command-line invocation.

This feature release adds an SSH collector implementation for Python worklets.

This feature release includes an integration written in Python. Consequently…​

Luckily the OS package for python3 is usually called python3, so go ahead and install that with your local package manager (yum, dnf, apt-get, zypper, etc).

Test it’s working with: python3 --version. Make sure you have 3.9+.

If installation fails, you can recover by running:

You can also disable Python extensions by configuring enable_python_worklets: false.

This is a bug fix release and recommended update.

SSH-based macsuck is now added for the NX-OS Platform.

New setting thousands_separator to allow localisation of the separator used in large numbers, e.g. "1,234,567" or "1.234.567".

Setting expire_devices can now contain a time value for named ACL groups.

Introduction of SSH-based macsuck (using the same flow as arpnip which we had for a long time), for IOS platform only.

Node or interface MAC addresses belonging to "randomized ranges" are now reported as such for their Vendor.

VTP Mode is gathered from Cisco devices and displayed in device details tab.

Netdisco tracks the origin router of MAC-IP mappings (ARP table entries), and displays the reporting router in a Node search.

If you want to construct a history of Node-IP sightings, look into the seen_on_router_first and seen_on_router_last columns in the node_ip table.

A pingsweep job and Ping Sweep functionality is added as an alternative to use of neighbor protocols (LLDP, CDP, etc). Netdisco will ping an IP prefix and set a discover job running for any address which responds.

New settings skip_neighbors and discover_neighbors are added to control Netdisco’s automatic neighbor discovery. The latter is a global switch on neighbor discovery, the former is an ACL to suppress discovery of neighbors of some devices.

In the API, ports now have a new endpoint port_vlans to return list of VLANs.

The vlanctl setting has been renamed to portctl_native_vlan.

The portctl_vlans setting has been deprecated - use portctl_uplinks instead.

This release has rewritten Port Control access control logic in both the web interface and the jobs running to do the work. If you use the port control features please review your configuration and test, and let us know of any issues. Many thanks.

External Links feature has several new preset fields (including access to Custom Fields) on Device Links, and also Device Ports can now have External Links.

In this release some of the built-in reports (in the Reports menu) have been renamed or recategorised. Several new reports have also been added.

The IP Subnets report will start by showing all Subnets before you pick one.

Custom Reports with _searchable parameter will now create search links on any IPv4, IPv6, and MAC addresses anywhere in the field content.

Custom Reports can now return an SQL Array type which will be split over lines.

You can add a friendly name/alias to the Default database tenancy (displayname field under database).

This release fixes a bug when clicking the button to empty the Job Queue then Netdisco would stop processing some kinds of jobs.

Also this release is a new setting skip_modules which is an ACL for a set of devices from which Netdisco will not gather chassis module parts (from the Entity MIB).

Also in this release a slight change of behavior in netdisco-do: it will not make as many checks on the sanity of the passed device(s), leaving that instead to the Job Action itself. Success/Error outcome will be unchanged.

This is an essential bug fix release onto 2.070000 if you installed that.

This release contains a major change to how MAC address OUI information is stored and processed. The IEEE changed OUI formats from being 24-bits (of the 48-bit MAC address) to either 24, 28, or 36 bits long.

When you update Netdisco to release 2.070000 you must do an OUI update from netdisco-deploy as well as the usual DB schema update. If you work offline you can find the new format OUI data here and also read Headless Update.

If you integrate or extend Netdisco using any oui field or relation then please dig around to learn about the replacement manufacturer fields and relations instead. Feel free to open a ticket to ask for help.

New network map features to show "neighbor cloud" or L2 hops depth (Neighbors tab on the Device view). These features are hidden if you have more than 1000 devices in your database, but that threshold is configurable.

Easily link to external web sites from Device Details tab and Node results (MAC or IP) with the external_links configuration. Links will dynamically include the relevant device or node IP or MAC address. These are set in your Netdisco configuration file and no coding is required.

The netdisco-do utility -d parameter now accepts a file name with one IP or Hostname per line.

API method has been added to show device neighbors (…​/device/:ip/neighbors).

This release has a rewritten web job queue viewer.

This is an essential bug fix release onto 2.067000 if you installed that.

Beginning this release you can now add ACLs to scheduled job configuration, in order to limit a schedule instruction to a subset of devices (selected using standard ACL notation).

This release adds a feature to compact the Inventory listing if it’s too long for you. Read the inventory_collapse_threshold configuration to find how to enable it.

In this release the Backend server will start and be ready to process jobs much more quickly, especially if you have a large installation with many devices. Only the "walk/all" jobs will not run until some initialization steps have completed in the background.

Adds support for RADIUS timeout and VSAs. Also the RADIUS attributes h323-return-code and Digest-Attributes are no longer sent with the access request. You can of course add them back in using the new VSA support.

This is a bug fix release which will be needed if you’re seeing a lot of extra port aggregate (etherchannel, port-channel) or VLAN information in your Device Ports view.

Netdisco now supports text "tags" on devices and device ports. With the new tags setting you define the tag name and Access Control Lists matching devices or device ports which will get that tag added at Discover time. Tags are visible in the web interface and returned in API object GET methods.

Access Control Lists can now match on "tag" names and "custom field" values.

Users with Port Control or Admin rights can now update a custom field on a device or device port through the API (see the API documentation for an example).

When a device is re-discovered (usually once a day), any custom fields which are no longer referenced in the configuration will now be removed.

Access Control List "property:value" can now contain an IPv6 address in the "value" part. Remember this is an anchored regular expression.

New environment variable NETDISCO_SNMP_BULKWALK_OFF does the same as the bulkwalk_off setting (that is, disables SNMP bulk walk).

Manual Topology changes are no longer available to Port Control users by default. You can use the portctl_topology setting to enable access.

Previously netdisco-do with --enqueue would not queue more than 512 jobs at once, but the new --force option overrides this.

Netdisco initial device discovery is now much faster when there are multiple SNMP community configurations to try.

This release fixes four security vulnerabilities which were kindly highlighted by a security researcher.

The issues have a Severity rating of "Medium" and relate to the web frontend only, and specifically validation of output data causing unexpected browser behaviour. There is no risk to your stored data, servers, or network devices.

The issues have been present in Netdisco for a very long time, so it is likely you are affected and upgrade is recommended if possible.

A new setting portctl_by_role allows Role Based Access Control on the Port Control features.

This release fixes a bug in ACL parsing whereby the "op:and" rule would not work for "prop:value" rules. Sorry about that.

The bug created some cosmetic effects such as ports appearing on devices when they should be hidden. For this reason all users are recommended to upgrade (if you are running 2.062000 already), even if you’re not using "op:and" in ACLs.

A major refactor of the ACL parsing and handling code in this release, to support upcoming new features and remove some confusion. Please report any apparent bugs as GitHub issues.

New Hook has been added for Device being deleted (through web, CLI, or the Expire job).

New API endpoints for job queue management - get jobs list, delete some or all jobs, submit jobs, and get backend worker host names. See the API docs for details and examples.

New ACL settings ignore_layers, force_macsuck, force_arpnip allow forcing Netdisco to attempt gathering MAC and IP tables from devices regardless of what the device claims to support in "Layers" (sysServices).

Any custom report with bind parameters can have a sidebar to allow users to edit or submit the parameters (in plain text fields) by adding show_sidebar.

Searching for nodes now works with FQDN which, surprisingly, was not previously the case.

A new report showing IP addresses configured on multiple devices has been added.

A new report Recently Added Devices shows, well, the most recently added devices.

Report menu items are now alphabetically sorted.

You can now add custom Net-SNMP configuration in the net_snmp_options setting.

New environment variable NETDISCO_DB_TENANT can be used to make netdisco-do and netdisco-deploy operate on a configured tenant database.

The Duplex field In the Device Port details web interface, CSV, and API’s JSON has been separated into configured and running fields (similar to speed).

Netdisco now supports custom fields (or attributes) on devices and device ports. With the custom_fields setting you can add fields and control whether they are visible in the web interface and also editable in the web interface. You do not have to make any changes to the database schema for this, it is automatically managed.

The fields are returned in API object GET methods for devices and device ports within the custom_fields key. A future release will allow set/update from netdisco-do and the API.

From this release Netdisco will enable "layer 2" support on a device after any successful macsuck operation (overriding what the device claims to support). It has always been the case for "layer 3" after arpnip.

API endpoints and netdisco-do option to submit arpnip and macsuck results.

For example, https://github.com/rc9000/ntcsuck is an ansible playbook to fetch MAC address tables, parse them with ntc-templates/textfsm, and store in Netdisco using the REST API.

PortAccessEntity (802.1X NAC) attributes are collected into the database. They are not yet displayed in the web interface.

Every macsuck, Netdisco will now update port up/down status to latest values.

Fixes an issue with the web server not auto-restarting more than once after the deployment.yml config file is edited.

Adds Cisco Firepower support to the SSH-based ARP table collector.

Setting macsuck_no_deviceport is renamed to macsuck_no_deviceports.

A new setting tenant_databases allows one Netdisco web frontend to be used to access the data in multiple Netdisco databases. For example if you have network zones each with an independent poller and their own PostgreSQL database, then one web frontend can view them all.

Enabling the setting adds a menu at the right of the Netdisco web titlebar (next to the username) which can be used to switch tenancy. See the Configuration guide for further details and limitations.

A note has been added to the Configuration guide about how to enable VLAN names and hiding of VLANs 1002-1005 by default. See the sidebar_defaults section for details.

Access Control Lists capabilities have been expanded in two ways. You can now match an empty field using the “fieldname:regexp” syntax except just write “fieldname:”. When matching device ports or interfaces you now have access to all the fields in the device_port and device_ip database tables — such as alias:, and type:.

A new setting ignore_deviceports has been added to give more expression and control over the device interfaces which Netdisco ignores. The setting is a map of ACLs to match devices with ACLs matching interfaces. As a special feature, the IP address, DNS name, and Subnet of the interface may also be matched on. See the Configuration guide for details and limitations.

A new setting hide_deviceports has been added which hides interfaces from the web view while still allowing them to be discovered. This can be used where some devices have a lot of interfaces which are potentially used but not in service at your site. You can hide the interfaces but change this configuration and show them when they become interesting. See the Configuration guide for details and limitations.

A new setting macsuck_no_deviceports has been added to suppress Node gathering in macsuck on specific ports of specific devices. Note that when enabled for the first time, Nodes do not disappear from the web interface - they need to expire. Immediate expiry will be addressed in a future patch.

The Port VLANs Mismatch report has been updated with more information and showing which VLANs are present only on each side.

The Node Search (by IP or MAC) layout has been updated, with descriptive text improved and colouring of latest Node sightings.

The Undiscovered Neighbors report now shows the DNS of the remote undiscovered device.

Neighbors advertising management addresses in fe80::/10 will now be discovered, previously they were suppressed.

A new setting discover_routed_neighbors exists which defaults to true. You can disable this (false) to prevent adding routing protocol (BGP, etc) next-hops to the job queue for discovery.

A new device ports view column to show the SNMP interface index (ifIndex) is available.

A change in how the built-in DNS Stub Resolver initialises itself should improve on some missing data on some systems. Open a ticket if you see any adverse effect.

You can now do all the SNMP browser steps from the web - no need to visit CLI to loadmibs or snapshot -e yes any more.

If you use the SNMP Browser you must download a new netdisco-mibs bundle (as part of netdisco-deploy), then run ~/bin/netdisco-do loadmibs again.

If you use the SNMP Browser you should run ~/bin/netdisco-do loadmibs after updating to this release.

The SNMP Browser will now show all MIB branches, not just the ones with data from the device. However it will now colour branches and leaves to show you where there is data.

The workflow for API authentication (Bearer) tokens has changed slightly. If you try to Login and an existing token is still valid, that current token will be returned to you and the timer for api_token_lifetime will be restarted.

SNMP browser is a LOT faster since this release.

For the two new Device Ports view options (VLAN names and hiding VLAN 1002-1005) you can switch them on all the time using configuration in deployment.yml:

The Port VLAN Mismatch report also respects this option to hide VLAN 1002-1005.

Added FortiOS SSH collector for arpnip.

New option in Device Ports view to hide VLANs 1002-1005.

Cisco VLAN subinterfaces are now shown in the Device Ports view related to their parent physical interface, similar to how aggregated links are shown.

The order of the Device Ports columns has changed. Take note if you use CSV download.

The web feature to renumber a device is now named "Change IP" on the button. This feature also now offers all existing device interface IPs as renumber targets as well as allowing entry of a new IP.

The IP Inventory Report has a separate column for NetBIOS name. Previously the NetBIOS name was put into the DNS column (hiding the FQDN), arguably wrong.

New option in Device Ports view to show VLAN names instead of numbers.

New feature to renumber devices through the web, found under Device Details.

VLANs 1002-1005 are ignored in the Port VLAN Mismatch report.

Device Ports options Inventory Data and Detailed Inventory are renamed to be Remote Inventory and Remote Advertisement respectively.

Also several bug fixes.

A new netdisco-do action addpseudodevice to add a Pseudo Device at the command line, for example:

This release will now also check macsuck_unsupported config to avoid unnecessary macsuck jobs.

When Netdisco knows it is not permitted to poll a device, a new 'Neighbor Forbidden' icon is shown in the Device Ports view. This is most commonly used for discover_waps and/or discover_phones config.

This release adds a new SSH Collector target for Aruba devices.

This release adds a new SSH Collector target for ASA devices which can use Contexts to retrieve ARP tables from each virtual router running on the ASA.

To make use of the new Collector, change your platform from ASA to ASAContext and let the developers know if it works! (then the old ASA platform can be retired.)

This release brings many improvements to pseudo devices. You can now set various fields such as the location and contact, and port descriptions.

Also in this release, a new feature to gather a complete SNMP Walk of a device. Use this to share with developers for feature improvements, or browse the SNMP data in your Netdisco web interface, or assign to a pseudo device:

https://github.com/netdisco/netdisco/wiki/Snapshot

This release sees the end of support for Internet Explorer. MS Edge browser is still supported, however.

Several users reported a problem with empty content in the browser when searching for devices and running reports. This should be fixed, now.

A new configuration setting ignore_interface_types has been added.

Containerised deployments into Heroku are now possible, as the PORT environment variable is respected by netdisco-web.

Fix a bug where port_control_reasons settings was merged with the default instead of than replacing it.

Fix a bug where some failing jobs returned info status instead of error status and consequently did not properly report errors back to the user.

New ACLs portctl_no and portctl_only for limiting the devices on which Port Control will be permitted. If using them, you are advised to configure on both web frontend and poller backend for the most consistent user experience.

New setting portctl_nowaps similar to portctl_nophones to prevent Port Control actions on ports connected to wireless APs. If using it, you are advised to configure on both web frontend and poller backend for the most consistent user experience.

This release bundles the essential RADIUS dictionary files so you no longer need to install them yourself.

The SNMP Chassis ID is gathered (usually only for Cisco devices, it is a writeable field a bit like location). The Chassis ID is shown in the Device Details tab, and is also searchable.

The dns→no configuration is now globally respected and will suppress all lookups from Netdisco for the given IP prefixes.

This release requires Session::Storage::Secure 1.00 or higher. This could mean that users need to log into the web interface again, session cookies could be invalid.

Hooks feature has been enhanced with new arpnip and macsuck events, and a new exec action which can run any shell command.

This release implements Hooks, which allow you to perform custom actions after some Events happen within Netdisco’s polling engine. For example you can call the web API of another management software after discovering a new Device.

See the Hooks documentation for hook event and type details.

This release handles better UTF-8 names in the OUI data.

This release implements configurable log file rotation using new --logfiles=8 and --logsize=10 (MB) options to netdisco-backend and netdisco-web.

Also several bug fixes.

This release speeds up some web pages in Netdisco.

This release adds support for having multiple RADIUS and TACACS+ servers when configuration for user authentication.

This release fixes some major bugs and also implements a protection against partial SNMP data retrievals in some circumstances.

• The SNMP Engine ID is now stored in the Device table

• The API Node Search was completely broken, and is now fixed

• If a device returns SNMP Interfaces that look suspiciously like they are bare Index values and not Names, the discover job is aborted.

This release adds a web API for the first time to Netdisco. It provides read-only access to data, searching, and report results, including your own custom reports (automatically). See https://github.com/netdisco/netdisco/wiki/API for the exciting details.

As usual, run the netdisco-deploy script, as a minor database schema change will be required for this release.

Several important bug fixes have been shipped since 2.044000 so upgrade is recommended. Also there are a few nice improvements to several features. See the Changelog for further details.

This is an important bug and security fix release. It is highly recommended for all to upgrade.

This release brings a few nice feature modifications, especially relating to pseudo devices and Netdisco’s old sshcollector script.

You can now pass multiple devices (-d) to netdisco-do.

This release stops netdisco-rancid-export from running in the default config. Use the makerancidconf worker instead.

This release will clean up manual topology when ports no longer exist.

This release has some important bug fixes for sites using the sshcollector.

Also useful is the added ability to arpnip a Pseudo Device. This is used by some sites with the SSH Arpnip feature of sshcollector where there is no SNMP service at all on the device, but an ARP table is still gathered.

Create your target in Netdisco as a Pseudo Device (under the Admin web menu) and then you will be able to arpnip against it.

In this release, the device_auth configuration will now take precedence over (and replace) the snmp_auth setting.

In fact, device_auth is simply a new name for snmp_auth, to better reflect its use, but we have encountered user installations with (accidentally) both configured.

It’s probably best to use only device_auth and to remove any sshcollector, community, community_rw, and snmp_auth settings from your configuration.

This release fixes a regression bug which prevented port control from working.

This is a significant point release with two exciting new features. No action is necessary on your part, but please do read this section as we have one incompatible change to note.

The get_community configuration setting has been renamed to get_credentials and now allows you to pass any device_auth stanza (or a list of them) in JSON format. You could use this feature to provide SNMPv3, or SSH transport configuration.

The netdisco-sshcollector script is deprecated, as its functionality has been incorporated into the core of Netdisco (as part of the arpnip scheduled job). Notably:

• The cron task is no longer required, and will silently exit with success if still run.

• The sshcollector configuration in deployment.yml can still be used by Netdisco, but you should migrate it to device_auth configuration by reading the deprecation notice.

The SNMP interface index number is now stored in the Device Port Properties table of the database, to help those wishing to integrate with other software.

netdisco-do show has had a slight change in the supported -e syntax.

netdisco-sshcollector has received additional commandline options.

This release will now start expiring the userlog. Behaviour is controlled with the expire_userlog setting.

Also, netdisco-deploy no longer accepts blank admin passwords.

This release fixes a bug in the job queue picker which can result in backend workers becoming tied up with jobs they cannot complete. Upgrade is strongly recommended for all installations.

A bug fix in the network diagram component in this release will result in the loss of link speeds in the display until a discover job is run for all devices. You can either wait a day for this to happen, or trigger discoverall from the CLI or Admin menu.

In this release we gather and display additional inventory information about connected nodes and devices. This allows smarter signing of Phone and Wireless AP existence on device ports. You may need to force-reload the Device Ports page to load the new sidebar, and/or click the "reset to defaults" icon to enable display of inventory data.

This release harmonises the behaviour of netdisco-do and the scheduler so they can accept the same requests. netdisco-do is also now able to send jobs to the queue rather than execute them immediately, and also to suppress logs, for better compatibility with crontab users. For example:

The timeout setting which appeared in version 2.039000 has moved to within the workers configuration setting (rather than being global). For example:

Futhermore, the nbtstat_timeout setting is renamed to nbtstat_response_timeout.

Previously when the backend daemon was restarted, Netdisco reset its count of SNMP connect failures to each device. You will recall this is used to stop the backend trying to connect after many failed attempts (default 10). With this release, the count is not reset, but decremented by one, saving a lot of time and effort and allowing you to edit deployment.yml and restore connectivity to a device if needed.

All actions (jobs) now have a default timeout of 10 minutes. After this time the job will abort with an error status. You can change this with the new timeout setting (default 600 seconds), which can also be set to zero to disable the feature. For any specific action you can also set “<actionname>_timeout” (e.g. macsuck_timeout).

As well as autodiscovering devices on your network using layer two discovery protocols, Netdisco will now optimistically try to discover routing peers for the protocols BGP and OSPF. This should help discover WAN topologies more easily.

There is a new replacement for the netdisco-rancid-export script. Instead, you can run the makerancidconf worker within your backend schedule. See the documentation for further details.

The IP archiving behaviour of Netdisco 2 has until now been accidentally different to that in Netdisco 1. This has now been fixed. See the new “expire_nodeip_freshness” configuration setting if you wish to retain the behaviour of Netdisco 2. As a consequence of this fix you may notice some values in your statistics table reducing.

As always, you are advised to take a backup of your database regularly and especially before upgrade, as we cannot unfortunately anticipate all bugs.

This release introduces the jobs_stale_after setting which allows the backend manager to assume jobs are stale and duplicates can be started. The default is 50 minutes (configured as a number of seconds: 3000).

This is a bug fix release that addresses a longstanding issue with the expiry job - it was not removing all records that it should have from the database. As a consequence of this fix you may notice some values in your statistics table reducing.

As always, you are advised to take a backup of your database regularly and especially before upgrade, as we cannot unfortunately anticipate all bugs.

This release introduces a new device neighbors map visualisation. You are advised to read the User Guide and to configure the host_group and host_group_displaynames settings to get maximum benefit.

Feedback and suggestions on the new neighbors map are very welcome 😀.

This is a bug fix release, and includes better support for customising the job schedule configuration. As mentioned below, you can disable the scheduler by setting schedule: null in your configuration. Your own configuration is merged with Netdisco’s default, so you always get discoverall, macwalk, arpwalk, and nbtwalk jobs. If you wish to disable any of these, assign them the null value, for example:

This is a major point release bringing a rewrite of the core of the backend poller daemon. The only action you may wish to take as a result, is to comment out the schedule configuration in your deployment.yml configuration file, if you are using the default settings. This will ensure you always get the "best" schedule configuration including new features/actions.

To disable job scheduling but still run a backend poller (to handle jobs queued by another daemon, or from the web user interface), then use this configuration:

Other improvements in this release include rewriting the sidebar settings handling in the web front end, so they are remembered properly (in the Device Ports page). Also we have rewritten the job queue to further eliminate race conditions and duplicate devices leaking into your setup.

This is a bug fix release since 2.036000. Please also read the 2.036000 release notes below, in full. Notable changes:

• Device Port report is much faster when displaying nodes

• netdisco-do psql now supports NETDISCO_DBNAME environment variable

• snmp_auth configuration now supports only and no ACLs per stanza

• New Duplicate Devices Report in case you get these appearing

• Neighbor L2 topology map will show sysName if DNS is not available

• Speed up ACLs featuring regualr expressions

Plus lots more mentioned in the Changes file.

This release has many significant new features and changes. Please read all the release notes before upgrading.

• A new setting host_groups allows for creating named Access Control Lists which can be referred to in other host groups or in any of the settings taking an ACL.

• The new setting device_identity allows configuring rules to select the interface to use as a canonical (friendly) identity of a device in Netdisco.

• The new settings devices_no and devices_only are shorthand for setting discover_*, macsuck_*, arpnip_*, and nbtstat_* at once.

• Netdisco now tracks SNMP connect failures and after 10 failed attempts will pause trying to connect, for one week (see the max_deferrals and retry_after settings). See also the "SNMP Connect Failures" admin report.

• Documentation and support for access control lists has been overhauled. Most “*_no”, “*_only”, and “only” settings will accept ACLs as single items or lists. ACLs now support negation and OR/AND modifier options.

• A new setting site_local_files is a shorthand for confguring paths in which to install local Perl, template, javascript, and images files for overriding or enhancing Netdisco.

• The topology import script (nd-import-topology) will now queue a "discover" job for each new device it imports.

• The netdisco-daemon and netdisco-daemon-fg scripts have been renamed to netdisco-backend and netdisco-backend-fg respectively.

The old commands will still work but we recommend packagers to use the new names to remain consistent with documentation. Run the following on upgrade:

• SSL library headers are required to build Netdisco now that we retrieve support files via HTTPS.

On Ubuntu/Debian:

On Fedora/Red-Hat:

On BSD these headers are usually installed with the openssl port itself.

Netdisco will otherwise fail to upgrade/install (it will fail building IO::Socket::SSL or Net::SSLeay). If you get stuck or confused, you are looking for the package including the file openssl/err.h.

This release changes the way the application tracks web sessions for logged-in users, from on-disk files, to encrypted browser cookies. As a result, on upgrade (after running netdisco-deploy and restarting netdisco-web), all users will need to log in again.

There may be a pause after restarting netdisco-web as old web session files on disk are purged.

The algorithm for selecting the canonical IP/name of a device has changed in this release. No longer is the OSPF Router ID taken into account. The default IP/name of a device will be either the IP specified for manual discovery, or the IP reported to a neighbor port during automatic discovery. For the latter you can often influence this through device configuration (LLDP advertise…​).

The identification of IP Phone hansets and Wireless APs is now configurable, using the CDP/LLDP information from the device. See documentation for:

When displaying device ports, Netdisco will now avoid showing VLAN Membership if it looks like there are a large number of VLANs on many ports. This is an average of the VLANs per port, configurable in devport_vlan_limit. The default is 150.

The netdisco-do command’s delete option now uses the -p parameter to set node archive mode (previously it was a hack on -e). For example:

Netdisco web and backend daemons will now rotate their log files (“\~/logs/netdisco-{web,daemon}.log”). This happens when they reach about 10MB in size and seven historical log files will be maintained in the same directory. The first time this happens you may notice the daemons restarting due to having to deal with the large initial logfile.

Two missing features from Netdisco 1 have been implemented: CLI device delete and renumber (canonical IP change). They are available using the netdisco-do utility.

The Device Port Log comment feature from 2.030000 has been disabled as it is incomplete, pending a review of how to handle authorization to the feature.

The node archiving behaviour of Netdisco 2 has until now been accidentally different to that in Netdisco 1. This has now been fixed. See the new “node_freshness” configuration setting if you wish to revert or tune this behaviour.

When upgrading you will encounter a current incompatibility between Netdisco and one of its components. To work around this, issue the following command:

When upgrading you will encounter a current incompatibility between Netdisco and one of its components. To work around this, issue the following command:

The backend polling daemon has been rewritten and as a result your configuration can be simplified. Some keys have also been renamed. Our advice is to remove (or comment out) the complete workers configuration which enables auto-tuning. If you do wish to control the number of worker processes, follow this pattern:

The Web and Backend daemons (netdisco-web and netdisco-daemon respectively) will now watch your deployment.yml configuration file, and restart themselves whenever it is changed.

The Web and Backend daemons will also now drop privilege to the same user and group as their files on disk. This allows use of run control (init) scripts whilst maintaining non-root privilege status (see install tips for details).

The housekeeping task expiry has been renamed to expire. Old configuration will continue to work, but we recommend you rename this part of your housekeeping configuration anyway.

If you were using the X::Observium plugin, you’ll now need to install the separate distribution https://metacpan.org/pod/App::NetdiscoX::Web::Plugin::Observium.

This release fixes a number of issues with the poller, and is a recommended upgrade.

During Arpnip, Node IPs are resolved to DNS names in parallel. See the dns configuration option for details. Note that the nodenames configuration items from release 2.018000 are no longer available.

This release includes new support for SNMPv3 via the snmp_auth configuration option. Please provide feedback to the developers on your experience.

The previous mentioned bug in Macsuck is now fixed.

There is a bug in Macsuck whereby in rare circumstances some invalid SQL is generated. The root cause is known but we want to take more time to get the fix right. It should only be a few more days.

The no_port_control configuration setting is now called check_userlog and its logic is inverted. Don’t worry if this is not familiar to you - the option is only used by Netdisco Developers.

The dangerous action log messages are now saved to the database. In a future version there will be a way to display them in the web interface.

Some of the "dangerous action" confirmation dialogs offer to take a log message (e.g. Port Control, Device Delete). Currently the log messages are not saved. This feature will be added in the next release.

The backend poller daemon is now considered stable. You can uncomment the housekeeping section of the example configuration and thereby enable regular device (re-)discovery, arpnip and macsuck.

You can now configure LDAP authentication for users.

The read-write SNMP community is now stored in the database, when used for the first time on a device. If you don’t want the web frontend to be able to access this, you need to:

• Have separate deployment.yml files for web frontend and daemon, such that only the daemon config contains any community strings.

• Use separate PostgreSQL users for web frontend and daemon, such that the web frontend user cannot SELECT from the community DB table.

Users can be managed through the web interface (by admins only).

You can now simplify database configuration to just the following, instead of the more verbose plugins/DBIC setting which was there before:

Also, the REMOTE_USER environment variable and X-REMOTE_USER HTTP Header are now supported for delegating authentication to another web server. See the Deployment and Configuration documentation for further details.