In our last Assimilation release (0.1.2) we added a command line query command (assimcli) based on a collection of canned queries. These queries are designed to answer questions which administrators might commonly want to know the answers to. They are canned because then you don’t have to know any query language. These same queries are available through the REST interface. The command line interface gets an easy-to-read summarized version of the data available to the REST interface. In this blog post, we give an overview of these queries, sample uses and the output from a few.
Here is the set of queries which the command line query tool (and also the REST interface) supports. Some of them are pretty interesting. The list below is the output of assimcli query list reformatted into a table.
allipports | get all port/ip/service/hosts |
allips | get all known IP addresses |
allipports | get all port/ip/service/hosts |
allservers | get known servers |
allservicestatus | status of all monitored services |
allswitchports | get all switch port connections |
crashed | get ‘crashed’ servers |
down | get ‘down’ servers |
downservices | get ‘down’ services |
findip | get system owning IP |
findmac | get system owning MAC addr |
hostipports | get all port/ip/service/hosts |
hostdependencies | get host dependencies |
hostipports | get all port/ip/services for host |
hostservicestatus | monitored service status on host |
hostswitchports | get switch port connections for a server |
list | list all queries |
shutdown | get gracefully shutdown servers |
unknownips | find unknown IPs |
unmonitored | find unmonitored services |
Below is the output from assimcli query unmonitored from my desktop machine.
servidor /home/alanr/.dropbox-dist/dropbox:{"0.0.0.0:17500":"tcp"}
servidor /sbin/rpc.statd:{"0.0.0.0:33469":"tcp",":::45445":"tcp6"}
servidor /usr/bin/skype:{"0.0.0.0:16270":"tcp"}
servidor /usr/bin/tprintdaemon:{"0.0.0.0:5552":"tcp"}
servidor /usr/sbin/dnsmasq:{"192.168.122.1:53":"tcp"}
servidor /usr/sbin/sshd:{"0.0.0.0:22":"tcp",":::22":"tcp6"}
At the time I ran this, none of these services were monitored.
Below is sample output from assimcli query allswitchports.
servidor:eth0->GS724T_10_10_10_250[Netgear Gigabit Smart Switch]:g6[Alan's office, north wall, white jack]
This says that NIC eth0 on servidor is connected to the switch named GS724T_10_10_10_250 on port g6 (i.e., port 6) – which is labelled in the switch as Alan’s office, north wall, white jack. Like all our discovery, we obtain this information without sending any packets on the network – we just listen for LLDP packets.
Here are a few terms we use that might not be immediately obvious:
- unknown IP – one that we know is in use, but does not belong to any machine we have agents on
- unmonitored service – a service we know is running, but that we are not monitoring
- dependency – a service on another machine current machine is a client of
Of course, this isn’t an exhaustive set of all the queries one might want to do, but it is quite easy to add them to the system. They also serve as sample queries illustrating both the Cypher graph query language and our schema. In the next blog post, we’ll go over a few of these queries in detail, and explain how to add new queries to the system.
Is this all clear? What queries would you like to see in the system?
Please note: I reserve the right to delete comments that are offensive or off-topic.