The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
A computer network generally includes a number of different network devices. For example, the network may include network element devices, such as switches and routers, as well as end station devices, such as desktop machines, servers, hosts, printers, fax machines, and others network resources. In order for the computer network to function properly, network administrators monitor the various devices, deploying new devices or upgrading existing ones in the network. In addition, the network administrator is responsible for configuration management of the network and manages distribution of software on the network. Typically, a network administrator employs a network management system to accomplish such tasks.
The network management system (NMS) is a software program, or a combination of hardware and software, that perform tasks related to assisting the network administrator manage the network. The NMS sometimes includes network inventory and analysis tools, such as a network collector, in order to gather information about managed devices on the network. In a typical configuration, a seed file is programmed into the network collector. The seed file identifies network devices for the network collector to track. In order to track the network devices, the network collector routinely logs into devices identified by the seed file to collect hardware inventory and software configuration data. The network collector may store the collected data locally on a device executing the network collector or transmit the collected data to a remote location for further analysis. The collected data may then be used to inventory, analyze, and configure network devices. Thus, the network collector helps the network administrator efficiently manage a large number of network devices. An example of a network collector is Cisco Network Collector, commercially available from Cisco Systems, Inc., San Jose, Calif.
Syslog messages are also commonly used to help network administrators identify problems in a network. Many network devices are configured to send syslog messages to an event collector, such as a syslog server, in response to specific events. The syslog protocol separates the content of a message from the transport of the message. In other words, the device sending the syslog message does not require any communication from the devices transporting or logging the message. This enables devices, which would otherwise be unable to communicate, to notify network administrators of problems. The syslog standard is documented in RFC 3164 and RFC 5424 of the Internet Engineering Task Force.
In some instances, organizations struggle to manage large, complex networks. For example, large scale migrations of hardware or software may result in devices that are accidently forgotten, thereby leaving them operating with previous network management standards. As standards for passwords or other management capabilities, such as Simple Network Management Protocol (SNMP) strings, change over time, the devices fall further from manageability and visibility. In other cases, devices that are newly deployed as a replacement, upgrade, or new addition sometimes lack network management standards from the outset, even if the newly deployed devices have other configuration elements that enable them to function in the network. Therefore, these devices may be erroneously omitted from the network inventory identified by the network collector.
One approach for locating and identifying missing network devices involves performing ping sweeps or other wide-scale invasive search. A ping sweep, for example, typically involves transmitting Internet Control Message Protocol (ICMP) ECHO messages to a range of IP addresses to determine if any devices respond. Network administrators generally disfavor such invasive searches because they often trigger security alarms and are commonly used by intruders in an attempt to gain unauthorized access to the network. Furthermore, ping sweeps may not detect devices that have become inoperative or otherwise unable to respond.