sonar-set-ip-address
Batch-inserts or updates IP addresses and specified field values from input records in the asset IP database. Existing IP addresses are updated with values from input records; IP addresses that are not yet registered are created.
Command properties
| Item | Description |
|---|---|
| Command type | Transforming |
| Required permission | Administrator |
| License usage | N/A |
| Parallel execution | Not supported |
| Distributed execution | Runs on Control Node (reducer) |
Syntax
Options
fields=FIELDS- List of fields to be synchronized, separated by a comma with a following space. See the Input Fields below for a detailed description.
Input Fields
| Field | Name | Type | Length | Description |
|---|---|---|---|---|
| site_guid | Site GUID | String | GUID of the site object | |
| priority | Priority | String | Priority level (low, medium, high) | |
| category_name | Device type | String | 255 char. | Uncategorized if names are not matched |
| hostname | Host name | String | 255 char. | Computer name or host name |
| workgroup | Work group | String | 255 char. | NT domain or work group |
| emp_key | Admin(MAIN) employee key | String | 255 char. | Input ignored if keys not matched |
| emp_key2 | Admin(SUB) employee key | String | 255 char. | Input ignored if keys not matched |
| description | Description | String | 2000 char. | |
| os_name | OS | String | 50 char. | |
| os_ver | OS version | String | 20 char. | |
| mac | MAC address | String | 20 char. | |
| location | Install location | String | 255 char. | |
| installed | Install date | Date | ||
| ext0 | Extended field #0 | String | 255 char. | |
| ext1 | Extended field #1 | String | 255 char. | |
| ext2 | Extended field #2 | String | 255 char. | |
| ext3 | Extended field #3 | String | 255 char. | |
| ext4 | Extended field #4 | String | 255 char. | |
| ext5 | Extended field #5 | String | 255 char. | |
| ext6 | Extended field #6 | String | 255 char. | |
| ext7 | Extended field #7 | String | 255 char. | |
| ext8 | Extended field #8 | String | 255 char. | |
| ext9 | Extended field #9 | String | 255 char. | |
| confidentiality | Confidentiality | String | Confidentiality level (low, medium, high) | |
| integrity | Integrity | String | Integrity level (low, medium, high) | |
| availability | Availability | String | Availability level (low, medium, high) |
category_name: The device type is labeled as 'Uncategorized' if the device type value from the input record does not match the device type value in the database.emp_key,emp_key2: The input is ignored if the employee key value in the input record does not match the employee key value in the database.priorityandconfidentiality,integrity,availability(CIA) fields are mutually exclusive:-
When using
priority, CIA fields cannot be used. -
When using CIA fields, all three must be specified. Specifying only one or two will result in an error.
-
When CIA fields are used,
priorityis automatically calculated based on the following criteria:- Sum > 7 → High (3)
- Sum > 4 → Medium (2)
- Sum ≤ 4 → Low (1)
TipYou can customize the IP asset database by applying global setting on sonar as follows:
logpresso> sonar.setGlobalOption ip_custom_fields "0=Manufacturer,1=Model name"
-
batchsize=INT- Batch unit size for inserting IP addresses. Specify a value in the range 1–5,000. For large-scale IP synchronization, increasing the batch size reduces the number of transactions and improves performance. However, if an error occurs, the entire batch fails to synchronize. (Default:
1) company=STR- GUID of the target company to insert asset IPs into. If not specified, the current session's company is used.
Input fields
| Field | Type | Required | Description |
|---|---|---|---|
| ip | string, ipaddr | Required | IP address. Both string and IP address types are accepted. |
| priority | integer | Optional | Priority level. 1 (Low), 2 (Medium), 3 (High) |
| category_name | string | Optional | Device category name. Treated as uncategorized if not found in the internal category list. |
| hostname | string | Optional | Host name (max 255 characters) |
| workgroup | string | Optional | NT domain or workgroup (max 255 characters) |
| emp_key | string | Optional | Primary contact employee ID (max 255 characters). Ignored if not found in the employee table. |
| emp_key2 | string | Optional | Secondary contact employee ID (max 255 characters). Ignored if not found in the employee table. |
| description | string | Optional | Notes (max 2,000 characters) |
| os_name | string | Optional | Operating system name (max 50 characters) |
| os_ver | string | Optional | Operating system version (max 20 characters) |
| mac | string | Optional | MAC address (max 20 characters) |
| location | string | Optional | Installation location (max 255 characters) |
| installed | timestamp | Optional | Installation date and time |
| site_guid | string | Optional | Site GUID |
| ext0 ~ ext9 | string | Optional | Extended fields (max 255 characters each) |
Output fields
| Field | Type | Description |
|---|---|---|
| _error | string | Error detail. ip is null if the ip field is null; invalid ip if the IP format is invalid. |
All fields from the input record are output unchanged. The _error field is added only for records where an error occurred.
Error codes
Parse errors
| Error code | Message | Description |
|---|---|---|
| 300501 | No permission to update IP address objects. | The user does not have administrator permission. |
| 300502 | sonar-set-ip-address's company option is illegal GUID format. | The company option value is not a valid GUID. |
| 300503 | Can't find a company by the GUID for | No company exists for the specified company GUID. |
| 300504 | sonar-set-ip-address's batchsize option should be specified in the range 1 to 5000. | The batchsize value is outside the range 1–5,000 or is not an integer. |
| 300505 | Specify fields option to the | The fields option is not specified. |
| 300506 | [field] field is not supported. Use | The fields option contains an unsupported field name. |
| 300507 | [company] option is needed. | The command was run under a system account without the company option. |
Runtime errors
N/A
Description
The sonar-set-ip-address command looks up the asset IP database using the ip field value in each input record. If the IP address is already registered, it updates the field values specified in the fields option. If the IP address is not yet registered, it creates a new entry.
The ip field is always required and is automatically included even if not specified separately in the fields option. If the ip field value is null or not a valid IP address, the synchronization for that record is skipped and the error detail is recorded in the _error field.
If a field specified in the fields option does not exist in the input record, that field's value is updated to null. Conversely, fields that exist in the input record but are not specified in the fields option are not synchronized.
When the batchsize option is used, records are collected in batches of the specified size and processed together. If an error occurs during batch processing, the _error field of all records in the same batch is populated with the error detail.
logpresso> sonar.setGlobalOption ip_custom_fields "0=Manufacturer,1=Model"
Examples
-
Synchronize asset IPs
json "[{'ip': '192.0.2.1', 'hostname': 'web-01', 'os_name': 'Linux', 'priority': 2}, {'ip': '192.0.2.2', 'hostname': 'db-01', 'os_name': 'Linux', 'priority': 3}]" | sonar-set-ip-address fields="hostname, os_name, priority"Synchronizes the values of
hostname,os_name, andpriorityfields to the asset IP database.genian-nac-nodes | rename nt_domain as workgroup, first_seen as installed, platform as os_name, nic_vendor as ext0, type as category_name | eval priority = if(category_name != "PC", 2, 1) | sonar-set-ip-address batchsize=10 fields="priority, category_name, hostname, workgroup, emp_key, emp_key2, description, os_name, os_ver, mac, location, installed, ext0" -
Sync IP assets using CIA fields
The following example synchronizes IP asset information by specifying confidentiality, integrity, and availability (CIA) levels. When CIA fields are used,
priorityis automatically calculated.json "[{\"ip\": \"10.0.0.1\", \"confidentiality\": \"high\", \"integrity\": \"medium\", \"availability\": \"high\"}]" | sonar-set-ip-address fields="confidentiality, integrity, availability"