Discovery classifiers

A classifier tells Discovery which probes to trigger for the identification and exploration phases of discovery. Classifiers can also trigger the Horizontal Pattern probe, which launches a pattern, rather than additional probes, for identification and exploration.

The classifier essentially starts the identification stage. Discovery uses it after the classification probe returns important parameters to the instance that tell Discovery what to do next.

In most cases, you do not need to create a classifier or modify a classifier. But if you are having trouble with Discovery, you might want to check the conditions that determine when a classifier runs based on the parameters the classification probe returns to the instance. Or if you want to discover a new type of CI that Discovery does not already find, you can create your own classifier.

Device, process, and IP address classification

Discovery classification can be broken down into three types: device classification, process classification, and IP address (or IP scan) classification:
Device classification
The classification of actual device types, such as a computer running Windows, a computer running a flavor or UNIX or LINUX, a router, a switch, or a load balancer, and so on.

When Discovery identifies a computer CI, it triggers an active processes probe to explore the computer CI further. Discovery compares the results of the active processes probe to the process classification conditions to determine if there is a match.

Figure 1. Computer CI classification workflow
CI classification workflow
Process classification
The classification of applications based on the processes that are running.

Discovery classifies processes during the last phase of discovery: the exploration phase, after identifying devices in the Computer [cmdb_ci_computer] table and its extensions. Just like device classification, process classification has its own classification criteria and also has the ability to launch probes. Unlike device classification, process classification creates child configuration items (CI) with Runs on::Runs relationships. By default, Discovery includes classifications for most common processes.

If a process matches the classification criteria, Discovery determines whether to run the process handler script. The process handler script modifies the parameter data to help Discovery identify whether the process represents an existing or new application CI. Discovery process handlers prevent the creation of duplicate CIs by filtering out parameters known to have inconsistent values before process classification occurs. Every time Discovery adds or updates an application CI, it also determines the application dependency mapping of the application CI to other CIs in the CMDB.

Figure 2. Process classification workflow
IP address (IP scan) classification

IP address discovery is credential-less, meaning that it attempts to identify devices and software based on just the open ports and banners it finds without requiring you to create credentials. If the classification criteria are met for a device in the IP Scan mode, Discovery automatically updates the CI in the CMDB. After a device is properly classified, Discovery launches the exploration probes configured for that class of device and begins gathering detailed information about the CI.

In the default Discovery system, the Linux classifier triggers eleven exploration probes that return information such as disk size, memory, and the number of current connections. The data from these probes returns at different times and is stored in the ECC Queue until processing is complete.

This diagram shows the processing flow for classifying and probing devices with an IP scan (no identifiers):
Figure 3. IP scan classification
IP acan classification

See Classification for IP address discovery for more details about the parameters available to classifiers for this type of discovery.

Classifier criteria

Classifiers also provide criteria that you can use to specify when Discovery should use the classifier under the conditions that you define. The criteria is based on the parameters that a classify probe returns to Discovery. Criteria is constructed with the parameter, an operator, and a value.

Note: Condition filters in process classifiers are case-sensitive.

Classifiers and patterns

Discovery can use patterns, rather than probes, to identify and explore CIs. Discovery triggers patterns from the Horizontal Discovery probe, which can be specified on a classifier. You can create you own patterns and add them, via the Horizontal Discovery probe, to a classifier. See Add the Horizontal Pattern probe to a classifier for instructions. You might already be using one of the out-of-box patterns that are provided with Discovery. You can verify this by looking at the classifier to see if the Horizontal Pattern Probe is specified.

Logging classification debugging information

To log debugging information about classifications, add the following system property. The resulting log entries list the name of each classifier that runs, along with all the names and values that are available to the criteria in the classifier.
System property Description
glide.discovery.debug.classification Enables debugging information for process classification.
  • Type: true | false
  • Default Value: false
  • Location: Add to the System Properties [sys_properties] table

What you can do with Discovery classification