How to restrict autodiscovery to hosts with DNS entry

benjamir79 · April 22, 2026, 12:12pm

CMK version: 2.4.0p26
OS version: Debian 13.4

Error message: none

Hello everybody,

we are facing a problem with autodiscovery in network segments, because occasionally there are responses to ping probes that do not come from existing hosts (we checked for MAC spoofing).

We already had this problem last winter/spring, but it disappeared completely and reappeared after moving to new networks. We do not have direct access to the Cisco infrastructure handling the networks, only via internal support.

All affected hosts have the following characteristics in common:

The responses originate from seemingly unused IP addresses
ARP shows “incomplete”

I am missing an option to only create new hosts if they also have a corresponding DNS entry.

Related to that: whenever I log into the web GUI, I have to accept all changes, including the “Martians” / automatically discovered hosts due to bogons (?). This is done via the automation user. I have not found any option to dismiss changes, which seems odd. As a result, I first have to accept these invalid entries and then remove them afterwards.

Any hints on how to improve or avoid this situation on the monitoring side would be appreciated.

Best regards,
Benjamin

(disclosure: proof read by AI with minor rephrasing not exceeding word pairs)

r.sander · April 22, 2026, 6:04pm

You could create a rule in “Hosts to be monitored” and exclude all hosts with names that look like IP addresses.

benjamir79 · April 23, 2026, 9:36am

That would be too obvious Joking aside: that’s perfect, thanks!

benjamir79 · April 23, 2026, 11:10am

It think I was to optimistic. I don’t see how explicitly selecting a host really fixes that – I thought I could define a match on the host name, but apart from explicitly hosts there are only tags and labels?

Currently I would hope that the custom host check command is also called during autodiscovery (“Setup > Hosts > Host monitoring rules > Host check command”) and there isn’t separate, inaccessible logic?

r.sander · April 23, 2026, 6:38pm

In the Explicit Hosts name field you can also enter a regular expression when prefixing it with a tilde.
Read the inline help text available through the menu for more info.

benjamir79 · April 24, 2026, 12:22pm

Ok, I thought I wasn’t understanding the inline help (thanks for that. I only knew the tool tips and forgot about the toggle in the help menu). Then I did a search after banging my head against “invalid host name” today. … Werk #18300: Rulesets: Accept valid regex patterns in explicit host conditions caugh … I guess I’ll wait for a few days and 2.4.0p27

benjamir79 · April 29, 2026, 10:13am

After an update to 2.4.0p27 today, the match via “~1” + negation is working as intended (we do not have host names starting with 1).
Thank you very much!