Added a return in two places where Matt thought one was missing. Fix pushed to 1.8 in commit beba04b3dd6c4d5718a4884e2acd11015534793d and cherry-picked to master in commit 670b3d142d5041018e70554a7a93436287c62dab.

Matt could you take a quick look at this one?

I think you are right.

I think a small omission bug in the Provisioner.handleNewSuspect(Event) method is the root cause of this problem. There should be a "return" at the bottom of the second if() block:

@EventHandler(uei = EventConstants.NEW_SUSPECT_INTERFACE_EVENT_UEI)
public void handleNewSuspectEvent(Event e) {

final String uei = e.getUei();
final String ip = e.getInterface();

if (ip == null) {
log().error("Received a "uei" event with a null ipAddress");
}

if (!getProvisionService().isDiscoveryEnabled()) {
log().info("Ignoring "uei" event for ip "ip" since discovery handling is disabled in provisiond");
}

Runnable r = new Runnable() {
public void run() {
try {
InetAddress addr = InetAddress.getByName(ip);
NewSuspectScan scan = createNewSuspectScan(addr);
Task t = scan.createTask();
t.schedule();
t.waitFor();
} catch (UnknownHostException ex) {
log().error("Unable to convert address "ip" from "uei" event to InetAddress", ex);
} catch (InterruptedException ex) {
log().error("Task interrupted waiting for new suspect scan of "ip" to finish", ex);
} catch (ExecutionException ex) {
log().error("An expected execution occurred waiting for new suspect scan of "ip" to finish", ex);
}

}
};

m_scheduledExecutor.execute(r);

}

Completely clean install, capsd only, no provisiond being used at all. Using standard discovery with newSuspectEvents and org.opennms.provisiond.enableDiscovery set to false.

Somehow, provisiond is acting on newSuspect events. I can make this happen at will (installed fresh OpenNMS on a VM, set scan="off" in capsd for all except ICMP, discovered the office subnet - lots of HTTP, FTP, SMTP, etc. discovered).