Open-AudIT

What's on your network?
It is currently Fri Jan 19, 2018 6:01 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 66 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
PostPosted: Fri Oct 21, 2011 3:21 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
You can tune the hide speed by editing www\theme-tango\tango-files\jquery\js\jquery.droppy.js. Find the following code and change the 500 to suite your desired hide speed in milliseconds.

Code:
    function hide() {
      var subnav = getSubnav(this);
      if (!subnav) return;
      $.data(subnav, 'cancelHide', false);
      setTimeout(function() {
        if (!$.data(subnav, 'cancelHide')) {
          $(subnav).slideUp(options.speed);
        }
      }, 500);
    }


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 8:38 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
@snue @jpa - Thanks JPA - that's what I would have said. You beat me! :-)

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 8:40 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
@cencik - can you post line 2134 from your audit_windows.vbs please.
Any chance you can translate the error message as well?

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 9:06 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
Educated guess on the line 2134 error: You're trying to split the event log info in mess2 on "Product:" which doesn't exist in his language version of Windows and thus mess3 is a single item array which you then try to index into the second position with mess3(1).

Code:
      for each objItem in colItems
         if objItem.Message <> "" then
            mess1 = split(objItem.Message, "--")
            mess2 = split(mess1(0), " ", vbTextCompare)
            mess3 = split(mess2(0), "Product:")
2134         message_retrieved = trim(mess3(1))


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 11:38 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
@JPA - ahh yeah, sure. So anyone have any idea's on how to overcome this? I could incorporate the correct string to split on, but I'll need one per language...

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 2:41 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
Well it looks like you're trying to grab the data between the colon and the double-dash. Big assumption that all languages have the colon and the double-dash but do that.

Code:
test = "Product: eReg -- Installation "

colonPos = InStr(test,":")
dashPos = InStr(test,"--")
wscript.echo trim(Mid(test,colonPos+1,dashPos-colonPos-1))


Obviously breaks if the product name has a double-dash in it.

EDIT: Upon further reflection assume the first space is language neutral and start grabbing text from there rather than the colon. Still have to depend on the double-dash.

EDIT2: Searching for the first space breaks if the translation of "Product" has a space in it. So maybe it's safer to search for the colon.


Last edited by jpa on Sat Oct 22, 2011 2:56 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 4:15 pm 
Offline
Newbie

Joined: Tue May 10, 2011 9:40 pm
Posts: 22
@jpa thank you, thats perfect! :)


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 7:44 pm 
Offline
Newbie

Joined: Fri Sep 30, 2011 10:24 pm
Posts: 7
This is something that was reported in beta-2 (and supposedly fixed), but in my environment we are still having the issue of Win7 systems not displaying the correct "last-logged-on" user.

The audit_windows.vbs that is included in beta-4 tries to fix this problem by checking for empty or non-existent key under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName. Unfortunately, Win7 does not leave that key empty, nor deletes the key when joining a domain. Therefore, Win7 audits submit the last user that logged in before joining the domain, instead of the true last-logged-on user.

You only need to switch order in which you check those registry keys:
1. First check for the Win7 key (HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser).
2. If value returned is NULL, check the WinXP key (HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName)

In a previous post, i have outlined a different approach in fixing this, which i have tested and works well:
http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5753&start=15#p19797

I am now going to change that on the new vbs as well, but i sure hope this small fix is included on the next release.

(needless to say thank you mark and anyone contributing to this - once again: This piece of software rocks!)

_________________
Server Info:
OS : CentOS Linux release 6.0 (Final)
Auditing: 700 machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 21, 2011 8:08 pm 
Offline
Newbie

Joined: Fri Sep 30, 2011 10:24 pm
Posts: 7
Mark wrote:
@JPA - ahh yeah, sure. So anyone have any idea's on how to overcome this? I could incorporate the correct string to split on, but I'll need one per language...


Okay, i faced the same problem with the scipt complaining about line 2134...
First i thought it would be useful to debug the problem, so i added a line to print the text under processing that caused the problem, on line 2132:
Code:
wscript.echo mess2(0)


It turned out that it was only one entry that caused the problem. The software entry that caused the issue was formatted like this:
Code:
??: Blah-blah-software_name

instead of
Code:
Product: Blah-blah-software_name


So i gave it a very quick fix by removing my wscript.echo and then changing line 2133 from:
Code:
mess3 = split(mess2(0), "Product:")

into:
Code:
mess3 = split(mess2(0), ": ")


This is the best i could do quickly, provided that i am not considered a VB programmer, i am going to look for a way of getting everything in the string after the first semi-colon (that would be better). Adding a whitespace after the semicolon -as i did above- somewhat helps, but that should not be failsafe (in case some product included semi-colon in the software_name).

_________________
Server Info:
OS : CentOS Linux release 6.0 (Final)
Auditing: 700 machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 22, 2011 9:55 pm 
Offline
Newbie

Joined: Fri Sep 30, 2011 10:24 pm
Posts: 7
POC for permanently fixing the line 2134 error on audit_windows.vbs:
Code:
Option explicit
Dim StrSource,StrProduct
Dim offset

StrSource = "??: Microsoft Office Language Pack"      ' Len() returns 34.
offset=InStr(1,StrSource,": ")+1                      ' offset=5.
StrProduct = Right(StrSource, Len(StrSource)-offset)
WScript.Echo(StrProduct)    ' outputs: Microsoft Office Language Pack.

If needed i can post a diff on monday, as soon as i fix the audit_windows script at my workplace...

_________________
Server Info:
OS : CentOS Linux release 6.0 (Final)
Auditing: 700 machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Sun Oct 23, 2011 4:57 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
Uhhh, as I stated above don't use split AT ALL. Use InStr and Mid. Problem solved as long as the colon and double dash are there.

For future reference I think MID would be better than RIGHT in your example joofoo as it's not necessary to calculate the length of the string with MID.

Code:
StrProduct = Mid(StrSource,offset)


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 25, 2011 8:29 am 
Offline
Helper

Joined: Fri Feb 19, 2010 1:02 am
Posts: 67
Location: Washington State, USA
@joofoo I made the change you suggested to my audit_windows.vbs, and it is picking up user names much better. Thank you.

_________________
Server Info:
OA: v1.0.3
OS: Ubuntu 13.04 on Hyper-V for Website (LAMP)
OS: Windows Server 2008 R2 for Script (Domain Server)
Auditing: 366 Machines (XP/Win7/Ubuntu)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 26, 2011 1:19 am 
Offline
Newbie

Joined: Thu Apr 30, 2009 7:54 pm
Posts: 5
I've just upgraded to Beta 4 from Beta 1.1 however I can't work out how to upgrade the database.
I was expecting it to tell me my database was out of date and offer to upgrade it but no such luck and I really don't want to dump the current database and start over unless I really have to. Anyone have any ideas?


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 26, 2011 2:14 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
Log in to OAv2.
Select Help menu and then About.
The page should tell you your database needs an upgrade and have a link to upgrade the db.


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 26, 2011 4:25 am 
Offline
Newbie

Joined: Thu Apr 30, 2009 7:54 pm
Posts: 5
Thanks that sorted it.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 66 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group