Open-AudIT

What's on your network?
It is currently Wed Jan 17, 2018 7:10 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 12 posts ] 
Author Message
PostPosted: Thu Apr 03, 2014 4:20 am 
Offline
Newbie
User avatar

Joined: Mon Mar 31, 2014 10:37 pm
Posts: 11
Location: Munich - Germany
First at all, this OpenAudit thing is amazing!!!!
But I have a request and I hope someone can help me.

I need to have more informations about the CPU within the Database. For SQL Server Audit is is important how many Sockets and Cores are within the Box.

With this command:
wmic /output:c:\temp\processor.txt cpu get

I'll get a lot of information's from the CPU. Can someone explain me how can I add additonal values to the CPU Informations?
I would need the number of Socket CPU and the NumberOfCores.

Million thanks in advance!

_________________
Senior IT & SAM Conultant - Asset Consult GmbH - Germany
Microsoft SAM Gold Partner - since 2009
--------------------------------------------------------------------------
MCT, MCSE, MCITP, CCNA, Surveyor for digital Forensic & Datacentre Security


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 6:16 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
This information should already be audited. When viewing a system Sockets is under the Hardware->Motherboard section and CPU cores is under Hardware->Processor.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 7:06 am 
Offline
Newbie
User avatar

Joined: Mon Mar 31, 2014 10:37 pm
Posts: 11
Location: Munich - Germany
jpa wrote:
This information should already be audited. When viewing a system Sockets is under the Hardware->Motherboard section and CPU cores is under Hardware->Processor.


It is but the value is wrong. The script will audit the cores with hyper threading. In the meantime I have found the error:

Current Code - start at line 641.

Code:
set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,32)
error_returned = Err.Number : if (error_returned <> 0 and debugging > "0") then wscript.echo check_wbem_error(error_returned) & " (Win32_ComputerSystem)" : audit_wmi_fails = audit_wmi_fails & "Win32_ComputerSystem " : end if
for each objItem in colItems
   ' this is no longer used because it is actually the NetBIOS name, not the hostname
   ' we grab it to a temp variable to use below in a last resort situation
   i = objItem.Name
   'This is not used because it is not available on Win2000 or WinXP
   'system_hostname = LCase(objItem.DNSHostName)
   system_domain = objItem.Domain
   if details_to_lower = "y" then system_domain = lcase(system_domain) end if
   system_pc_num_processor = 0
   on error resume next
      system_pc_num_processor = objItem.NumberOfLogicalProcessors
   on error goto 0
   if (system_pc_num_processor = 0) then system_pc_num_processor = objItem.NumberOfProcessors end if
   system_model = objItem.Model
   windows_domain_role = objItem.DomainRole
   ' below only checks when OS is XP or later (not 2000 or NT)
   windows_part_of_domain = FALSE
   if (windows_build_number >= 2600) then windows_part_of_domain = objItem.PartOfDomain end if
next


The only problem is, that this value will not work propper on WindowsXP and/or Windows 2003. I guess it make sense to keep the value from the original script and go ahead if the OS is WindowsXP or Windows2003. On the other hand both OS are not longer supportet and the Core related licensing are running only on x64 machines.

My code - select line 641 to 661 and use this. Additional values are disabled but you can see what could be available.

Code:
set colItems = objWMIService.ExecQuery("Select * from Win32_Processor",,48)
for each objItem in colItems
   system_pc_num_processor = 0
      'cpu_value_AddressWidth=objItem.AddressWidth
      'cpu_value_Architecture=objItem.Architecture
      'cpu_value_Availability=objItem.Availability
      'cpu_value_Caption=objItem.Caption
      'cpu_value_ConfigManagerErrorCode=objItem.ConfigManagerErrorCode
      'cpu_value_ConfigManagerUserConfig=objItem.ConfigManagerUserConfig
      'cpu_value_CpuStatus=objItem.CpuStatus
      'cpu_value_CreationClassName=objItem.CreationClassName
      'cpu_value_CurrentClockSpeed=objItem.CurrentClockSpeed
      'cpu_value_CurrentVoltage=objItem.CurrentVoltage
      'cpu_value_DataWidth=objItem.DataWidth
      'cpu_value_Description=objItem.Description
      'cpu_value_DeviceID=objItem.DeviceID
      'cpu_value_ErrorCleared=objItem.ErrorCleared
      'cpu_value_ErrorDescription=objItem.ErrorDescription
      'cpu_value_ExtClock=objItem.ExtClock
      'cpu_value_Family=objItem.Family
      'cpu_value_InstallDate=objItem.InstallDate
      'cpu_value_L2CacheSize=objItem.L2CacheSize
      'cpu_value_L2CacheSpeed=objItem.L2CacheSpeed
      'cpu_value_L3CacheSize=objItem.L3CacheSize
      'cpu_value_L3CacheSpeed=objItem.L3CacheSpeed
      'cpu_value_LastErrorCode=objItem.LastErrorCode
      'cpu_value_Level=objItem.Level
      'cpu_value_LoadPercentage=objItem.LoadPercentage
      'cpu_value_Manufacturer=objItem.Manufacturer
      'cpu_value_MaxClockSpeed=objItem.MaxClockSpeed
      'cpu_value_Name=objItem.Name
      'cpu_value_NumberOfCores=objItem.NumberOfCores
      'cpu_value_NumberOfLogicalProcessors=objItem.NumberOfLogicalProcessors
      'cpu_value_OtherFamilyDescription=objItem.OtherFamilyDescription
      'cpu_value_PNPDeviceID=objItem.PNPDeviceID
      'cpu_value_PowerManagementCapabilities=objItem.PowerManagementCapabilities
      'cpu_value_PowerManagementSupported=objItem.PowerManagementSupported
      'cpu_value_ProcessorId=objItem.ProcessorId
      'cpu_value_ProcessorType=objItem.ProcessorType
      'cpu_value_Revision=objItem.Revision
      'cpu_value_Role=objItem.Role
      'cpu_value_SocketDesignation=objItem.SocketDesignation
      'cpu_value_Status=objItem.Status
      'cpu_value_StatusInfo=objItem.StatusInfo
      'cpu_value_Stepping=objItem.Stepping
      'cpu_value_SystemCreationClassName=objItem.SystemCreationClassName
      'cpu_value_SystemName=objItem.SystemName
      'cpu_value_UniqueId=objItem.UniqueId
      'cpu_value_UpgradeMethod=objItem.UpgradeMethod
      'cpu_value_Version=objItem.Version
      'cpu_value_VoltageCaps=objItem.VoltageCaps
   system_pc_num_processor = objItem.NumberOfCores
next

set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,32)
error_returned = Err.Number : if (error_returned <> 0 and debugging > "0") then wscript.echo check_wbem_error(error_returned) & " (Win32_ComputerSystem)" : audit_wmi_fails = audit_wmi_fails & "Win32_ComputerSystem " : end if
for each objItem in colItems
   ' this is no longer used because it is actually the NetBIOS name, not the hostname
   ' we grab it to a temp variable to use below in a last resort situation
   i = objItem.Name
   'This is not used because it is not available on Win2000 or WinXP
   'system_hostname = LCase(objItem.DNSHostName)
   system_domain = objItem.Domain
   if details_to_lower = "y" then system_domain = lcase(system_domain) end if
   'system_pc_num_processor = 0
   'on error resume next
   'system_pc_num_processor = objItem.NumberOfCores
   'on error goto 0
   'if (system_pc_num_processor = 0) then system_pc_num_processor = objItem.NumberOfCores end if
   system_model = objItem.Model
   windows_domain_role = objItem.DomainRole
   ' below only checks when OS is XP or later (not 2000 or NT)
   windows_part_of_domain = FALSE
   if (windows_build_number >= 2600) then windows_part_of_domain = objItem.PartOfDomain end if
next


Now you have the real cores from the system. It will also work with virtual Machines.

_________________
Senior IT & SAM Conultant - Asset Consult GmbH - Germany
Microsoft SAM Gold Partner - since 2009
--------------------------------------------------------------------------
MCT, MCSE, MCITP, CCNA, Surveyor for digital Forensic & Datacentre Security


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 9:11 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
You have the right idea but your changes will cause the audit script to break on XP/2003 so keep that in mind. XP is not quite dead yet and Server 2003 is supported through 7/15/2015.

Reviewing this I do see the audit script might cut a few too many corners when auditing the processor info. For example, although you probably wouldn't want to do it, I think you can put two processors with different core counts in a system and it will work. So if you have a 4 core and 6 core cpu the system should show 10 cores. The current script will not audit this correctly.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 9:13 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
I have made alterations to the Windows script. I now test to see if we're on XP/2003 or earlier. If we are, we use the old method. If we're on a later version, we use Win32_Processor -> NumberOfCores. Look for these improvements in the next release.

Thanks for posting the code. I knew of the limitation regarding XP/2003 and counting physical processors / cores / threads.
You're right, now that they're being phased out, we should make use of the correct value where we can.
Thanks again.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 9:38 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Damn - the code isn't quite that simple.
If we just read a single instance of Win32_Processor -> NumberOfCores, we will get the number of cores on that particular processor - not the total in the machine.
I'll sort it out.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 2:55 pm 
Offline
Newbie
User avatar

Joined: Mon Mar 31, 2014 10:37 pm
Posts: 11
Location: Munich - Germany
Is it possible to make a CPU listing?
This would be damn cool...

Example:

CPU0 INTEL XEON 4 Cores 8 HT
CPU1 INTEL XEON 8 Cores 16 HT

The values are available. I have it within a PowerShell script.
But I have no clue how to add it to the OA Database.

_________________
Senior IT & SAM Conultant - Asset Consult GmbH - Germany
Microsoft SAM Gold Partner - since 2009
--------------------------------------------------------------------------
MCT, MCSE, MCITP, CCNA, Surveyor for digital Forensic & Datacentre Security


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 4:08 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
I have it working like this at the moment.
I think it's good enough :-)

PS - Do people actually mix different CPUs in a single server in reality? If so, WHY?

Attachment:
processor.png
processor.png [ 13.32 KiB | Viewed 3397 times ]

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 03, 2014 4:47 pm 
Offline
Newbie
User avatar

Joined: Mon Mar 31, 2014 10:37 pm
Posts: 11
Location: Munich - Germany
Uhhhhh...
This rocks:-P:-P:-P:-P

Can you provide me the Script & the SQL DB for this please?
It's damn cute if it works within this way :-)

Million thanks m8!!

_________________
Senior IT & SAM Conultant - Asset Consult GmbH - Germany
Microsoft SAM Gold Partner - since 2009
--------------------------------------------------------------------------
MCT, MCSE, MCITP, CCNA, Surveyor for digital Forensic & Datacentre Security


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 04, 2014 1:33 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
I think you'll need to wait for the next version. I suspect Mark had to touch quite a few files to make this change.


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 04, 2014 4:46 am 
Offline
Newbie
User avatar

Joined: Mon Mar 31, 2014 10:37 pm
Posts: 11
Location: Munich - Germany
jpa wrote:
I think you'll need to wait for the next version. I suspect Mark had to touch quite a few files to make this change.


Thanks!

_________________
Senior IT & SAM Conultant - Asset Consult GmbH - Germany
Microsoft SAM Gold Partner - since 2009
--------------------------------------------------------------------------
MCT, MCSE, MCITP, CCNA, Surveyor for digital Forensic & Datacentre Security


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 04, 2014 5:37 pm 
Offline
Newbie
User avatar

Joined: Mon Mar 31, 2014 10:37 pm
Posts: 11
Location: Munich - Germany
Hi Mark!!
Because of the CPU/Core/HT detection I use this script currently to cross check.
May be it will help you too.

Code:
$cs = Get-ADComputer -LDAPFilter "(name=host*)"
foreach($c in $cs){
    gWmi -class Win32_Processor -ComputerName $c.Name | select SystemName,DeviceID,Number*
}


[img]
http://up.picr.de/17857243vs.jpg
[/img]

_________________
Senior IT & SAM Conultant - Asset Consult GmbH - Germany
Microsoft SAM Gold Partner - since 2009
--------------------------------------------------------------------------
MCT, MCSE, MCITP, CCNA, Surveyor for digital Forensic & Datacentre Security


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group