Open-AudIT
https://www.open-audit.org/phpBB3/

Some PCs overrides themselves in Database
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6335		 Page 1 of 1
Author:  Oeser [ Tue Jun 03, 2014 6:35 pm ]
Post subject:  Some PCs overrides themselves in Database
I've got two Mac PCs with different audits but openaudit match them as they were the same.
We configured Openaudit to match only the hostname (name_match: y Should we match a device based only on its hostname as a last resort.)
Do you have a hint for me?

Audit 1:
<?xml version="1.0" encoding="UTF-8"?>
<system>
<sys>
<timestamp>2014-05-27 09:23:49</timestamp>
<uuid>D8E3B1AF-9FCF-52EC-A2C3-C5AA423ADBB8</uuid>
<hostname>LT0019364</hostname>
<man_ip_address>10.40.106.171</man_ip_address>
<domain>testdom.de</domain>
<description>Apple MacBook Air / Hr. Name1</description>
<type>computer</type>
<man_type>laptop</man_type>
<man_owner>Meine Firma</man_owner>
<man_location_id>1</man_location_id>
<os_icon>apple</os_icon>
<os_group>Apple</os_group>
<os_family>Apple OSX</os_family>
<os_name>OSX 10.9.3</os_name>
<os_version>10.9.3</os_version>
<serial>C02JF2KNDKQ5</serial>
<model>MacBookPro10,1</model>
<manufacturer>Apple Inc</manufacturer>
<uptime></uptime>
<form_factor>laptop</form_factor>
<pc_os_bit>64</pc_os_bit>
<pc_memory>16777216</pc_memory>
<pc_num_processor>8</pc_num_processor>
<pc_date_os_installation>2013-12-03 12:46:44</pc_date_os_installation>
<man_org_id>1</man_org_id>
</sys>
<network_cards>
<network_card>
<net_mac_address>a8:20:66:2c:23:9c</net_mac_address>
<net_manufacturer>Apple</net_manufacturer>
<net_model>Thunderbolt Ethernet</net_model>
<net_description>Thunderbolt Ethernet Ethernet</net_description>
<net_ip_enabled></net_ip_enabled>
<net_connection_id>en2</net_connection_id>
<net_connection_status></net_connection_status>
<net_speed></net_speed>
<net_adapter_type>Ethernet</net_adapter_type>
<net_dhcp_enabled></net_dhcp_enabled>
<net_dhcp_server></net_dhcp_server>
<net_dhcp_lease_obtained></net_dhcp_lease_obtained>
<net_dhcp_lease_expires></net_dhcp_lease_expires>
<net_dns_host_name></net_dns_host_name>
<net_dns_domain></net_dns_domain>
<net_dns_domain_reg_enabled></net_dns_domain_reg_enabled>
<net_dns_server></net_dns_server>
<net_wins_primary></net_wins_primary>
<net_wins_secondary></net_wins_secondary>
<net_wins_lmhosts_enabled></net_wins_lmhosts_enabled>
</network_card>
<network_card>
<net_mac_address>14:10:9f:d0:ea:91</net_mac_address>
<net_manufacturer>Apple</net_manufacturer>
<net_model>Wi-Fi</net_model>
<net_description>Wi-Fi AirPort</net_description>
<net_ip_enabled></net_ip_enabled>
<net_connection_id>en0</net_connection_id>
<net_connection_status></net_connection_status>
<net_speed></net_speed>
<net_adapter_type>AirPort</net_adapter_type>
<net_dhcp_enabled></net_dhcp_enabled>
<net_dhcp_server></net_dhcp_server>
<net_dhcp_lease_obtained></net_dhcp_lease_obtained>
<net_dhcp_lease_expires></net_dhcp_lease_expires>
<net_dns_host_name></net_dns_host_name>
<net_dns_domain></net_dns_domain>
<net_dns_domain_reg_enabled></net_dns_domain_reg_enabled>
<net_dns_server></net_dns_server>
<net_wins_primary></net_wins_primary>
<net_wins_secondary></net_wins_secondary>
<net_wins_lmhosts_enabled></net_wins_lmhosts_enabled>
</network_card>
</network_cards>
<addresses>
<ip_address>
<net_mac_address>a8:20:66:2c:23:9c</net_mac_address>
<ip_address_v4>10.40.106.171</ip_address_v4>
<ip_address_v6></ip_address_v6>
<ip_subnet>255.255.255.0</ip_subnet>
<ip_address_version>4</ip_address_version>
</ip_address>
<ip_address>
<net_mac_address>14:10:9f:d0:ea:91</net_mac_address>
<ip_address_v4></ip_address_v4>
<ip_address_v6></ip_address_v6>
<ip_subnet></ip_subnet>
<ip_address_version>4</ip_address_version>
</ip_address>
</addresses>
<processor>
<processor_cores>8</processor_cores>
<processor_socket></processor_socket>
<processor_description>Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz</processor_description>
<processor_speed>2600.0</processor_speed>
<processor_manufacturer>GenuineIntel</processor_manufacturer>
<processor_power_management_supported></processor_power_management_supported>
</processor>
<memory>
<slot>
<bank>DIMM 0</bank>
<type></type>
<form_factor></form_factor>
<detail>DDR3</detail>
<capacity>8192</capacity>
<speed>1600 MHz</speed>
<tag>BANK 0</tag>
<serial>-</serial>
</slot>
<slot>
<bank>DIMM 1</bank>
<type></type>
<form_factor></form_factor>
<detail>DDR3</detail>
<capacity>8192</capacity>
<speed>1600 MHz</speed>
<tag>BANK 1</tag>
<serial>-</serial>
</slot>
</memory>
<software>
<!-- Software ausgelassen -->
</software>
</system>

Audit 2:
<?xml version="1.0" encoding="UTF-8"?>
<system>
<sys>
<timestamp>2014-05-27 16:33:21</timestamp>
<uuid>24C349D5-51FB-5E5F-A951-6AD69F7C8CF7</uuid>
<hostname>LT0019365</hostname>
<man_ip_address>10.40.106.172</man_ip_address>
<domain>testdom.de</domain>
<description>Apple MacBook Air / Hr. Name2</description>
<type>computer</type>
<man_type>laptop</man_type>
<man_owner>Meine Firma</man_owner>
<man_location_id>1</man_location_id>
<os_icon>apple</os_icon>
<os_group>Apple</os_group>
<os_family>Apple OSX</os_family>
<os_name>OSX 10.9.3</os_name>
<os_version>10.9.3</os_version>
<serial>C02J68APDKQ5</serial>
<model>MacBookPro10,1</model>
<manufacturer>Apple Inc</manufacturer>
<uptime></uptime>
<form_factor>laptop</form_factor>
<pc_os_bit>64</pc_os_bit>
<pc_memory>16777216</pc_memory>
<pc_num_processor>8</pc_num_processor>
<pc_date_os_installation>2013-12-11 13:37:26</pc_date_os_installation>
<man_org_id>1</man_org_id>
</sys>
<network_cards>
<network_card>
<net_mac_address>20:c9:d0:44:65:b1</net_mac_address>
<net_manufacturer>Apple</net_manufacturer>
<net_model>Wi-Fi</net_model>
<net_description>Wi-Fi AirPort</net_description>
<net_ip_enabled></net_ip_enabled>
<net_connection_id>en0</net_connection_id>
<net_connection_status></net_connection_status>
<net_speed></net_speed>
<net_adapter_type>AirPort</net_adapter_type>
<net_dhcp_enabled></net_dhcp_enabled>
<net_dhcp_server></net_dhcp_server>
<net_dhcp_lease_obtained></net_dhcp_lease_obtained>
<net_dhcp_lease_expires></net_dhcp_lease_expires>
<net_dns_host_name></net_dns_host_name>
<net_dns_domain></net_dns_domain>
<net_dns_domain_reg_enabled></net_dns_domain_reg_enabled>
<net_dns_server></net_dns_server>
<net_wins_primary></net_wins_primary>
<net_wins_secondary></net_wins_secondary>
<net_wins_lmhosts_enabled></net_wins_lmhosts_enabled>
</network_card>
<network_card>
<net_mac_address>a8:20:66:2c:23:9c</net_mac_address>
<net_manufacturer>Apple</net_manufacturer>
<net_model>Thunderbolt Ethernet</net_model>
<net_description>Thunderbolt Ethernet Ethernet</net_description>
<net_ip_enabled></net_ip_enabled>
<net_connection_id>en7</net_connection_id>
<net_connection_status></net_connection_status>
<net_speed></net_speed>
<net_adapter_type>Ethernet</net_adapter_type>
<net_dhcp_enabled></net_dhcp_enabled>
<net_dhcp_server></net_dhcp_server>
<net_dhcp_lease_obtained></net_dhcp_lease_obtained>
<net_dhcp_lease_expires></net_dhcp_lease_expires>
<net_dns_host_name></net_dns_host_name>
<net_dns_domain></net_dns_domain>
<net_dns_domain_reg_enabled></net_dns_domain_reg_enabled>
<net_dns_server></net_dns_server>
<net_wins_primary></net_wins_primary>
<net_wins_secondary></net_wins_secondary>
<net_wins_lmhosts_enabled></net_wins_lmhosts_enabled>
</network_card>
</network_cards>
<addresses>
<ip_address>
<net_mac_address>20:c9:d0:44:65:b1</net_mac_address>
<ip_address_v4></ip_address_v4>
<ip_address_v6></ip_address_v6>
<ip_subnet></ip_subnet>
<ip_address_version>4</ip_address_version>
</ip_address>
<ip_address>
<net_mac_address>a8:20:66:2c:23:9c</net_mac_address>
<ip_address_v4>10.40.106.171</ip_address_v4>
<ip_address_v6></ip_address_v6>
<ip_subnet>255.255.255.0</ip_subnet>
<ip_address_version>4</ip_address_version>
</ip_address>
</addresses>
<processor>
<processor_cores>8</processor_cores>
<processor_socket></processor_socket>
<processor_description>Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz</processor_description>
<processor_speed>2600.0</processor_speed>
<processor_manufacturer>GenuineIntel</processor_manufacturer>
<processor_power_management_supported></processor_power_management_supported>
</processor>
<memory>
<slot>
<bank>DIMM 0</bank>
<type></type>
<form_factor></form_factor>
<detail>DDR3</detail>
<capacity>8192</capacity>
<speed>1600 MHz</speed>
<tag>BANK 0</tag>
<serial>-</serial>
</slot>
<slot>
<bank>DIMM 1</bank>
<type></type>
<form_factor></form_factor>
<detail>DDR3</detail>
<capacity>8192</capacity>
<speed>1600 MHz</speed>
<tag>BANK 1</tag>
<serial>-</serial>
</slot>
</memory>
<software>
<!-- Software ausgelassen -->
</software>
</system>
Author:  Mark [ Wed Jun 04, 2014 5:00 pm ]
Post subject:  Re: Some PCs overrides themselves in Database
These two devices should definitley NOT be matching in the database.
Hostnames are different, UUIDs are different.
The way Open-AudIT determines system uniqueness is details here -
[url]https://community.opmantek.com/display/OA/Information+about+how+Open-AudIT+processes+and+stores+data[/url]

As you're running an actual audit script and returning valid and different values for hostname and UUID, I don't see why they would be matching.
I'll grab the XML and try it on my install and see what happens...

EDIT - Confirmed. I get a matching device. I'll update here what I find.
Author:  jpa [ Thu Jun 05, 2014 1:30 am ]
Post subject:  Re: Some PCs overrides themselves in Database
Mark will find this himself but the Thunderbolt Ethernet has the same net_mac_address in both audits. Likely culprit.
Author:  Mark [ Thu Jun 05, 2014 8:37 am ]
Post subject:  Re: Some PCs overrides themselves in Database
So I can see the Thunderbolt Ethernet adapter has the same MAC Address (thanks JPA) :D
I'm guessing you moved the adapter from one PC to the other when you audited them?
In that case, yes, the PCs will match.
MAC Address is one of the fields we match on... as per [url]https://community.opmantek.com/display/OA/Information+about+how+Open-AudIT+processes+and+stores+data[/url].
Remove the adapter, re-run the audit and you should be fine.

Oh - and if you run the audits and get two devices (as you should), then you use the same thunderbolt adapter in both devices and run the audits again - you should still see two separate devices. The separate devices will match on their UUIDs before they hit the MAC Address section of code.
Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/