Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 11:46 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Wed Sep 30, 2015 10:14 pm 
Offline
Newbie

Joined: Thu Apr 09, 2015 4:30 pm
Posts: 25
Open Audit 1.6.4
Amazon Linux (Amazon EC2 Cloud)
Web server: apache
no domain. Auditing using the audit script.

We are seeing multiple computers overwriting the data of system ID 81. We've only noticed it with this system id. We don't understand how this is possible as our understanding is that without a domain or active directory the UUID is used for system uniqueness. It seems to me that the chances of having duplicate UUIDs is low in an organisation with around 120 computers, yet we have at least 4 computers trying to share this system ID.

Any suggestions what I can do to investigate this?

Thanks,
Stephen


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 01, 2015 1:34 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Audit the overwriting machines to file to get an idea of what's being inserted.
[code]cscript audit_windows.vbs submit_online=n create_file=y[/code]

What do we have for UUID, hostname, man_ip_address? Any collisions?

The code that tries to determine if a machine is new or just an update has changed through the various OA versions. If you really what to know what's happening you need to look in m_system.php.


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 10, 2015 3:47 am 
Offline
Contributor

Joined: Wed Apr 07, 2010 8:04 am
Posts: 105
Location: Boston, MA
What happens if you delete device ID81? Do they go to and overwrite ID82?

Edit: I make this comment because in my case, I have a lab with virtualbox installed, which created a virtual network device with its own MAC address and IP address. Since this is a lab, it just happens that all MAC addresses are the same and all IP addresses ended up being the same. Because of OA matching rules, audits were overwritting the same record.

_________________
Old OA Setup: 500 Windows 7 workstations & 200 Apple OSX with OA v1.5.2 on Windows Server 2003 and WAMP 2
New OA Setup: 100 Windows servers with OA 2.2 on Windows Server 2016 and WAMP 3


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group