| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| [bug] multiple computers overwriting the data of system ID81 https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6464 |
Page 1 of 1 |
| Author: | swilkey [ Wed Sep 30, 2015 10:14 pm ] |
| Post subject: | [bug] multiple computers overwriting the data of system ID81 |
Open Audit 1.6.4 Amazon Linux (Amazon EC2 Cloud) Web server: apache no domain. Auditing using the audit script. We are seeing multiple computers overwriting the data of system ID 81. We've only noticed it with this system id. We don't understand how this is possible as our understanding is that without a domain or active directory the UUID is used for system uniqueness. It seems to me that the chances of having duplicate UUIDs is low in an organisation with around 120 computers, yet we have at least 4 computers trying to share this system ID. Any suggestions what I can do to investigate this? Thanks, Stephen |
|
| Author: | jpa [ Thu Oct 01, 2015 1:34 am ] |
| Post subject: | Re: [bug] multiple computers overwriting the data of system |
Audit the overwriting machines to file to get an idea of what's being inserted. [code]cscript audit_windows.vbs submit_online=n create_file=y[/code] What do we have for UUID, hostname, man_ip_address? Any collisions? The code that tries to determine if a machine is new or just an update has changed through the various OA versions. If you really what to know what's happening you need to look in m_system.php. |
|
| Author: | el_geto [ Sat Oct 10, 2015 3:47 am ] |
| Post subject: | Re: [bug] multiple computers overwriting the data of system |
What happens if you delete device ID81? Do they go to and overwrite ID82? Edit: I make this comment because in my case, I have a lab with virtualbox installed, which created a virtual network device with its own MAC address and IP address. Since this is a lab, it just happens that all MAC addresses are the same and all IP addresses ended up being the same. Because of OA matching rules, audits were overwritting the same record. |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|