Open-AudIT

What's on your network?
It is currently Mon Jan 22, 2018 3:00 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Thu Feb 09, 2017 1:33 am 
Offline
Newbie

Joined: Wed Feb 08, 2017 12:07 am
Posts: 2
Hi everyone,


I've been looking for a specific feature in OpenAudIT Enterprise which I haven't found yet and I'd like to know if there is any way to achieve what I want.

Since OAE scans my network every 60 minutes, would it be possible for it to notify me whenever it finds a device which it hasn't seen before? Once I have inventoried all our devices, every device that is found is something not under our control and therefor not authorized to use the network. Except, of course, I add a new device myself, then I could just ignore the alert.

At the moment I'm using the Reports feature that gives me all devices found within the last 24 hours, but I get that only once a day, and most of the time it's empty anyway - it would be great if it only came when there were any actual results.

Thank you!


Top
 Profile  
Reply with quote  
PostPosted: Fri Feb 10, 2017 10:10 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Interesting post and good thoughts. Thanks for posting. Stuff like this makes me think and improves the product!

To answer your questions, though...

I think you're doing all that can be done at the moment. You could write a report for only Unknown Devices and run it. Scratch that - the query definition is below. Menu -> Admin -> Queries -> Import Query to get it into Open-AudIT.

Only having it email if it has contents is not currently possible - sorry. I've made a note to think about this sort of thing for a future release. Thanks for the idea.

Code:
<?xml version="1.0" encoding="ISO-8859-1"?>
<report>
   <details>
      <report_name>Unknown Devices</report_name>
      <report_description>Icon, name, ip address, first seen, last seen, last seen by.</report_description>
      <report_display_in_menu>y</report_display_in_menu>
      <report_sql><![CDATA[SELECT system.id AS `system.id`, system.icon AS `system.icon`, system.type AS `system.type`, system.name AS `system.name`, system.domain AS `system.domain`, system.ip AS `system.ip`, system.first_seen AS `system.first_seen`, system.last_seen AS `system.last_seen`, system.last_seen_by AS `system.last_seen_by`, system.os_family AS `system.os_family` FROM system LEFT JOIN oa_group_sys ON (oa_group_sys.system_id = system.id) WHERE oa_group_sys.group_id = @group AND system.type = 'unknown' GROUP BY system.id ORDER BY system.name]]></report_sql>
      <report_view_file>v_report</report_view_file>
      <report_view_contents></report_view_contents>
      <report_processing></report_processing>
      <report_sort_column>0</report_sort_column>
   </details>
   <columns>
      <column>
         <id>207</id>
         <column_order>1</column_order>
         <column_name>Icon</column_name>
         <column_variable>system.icon</column_variable>
         <column_type>image</column_type>
         <column_link></column_link>
         <column_secondary>system.os_family</column_secondary>
         <column_ternary></column_ternary>
         <column_align>center</column_align>
      </column>
      <column>
         <id>208</id>
         <column_order>2</column_order>
         <column_name>Device Name</column_name>
         <column_variable>system.name</column_variable>
         <column_type>link</column_type>
         <column_link>/devices/</column_link>
         <column_secondary>system.id</column_secondary>
         <column_ternary></column_ternary>
         <column_align>left</column_align>
      </column>
      <column>
         <id>209</id>
         <column_order>3</column_order>
         <column_name>Type</column_name>
         <column_variable>system.type</column_variable>
         <column_type>text</column_type>
         <column_link></column_link>
         <column_secondary></column_secondary>
         <column_ternary></column_ternary>
         <column_align>left</column_align>
      </column>
      <column>
         <id>210</id>
         <column_order>4</column_order>
         <column_name>IP Address</column_name>
         <column_variable>system.ip</column_variable>
         <column_type>ip_address</column_type>
         <column_link></column_link>
         <column_secondary></column_secondary>
         <column_ternary></column_ternary>
         <column_align>left</column_align>
      </column>
      <column>
         <id>211</id>
         <column_order>5</column_order>
         <column_name>Manufacturer</column_name>
         <column_variable>system.first_seen</column_variable>
         <column_type>text</column_type>
         <column_link></column_link>
         <column_secondary></column_secondary>
         <column_ternary></column_ternary>
         <column_align>left</column_align>
      </column>
      <column>
         <id>212</id>
         <column_order>6</column_order>
         <column_name>Model</column_name>
         <column_variable>system.last_seen</column_variable>
         <column_type>text</column_type>
         <column_link></column_link>
         <column_secondary></column_secondary>
         <column_ternary></column_ternary>
         <column_align>left</column_align>
      </column>
      <column>
         <id>213</id>
         <column_order>7</column_order>
         <column_name>Serial</column_name>
         <column_variable>system.last_seen_by</column_variable>
         <column_type>text</column_type>
         <column_link></column_link>
         <column_secondary></column_secondary>
         <column_ternary></column_ternary>
         <column_align>left</column_align>
      </column>
   </columns>
</report>


EDIT - Fixed query as per JPA's suggestion below.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 13, 2017 11:14 pm 
Offline
Newbie

Joined: Wed Feb 08, 2017 12:07 am
Posts: 2
Hi Mark,

thanks a lot for getting back to me personally and even supplying me with a query! :)
However, the query gives me a PHP Error - see attached screenshot. I'm running the NMIS appliance VM. Any idea what I could do about it?

Thank you!


Attachments:
2017-02-13 14_13_23-Unknown Devices.png
2017-02-13 14_13_23-Unknown Devices.png [ 26.79 KiB | Viewed 1140 times ]
Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 14, 2017 3:16 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1226
Add os_family to the SELECT query as in (no guarantees, not tested):
Code:
<report_sql><![CDATA[SELECT system.id AS `system.id`, system.icon AS `system.icon`, system.type AS `system.type`, system.name AS `system.name`, system.domain AS `system.domain`, system.ip AS `system.ip`, system.os_family AS `system.os_family`, system.first_seen AS `system.first_seen`, system.last_seen AS `system.last_seen`, system.last_seen_by AS `system.last_seen_by` FROM system LEFT JOIN oa_group_sys ON (oa_group_sys.system_id = system.id) WHERE oa_group_sys.group_id = @group AND system.type = 'unknown' GROUP BY system.id ORDER BY system.name]]></report_sql>


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 14, 2017 8:59 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Apologies username123. Thanks JPA. Query updated above.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group