Open-AudIT
https://www.open-audit.org/phpBB3/

Windows audit v2.0.3
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6611
Page 1 of 1

Author:  caninfo [ Thu Jul 27, 2017 5:13 pm ]
Post subject:  Windows audit v2.0.3

Hi,

when i start a discovery from the web page, i never receive the audit windows informations (pc or server).

log discovery :

5096 27/07/2017 09:03 wmi_helper wmi_audit WMI audit complete
5097 27/07/2017 09:03 m_device find_system Could not find a match for the device with IP 10.106.50.1
5098 27/07/2017 09:03 include_input_discoveries discoveries Start of WINDOWS insert for 10.106.50.1
5099 27/07/2017 09:03 include_input_discoveries discoveries End of WINDOWS insert for 10.106.50.1 (System ID 24)
5100 27/07/2017 09:03 include_input_discoveries discoveries Update the previous log entries with our new system_id 0.019665 /* input::discoveries */ UPDATE discovery_log SET system_id = 24 WHERE pid = 1584 and ip = '10.106.50.1'

5101 27/07/2017 09:03 include_input_discoveries discoveries Processing found network interfaces for 10.106.50.1 (System ID 24)
5102 27/07/2017 09:03 m_devices_componenets process_component Processing component (ip) start for 10.106.50.1 (ps06hw01) process audit

5103 27/07/2017 09:03 m_devices_componenets process_component Processing component (ip) end for 10.106.50.1 (ps06hw01) process audit

5104 27/07/2017 09:03 include_input_discoveries discoveries Windows credential update for 10.106.50.1(System ID 24)
5105 27/07/2017 09:03 include_input_discoveries discoveries Processing Nmap ports for 10.106.50.1 (System ID 24)
5106 27/07/2017 09:03 m_devices_componenets process_component Processing component (nmap) start for 10.106.50.1 (ps06hw01) process audit

5107 27/07/2017 09:03 m_devices_componenets process_component Processing component (nmap) end for 10.106.50.1 (ps06hw01) process audit

5108 27/07/2017 09:03 include_input_discoveries discoveries Starting windows audit for 10.106.50.1 (System ID 24)

but when i run the audit_windows.vbs, i've no problem, only with the discovery.

Any idea ?

Author:  jpa [ Fri Jul 28, 2017 2:54 am ]
Post subject:  Re: Windows audit v2.0.3

Is the last log line in your post the last log line for the audit of 10.106.50.1? Maybe check the php error log if so. There should be further log messages unless something is crashing.

Author:  caninfo [ Fri Jul 28, 2017 4:32 pm ]
Post subject:  Re: Windows audit v2.0.3

Where i can found the php error log ?

Author:  caninfo [ Fri Jul 28, 2017 11:43 pm ]
Post subject:  Re: Windows audit v2.0.3

in apache logs errors,

i'v few error when i discover a windows computer with audit_windows.vbs

logs :

c:\xamplite\open-audit\other\scripts\audit_windows_17_07_28_15_27_58.vbs(7525, 3) Microsoft VBscript runtime error: Type mismatch: 'Ubound'

I've no idea why i've this error :s

Author:  jpa [ Sat Jul 29, 2017 12:44 am ]
Post subject:  Re: Windows audit v2.0.3

Woops. Not enough error checking and I think I'm responsible for this breakage. Anyway quick fix to try.

In audit_windows.vbs find the decodeKey function declaration:
[code]Function decodeKey(iValues)
Dim arrDPID, foundKeys
arrDPID = Array()
foundKeys = Array()

Select Case (UBound(iValues))[/code]

And change the above section of it to this:
[code]Function decodeKey(iValues)
Dim arrDPID, foundKeys
arrDPID = Array()
foundKeys = Array()

decodeKey = ""
if not isarray(iValues) then
exit function
end if

Select Case (UBound(iValues))[/code]

This is the quickest fix (hopefully) but Mark should probably go through and make sure all calls to decodeKey aren't passing a null. Some check and some don't.

Author:  caninfo [ Mon Jul 31, 2017 4:34 pm ]
Post subject:  Re: Windows audit v2.0.3

Thanks for the fix, i have no error now all is good :)

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/