Open-AudIT

What's on your network?
It is currently Thu Jan 18, 2018 1:50 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: discovery 2.0.6
PostPosted: Tue Sep 26, 2017 9:55 pm 
Offline
Newbie

Joined: Wed Jul 26, 2017 4:27 pm
Posts: 21
I've update open audit to v2.0.6

when i run a discovery, audit_windows doesn't work good, i've this in my log :

Windows audit is running as LocalSystem, not ideal for 192.168.1.1

i never see this message in the previous version.

Any idea ?


Top
 Profile  
Reply with quote  
 Post subject: Re: discovery 2.0.6
PostPosted: Fri Sep 29, 2017 9:23 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
It's a permissions issue with some of the newer auditing features. The explanation isn't immediately discover-able but see the Files Auditing help section entitled "Enabling the Feature Under Windows" here.

Quoted for easy reference:
Code:
Enabling the Feature Under Windows

There is no need to do anything if you're running Open-AudIT on a Linux server.

Windows clients are just fine and require no special actions, however.... to enable this feature the audit script must be run locally on the target Windows system. It cannot be run remotely as we do with WMI calls when running the audit script on one Windows machine, while targeting a second Windows machine. To do this we need to copy the audit script to the target Windows machine and then run it. Unfortunately the service account that Apache runs under is the Local System account. This account has no access to remote (network based) resources. To work around this issue the service must be run under another account. It is easiest to just use the local Administrator account, but you can try any account you like as long as it has the required privileges. The Local System account has as much local access as the local Administrator account.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group