| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| bug with NSLOOKUP function https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2165 |
Page 1 of 1 |
| Author: | randyt [ Tue Feb 20, 2007 11:41 am ] |
| Post subject: | bug with NSLOOKUP function |
If the system name returned from WMI is blank, then on line 355 when nslookup function is called, the audit hangs waiting for nslookup.exe to return. -Randy |
|
| Author: | mikeyrb [ Tue Feb 20, 2007 11:55 am ] |
| Post subject: | |
Do you have a dns server with entries for all pc's? If you are running AD and a windows server is doing dhcp, dns should be automatically updated for each computer. |
|
| Author: | randyt [ Wed Feb 21, 2007 2:08 am ] |
| Post subject: | |
Thanks for the reply. The DNS server isn't the problem I'm afraid. On line 336, you get the system_name from WMI: [code]Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48) For Each objItem in colItems system_name = objItem.Name domain = objItem.Domain Next[/code] Under certain error conditions, the value returned by WMI is an empty string. When that empty string is passed to the nslookup function on line 359: [code]ns_ip = NSlookup(system_name)[/code] The nslookup program stops at it's command prompt because it was not given a system name. I imagine this isn't a problem for everybody, but we audit approximately 4000 PC's and it manages to occur at least a few times on every pass of the domain. This takes up a few of the "threads" each pass until all 20 spawned audits that we allow are tied up waiting for nslookup to return. Seems like a check for a blank name or a check for an error should be added before running the nslookup. Let me know if you need further info. -Randy |
|
| Author: | mikeyrb [ Wed Feb 21, 2007 3:03 am ] |
| Post subject: | |
Can you perhaps find out why there is no name returned? It's kind of good to have a system name to be able to find a system later, etc. Search for WMI Browser and see if you can use that to figure anything out. |
|
| Author: | randyt [ Wed Feb 21, 2007 8:11 am ] |
| Post subject: | |
Originally most errors were due to some problem or another with WMI, but those have been resolved. Now the problem is intermittent, probably due to timing out or other issues related to some of our lower bandwidth or less reliable connections to remote sites. I would suggest that if a name is not returned from WMI that the audit fail or something similar. -Randy |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|