Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 2:54 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 
Author Message
PostPosted: Wed Jul 31, 2013 5:57 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 9
Location: Italy
I’m using OpenAudit from 2 days and is a very useful software, but I have a problem.

I’ve installed OpenAudit on a dedicated server on Internet and I run the script audit_domain.vbs for my customers. There is a problem when the same hostname is present on more than one customers, the host is assigned to the customer that have send the audit data later, but some data are for original customer.

In other word if PC-01 is on customer A and on customer B, on OpenAudit I see only one PC-01 on customer A or B, but the data of PC-01 are from either customer A and customer B.

How can I resolv the problem?

Thank you
Andrea


Last edited by sista on Fri Jan 16, 2015 4:30 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 01, 2013 4:28 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
So what you're saying is that two PCs in different organisations have the same name (possible) and the same UUID (highly unlikely)?
If you have access to two PC audits that fit your problem, can you post the [sys] section (the top part of the XML audit result) here?
I'd like to see the attributes from hostname and uuid in particular.

I recall some white boxes (no name PCs, not Dell, HP, Lenovo, etc) weren't setting the UUID at all and it was returning all F's or 0's or something. I suppose if you have these at different organisations and the same hostnames it would be possible (never say never).

If this is the case we may be able to implement a work around, but I'd like to confirm this before we get too far.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 01, 2013 8:30 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 9
Location: Italy
I run the script on two computer (PC-05) on two different AD domain, on two different subnect on two different customer.

[code]<sys>
<timestamp>2013-08-01 12:19:13</timestamp>
<uuid>4C4C4544-004E-5410-8047-C8C04F575831</uuid>
<hostname>pc-05</hostname>
<domain>domaina.local</domain>
<description></description>
<type>computer</type>
<icon>windows_7</icon>
<os_group>Windows</os_group>
<os_family>Windows 7</os_family>
<os_name>Microsoft Windows 7 Professional</os_name>
<os_version>6.1.7601</os_version>
<serial>HNTGWX1</serial>
<model>Precision T3600</model>
<manufacturer>Dell Inc.</manufacturer>
<uptime>617915</uptime>
<form_factor>Tower</form_factor>
<pc_os_bit>64</pc_os_bit>
<pc_memory>16777216</pc_memory>
<pc_num_processor>4</pc_num_processor>
<pc_date_os_installation>2013-05-04</pc_date_os_installation>
<man_org_id>5</man_org_id>
</sys>[/code]

[code]<sys>
<timestamp>2013-08-01 12:18:33</timestamp>
<uuid>0A01D120-BE28-11D9-9FC4-875AEF4784B0</uuid>
<hostname>pc-05</hostname>
<domain>domainb.local</domain>
<description>ced</description>
<type>computer</type>
<icon>windows_xp</icon>
<os_group>Windows</os_group>
<os_family>Windows XP</os_family>
<os_name>Microsoft Windows XP Professional</os_name>
<os_version>5.1.2600</os_version>
<serial>To Be Filled By O.E.M.</serial>
<model>To Be Filled By O.E.M.</model>
<manufacturer>To Be Filled By O.E.M.</manufacturer>
<uptime>1799357</uptime>
<form_factor>Desktop</form_factor>
<pc_os_bit>32</pc_os_bit>
<pc_memory>3145728</pc_memory>
<pc_num_processor>2</pc_num_processor>
<pc_date_os_installation>2009-11-26</pc_date_os_installation>
<man_org_id>4</man_org_id>
</sys>[/code]

on the system table I have only one entry for PC-05:

[code] system_id: 69
system_key: 4C4C4544-004E-5410-8047-C8C04F575831-pc-05
uuid: 4C4C4544-004E-5410-8047-C8C04F575831
hostname: pc-05
domain: domaina.local
fqdn: pc-05.domaina.local
description: ced
type: computer
icon: windows_7
os_group: Windows
os_family: Windows 7
os_name: Microsoft Windows 7 Professional
os_version: 6.1.7601
linked_sys: 0
serial: HNTGWX1
model: Precision T3600
manufacturer: Dell Inc.
uptime: 617915
form_factor: Tower
pc_os_bit: 64
pc_memory: 16777216
pc_num_processor: 4
pc_date_os_installation: 2013-05-04
printer_port_name:
printer_shared:
printer_shared_name:
printer_color:
printer_duplex:
man_os_group: Windows
man_os_family: Windows XP
man_os_name: Microsoft Windows XP Professional
man_domain: gruppomignini.local
man_status: production
man_environment: production
man_criticality: normal
man_class:
man_description: ced
man_function:
man_type: computer
man_ip_address: 192.168.193.001
man_owner:
man_org_id: 5
man_location_id: 0
man_location_level:
man_location_suite:
man_location_room:
man_location_rack:
man_location_rack_position:
man_serial: To Be Filled By O.E.M.
man_asset_number:
man_model: To Be Filled By O.E.M.
man_manufacturer: To Be Filled By O.E.M.
man_form_factor: Desktop
man_icon: windows_xp
man_vendor:
man_vm_server_name:
man_vm_system_id:
man_vm_group:
man_cluster_name:
invoice_id: NULL
man_purchase_invoice:
man_purchase_order_number:
man_purchase_cost_center:
man_purchase_vendor:
man_purchase_date: 0000-00-00
man_purchase_amount:
man_warranty_duration: 0
man_warranty_expires: 0000-00-00
man_warranty_type:
man_terminal_number: 0
man_switch_id:
man_switch_port:
man_patch_panel:
man_patch_panel_port:
man_wall_port:
man_picture:
contact_name:
contact_id: 0
man_service_number:
man_service_provider:
man_service_type:
man_service_plan:
man_service_network:
man_unlock_pin:
man_serial_imei:
man_serial_sim:
nmap_type:
last_seen: 2013-08-01 12:19:13
last_seen_by: audit
last_user:
access_details:
snmp_oid:
nmis_group:
nmis_name:
nmis_role:
system_key_type: uuho
timestamp: 2013-08-01 12:19:13
first_timestamp: 2013-07-30 09:53:29[/code]

where some data are from pc-05.domaina.local and some from pc-05.domainb.local

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 02, 2013 12:39 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Are you using v1.0.3 (released this week)?
When you view the data in Open-AudIT, is the URL:
http://192.168.61.123/index.php/main/system_display/21
or
http://192.168.61.123/index.php/main/sy ... play/PC-05

If it is the second (using the hostname instead of the system_id) this is the expected behaviour. It can only show one of the two systems with that hostname so it picks one. We could do some work and show a page saying "I have two PCs with that hostname, which one do you want to see?" or something like that. But really, where possible you should use the system_id.

If your answers are v1.0.3 and using system_id, I will start looking at it as it sounds like a bug...

UPDATE - I just noticed the serial number from one PC is in the other's db record. Not good. Looking like a bug and I will start investigating. Thanks for reporting this.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 03, 2013 1:04 am 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 9
Location: Italy
Yes I'm using v1.0.3 upgraded from 1.0.2.

There is only one PC-05 in the system table, so either method produce the same output.

UPDATE:
I deleted the db and recreated from scratch, created 2 organizations, executed the script audit_domain.vbs on domainA and I saw 10 host then I executed the same script on domainB and at the end domainA have 9 host because the two domain have PC-02 in common and in the system table it exit only one entry!!!

It seem that when the system receive the xml file for the PC-02 on the second domain don't understand that is not the same PC-02 already in the system table.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 03, 2013 6:03 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 9
Location: Italy
One more information.
I tried to log SQL query and I found someting of interest.

Actually in the system table there ise only one entry for pc-05:

[code]*************************** 1. row ***************************
system_id: 14
system_key: 0A01D120-BE28-11D9-9FC4-875AEF4784B0-pc-05
uuid: 0A01D120-BE28-11D9-9FC4-875AEF4784B0
hostname: pc-05
domain: domainA.local
fqdn: pc-05.domainA.local
description: ced
type: computer
icon: windows_xp
os_group: Windows
os_family: Windows XP
os_name: Microsoft Windows XP Professional
os_version: 5.1.2600
linked_sys: 0
serial: To Be Filled By O.E.M.
model: To Be Filled By O.E.M.
manufacturer: To Be Filled By O.E.M.
uptime: 1963031
form_factor: Desktop
pc_os_bit: 32
pc_memory: 3145728
pc_num_processor: 2
pc_date_os_installation: 2009-11-26
man_os_group: Windows
man_os_family: Windows XP
man_os_name: Microsoft Windows XP Professional
man_domain: domainA.local
man_status: production
man_environment: production
man_criticality: normal
man_description: ced
man_type: computer
man_ip_address: 192.168.193.001
man_org_id: 2
man_location_id: 0
man_serial: To Be Filled By O.E.M.
man_model: To Be Filled By O.E.M.
man_manufacturer: To Be Filled By O.E.M.
man_form_factor: Desktop
man_icon: windows_xp
invoice_id: NULL
last_seen: 2013-08-03 09:46:26
last_seen_by: audit
system_key_type: uuho
timestamp: 2013-08-03 09:46:26
first_timestamp: 2013-08-02 17:57:44
[/code]

When I execute the script audit_windows.vbs from pc-05.domainA.local the first SQL query are:

[code]166 Query SELECT system.system_id FROM system WHERE system_key = '0A01D120-BE28-11D9-9FC4-875AEF4784B0-pc-05' AND system.man_status = 'production' LIMIT 1
166 Query SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainA.local' AND system.man_status = 'production' LIMIT 1
166 Query SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainA.local' AND system.man_status = 'production' LIMIT 1
166 Query SELECT system.system_id FROM system WHERE system.system_key = 'computer_To Be Filled By O.E.M.' AND system.man_status = 'production'
166 Query SELECT system.system_id FROM system WHERE hostname = 'pc-05' AND system.man_status = 'production'
166 Query SELECT timestamp FROM system WHERE system_id = '14' LIMIT 1
166 Query SELECT system_key, system_key_type FROM system WHERE system_id = '14'
166 Query SELECT * FROM system WHERE system_id = '14' LIMIT 1[/code]

that is right.

Now I execute the same script from PC-05.domainB.local anche the first SQL query are:

[code]139 Query SELECT system.system_id FROM system WHERE system_key = '4C4C4544-004E-5410-8047-C8C04F575831-pc-05' AND system.man_status = 'production' LIMIT 1
139 Query SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainB.local' AND system.man_status = 'production' LIMIT 1
139 Query SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainB.local' AND system.man_status = 'production' LIMIT 1
139 Query SELECT system.system_id FROM system WHERE system.system_key = 'computer_HNTGWX1' AND system.man_status = 'production'
139 Query SELECT system.system_id FROM system WHERE hostname = 'pc-05' AND system.man_status = 'production'
139 Query SELECT timestamp FROM system WHERE system_id = '14' LIMIT 1
139 Query SELECT system_key, system_key_type FROM system WHERE system_id = '14'
139 Query SELECT * FROM system WHERE system_id = '14' LIMIT 1[/code]

the first 4 query return no value (that is right), but the 5th query search only for computer name so the result is the system_id for the pc-05 from the other domain!!

I hope this can help you..

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 05, 2013 9:23 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Yes that will help me - thanks Andrea.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 06, 2013 7:49 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 9
Location: Italy
I have found a temporary workaround for the problem.

After audit each customer I changed all the system in maintenance state, so a new entry was created in the system table for each hostname duplicate.
At the end I restored the production state for all the systems.

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Sat Sep 28, 2013 1:02 am 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 9
Location: Italy
Any news Mark?

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 04, 2013 12:52 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Apologies for the delayed response.
In my current code I have fixed this issue.

By default we match on hostname as a last resort. There is now a config item (match_name) that you can set via the web interface that will determine if we should do this or not. I have set it to 'n' by default.

Look for it in the next release.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 14, 2015 6:35 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 9
Location: Italy
Hello Mark,

sorry but too with the version 1.5.2 the problem still remain.
In the screenshot you see the audit logs for the PC-03 from 3 different customer, 3 different domain, 3 different IP (same subnet), 3 different IP.

[attachment=0] Capture.PNG
Capture.PNG [ 86.29 KiB | Viewed 11754 times ]



Bye
Andrea

Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group