Open-AudIT

What's on your network?
It is currently Sat Jan 20, 2018 9:36 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 11 posts ] 
Author Message
PostPosted: Wed Jul 31, 2013 5:57 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 8
Location: Italy
I’m using OpenAudit from 2 days and is a very useful software, but I have a problem.

I’ve installed OpenAudit on a dedicated server on Internet and I run the script audit_domain.vbs for my customers. There is a problem when the same hostname is present on more than one customers, the host is assigned to the customer that have send the audit data later, but some data are for original customer.

In other word if PC-01 is on customer A and on customer B, on OpenAudit I see only one PC-01 on customer A or B, but the data of PC-01 are from either customer A and customer B.

How can I resolv the problem?

Thank you
Andrea


Last edited by sista on Fri Jan 16, 2015 4:30 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 01, 2013 4:28 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
So what you're saying is that two PCs in different organisations have the same name (possible) and the same UUID (highly unlikely)?
If you have access to two PC audits that fit your problem, can you post the [sys] section (the top part of the XML audit result) here?
I'd like to see the attributes from hostname and uuid in particular.

I recall some white boxes (no name PCs, not Dell, HP, Lenovo, etc) weren't setting the UUID at all and it was returning all F's or 0's or something. I suppose if you have these at different organisations and the same hostnames it would be possible (never say never).

If this is the case we may be able to implement a work around, but I'd like to confirm this before we get too far.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 01, 2013 8:30 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 8
Location: Italy
I run the script on two computer (PC-05) on two different AD domain, on two different subnect on two different customer.

Code:
<sys>
      <timestamp>2013-08-01 12:19:13</timestamp>
      <uuid>4C4C4544-004E-5410-8047-C8C04F575831</uuid>
      <hostname>pc-05</hostname>
      <domain>domaina.local</domain>
      <description></description>
      <type>computer</type>
      <icon>windows_7</icon>
      <os_group>Windows</os_group>
      <os_family>Windows 7</os_family>
      <os_name>Microsoft Windows 7 Professional</os_name>
      <os_version>6.1.7601</os_version>
      <serial>HNTGWX1</serial>
      <model>Precision T3600</model>
      <manufacturer>Dell Inc.</manufacturer>
      <uptime>617915</uptime>
      <form_factor>Tower</form_factor>
      <pc_os_bit>64</pc_os_bit>
      <pc_memory>16777216</pc_memory>
      <pc_num_processor>4</pc_num_processor>
      <pc_date_os_installation>2013-05-04</pc_date_os_installation>
      <man_org_id>5</man_org_id>
   </sys>


Code:
<sys>
      <timestamp>2013-08-01 12:18:33</timestamp>
      <uuid>0A01D120-BE28-11D9-9FC4-875AEF4784B0</uuid>
      <hostname>pc-05</hostname>
      <domain>domainb.local</domain>
      <description>ced</description>
      <type>computer</type>
      <icon>windows_xp</icon>
      <os_group>Windows</os_group>
      <os_family>Windows XP</os_family>
      <os_name>Microsoft Windows XP Professional</os_name>
      <os_version>5.1.2600</os_version>
      <serial>To Be Filled By O.E.M.</serial>
      <model>To Be Filled By O.E.M.</model>
      <manufacturer>To Be Filled By O.E.M.</manufacturer>
      <uptime>1799357</uptime>
      <form_factor>Desktop</form_factor>
      <pc_os_bit>32</pc_os_bit>
      <pc_memory>3145728</pc_memory>
      <pc_num_processor>2</pc_num_processor>
      <pc_date_os_installation>2009-11-26</pc_date_os_installation>
      <man_org_id>4</man_org_id>
   </sys>


on the system table I have only one entry for PC-05:

Code:
                 system_id: 69
                system_key: 4C4C4544-004E-5410-8047-C8C04F575831-pc-05
                      uuid: 4C4C4544-004E-5410-8047-C8C04F575831
                  hostname: pc-05
                    domain: domaina.local
                      fqdn: pc-05.domaina.local
               description: ced
                      type: computer
                      icon: windows_7
                  os_group: Windows
                 os_family: Windows 7
                   os_name: Microsoft Windows 7 Professional
                os_version: 6.1.7601
                linked_sys: 0
                    serial: HNTGWX1
                     model: Precision T3600
              manufacturer: Dell Inc.
                    uptime: 617915
               form_factor: Tower
                 pc_os_bit: 64
                 pc_memory: 16777216
          pc_num_processor: 4
   pc_date_os_installation: 2013-05-04
         printer_port_name:
            printer_shared:
       printer_shared_name:
             printer_color:
            printer_duplex:
              man_os_group: Windows
             man_os_family: Windows XP
               man_os_name: Microsoft Windows XP Professional
                man_domain: gruppomignini.local
                man_status: production
           man_environment: production
           man_criticality: normal
                 man_class:
           man_description: ced
              man_function:
                  man_type: computer
            man_ip_address: 192.168.193.001
                 man_owner:
                man_org_id: 5
           man_location_id: 0
        man_location_level:
        man_location_suite:
         man_location_room:
         man_location_rack:
man_location_rack_position:
                man_serial: To Be Filled By O.E.M.
          man_asset_number:
                 man_model: To Be Filled By O.E.M.
          man_manufacturer: To Be Filled By O.E.M.
           man_form_factor: Desktop
                  man_icon: windows_xp
                man_vendor:
        man_vm_server_name:
          man_vm_system_id:
              man_vm_group:
          man_cluster_name:
                invoice_id: NULL
      man_purchase_invoice:
 man_purchase_order_number:
  man_purchase_cost_center:
       man_purchase_vendor:
         man_purchase_date: 0000-00-00
       man_purchase_amount:
     man_warranty_duration: 0
      man_warranty_expires: 0000-00-00
         man_warranty_type:
       man_terminal_number: 0
             man_switch_id:
           man_switch_port:
           man_patch_panel:
      man_patch_panel_port:
             man_wall_port:
               man_picture:
              contact_name:
                contact_id: 0
        man_service_number:
      man_service_provider:
          man_service_type:
          man_service_plan:
       man_service_network:
            man_unlock_pin:
           man_serial_imei:
            man_serial_sim:
                 nmap_type:
                 last_seen: 2013-08-01 12:19:13
              last_seen_by: audit
                 last_user:
            access_details:
                  snmp_oid:
                nmis_group:
                 nmis_name:
                 nmis_role:
           system_key_type: uuho
                 timestamp: 2013-08-01 12:19:13
           first_timestamp: 2013-07-30 09:53:29


where some data are from pc-05.domaina.local and some from pc-05.domainb.local

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 02, 2013 12:39 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Are you using v1.0.3 (released this week)?
When you view the data in Open-AudIT, is the URL:
http://192.168.61.123/index.php/main/system_display/21
or
http://192.168.61.123/index.php/main/sy ... play/PC-05

If it is the second (using the hostname instead of the system_id) this is the expected behaviour. It can only show one of the two systems with that hostname so it picks one. We could do some work and show a page saying "I have two PCs with that hostname, which one do you want to see?" or something like that. But really, where possible you should use the system_id.

If your answers are v1.0.3 and using system_id, I will start looking at it as it sounds like a bug...

UPDATE - I just noticed the serial number from one PC is in the other's db record. Not good. Looking like a bug and I will start investigating. Thanks for reporting this.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 03, 2013 1:04 am 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 8
Location: Italy
Yes I'm using v1.0.3 upgraded from 1.0.2.

There is only one PC-05 in the system table, so either method produce the same output.

UPDATE:
I deleted the db and recreated from scratch, created 2 organizations, executed the script audit_domain.vbs on domainA and I saw 10 host then I executed the same script on domainB and at the end domainA have 9 host because the two domain have PC-02 in common and in the system table it exit only one entry!!!

It seem that when the system receive the xml file for the PC-02 on the second domain don't understand that is not the same PC-02 already in the system table.


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 03, 2013 6:03 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 8
Location: Italy
One more information.
I tried to log SQL query and I found someting of interest.

Actually in the system table there ise only one entry for pc-05:

Code:
*************************** 1. row ***************************
                 system_id: 14
                system_key: 0A01D120-BE28-11D9-9FC4-875AEF4784B0-pc-05
                      uuid: 0A01D120-BE28-11D9-9FC4-875AEF4784B0
                  hostname: pc-05
                    domain: domainA.local
                      fqdn: pc-05.domainA.local
               description: ced
                      type: computer
                      icon: windows_xp
                  os_group: Windows
                 os_family: Windows XP
                   os_name: Microsoft Windows XP Professional
                os_version: 5.1.2600
                linked_sys: 0
                    serial: To Be Filled By O.E.M.
                     model: To Be Filled By O.E.M.
              manufacturer: To Be Filled By O.E.M.
                    uptime: 1963031
               form_factor: Desktop
                 pc_os_bit: 32
                 pc_memory: 3145728
          pc_num_processor: 2
   pc_date_os_installation: 2009-11-26
              man_os_group: Windows
             man_os_family: Windows XP
               man_os_name: Microsoft Windows XP Professional
                man_domain: domainA.local
                man_status: production
           man_environment: production
           man_criticality: normal
           man_description: ced
                  man_type: computer
            man_ip_address: 192.168.193.001
                man_org_id: 2
           man_location_id: 0
                man_serial: To Be Filled By O.E.M.
                 man_model: To Be Filled By O.E.M.
          man_manufacturer: To Be Filled By O.E.M.
           man_form_factor: Desktop
                  man_icon: windows_xp
                invoice_id: NULL
                 last_seen: 2013-08-03 09:46:26
              last_seen_by: audit
           system_key_type: uuho
                 timestamp: 2013-08-03 09:46:26
           first_timestamp: 2013-08-02 17:57:44


When I execute the script audit_windows.vbs from pc-05.domainA.local the first SQL query are:

Code:
166 Query   SELECT system.system_id FROM system WHERE system_key = '0A01D120-BE28-11D9-9FC4-875AEF4784B0-pc-05' AND system.man_status = 'production' LIMIT 1
166 Query   SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainA.local' AND system.man_status = 'production' LIMIT 1
166 Query   SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainA.local' AND system.man_status = 'production' LIMIT 1
166 Query   SELECT system.system_id FROM system WHERE system.system_key = 'computer_To Be Filled By O.E.M.' AND system.man_status = 'production'
166 Query   SELECT system.system_id FROM system WHERE hostname = 'pc-05' AND system.man_status = 'production'
166 Query   SELECT timestamp FROM system WHERE system_id = '14' LIMIT 1
166 Query   SELECT system_key, system_key_type FROM system WHERE system_id = '14'
166 Query   SELECT * FROM system WHERE system_id = '14' LIMIT 1


that is right.

Now I execute the same script from PC-05.domainB.local anche the first SQL query are:

Code:
139 Query   SELECT system.system_id FROM system WHERE system_key = '4C4C4544-004E-5410-8047-C8C04F575831-pc-05' AND system.man_status = 'production' LIMIT 1
139 Query   SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainB.local' AND system.man_status = 'production' LIMIT 1
139 Query   SELECT system.system_id FROM system WHERE system_key = 'pc-05.domainB.local' AND system.man_status = 'production' LIMIT 1
139 Query   SELECT system.system_id FROM system WHERE system.system_key = 'computer_HNTGWX1' AND system.man_status = 'production'
139 Query   SELECT system.system_id FROM system WHERE hostname = 'pc-05' AND system.man_status = 'production'
139 Query   SELECT timestamp FROM system WHERE system_id = '14' LIMIT 1
139 Query   SELECT system_key, system_key_type FROM system WHERE system_id = '14'
139 Query   SELECT * FROM system WHERE system_id = '14' LIMIT 1


the first 4 query return no value (that is right), but the 5th query search only for computer name so the result is the system_id for the pc-05 from the other domain!!

I hope this can help you..

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 05, 2013 9:23 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Yes that will help me - thanks Andrea.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 06, 2013 7:49 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 8
Location: Italy
I have found a temporary workaround for the problem.

After audit each customer I changed all the system in maintenance state, so a new entry was created in the system table for each hostname duplicate.
At the end I restored the production state for all the systems.

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Sat Sep 28, 2013 1:02 am 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 8
Location: Italy
Any news Mark?

Hello
Andrea


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 04, 2013 12:52 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Apologies for the delayed response.
In my current code I have fixed this issue.

By default we match on hostname as a last resort. There is now a config item (match_name) that you can set via the web interface that will determine if we should do this or not. I have set it to 'n' by default.

Look for it in the next release.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 14, 2015 6:35 pm 
Offline
Newbie

Joined: Wed Jul 31, 2013 6:50 am
Posts: 8
Location: Italy
Hello Mark,

sorry but too with the version 1.5.2 the problem still remain.
In the screenshot you see the audit logs for the PC-03 from 3 different customer, 3 different domain, 3 different IP (same subnet), 3 different IP.

Attachment:
Capture.PNG
Capture.PNG [ 86.29 KiB | Viewed 3588 times ]



Bye
Andrea


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group