Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Apr 18, 2024 2:32 pm

View unanswered posts | View active topics


Board index » Support

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
slefevre
PostPosted: Fri Apr 04, 2008 11:40 am 
Offline
Newbie

Joined: Wed Mar 19, 2008 2:23 pm
Posts: 2
I've installed and started using OA in my network about 2 weeks ago. I've been impressed with all the information I can gather with a little setup effort and a small addition to a logon script/group policy. I've been concentrating on the software registry and auditing all our installed software. Although OA provides very good information of what is installed, it doesn't really tell me who is using it. I thought I'd try to address that need and here's my first installment.

Attached is a zip file with a vbscript, php web page, and sql script. If you install the php and sql files on you OA server and then run the the vbscript, it will record the processes that are started and ended on the PC to the database. This is done via WMI event notification and takes very little processing time. The code is largely a copy and paste from OA and other various sources on the internet. I've tested this on my on computer for several days and have had on one issue that I believe is a AV software issue. (Hard lock up of computer while Symantec scans the hard drive)
Please remember this is alpha code so your mileage may vary. :!:

How to use/test:
1. copy the admin_process_add.php to your openaudit directory on your web server
2. run the sql script on you mysqsl server against your openaudit database. (e.g. 'mysql openaudit < processes.sql' )
3. run the oapsmon.vbs script on the machine you want to monitor. You can run a 'cscript oapsmon.vbs -?' to show command line options. For normal use, just enter 'oapsmon.vbs' with your command line options (if needed) at the dos prompt and it will run via wscript in the background. This is intended to be added to a logon script/group policy.

In the future, I'd like to see this integrated into OA as it would be very helpful to be able to compare what is installed vs what is used on individual computer. To do this, the individual executables need to be associated to a installed software package in a reasonably grainular fashion. I've started to look at that but have nothing of value to share at this point. I'd like to have input from others how to incorporate this into the existing db schema.

BTW, this same technique can used for other types of events within WMI. For example, USB drive insertion or removal.

Have fun!
-Scott


Attachments:
File comment: OA process monitor - alpha code
OApsmon-alpha.zip [4.5 KiB]
Downloaded 308 times
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 

Board index » Support

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group