Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Tue Mar 19, 2024 7:46 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Mon Apr 06, 2009 4:37 am 
Offline
Newbie

Joined: Mon Apr 06, 2009 4:14 am
Posts: 3
Hi, I have a feeling I am doing something dumb but I cannot figure it out.

Since this is my first post, I'd like to throw out my thanks for the work on this project. This has been a wonderful tool and has helped in many ways. It was recently very useful for auditing against conficker worm vulnerabilities.

Using SVN code, I am running audit.vbs against our Windows Domain. It works successfully on all systems except for the system from which I am running the script. This system does not show up in the OA site, and I receive the following message in my email:

4/2/2009 10:52:22 PM,MYCOMPUTER,'Audit Result - LSSADMIN01 not available. - Completed OK.'
4/2/2009 10:52:22 PM,MYCOMPUTER,Failed not available

When I first set up OA a week or so ago this was working OK for me. Maybe the problem started happening after I moved from the web site release to the SVN release but I am not sure about that.

Thanks for any tips!

Dan

Here is my audit.config in case that helps:
'
' Standard audit section
'
audit_location = "r"
verbose = "y"
audit_host="https://MYOASITE"
online = "yesxml"
strComputer = ""
ie_visible = "n"
ie_auto_submit = "y"
ie_submit_verbose = "n"
ie_form_page = audit_host + "/admin_pc_add_1.php"
non_ie_page = audit_host + "/admin_pc_add_2.php"
'input_file = "pc_list_file.txt"
use_audit_log = "y"
keep_audit_log = "n"
'
' Email authentication
'
'

email_to = "MYEMAILADDRESS"
email_from = "openaudit@lssmon01"
'email_sender = "Open-AudIT"
email_server = "MYEMAILSERVER" ' IP address or FQDN
email_port = "25" ' The SMTP port
email_auth = "0" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM
email_user_id = "" ' A valid Email account in user@domain format
email_user_pwd = "" ' The SMTP email password
email_use_ssl = "false" ' True/False
email_timeout = "60" ' In seconds
send_email = "true" ' True/False - Enable/Disable email sending

audit_local_domain = "y"
'
' Set domain_type = 'nt' for NT4 or SAMBA otherwise leave blank or set to ldap
'domain_type = "nt"

local_domain = "LDAP://MYDOMAIN.local"

'
' Example Set Domain name for NT ONLY for LDAP use the above format
' NOTE This is Case Sensetive. See the example below.
'
'local_domain = "WinNT://IEXPLORE"
'local_domain = "WinNT://<domainname>"
'

hfnet = "n"
Count = 0
number_of_audits = 10
script_name = "audit.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "uuid"
'
' Nmap section
'
nmap_tmp_cleanup = true ' Set this false if you want to leave the tmp files for analysis in your tmp folder
nmap_subnet = "192.168.1." ' The subnet you wish to scan
nmap_subnet_formatted = "192.168.001." ' The subnet padded with 0's
nmap_ie_form_page = audit_host + "/admin_nmap_input.php"
nmap_ie_visible = "n"
nmap_ie_auto_close = "y"
nmap_ip_start = 1
nmap_ip_end = 254
nmap_syn_scan = "y" ' Tcp Syn scan
nmap_udp_scan = "y" ' UDP scan
nmap_srv_ver_scan = "y" ' Service version detection.
nmap_srv_ver_int = 9 ' Service version detection intensity level. Values 0-9, 0=fast


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 05, 2013 7:40 am 
Offline
Newbie

Joined: Tue Oct 30, 2012 5:38 am
Posts: 2
Check when you ping the machine hostname from the machine itself if you see an IPV6 address or not. If you have no need for IPv6, remove it from the stack.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 06, 2013 4:31 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
I'd say pdufresne is right on. I looked at my audit.vbs and I have a local change that the last SVN doesn't have. Find the IsConnectible function near the end of the script and if you have the following lines
[code] sProduct=UCase(oShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName"))
If instr(sProduct, "VISTA")>0 Then[/code]change them to[code] sCurrentBuildNumber=UCase(oShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber"))
If CInt(sCurrentBuildNumber) >= 6000 Then[/code]and you shouldn't have to touch your network config.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group