Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Apr 18, 2024 2:14 pm

View unanswered posts | View active topics


Board index » Support

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 7 posts ] 
  Print view Previous topic | Next topic 
Author Message
bra1ne
PostPosted: Mon Apr 05, 2010 8:30 pm 
Offline
Newbie

Joined: Wed Jan 07, 2009 1:50 am
Posts: 17
We have had comms issues at one site and after looking into the IP accoutning Open audit was generating alot of traffic to a few machines.
When checking the server the script was still running on these two machines and did not seem to be moving.
It appears for some reason the audits for a few machines is looping but I dont know where to start to resolve this or what details are needed!? Can anyone offer some advise?
Top
 Profile  
Reply with quote  
Mark
PostPosted: Thu Jun 17, 2010 8:23 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Can you tell which section of the audit they appear to be hanging on ?

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
bra1ne
PostPosted: Thu Jun 17, 2010 9:39 pm 
Offline
Newbie

Joined: Wed Jan 07, 2009 1:50 am
Posts: 17
This is a really odd problem, I have since rebuilt my OA infrastructure and running on linux, but I am still using a windows server which runs schedules domain audits at 0600 and 2300. The only computers having issues are in one location but there does not appear to be anything different with comms/pc setups from any other depot we have.

The process is almost always locking at "Scheduled Tasks Info"
Top
 Profile  
Reply with quote  
ef
PostPosted: Thu Jun 17, 2010 10:27 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
[quote="bra1ne"]The process is almost always locking at "Scheduled Tasks Info"

Could you please let me know the audit.vbs line which causes the script to hang?
Also:
- are you auditing domain members or a list of PCs providing credentials from input_file ?
- what OS are running both auditing and audited hosts?

_________________
Edoardo
Top
 Profile  
Reply with quote  
jpa
PostPosted: Sat Jun 19, 2010 11:00 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Maybe a missing WMI timeout variable? See [url=http://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3665#p16345]here[/url].
Top
 Profile  
Reply with quote  
ef
PostPosted: Sat Jun 19, 2010 11:33 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
[quote="jpa"]Maybe a missing WMI timeout variable? See [url=http://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3665#p16345]here[/url].

Thank you, it was added to audit.vbs at SVN rev. 1243.
TCPview running on the OA host showed persistent RPC connections to every non-domain members audited host, probably caused by the schtasks.exe command.
Deleting the oShell object at the end of scheduled tasks auditing seems doing the trick.
Before I had lots of errors event ID 529 and 680 logged on non-domain hosts audited using the pc_list_file, repeating endlessly for days until the rpcss service was restarted on the OA host: now I see only some of them during the audit process, until it reaches the end, no more repeating.
Hope this update could help.

_________________
Edoardo
Top
 Profile  
Reply with quote  
bra1ne
PostPosted: Tue Jun 22, 2010 8:40 pm 
Offline
Newbie

Joined: Wed Jan 07, 2009 1:50 am
Posts: 17
Hi,

I will update with new audit.vbs and see how it goes. just for info they are XP machines and I was auditing from domain members
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 7 posts ] 

Board index » Support

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group