Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Sat Mar 30, 2024 1:50 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
 Post subject: Audit domain fails
PostPosted: Wed Nov 24, 2010 6:50 am 
Offline
Newbie

Joined: Wed Nov 24, 2010 6:44 am
Posts: 1
Hi

i want to audit our Computers in WindowsDomain (AD 2010).
It seems it works fine in the cmd-Box for the clients, here
an example of a client:

23.11.2010 19:27:15,ZONW07 - Able to connect to WMI.
No username and password provided - therefore assuming local domain PC.
PC name supplied: ZONW07
PC name from WMI: ZONW07
User executing this script: administrator
System UUID: 76534DBF-3F92-DD11-A5A9-0018F314B3DB
IP: 10.136.70.3
Network Info
System Info
Windows Info
Bios Info
Processor Info
Memory Info
Video Info
Monitor Info
Monitor Info
USB Devices
Hard Disk Info
Partition Info
SCSI Cards
SCSI Devices
Optical Drive Info
Floppy Drives
Tape Drive Info
Keyboard Info
Battery Info
Modem Info
Mouse Info
Sound Card Info
Printer Info
Share Info
Mapped Drives Info
Local Groups Info
Local Users Info
Scheduled Tasks Info
System Environment Variables Info
Event Logs Info
Ip Routes Info
Pagefile Info
Motherboard Info
Onboard devices Info
AV - Security Center Settings
Startup Programs
Services
Internet Explorer Browser Helper Objects
Installed Software
Customer specific audits
Installed Media Codecs
MDAC/WDAC, DirectX, Media Player, IE and OE Versions
Firefox Extensions
Windows Firewall Settings
CD Keys
Automatic Updating Settings
Audit.vbs Execution Time: 94 seconds.
XML sent to server using ServerXMLHTTP: 200 (OK)
Total Execution Time: 96 seconds.

But if i check the webconsole or the mysql database there is no
additional entries for the scanned client.

The audit.confif file has this entries:
'
' Standard audit section
'
audit_location = "r"
verbose = "y"
audit_host="http://support"
online = "yesxml"
'online = "ie"
strComputer = "ZONW07"
ie_visible = "n"
ie_auto_submit = "y"
ie_submit_verbose = "n"
'ie_form_page = audit_host + "/openaudit/admin_pc_add_1.php"
ie_form_page = "http://winxp01.zgtroot.ads/openaudit/admin_pc_add_1.php"
'non_ie_page = audit_host + "/openaudit/admin_pc_add_2.php"
non_ie_page = "http://winxp01.zgtroot.ads/openaudit/admin_pc_add_2.php"
'input_file = "pc_list_file.txt"
use_audit_log = "y"
keep_audit_log="y"

'
' Email authentication
'
'

'email_to = "example@example.com"
'email_from = "example@example.com"
'email_sender = "Open-AudIT"
'email_server = "mail.example.com" ' IP address or FQDN
'email_port = "25" ' The SMTP port
'email_auth = "1" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM
'email_user_id = "example@example.com" ' A valid Email account in user@domain format
'email_user_pwd = "some_password" ' The SMTP email password
'email_use_ssl = "false" ' True/False
'email_timeout = "60" ' In seconds
'send_email = "false" ' True/False - Enable/Disable email sending

audit_local_domain = "n"
'
' Set domain_type = 'nt' for NT4 or SAMBA otherwise leave blank or set to ldap
'domain_type = "nt"

local_domain = "LDAP://ou=ZGT-Online,ou=Gesellschaften,dc=zgtroot,dc=ads"
'local_domain = "LDAP://zgtroot.ads"
'local_domain = "WinNT://zgtroot.ads"

'
' Example Set Domain name for NT ONLY for LDAP use the above format
' NOTE This is Case Sensetive. See the example below.
'
'local_domain = "WinNT://IEXPLORE"
'local_domain = "WinNT://<domainname>"
'

hfnet = "n"
Count = 0
number_of_audits = 10
script_name = "audit.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "uuid"
'
' Nmap section
'
nmap_tmp_cleanup = true ' Set this false if you want to leave the tmp files for analysis in your tmp folder
nmap_subnet = "192.168.0." ' The subnet you wish to scan
nmap_subnet_formatted = "192.168.000." ' The subnet padded with 0's
nmap_ie_form_page = audit_host + "/openaudit/admin_nmap_input.php"
nmap_ie_visible = "n"
nmap_ie_auto_close = "y"
nmap_ip_start = 1
nmap_ip_end = 254
nmap_syn_scan = "y" ' Tcp Syn scan
nmap_udp_scan = "y" ' UDP scan
nmap_srv_ver_scan = "y" ' Service version detection.
nmap_srv_ver_int = 9 ' Service version detection intensity level. Values 0-9, 0=fast


What could be the reason?

Thanks in advance
Marco


Top
 Profile  
Reply with quote  
 Post subject: Re: Audit domain fails
PostPosted: Wed Nov 24, 2010 2:40 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
If you're saying their is no data for the ZONW07 client in the database then I would suspect trouble with writing the data to the database and I would check your PHP error logs. Maybe admin_pc_add_1.php is throwing errors for some reason.

If you do find and fix an error then to continue on and audit the domain you'll need to change audit_local_domain to "y".


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group