Open-AudIT

What's on your network?
It is currently Wed Apr 25, 2018 7:05 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 66 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
PostPosted: Thu Nov 17, 2011 1:32 am 
Offline
Newbie

Joined: Tue May 10, 2011 9:40 pm
Posts: 22
deepakdeshp wrote:
So my understanding is :- all the basic functionality of OA v1 is in OA V2 with some additional features in OAV2 like groups. But the OAV1 is tested and hence more stable.


OAv2 is missing a software register, linux auditing (correct me if im wrong) and nmap scanning ( :( ), which are available in v1. But everything else should be working fine (and better than in OAv1) + the improvements mark already stated.


Top
 Profile  
Reply with quote  
PostPosted: Fri Nov 25, 2011 5:31 am 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
OAv2 is missing a software register, linux auditing (correct me if im wrong) and nmap scanning and these were available in OA. Are there any plans to include these features in OAV2?


Thanks,
Deepak


Top
 Profile  
Reply with quote  
PostPosted: Fri Nov 25, 2011 8:33 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Quote:
OAv2 is missing a software register, linux auditing (correct me if im wrong) and nmap scanning and these were available in OA. Are there any plans to include these features in OAV2?


viewtopic.php?f=20&t=5796

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Nov 25, 2011 5:50 pm 
Offline
Newbie

Joined: Tue May 10, 2011 9:40 pm
Posts: 22
i started to get into oav2 more deeply yesterday and realised it doesnt audit win7 64bit machines for me (doesnt matter if via audit_domain or audit_windows) except my own computer from where im auditing right now.

the audit stops at "Software for 64bit" with following error:

Outlook Express info
Software info
Software for 64bit
C:\oav2\audit_windows.vbs(2134, 5) Laufzeitfehler in Microsoft VBScript: Index a
ußerhalb des gültigen Bereichs: '[number: 1]'

which is something like "runtime error: index outside valid area" in english. whats interesting - 3 of the win2k8r2 64bit servers are audited, but nothing else. is there something i can try to find out whats wrong?

oh and, maybe im just blind, but is there any way to see if a machine is 32 or 64bit in oav2?


Top
 Profile  
Reply with quote  
PostPosted: Fri Nov 25, 2011 9:50 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Quote:
C:\oav2\audit_windows.vbs(2134, 5) Laufzeitfehler in Microsoft VBScript: Index a
ußerhalb des gültigen Bereichs: '[number: 1]'

which is something like "runtime error: index outside valid area" in english. whats interesting - 3 of the win2k8r2 64bit servers are audited, but nothing else. is there something i can try to find out whats wrong?


Most likely because the search related to who installed the piece of software splits the returned string on "Product:" - ie, in English. Will need to code around this somehow (I think it's been discussed here already). Look for the fix in beta5. For the meantime, uncomment out lines 2128 "on error resume next" and 2148 "on error goto 0". These will enable the script to continue even if there is an error.

Quote:
oh and, maybe im just blind, but is there any way to see if a machine is 32 or 64bit in oav2?

If you send the audit result to a file, in the SYS section you should see a line like <system_pc_os_bit>32</system_pc_os_bit> where 32 or 64 is displayed. Not sure if it's actually displayd in the interface. I'll ensure it is for beta5.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 26, 2011 7:02 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Mark wrote:
Will need to code around this somehow
This was my take on the fix which didn't use arrays at all.


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 28, 2011 3:43 pm 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
With the changes listed to the code which are given in this thread, is it possible to audit 32 and 64 bit Windows desktop? Has anybody done it?


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 28, 2011 6:47 pm 
Offline
Newbie

Joined: Tue May 10, 2011 9:40 pm
Posts: 22
with uncommenting the lines mark mentioned its running fine. (without auditing 64bit software of course)

another thing i just saw: i got a few software installations called:

jg
䂸[g ()
鐀cg ()
囐[g
á–°[g ()

is this already known or am i the only one having this issue?

//oh and.. are "mapped drives" missing too?


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 30, 2011 6:46 pm 
Offline
Newbie

Joined: Thu May 05, 2005 11:50 pm
Posts: 14
How is supposed to work network printer audit? I'm getting many duplicate system records with the same IP address. I guess the same printer is inserted as many times as many audited computers use it.


Top
 Profile  
Reply with quote  
PostPosted: Mon Dec 05, 2011 10:15 pm 
Offline
Newbie

Joined: Thu May 05, 2005 11:50 pm
Posts: 14
Mark, there are couple bugs regarding system links in models\m_printer.php

Code:
Line 88: if ($input->ip_address > "") {
should be
Line 88: if ($input->man_ip_address > "") {

and

Code:
Line 121: "$details->system_id",
should be
Line 121: "$linked_sys",


As mentioned in my previous post, I had problems with duplicate printers. So I modified printer processing like this:

1. system_key was changed from hostname+deviceid to hostname+model in audit script for non-network printers. I noticed that there were often 2 or more printers with the same model on one host because of different deviceid e.g. hp_LaserJet_1160 and hp_LaserJet_1160_(Copy_1). So I decided to use printer model instead of deviceid to get more accurate physical printer count.

2. Omit timestamps when checking if audited network printer (with IP address) already exists in DB. Network printers would always have different timestamps because they get timestamps from different audited systems. So if timestamps are used, you get the same printer inserted as many times as many audited computers use it. For checking if printer has been audited already I use only system_key (which is IP address for network printers) and printer model.

Maybe somebody will find this useful :)


Top
 Profile  
Reply with quote  
PostPosted: Tue Dec 06, 2011 8:34 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Quote:
/oh and.. are "mapped drives" missing too?

Not missing - they are not there on purpose. Mapped drives are a user setting, not a system setting. I don't capture user settings at all.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Dec 06, 2011 5:39 pm 
Offline
Newbie

Joined: Tue May 10, 2011 9:40 pm
Posts: 22
ah ok, so there wont be (compared to v1) shared folders;environment variables;wsus settings;antivirus infos;mapped drives and firewall settings right? well, i think i can live with that. are there problems with auditing user settings or do you think its just not worth the effort/ressources?


Top
 Profile  
Reply with quote  
PostPosted: Thu Dec 08, 2011 9:46 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Shared Folders are in.
Environment variables are in.
WSUS / AntiVirus / Firewall not in (yet).
Mapped drives out (as explained).

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Dec 13, 2011 6:25 pm 
Offline
Newbie

Joined: Tue May 10, 2011 9:40 pm
Posts: 22
Is there a way to get groups based on "parent" organisations, if all systems are in organisations under them?

//and can i display the actual organisation name and not the id in a column?


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 14, 2011 10:54 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Quote:
Is there a way to get groups based on "parent" organisations, if all systems are in organisations under them?
Should be easy - it's all in the DB after all. Leave it with me - I have this setup (our Org's all have parents - two levels I think). I'll see if I can knock up a report and will post it here.

Just so I am clear, you want a list of all PCs belonging to a single "parent" Org, yes?
Or - you want a total count of PCs for each parent Org?

Quote:
//and can i display the actual organisation name and not the id in a column?

Check out the attached report - this should do what you want. You just need to join the tables in the SQL.
Attachment:
WorkstationDetails2.xml [4.02 KiB]
Downloaded 113 times

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 66 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group