Open-AudIT

What's on your network?
It is currently Fri Apr 20, 2018 3:31 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: OAv2 scales
PostPosted: Fri Nov 25, 2011 2:57 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
In my current database at work, we have around 6,000 systems.
Attached is a screenshot showing 20 audits running at once on two remote machines (40 at a time in total), on two different AD Domains, both submitting back to my work desktop.
My work desktop is a 3 year old PC - a simple Dell Optiplex 755. Standard SATA, Core2Duo, 4GB memory desktop running Windows XP.
I handles this load fine. OK, when processing audits it can take up to 20 seconds per audit... but I it's not failing and the desktop is perfectly responsive. The web pages within OAv2 at this time are a bit slower but again, work just fine.
If I had an actual server with decent speed disk (what seem's to be the bottleneck as far as I can see - check memory and cpu load in screenshot) it would be awesome...
Attachment:
File comment: Audits
audits.png
audits.png [ 468.61 KiB | Viewed 3197 times ]

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Tue Dec 13, 2011 3:29 am 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
Does it mean that your ONE desktop machine can handle 6000 audits? There is only one OA server handling the 6000 desktops?


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Tue Dec 13, 2011 4:29 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
I read this as one OA server handling a max of 40 input jobs coming from two auditing servers.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Tue Dec 13, 2011 1:07 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Quote:
Does it mean that your ONE desktop machine can handle 6000 audits? There is only one OA server handling the 6000 desktops?
My desktop is acting as the OAv2 server.
There are at present close to 7,000 systems in the database.
There are two other systems performing the audits and submitting the results back to my desktop.

Quote:
I read this as one OA server handling a max of 40 input jobs coming from two auditing servers.
Yes. 40 is simply a number, it could be increased or decreased. I haven't done any definitive testing - simply that my desktop seem's to be able to handle 40 without too much issue. If you had a faster system (IE, a decent server) you could handle plenty more.

The load on the audit hosts is significant. They are both performing domain audits by using the domain audit variable audit_run_type = local. When this is used, the audit host connects to WMI on the audited system remotely for each query. This can consume memory, CPU and network - and does.

I could set it to use audit_run_type = remote. This would have the audit host copy the audit script to the remote system, initiate a remote process on the remote system, then disconnect. This would eliminate the load on the audit host (well, almost). I still need to complete this option as (at the present) it will attempt to copy and initiate from the audit host, one machine at a time... IE - no parrallel audits. To do this I need to create a seperate script. Look out for this soon.

You could also have the domain initiate a SYSTEM script. IE, when the system connects to the domain after being powered up - before a user logs in - the audit is initiated. This is not an option for me at present...

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Wed Dec 14, 2011 3:54 am 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
Quote:
I could set it to use audit_run_type = remote. This would have the audit host copy the audit script to the remote system, initiate a remote process on the remote system, then disconnect. This would eliminate the load on the audit host (well, almost).


So why not use audit_run_type=remote? Even if you do not have the parallel jobs option at present, the serial option with the remote copy and disconnect would be much better than the present WMI option. Just wondering what may be the reason that you are still using the WMI option and not the audit_run_type=remote directive with the serial audits.

BTW when is the next version expected? Either Beta or stable? and what other goodies are expected in it?


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Wed Dec 14, 2011 10:42 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Quote:
So why not use audit_run_type=remote?

Think of an Active Directory domain with ~20,000 computers.
Not all are valid anymore. One's that are valid are not necessarily turned on.
Attempting to connect to each one serially (and waiting for the timeout when the PC is not available) would take a couple of days (by my guess).

Using the remote WMI method, I can parallel 40 audits. If any of them don't connect, no big deal as there are plenty of other audits running. I get through all of our domains in around 6 hours (I think)... Must time this one day. I don't do it every day as we don't use OAv2 "officially". I just run domain audits when I have time and think "gee, I haven't done that in a week or so"...

The plan is to have the domain audit initiate another (not yet created) script and move onto the next PC in thge list without waiting for that other script to finish. That way I can parallel 40 scripts that would copy the script and if it succeeds, then initiate it on the remote PC.

I just need to write that other script...

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Sun Dec 18, 2011 2:12 pm 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
I have been able to audit the windows 7 machines by copying the vbs scripts and double clicking it from the Windows desktop.

But the wmi method, and the initiating the 40 audits at a time from the OA server isnt known. I would be gaateful for any pointers to this procedure. My apologies if this is very obvious and available on the forum.

I copied the auditing .sh scripts on linux servers and tried but it didnt run and gave some syntax error. I am investigating.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Thu Dec 29, 2011 11:20 pm 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
Quote:
There are at present close to 7,000 systems in the database.
There are two other systems performing the audits and submitting the results back to my desktop.


How is this achieved? Some pointer on how it is configured would help.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 scales
PostPosted: Tue Jan 03, 2012 3:33 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Quote:
How is this achieved?

Copy the audit scripts to the two "audit servers".
I have each server configured to audit a different domain (using audit_domain.vbs).
Make sure your "url" variable (in audit_windows.vbs) points to the OAv2 server (use it's name or IP address).
Start the scripts on each "audit server".
Done.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group