Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 1:33 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 54 posts ]  Go to page Previous  1, 2, 3, 4
Author Message
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 9:22 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
[quote="Mark"][quote="jonbendtsen"]Peculiar choice of IPv4 address listed, it picks the virtual VMware Network Adapter VMnet1 and not the real Ethernet adapter Local Area Connection:?]


From memory it simply chooses the adapter with the lowest numerical IP Address. I'm open to a better way to do this though - feel free to suggest a way :D
I am thinking that it can be specified when you run the audit.vbs script? Or chosen for each machine. Or maybe if you specify which networks has higher priority than others. Or maybe order by which "Local Area Connection" has the lowest hardware ID?

I my case for this vmware server that runs ontop of windows I have 3, but only one with an IP, it should pick that one rather than vmware adapters.
[code]Ethernet adapter Local Area Connection:
Ethernet adapter Local Area Connection 2:
Ethernet adapter Local Area Connection 3:
[/code]

For a vmware guest it says:
[code]Ethernet adapter Local Area Connection 2:[/code]



[quote="Mark"]The function to do this lives in the m_ip_address.php model.

[code] function set_initial_address($details)
{
$start=explode(' ',microtime());
$sql = "SELECT
sys_hw_network_card_ip.ip_address_v4,
sys_hw_network_card_ip.ip_subnet
FROM
sys_hw_network_card_ip,
sys_hw_network_card
WHERE
sys_hw_network_card_ip.net_mac_address = sys_hw_network_card.net_mac_address AND
sys_hw_network_card.system_id = ? AND
(sys_hw_network_card_ip.timestamp = ? OR
sys_hw_network_card_ip.timestamp = ?)
ORDER BY
sys_hw_network_card_ip.ip_address_v4 DESC
LIMIT 1";
$data = array("$details->system_id", "$details->original_timestamp", "$details->timestamp");
$query = $this->db->query($sql, $data);
$end = explode(' ',microtime());
$this->firephp_export_sql($start, $end, __FUNCTION__ , $query->num_rows(), $this->db->last_query());
foreach ($query->result() as $myrow)
{
$this->m_system->update_system_man($details->system_id, 'man_ip_address', $myrow->ip_address_v4);
}
}[/code]
This MySQL select statement will not select virtual vmware ethernet adapters. It just has to be inserted into your select statement somehow without damaging the rest of the code.
[code]select net_description from sys_hw_network_card where net_description NOT LIKE 'VMware Virtual Ethernet Adapter for VMnet%'; [/code]


I inserted it, but it does still list the server by the wrong IP address. Do I need to delete the server? Do I need to run the audit.vbs script again?
[code] function set_initial_address($details)
{
$start=explode(' ',microtime());
$sql = "SELECT
sys_hw_network_card_ip.ip_address_v4,
sys_hw_network_card_ip.ip_subnet
FROM
sys_hw_network_card_ip,
sys_hw_network_card
WHERE
sys_gw_network_card.net_description NOT LIKE 'VMware Virtual Ethernet Adapter for VMnet%' AND
sys_hw_network_card_ip.net_mac_address = sys_hw_network_card.net_mac_address
AND
sys_hw_network_card.system_id = ? AND
(sys_hw_network_card_ip.timestamp = ? OR
sys_hw_network_card_ip.timestamp = ?)
ORDER BY
sys_hw_network_card_ip.ip_address_v4 DESC
LIMIT 1";
$data = array("$details->system_id", "$details->original_timestamp", "$details->timestamp");
$query = $this->db->query($sql, $data);
$end = explode(' ',microtime());
$this->firephp_export_sql($start, $end, __FUNCTION__ , $query->num_rows(), $this->db->last_query());
foreach ($query->result() as $myrow) {
$this->m_system->update_system_man($details->system_id, 'man_ip_address', $myrow->ip_address_
v4);
}
}
[/code]

Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 9:29 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
[quote]Do I need to delete the server? Do I need to run the audit.vbs script again?

Just call up the details page for the server and click on the IP Address field (in the Summary section at the top). You can change it to whatever you want and it will stay set at that IP, unless it's using DHCP - then it will change on each audit (if it does actually change).

Any fields that are blue or have a dash "-" in them can be clicked and changed. The audit script will not overwrite these manually set values.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 9:40 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
[quote="Mark"][quote="jonbendtsen"]Insetting a new network group 192.168.123.0 gives the error below. I edited network 192.168.0.0/24 and copied most of the setup from there only changing the network address. At first the group add had a field with Group Display SQL which was empty for the group 192.168.0.0/24 but I left it there. That failed too, so I pressed back, filled out again and deleted the Group Display SQL and tried again. The picture below is from this 2. attempt.


Not sure what's going on here. I can see the error in the SQL screenshot.
I usually export the Group as an XML file, modify then Import it back. If you do this, make sure to change the name or you will have two groups with the same name. Also, in my code (not released) I have XML escaped the SQL by putting <![CDATA[ and ]]> around the group select and group display SQL. If you have the < character in your SQL statements, you will need to do this. Look for this in the next release.
Listing the groups I have multiple with 192.168.123 *sigh* And it appears that I can not delete them. So I look into the apache error log.

I have lots of lines like this:
[code]Invalid URI in request GET /index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7 HTTP/1.1, referer: [/code]
I must say that I am not impressed with the new system of using mod_rewrite. It did not work out of the box for me, so I got help from some Apache #IRC channel, and this is now what I have in my vhost.config: (using .htaccess influences performance since once you enable it, apache has to check every directory for a .htaccess file before serving data.
[code] RewriteEngine On
RewriteLog /var/log/apache2/rewrite.log.txt
RewriteLogLevel 9

# Allow any files or directories that exist to be displayed directly
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php/
RewriteRule .* index.php$0 [PT,L]
# Rewrite all other URLs to index.php/URL
[/code]


Here are the rewrite log
[code][04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d576ca140/initial] (2) init rewrite engine with requested uri /index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d576ca140/initial] (3) applying pattern '.*' to uri '/index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7'
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d576ca140/initial] (4) RewriteCond: input='/var/www/index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' pattern='!-f' => matched
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d576ca140/initial] (4) RewriteCond: input='/var/www/index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' pattern='!-d' => matched
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d576ca140/initial] (4) RewriteCond: input='/index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' pattern='!^/index.php/' => not-matched
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d576ca140/initial] (1) pass through /index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574faf40/subreq] (2) init rewrite engine with requested uri /admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574faf40/subreq] (3) applying pattern '.*' to uri '/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7'
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574faf40/subreq] (4) RewriteCond: input='/var/www/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' pattern='!-f' => matched
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574faf40/subreq] (4) RewriteCond: input='/var/www/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' pattern='!-d' => matched
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574faf40/subreq] (4) RewriteCond: input='/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' pattern='!^/index.php/' => matched
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574faf40/subreq] (2) rewrite '/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' -> 'index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7'
[04/Jun/2012:13:29:07 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574faf40/subreq] (2) forcing 'index.php/admin_group/list_groups/update_group/delete_group/delete_group/delete_group/delete_group/7' to get passed through to next API URI-to-filename handler
[04/Jun/2012:13:29:08 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574f6f20/initial] (2) init rewrite engine with requested uri /theme-tango/tango-files/jquery/js/popup_js.php
[04/Jun/2012:13:29:08 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574f6f20/initial] (3) applying pattern '.*' to uri '/theme-tango/tango-files/jquery/js/popup_js.php'
[04/Jun/2012:13:29:08 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574f6f20/initial] (4) RewriteCond: input='/var/www/theme-tango/tango-files/jquery/js/popup_js.php' pattern='!-f' => not-matched
[04/Jun/2012:13:29:08 +0200] [audit2.local.net/sid#7f7d5722d518][rid#7f7d574f6f20/initial] (1) pass through /theme-tango/tango-files/jquery/js/popup_js.php[/code]

Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 9:53 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
[quote="Mark"][quote]Do I need to delete the server? Do I need to run the audit.vbs script again?

Just call up the details page for the server and click on the IP Address field (in the Summary section at the top). You can change it to whatever you want and it will stay set at that IP, unless it's using DHCP - then it will change on each audit (if it does actually change).

Any fields that are blue or have a dash "-" in them can be clicked and changed. The audit script will not overwrite these manually set values.
Yes it does change. But that was not what I wanted/expected. I made that change to the file you told me, and I expected that it would then show it with the local area network IP and not the vmware adaptor IP. See pictures. When ever it lists the vmware adapter IP I expected it to now list the local network IP after you told me where to change the file.

Attachments:
dksrv006_small.png
dksrv006_small.png [ 104.85 KiB | Viewed 8736 times ]
all_devices_small.png
all_devices_small.png [ 57.25 KiB | Viewed 8736 times ]
Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 10:41 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
So I tried to add a new server, but it never showed up despite running the audit.vbs script multiple time and waiting a while. So I tried to insert it manually and got this error:
[attachment=2] no_vmware_netcard_error_small.png
no_vmware_netcard_error_small.png [ 111.29 KiB | Viewed 8735 times ]

[quote="jonbendtsen"]I inserted it, but it does still list the server by the wrong IP address. Do I need to delete the server? Do I need to run the audit.vbs script again?
[code] function set_initial_address($details)
{
$start=explode(' ',microtime());
$sql = "SELECT
sys_hw_network_card_ip.ip_address_v4,
sys_hw_network_card_ip.ip_subnet
FROM
sys_hw_network_card_ip,
sys_hw_network_card
WHERE
sys_gw_network_card.net_description NOT LIKE 'VMware Virtual Ethernet Adapter for VMnet%' AND
sys_hw_network_card_ip.net_mac_address = sys_hw_network_card.net_mac_address
AND
sys_hw_network_card.system_id = ? AND
(sys_hw_network_card_ip.timestamp = ? OR
sys_hw_network_card_ip.timestamp = ?)
ORDER BY
sys_hw_network_card_ip.ip_address_v4 DESC
LIMIT 1";
$data = array("$details->system_id", "$details->original_timestamp", "$details->timestamp");
$query = $this->db->query($sql, $data);
$end = explode(' ',microtime());
$this->firephp_export_sql($start, $end, __FUNCTION__ , $query->num_rows(), $this->db->last_query());
foreach ($query->result() as $myrow) {
$this->m_system->update_system_man($details->system_id, 'man_ip_address', $myrow->ip_address_
v4);
}
}
[/code]
Maybe because I wrote sys_[size=200]g[/size]w_network_card.net_description and not sys_[size=200]h[/size]w_network_card.net_description

So I changed that and tried to manual insert a new, but now it complained again:
[attachment=1] insert_error_small.png
insert_error_small.png [ 86.22 KiB | Viewed 8735 times ]

Maybe it would be a good idea if the audit.vbs script actually complained if submit_online = "y" and submitting doesnt work for some reason.
Maybe all changes should be done atomic so it either fully succeeds or no change is made.

Okay, so I manually edited the XML file and gave it a new system_key which I then submitted and sort of got almost the same error:
[attachment=0] new_insert_error_small.png
new_insert_error_small.png [ 84.35 KiB | Viewed 8735 times ]

Which seems related to printers
[code] 226 // update any tags for new printers
227 $this->m_sys_man_audits->update_audit($details, 'network printers');
228 $network_printers = $this->m_printer->get_new_network_printer($details);
229 if (count($network_printers) > 0) {
230 foreach ($network_printers as $printer) {
231 $this->m_oa_group->update_system_groups($printer);
232 }
233 }
[/code]
Let me just try to run audit.vbs without saying yes to printers.

Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 11:11 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
[quote="jonbendtsen"]
Let me just try to run audit.vbs without saying yes to printers.

Okay, that gave a different error
[attachment=1] different_error_small.png
different_error_small.png [ 90.48 KiB | Viewed 8735 times ]

maybe UUID is too long?
[attachment=0] 2different_error_small.png
2different_error_small.png [ 90.33 KiB | Viewed 8735 times ]

Nope, same style error

Maybe I should specify that the XML file submitted was not from the latest audit.vbs script.

Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 11:16 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
[quote="Mark"][quote="jonbendtsen"]It worked fine to run the audit_windows.vbs script on one server, but not the other? Trying to run it on verbose debug level 2. It started and showed a few popup windows, but that is it so far. It got to show system info [_OK_], --------- [_OK_] and "Windows info [_OK_]" and then it came up with the same error as above.

Server that works is Microsoft Windows Server 2003, Standard x64 Edition, Service Pack 2.
Server that fails is Microsoft Windows Server 2003 R2, Standard Edition, Service Pack 2.


Can you try the latest version of the audit script and let me know the line number?
Latest version is here - [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5864[/url]
Also, to save on the pop-ups, run it from the command line like so:
[code]c:\temp\cscript audit_windows.vbs[/code]
I now run audit_windows_v6.vbs and I still get this error right after a popup saying "windows info"
[attachment=0] audit_v6_error_small.png
audit_v6_error_small.png [ 34 KiB | Viewed 8735 times ]


Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Mon Jun 04, 2012 11:22 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
[quote="jonbendtsen"][quote="jonbendtsen"]
Let me just try to run audit.vbs without saying yes to printers.

Okay, that gave a different error
.
maybe UUID is too long?
.
Nope, same style error

Maybe I should specify that the XML file submitted was not from the latest audit.vbs script.
So I go back to the frontpage and notice how I have have 3 new devices, and I go to "all devices" to see them.[attachment=0] 3xdksrv004v_small.png
3xdksrv004v_small.png [ 80.86 KiB | Viewed 8735 times ]

I now have 3 postings with the same hostname, which might correspond well with how many times I changed the UUID and submitted or maybe not, I changed it 3 times, but the 4th submitted is the standard UUID.

Top
 Profile  
Reply with quote  
 Post subject: Re: Beta5 is alive
PostPosted: Tue Jun 05, 2012 6:41 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
[quote]I now have 3 postings with the same hostname, which might correspond well with how many times I changed the UUID and submitted or maybe not, I changed it 3 times, but the 4th submitted is the standard UUID.

Yep - that is what should have happened.

[quote]I now run audit_windows_v6.vbs and I still get this error right after a popup saying "windows info"
I'll take a look at this today.

I think you would be better off just wiping your install and starting again. Looks like the changes you have made have broken it to where you will continue to struggle. Out-of-the-box it should "just work". Network groups will be automatically created whenever a new subnet is audited.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 54 posts ]  Go to page Previous  1, 2, 3, 4

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group