Open-AudIT

What's on your network?
It is currently Fri Apr 27, 2018 10:56 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Wed Sep 30, 2015 10:14 pm 
Offline
Newbie

Joined: Thu Apr 09, 2015 4:30 pm
Posts: 25
Open Audit 1.6.4
Amazon Linux (Amazon EC2 Cloud)
Web server: apache
no domain. Auditing using the audit script.

We are seeing multiple computers overwriting the data of system ID 81. We've only noticed it with this system id. We don't understand how this is possible as our understanding is that without a domain or active directory the UUID is used for system uniqueness. It seems to me that the chances of having duplicate UUIDs is low in an organisation with around 120 computers, yet we have at least 4 computers trying to share this system ID.

Any suggestions what I can do to investigate this?

Thanks,
Stephen


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 01, 2015 1:34 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Audit the overwriting machines to file to get an idea of what's being inserted.
Code:
cscript audit_windows.vbs submit_online=n create_file=y


What do we have for UUID, hostname, man_ip_address? Any collisions?

The code that tries to determine if a machine is new or just an update has changed through the various OA versions. If you really what to know what's happening you need to look in m_system.php.


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 10, 2015 3:47 am 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
What happens if you delete device ID81? Do they go to and overwrite ID82?

Edit: I make this comment because in my case, I have a lab with virtualbox installed, which created a virtual network device with its own MAC address and IP address. Since this is a lab, it just happens that all MAC addresses are the same and all IP addresses ended up being the same. Because of OA matching rules, audits were overwritting the same record.

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group