Open-AudIT https://www.open-audit.org/phpBB3/ |
|
OA 1.12.10 Problem https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6592 |
Page 1 of 1 |
Author: | omega4471 [ Wed Apr 12, 2017 9:13 pm ] | ||
Post subject: | OA 1.12.10 Problem | ||
Scenario: Server 2008 r2 -Window domain - 2000 workstation The script audit_windows is executed at user logon. Problem: (xp o 7) example in the table system, the workstation with id 2163 have the correct hostname and the name and the FQDN value that are the same, wrong. In the table windows the system_id 2163 value is repeated 58 times with the values in the user-name wrong. the other tables linked to 'id 2163 have the same problem I attach the screen ( system and windows tables ) Can you help me ? Thanks
|
Author: | omega4471 [ Wed Apr 12, 2017 9:17 pm ] | ||
Post subject: | Re: OA 1.12.10 Problem | ||
the second screen
|
Author: | shanimal [ Tue Apr 18, 2017 3:57 am ] |
Post subject: | Re: OA 1.12.10 Problem |
How do you get to the page you took the screenshots from? I'm not familiar with this view but can see how it looks on my system if I can find it. thanks |
Author: | jpa [ Tue Apr 18, 2017 4:22 am ] |
Post subject: | Re: OA 1.12.10 Problem |
Looks like two machine audits are updating one audit entry. So we have a "this is Win2000" audit update audit_2163, then a "this is Win 7" audit update the same 2163, repeat. This should not happen. But there is a bunch of somewhat complicated logic for finding an existing audit to update given an audit XML. I'd say this is failing. I would run an audit to file against both machines and then compare the <system> portion of the XML. Maybe the network sections as well. [code]cscript audit_windows.vbs strcomputer=device1or2 submit_online=n create_file=y[/code] |
Author: | Mark [ Wed Apr 19, 2017 11:19 am ] |
Post subject: | Re: OA 1.12.10 Problem |
Check this page for your device matching options. https://community.opmantek.com/display/ ... ng+Devices |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |