Open-AudIT
https://www.open-audit.org/phpBB3/

OA 1.12.10 Problem
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6592
Page 1 of 1

Author:  omega4471 [ Wed Apr 12, 2017 9:13 pm ]
Post subject:  OA 1.12.10 Problem

Scenario: Server 2008 r2 -Window domain - 2000 workstation
The script audit_windows is executed at user logon.
Problem: (xp o 7) example in the table system, the workstation with id 2163 have the correct hostname and the name and the FQDN value that are the same, wrong.
In the table windows the system_id 2163 value is repeated 58 times with the values in the user-name wrong.
the other tables linked to 'id 2163 have the same problem
I attach the screen ( system and windows tables )

Can you help me ? Thanks

Attachments:
system.PNG
system.PNG [ 14.02 KiB | Viewed 7616 times ]

Author:  omega4471 [ Wed Apr 12, 2017 9:17 pm ]
Post subject:  Re: OA 1.12.10 Problem

the second screen

Attachments:
windows.PNG
windows.PNG [ 110.93 KiB | Viewed 7615 times ]

Author:  shanimal [ Tue Apr 18, 2017 3:57 am ]
Post subject:  Re: OA 1.12.10 Problem

How do you get to the page you took the screenshots from? I'm not familiar with this view but can see how it looks on my system if I can find it. thanks

Author:  jpa [ Tue Apr 18, 2017 4:22 am ]
Post subject:  Re: OA 1.12.10 Problem

Looks like two machine audits are updating one audit entry. So we have a "this is Win2000" audit update audit_2163, then a "this is Win 7" audit update the same 2163, repeat.

This should not happen. But there is a bunch of somewhat complicated logic for finding an existing audit to update given an audit XML. I'd say this is failing.

I would run an audit to file against both machines and then compare the <system> portion of the XML. Maybe the network sections as well.

[code]cscript audit_windows.vbs strcomputer=device1or2 submit_online=n create_file=y[/code]

Author:  Mark [ Wed Apr 19, 2017 11:19 am ]
Post subject:  Re: OA 1.12.10 Problem

Check this page for your device matching options.
https://community.opmantek.com/display/ ... ng+Devices

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/