Open-AudIT
https://www.open-audit.org/phpBB3/

Does Open-AudIT scale well for large networks
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=3260
Page 1 of 1

Author:  nbrinson [ Sat Apr 18, 2009 3:39 am ]
Post subject:  Does Open-AudIT scale well for large networks

We have about 18,000 PCs in our environment and several hundred servers. The PCs are spread across at least 800 locations - most with T1 circuits. Does Open-AudIT scale up to this size environment? Is the reporting robust and customizable?

Anyone out there using it current for 18k plus PCs?

Thanks.

Author:  Mark [ Sat Apr 18, 2009 1:06 pm ]
Post subject:  Re: Does Open-AudIT scale well for large networks

No-one I am aware of is using it to this extent.
With the right indexing in place, I don't see why it wouldn't work.
I would look at having the audits run from the individual PCs, not initiated from a central point.
Maybe audit from individual Domain Controllers local to the PCs.

FYI - I am testing OAv2 against 3500 PCs in my development setup.

Author:  nbrinson [ Mon Apr 20, 2009 10:08 pm ]
Post subject:  Re: Does Open-AudIT scale well for large networks

Thanks. Unfortunately, there are very few sites with local domain controllers. We'll play around with it a little and see if it will work for us.

Author:  hsmalley [ Mon Apr 20, 2009 11:47 pm ]
Post subject:  Re: Does Open-AudIT scale well for large networks

I audit across multiple sites during a login script. Most of my offices have T1's or Cable. I don't have a DC in every site as well, and it still works pretty well.

I use the following in my login script to make sure that the systems only get audited once a day. Also if you don't want a computer to get audited I have added a line for that as well. I don't let it audit my backup, SQL, or exchange server as I don't want to increase the loads on those boxes as they get hit pretty hard. Figured this might help.

:OA
FOR /f "tokens=2,3,4 delims=-/.: " %%F IN ("%DATE%") DO SET FORMATTED_DATE=%%F-%%G-%%H
if exist %temp%\OpenAudIT_%FORMATTED_DATE%.LOG goto next
if %computername% == BACKUP goto next
if %computername% == Exchange goto next
if %computername% == SQL goto next
call %windir%\system32\cscript.exe //t:400 //nologo %0\..\OA\audit.vbs > %temp%\OpenAudIT_%FORMATTED_DATE%.LOG

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/