Open-AudIT

What's on your network?
It is currently Thu Apr 26, 2018 7:46 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 13 posts ] 
Author Message
PostPosted: Thu May 20, 2010 9:34 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
There is still an issue with audit,vbs while doing domain audits.

The script contains code to kill off hanging sub-processes however this doesn't seem to work. The script should also timeout completely 20 mins after the last sub-processes starts. It doesn't work (at least it doesn't work for me).

I found this out while running a sequence of audits from my Ubuntu box, the first audit starts, then sits sleeping forever (and hogging the CPU on the Windows box which is doing the actual auditing).

The way I have things set up is as follows, a bash script calls a set of sub-scripts one for each site, and each of those sub-scripts runs a site specific audit using a windows workstation to run the audit.vbs code for that particular site. The trouble is that the first audit kicks off fine, but never ends, and therefore none of the other sites are audited. I cannot simply run the audits asynchronously, since this will simply leave a dead process on the Windows box for each attempted audit, and kill the CPU on the box, as vbscript sleep seems to hog the CPU in a very selfish fashion.

Anybody come across this issue?

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Thu May 20, 2010 10:48 pm 
Offline
Helper

Joined: Tue Jul 25, 2006 2:33 am
Posts: 83
Location: Hampshire, UK
Andrew,
I can only provide confirmation, not an answer. Although I use an Ubuntu server my domain auditing is kicked off from a Win XP workstation. The job audits the domain successfully but then hangs indefinitely as you described. I'm lazy enough (or at least have the time) to manually kill it later. However it *used* to work OK, it has just started this hang problem in the last few months. Since I know you'll ask, I'm at SVN rev 1154 (I think), haven't updated for a while since I'm waiting for OAv2 :)
The audit job didn't hang when I went to that SVN, I would have linked the two, it happened much later.

John

_________________
OA environment:
OA Server: Ubuntu 10.04LTS
1 Windows 2008R2 Server
4 Windows 2003 Servers
20 Windows XP workstations
1 Windows 7 workstation
2 Ubuntu 11.10 servers
Misc other networked items


Top
 Profile  
Reply with quote  
PostPosted: Thu May 20, 2010 11:38 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
:?

I cant see any changes between SVN 1154 and now which might affect this...

...

Could this be the change that broke things...

Code:
   if comparray(i) <> "" then
      Echo(i & " of " & Ubound(comparray))
      Echo("Processes running: " & num_running)
      Echo("Next System: " & comparray(i))
      Echo("--------------")
      ' command1 = "cscript " & script_name & " " & comparray(i) ' wait forever.
      'command1 = "cscript //T:" & script_timeout & " " & script_name & " " & comparray(i)
       command1 = "cscript //Nologo " & script_name & " " & comparray(i)
      set sh1=WScript.CreateObject("WScript.Shell")
      sh1.Run command1, 6, False
      set sh1 = nothing
      num_running = HowMany
    end if
  Next
end if

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Fri May 21, 2010 1:43 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Gotcha! I dont think it ever worked the way it should, it just failed more gracefully before. :D

Seems that the script will continue after the domain audit, and ends up in limbo, presumably this is why I end up with the CPU hogged by a whole bunch of cscript and cmd processes.

jaydee, try adding wscript.quit round about line 475, i.e. change things to look like this.

Code:
      num_running = HowMany
    end if
  Next
' Domain audit finished, so we quit the script
Echo("Domain Audit Completed")
 Wscript.Quit
'
end if

'''''''''''''''''''''''''''''''''''
' Read the text file if requested '
'  and audit PCs within - line    '
'  by line                        '
'''''''''''''''''''''''''''''''''''


Let me know if this fixes it. (or update to the latest SVN version of the script, 'cos I have modified it as per the above). I will have to make this slightly smarter, (i.e. ensure the email is sent, hanging processes are all killed etc.) but it works for me.

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Fri May 21, 2010 8:12 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
I'm not experiencing this problem. But while reviewing the code I found this just before the original main wscript.quit. It looks like a cut and paste from earlier code that didn't get updated. The code sets log_file and then uses config_file in the next line. Maybe if you're not keeping the audit log this causes a problem?

Code:
if keep_audit_log = "n" then
    if use_audit_log = "y" then
        Set log_file = CreateObject("Scripting.FileSystemObject")
        Set our_log = config_file.OpenTextFile( this_audit_log, ForWriting, True)
        our_log.close
        log_file.DeleteFile this_audit_log
    end if
end if


Top
 Profile  
Reply with quote  
PostPosted: Fri May 21, 2010 9:46 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
I don't think my previous post causes any problems. Couldn't hurt to fix it.

A_Hull wrote:
The script should also timeout completely 20 mins after the last sub-processes starts.
I don't see any code to time out the main script running the domain audit. I'm not sure how useful the sub-script 20 minute timeout code is either as the main script only waits 5 minutes before exiting after the last machine audit and doesn't kill the sub-scripts before doing so. For example say it takes 10 minutes to audit your machines. If the first machine we audit takes more than 20 minutes the main script will have exited long before when the last machine was successfully audited.

I'm not sure why the following timeout code was removed as it would seem to control the timeout of individual machine audits.
Code:
'command1 = "cscript //T:" & script_timeout & " " & script_name & " " & comparray(i)


Top
 Profile  
Reply with quote  
PostPosted: Fri May 21, 2010 11:06 pm 
Offline
Helper

Joined: Tue Jul 25, 2006 2:33 am
Posts: 83
Location: Hampshire, UK
Thanks Andrew and jpa for those suggestions. I'll give them a try but it will probably be next week - there seems to be this mountain sitting on my desk to get over first :)
John

_________________
OA environment:
OA Server: Ubuntu 10.04LTS
1 Windows 2008R2 Server
4 Windows 2003 Servers
20 Windows XP workstations
1 Windows 7 workstation
2 Ubuntu 11.10 servers
Misc other networked items


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 03, 2010 10:41 pm 
Offline
Helper

Joined: Tue Jul 25, 2006 2:33 am
Posts: 83
Location: Hampshire, UK
Sorry for the long delay Andrew and jpa but I've been trying various combinations of your suggestions from 5/20 without much luck. The job still hangs after the individual audits have completed. I only run one audit/day and if I leave it for a long time (= forget to delete it) it *does* seem to delete itself but only after at least 12+ hours.
John

_________________
OA environment:
OA Server: Ubuntu 10.04LTS
1 Windows 2008R2 Server
4 Windows 2003 Servers
20 Windows XP workstations
1 Windows 7 workstation
2 Ubuntu 11.10 servers
Misc other networked items


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 19, 2010 7:59 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
I noticed in the IsWMIConnectible function in audit.vbs this line:

Code:
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, "root\cimv2", strUser, strPass, "", "", wbemConnectFlagUseMaxWait)


From the documentation the wbemConnectFlagUseMaxWait is used to specify a 2 minute timeout. Without it the call can hang. I don't see anywhere where the wbemConnectFlagUseMaxWait value is defined. Should we not have it defined somewhere?
Code:
Const wbemConnectFlagUseMaxWait = 128


I also rebooted a machine while it was auditing and this line crashed the audit with
Code:
SWbemLocator: Class not registered


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 19, 2010 11:21 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Please try audit.vbs at rev. 1243. Hopefully the bug should have been fixed.
As suggested by jpa, the wbemConnectFlagUseMaxWait constant was declared and used whenever the connectserver method is called, to prevent script hanging if the method fails.
Also wscript.quit was removed at the end of domain auditing, to let emails being sent.
Then the cscript //nologo command was used also for pc list file auditing, to make use of the existing checkforhungwmi() function which kills processes running more than script_timeout seconds.
The same function was fixed to manage the case of audit.vbs being renamed.
Also the oShell object was deleted at the end of the schtasks.exe command execution.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 21, 2010 4:30 pm 
Offline
Newbie

Joined: Tue Jun 08, 2010 6:23 am
Posts: 3
Where can I find audit.vbs (ref 1243) file?

Experiencing the same problems and would like to resolve these.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 22, 2010 2:11 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
From the FAQ section of the forum.

How to: Download the latest files from Subversion on Windows


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 14, 2011 5:29 pm 
Offline
Newbie

Joined: Mon Feb 14, 2011 5:25 pm
Posts: 1
I don't see any code to time out the main script running the domain audit. I'm not sure how useful the sub-script 20 minute timeout code is either as the main script only waits 5 minutes before exiting after the last machine audit and doesn't kill the sub-scripts before doing so. For example say it takes 10 minutes to audit your machines. If the first machine we audit takes more than 20 minutes the main script will have exited long before when the last machine was successfully audited. :lol: :lol: :lol: :lol:

_________________
cartier watches
cartier love bracelet
cartier love


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 13 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group