Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 12:05 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
 Post subject: Audit Query View
PostPosted: Sat Mar 14, 2009 10:53 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
On the bottom of the different query views there is an option to export the list to a csv file/inkscape/etc. How about an option to audit the list if it contains computers? I guess the main issue here would be how to include the list of computers in the script to be audited.

I've started to code something similar on the openaudit box at my work, but it audits directly from the server and doesn't launch a script that the user has to run. It currently does only single machine audits. I'd like to adapt it to take over functions such as this, where it can audit lists of computers or a domain.

Anyways, is it doable to jam a list of computers in a self contained audit.vbs like you get when you click the "Audit Now" button?

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
 Post subject: Re: Audit Query View
PostPosted: Thu Mar 19, 2009 11:04 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
Just an update to this...

I've implemented this feature at my work and it seems to function fine. However, the way I implemented it isn't very standard. It only works with the audit_linux.sh script and a linux web server setup, and the audits are launched on the server.

The way it works is you click a link on the bottom of the page like you would to export to csv, etc. Then it passes the sql query and other post information like the export to file does, only it passes it to a page kind of like the wake on lan page. That page simply tells you if the audit script was able to launch successfully on the server, and what kind of audit you're doing (I also have the "Audit Now!" function going to this page to launch remote audits in the same fashion). For query audits, it passes the hostnames as a long string to the script as a switch, with hostnames separated by spaces.

To be able to see that the audits that are actually running and kill any running processes you want I created a page called show_active_audits.php. This page parses the ps output to look for script processes and displays all currently active proccess with their PID, command they're running, the process' elapsed time, and what computer it's trying to audit. The page is similar to the delete systems page in that it allows you to kill any and all active audits (so long as they were started from the webserver).

I also had to edit the admin config page to add an audits section so you can define authentication information for the audit script to run properly from the webserver. There are still some quirks I'm fleshing out.

I thought I'd at least post this to hopefully give some other people some ideas for how to do this.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group