Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To use Discovery, first a few default attributes should be set. As an Open-AudIT admin level user, go Go to Open-AudIT Enterprise -> Menu -> Admin System -> ConfigOpen-AudIT Discovery Configuration.

The single most important attribute to set the the "default_network_address" attribute. This is used for Discovery so that when we send an audit script to a remote machine we can also provide the URL of the Open-AudIT server for the remote machine to send it's data back to. We set this manually because your Open-AudIT server may have multiple network addresses. Rather than try and work out the correct address, we ask you to complete this step manually so there can be no mistakes.

You should also set the following fields:

  • default_ipmi_username
  • default_ipmi_password
  • default_snmp_community
  • default_ssh_username
  • default_ssh_password
  • default_windows_username
  • default_windows_domain
  • default_windows_password

...

This form will pre-populate with your defaults (which you have just configured), but you can also over ride override them with specific attributes for any given Discovery run.

If you provide a subnet in the form 192.168.0.0/24 (note the slash) a network Group will be created if one does not exist. If you do not wish a network group to be created, you can specify a subnet range using dashes. IE - 192.168.0.0-255.

Fill the form details and click the Submit button.

...

Logging

NOTE - The logging is can be quite verbose so there is now a feature to purge the log file at Open-AudIT -> Menu -> Admin -> Logs -> Purge Log.

You can set the log level in the configuration (menu -> System > Open-AudIT Basic Configuration). By default it is set to 5, but you may wish to temporarily increase it to 7 for debugging purposes.

You should see logging similar to the below (if set to level 7). In the below instance, a Discovery run was performed on 192.168.0.1-5 and the device at 192.168.0.1 was found and SNMP scanned.

...

NOTE - If a Windows or Linux machine is discovered (as opposed to audited with a script) and is not currently in the database, you will likely first see a very limited set of information. This will be only the Nmap and maybe the SNMP data. After the actual audit script has been run and processed you should see the complete details about the device.

...

Once the SNMP scan has been performed (or not), the data about the device is used to attempt to determine if the device already exists within Open-AudIT. If so it is updated, if not a new device is inserted. A note of the internal system id is made for the next section.

IMPI Scan

Open-AudIT when running on a Linux server with ipmitool installed can query the IPMI interface (used as a remote access card in servers, sometimes called an ILO card). If you have credentials set, very basic information can be retrieved. This is only available on Linux based Open-AudIT servers.

Windows Audit

If WMI is open on the target device and the Open-AudIT server is running Windows, an attempt is made to directly audit the device using the Discovery form supplied credentials. The device id from above is also passed to the audit script. When the audit is complete, it is sent to the Open-AudIT server for processing. 

...