Introduction
With the release of Open-AudIT 3.2.0 we have introduced a new concept called Rules. Rules are created and run against a device when the device is discovered or an audit result is processed. Rules can be used to set a device attribute based on other attributes.
...
So, that was a ride... In testing our new Rules feature worked a treat. In practice, not so much. Most servers (ie, not mine) can't cope with loading the rule set, even if we break it down to smaller chunks, when processing multiple devices. What to do? What to do? Well we've taken a small step back. Rules still exist as a feature, and they still work a treat. But instead of inserting 100,000 Rules into the database, we've split them up into four distinct files and implemented them as code only. Hence, no loading all 100,000 Rules, decoding JSON and running them against a device. Now we just load the files and run the statements. Much, much faster and more memory efficient. No load on MySQL, and hence the CPU also drops. No populating a massive recordset and hence the memory drops. The not so good thing - these are no longer editable in the GUI. But it's not the end of the world. You can still make Rules as you see fit and they will be run after the "default" rules (those in code), hence you can override the "default" rules. So we don't lose much, but we gain a LOT of performance. We also added a few new Rules for Mac Models.
...
When the rules run in discovery, any matching rules will appear in the discovery log. See below for an example.
Hit on snmp_enterprise_id 9 eq 9
Hit on manufacturer is empty
Command: Rule Match - SNMP Enterprise Number for ciscoSystems, ID: 10
Output: {"manufacturer":"Cisco Systems","snmp_enterprise_name":"ciscoSystems"}
and anohter
Hit on snmp_oid 1.3.6.1.4.1.9.1.620 eq 1.3.6.1.4.1.9.1.620
Command: Rule Match - SNMP OID match, ID: 135661
Output: {"model":"Cisco 1841","type":"router"}
Create Rules Entries
Rules can be created just like any other item. Menu → Manage → Rules → Create.
You can add and remove inputs and outputs as required.
Viewing Rules Details
...
Because there are so many rules (near one hundred thousand), paging through them is unrealistic. We still retrieve the default number of entries as per the configuration item, however there is a search box at the top of the panel. Use this to search through the name, description, inputs and outputs to refine the list and find what you're looking for. There is also a button on the panel header that will show you all the rules you have created or edited. See below.
.png?version=1&modificationDate=1589912394000&cacheVersion=1&api=v2&height=400)
Database Schema
...