Versions Compared

Old Version 9

changes.mady.by.user Paul McClendon

Saved on

compared with

New Version 10

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

With the release of Open-AudIT 3.2.0 we have introduced a new concept called Rules. Rules are created and run against a device when the device is discovered or an audit result is processed. Rules can be used to set a device attribute based on other attributes.

...

For those curious, the "new" files that replace the Rules are:

FileDescription
/open-audit/code_igniter/application/helpers/mac_helperMatches MAC addresses to manufacturers.
/open-audit/code_igniter/application/helpers/mac_model_helperMatches Apple manufacturer codes to models (stored in system.manufacturer_code).
/open-audit/code_igniter/application/helpers/snmp_model_helperMatches the device's SNMP OID to a model and type.
/open-audit/code_igniter/application/helpers/snmp_model_helperMatches the devices's SNMP OID to the manufacturer.


And of course you are free to add or modify the rules as you see fit. If you have a device with an SNMP OID that doesn't match a model already in the file - now you can add it easily. No more waiting for us to provide a patch and add it to the code base for you.

...

When the rules run in discovery, any matching rules will appear in the discovery log. See below for an example.


Hit on snmp_enterprise_id 9 eq 9
Hit on manufacturer is empty 
Command: Rule Match - SNMP Enterprise Number for ciscoSystems, ID: 10 
Output: {"manufacturer":"Cisco Systems","snmp_enterprise_name":"ciscoSystems"}

and anohter

Hit on snmp_oid 1.3.6.1.4.1.9.1.620 eq 1.3.6.1.4.1.9.1.620 
Command: Rule Match - SNMP OID match, ID: 135661 
Output: {"model":"Cisco 1841","type":"router"}

Create Rules Entries

Rules can be created just like any other item. Menu → Manage → Rules → Create.

...

Because there are so many rules (near one hundred thousand), paging through them is unrealistic. We still retrieve the default number of entries as per the configuration item, however there is a search box at the top of the panel. Use this to search through the name, description, inputs and outputs to refine the list and find what you're looking for. There is also a button on the panel header that will show you all the rules you have created or edited. See below.


Database Schema

Code Block
languagetext
themeEclipse
CREATE TABLE `rules` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(200) NOT NULL DEFAULT '',
  `org_id` int(10) unsigned NOT NULL DEFAULT '1',
  `description` text NOT NULL,
  `weight` int(10) unsigned NOT NULL DEFAULT '100',
  `inputs` text NOT NULL,
  `outputs` text NOT NULL,
  `edited_by` varchar(200) NOT NULL DEFAULT '',
  `edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=155875 DEFAULT CHARSET=utf8

Example Database Entry

Code Block
languagetext
themeEclipse
         id: 65554
       name: Mac Address for Cisco Systems
     org_id: 1
description: Set the manufacturer based on the MAC prefix.
     weight: 90
     inputs: [{"table":"network","attribute":"mac","operator":"st","value":"cc:46:d6"},{"table":"system","attribute":"manufacturer","operator":"eq","value":""}]
    outputs: [{"table":"system","attribute":"manufacturer","value":"Cisco Systems","value_type":"string"}]
  edited_by: system
edited_date: 2001-01-01 00:00:00

API / Web Access?

...

The database schema can be found in the application is the user has database::read permission by going to menu: Admin -> Database -> List Tables, then clicking on the details button for the table.


API / Web Access

You can access the collection using the normal Open-AudIT JSON based API. Just like any other collection. Please

...

see The Open-AudIT API documentation for further details.

API Routes

...

Request Method

...

ID

...

Action

...

Resulting Function

...

URL Example

...

Notes

...

Example Response

...


...

Web Application Routes

Only available under Open-AudIT Enterprise

...

Request Method

...

ID

...

Action

...

Resulting Function

...

URL Example

...

Notes

...

Default Items

Shipped are a set of default items. These can be found by going to menu: Help → Defaults → Rules.