Items affecting Discovery times
| Table of Contents |
|---|
When running a discovery, certain items will affect how fast a discovery runs and processes devices. The below are items to consider when creating and running discoveries.
...
Obviously the larger the provided subnet, the longer a discovery will take. We generally recommend /24's for efficiency. There is nothing stopping you from using a /16 (65,535 hosts) or even a /8 (16777214 hosts), but do not expect them to complete in a reasonable timeframe. The first section of the discovery script sends the non-responding IP addresses to the Open-AudTI AudIT server, so even before actually discovering a responding hosts, this section (on a large subnet) may take minutes or even hours.
If you don't know what /24's you have and do know everything on your network is contained within a /16 (for example), personally I would run a /16 ONCE to determine what networks have devices, then export the networks, massage the result in Excel and import discoveries based upon those /24's. Obviously the first scan will take a long time, but that's the price you will have to pay.
Non Root Discovery
When we audit via SSH using a credential set that is not root, we attempt toi use sudo. When we use sudo we must set a timeout and weait for that to expire, before interactively providing the password. The default for this timeout is 5 minutes and is set in the configuration as "discovery_ssh_timeout". Now before you go making this nice and small, there is a gotcha. Your audit script must finish processing within this timout or it will be incomplete and the data retrieved will cause issues in terms of changes.
Five minutes may be overly generous (most of my systems audit in well under one minute), but because we don't know how YOUR systems audit, we're overly cautious. I usually set this to 2 minutes upon install.
...
When running a discovery against a computer, the rate that the computer can complete the audit script depends on that computer, not on Open-AudIT. Faster computers will complete the audit scritp faster and hence make for a faster discovery.