Child pages
  • Open-AudIT Change Detection
Skip to end of metadata
Go to start of metadata

Introduction

When a device is audited, attributes are divided into sections which correspond to tables in the database.

When the audit result is processed, each item in each section is has it's audit result compared to what is in the database.

For each section, if the columns contain the identical values, it is considered already installed and its 'last_seen' attribute is updated. No change_log entry is created.

If any of the columns do not match, it is considered a new attribute and inserted. A change_log entry is created if the device had other attributes already present in the table.

At the completion of the audit processing, any database items that have not been updated (or inserted) are considered to not be present. A change_log entry is generated.

Each section and it's "matching" columns are below.

NOTE - There are some exceptions as detailed below.

*1 - If the computer is a VMware Esx machine it also uses the net_index and connection columns.

*2 - If the computer is an AIX machine, we use the partition name.

 

TableAttribute #1Attribute #2Attribute #3Attribute #4Attribute #5

bios

 description

 manufacturer

serial

 smversion

 version

disk

 model

 serial

 hard_drive_index

 size

 

dns

 ip

 name

 fqdn

  

file

 full_name

 hash

 inode

 last_changed

 

log

 name

 file_name

 overwrite

  

memory

 bank

 size

 serial

  

module

 description

 module_index

 serial

  

monitor

 model

 manufacturer

 serial

  

motherboard

 model

 manufacturer

 serial

  

netstat

 protocol

 ip

 port

 program

 

network *1

 mac

    

ip

 ip

 mac

 netmask

  

optical

 model

 mount_point

   

pagefile

 name

 initial_size

 max_size

  

partition *2

 name

 hard_drive_index

 mount_point

 size

 

print_queue

 device

    

processor

 description

    

route

 destination

 next_hop

   

san

 serial

    

scsi

 model

 manufacturer

 device

  

server

 name

 type

 full_name

 version

 

server_item

 name

 type

 instance

  

service

 description

 name

 executable

  

share

 name

 path

   

software

 name

 version

   

software_key

 name

 string

 rel

 edition

 

sound

 model

 manufacturer

   

task

 name

 task

   

user

 name

 sid

   

user_group

 name

 sid

   

variable

 program

 name

 value

  

video

 model

    

vm

 name

 uuid

   

windows

 service_pack

 build_number

   
  • No labels