I'm trying to use Open-AudIT Community 2.0.6 for the first time.
This particular error is when I try to do a Active Directory Discovery. Please advise!
Hey, I may have fixed the problem!
When I had first installed open-audit I couldn't get the web GUI to come up; which I found out was because the Apache 2.2 service wouldn't start. I changed the port that Apache was using in its config file from 80 to 8080 and then I could get the web GUI to come up on http://localhost:8080/open-audit/ .
Later, when I created the subnet discovery, Open-AudIT automatically inserted the local host in the network address box, not specifying a different port than the default (port 80) and I overlooked it. I just now noticed this and specified port 8080 in the network address (http://localhost:8080/open-audit) and now its finding all sorts of stuff!
My workday is ending right now, so I'll check back in the morning and let you guys know how it turned out.
Thanks again for your help!
I was just thinking, my default gateway is a Cisco ASA firewall. Maybe that's causing a problem...
Please see my other comments (the PHP error is a display issue only, adjust your OS date/time).
Have other discoveries been created for subnets? You should have a discovery per AD subnet. You said you have only one subnet, so I'm assuming it has been created. As MarkH suggested, log_level to 7, then run the subnet discovery (you can do so from the listing page).
Please do this and post the log output (from the discoveries read page as above).
The OS date/time were correct already. It looks like in central US time I'm 15 hours behind ACT Australia time. I've created 3 discoveries, one each for the entire network, the local host PC, and active directory.
Here's my system log I just saved after changing the log level from 5 to 7.
It looks like Open-AudIT only has info for the local host system.
Let's start by adjusting your system time to get that inline. This wiki page will touch on the most common issue we see: Open-AudIT FAQ#AudITFAQ-MytimeisoffinOpen-AudIT.
May I also suggest you disable blessed_subnets_use while testing. This setting shouldn't interfere with how you are running the audit, but it will help us rule it out.
Finally, can you confirm that you have created Credentials for the devices located on the one subnet returned by the AD scan?
- I ran the mysql command and the timestamp is 15 hours ahead. Can you please post the proper syntax to tell it to subtract 15 hours from the timestamp? - I just disabled blessed_subnets_use - I did create SNMP, Windows, and SSH credentials (so 3 total) and put in my domain admin credentials for the windows and ssh type credentials.
Neal, You will need to adjust the date/time of your OS (Windows or Linux). MySQL uses this timestamp. Mark Unwin.
the date/time of the OS is correct
Hello Neal, I'm sorry you ran into problems while trying to run a AD scan. Rest assured we will help identify the issue and get you auditing. Regarding the problem you reported above, could you please add some additional detail by answering the questions below?
On a side note, you can turn your log_level up from 5 to 7 to improve the verbosity of debug information presented. When you're done troubleshooting make sure to reduce it back to 5, as 7 can will the disk very quickly.
Thanks for the quick response Mark!
I've tried running the discovery by the subnet as well, but it just says not complete with nothing in the log. I'm not sure if it matters, but the last run date is tomorrow.
Thank you for your help!!!
FYI - This is a display bug only. It will not affect running discovery. I have fixed this for our next release.
I have good news and bad news... Bad news first - there is a bug preventing AD Discovery. Good news - it will be fixed for our next release which should be available in very short order. My apologies for the inconvenience caused.