5 answers
- 10-1
Hey, I may have fixed the problem!
When I had first installed open-audit I couldn't get the web GUI to come up; which I found out was because the Apache 2.2 service wouldn't start. I changed the port that Apache was using in its config file from 80 to 8080 and then I could get the web GUI to come up on http://localhost:8080/open-audit/ .
Later, when I created the subnet discovery, Open-AudIT automatically inserted the local host in the network address box, not specifying a different port than the default (port 80) and I overlooked it. I just now noticed this and specified port 8080 in the network address (http://localhost:8080/open-audit) and now its finding all sorts of stuff!
My workday is ending right now, so I'll check back in the morning and let you guys know how it turned out.
Thanks again for your help!
Add your comment... - 10-1
I was just thinking, my default gateway is a Cisco ASA firewall. Maybe that's causing a problem...
Add your comment... - 10-1
Neal,
Please see my other comments (the PHP error is a display issue only, adjust your OS date/time).
Have other discoveries been created for subnets? You should have a discovery per AD subnet. You said you have only one subnet, so I'm assuming it has been created. As MarkH suggested, log_level to 7, then run the subnet discovery (you can do so from the listing page).
Please do this and post the log output (from the discoveries read page as above).
Mark Unwin.
- neal.swift
The OS date/time were correct already. It looks like in central US time I'm 15 hours behind ACT Australia time. I've created 3 discoveries, one each for the entire network, the local host PC, and active directory.
- neal.swift
Here's my system log I just saved after changing the log level from 5 to 7.
- neal.swift
It looks like Open-AudIT only has info for the local host system.
Add your comment... - 10-1
Hello Neal,
Let's start by adjusting your system time to get that inline. This wiki page will touch on the most common issue we see: Open-AudIT FAQ#AudITFAQ-MytimeisoffinOpen-AudIT.
May I also suggest you disable blessed_subnets_use while testing. This setting shouldn't interfere with how you are running the audit, but it will help us rule it out.
Finally, can you confirm that you have created Credentials for the devices located on the one subnet returned by the AD scan?
- neal.swift
- I ran the mysql command and the timestamp is 15 hours ahead. Can you please post the proper syntax to tell it to subtract 15 hours from the timestamp? - I just disabled blessed_subnets_use - I did create SNMP, Windows, and SSH credentials (so 3 total) and put in my domain admin credentials for the windows and ssh type credentials.
- Mark Unwin
Neal, You will need to adjust the date/time of your OS (Windows or Linux). MySQL uses this timestamp. Mark Unwin.
- neal.swift
the date/time of the OS is correct
Add your comment... - 10-1
Hello Neal, I'm sorry you ran into problems while trying to run a AD scan. Rest assured we will help identify the issue and get you auditing. Regarding the problem you reported above, could you please add some additional detail by answering the questions below?
- Are you seeing this error after running the AD scan?
- The log entry you sent shows subnets were retrieved from the AD server, Open-AudIT should then have created network entries for each subnet and then started scanning them. Did this occur? If it did, did you receive audits and entries for devices it found.
On a side note, you can turn your log_level up from 5 to 7 to improve the verbosity of debug information presented. When you're done troubleshooting make sure to reduce it back to 5, as 7 can will the disk very quickly.
- neal.swift
Thanks for the quick response Mark!
- I did see this error after I executed the scan, via the web GUI execute button.
- I'm only running one subnet here (172.18.160.0/24) and I don't really see any evidence of it creating any network entries and any scanning occuring. I don't see any devices listed (other than the local host) under report -> hardware -> device.
I've tried running the discovery by the subnet as well, but it just says not complete with nothing in the log. I'm not sure if it matters, but the last run date is tomorrow.
Thank you for your help!!!
Add your comment...
I'm trying to use Open-AudIT Community 2.0.6 for the first time.
This particular error is when I try to do a Active Directory Discovery. Please advise!
FYI - This is a display bug only. It will not affect running discovery. I have fixed this for our next release.
I have good news and bad news... Bad news first - there is a bug preventing AD Discovery. Good news - it will be fixed for our next release which should be available in very short order. My apologies for the inconvenience caused.