Every time I run a discovery on my network I get many devices duplicated (all devices where credentials doesn't works). I have enabled "match_mac" discovery option but it doesn't work.
"match_ip" seems to solve but I have a dhcp active in this network so a match based only on the ip address is not what I need.
How to avoid duplicated devices in a dhcp network?
I think I've found the bug.
In the file
Windows - c:\xampplite\open-audit\code_igniter\application\controllers\include_input_discoveries.php
Linux - /usr/local/open-audit/code_igniter/application/controllers/include_input_discoveries.php
On line 230, place the following:
$device->mac_address = (string)$input->mac_address;
This should come right after the below block.
$device = new stdClass();
$device->id = '';
$device->name = '';
$device->type = '';
$device->os_family = '';
$device->os_group = '';
$device->sysDescr = '';
$device->last_seen = $this->config->config['timestamp'];
$device->ip = (string)$input->ip;
$device->audits_ip = (string)$input->ip;
$device->last_seen_by = 'nmap';
$device->discovery_id = $discovery->id;
We were not setting the MAC address we received (if we received any) from the discover subnet script.
That should be all you need to do to get it working. You will need to manually set the status of incorrectly duplicated items to "deleted" (easily done using Bulk Edit).
My apologies for the inconvenience.
"match_mac" device recognition defintly doesn't work.
I have a LAN with many smartphones connected over WiFi and getting ip addresses from dhcp server. Last version of Open Audit, 2.1, store mac address of devices without credential in the "Ip Addresses" tab.
I have run the discovery task for the first time and the DB was populated. I have device with id 749 (you can see it in the URL), ip 192.168.3.8 and mac address 00:15:39:00:2b:36.
I have run the discovery task another time and I get the same device duplicated with id 801:
"match_mac" is active but does'nt work. "match_ip" discovery option is useless in a DHCP network, I have already tried it, so I need that "match_mac" option to work correctly with "simple devices" where I cannot login with credentials, like smartphones and printers.
This is the discovery log (with "log_level" set to 7) of the duplicated device with id 801:
As a supported Open-AudIT Enterprise customer you can send these questions to our Support team at email@example.com for priority response.
Please see our comments from Dec 20th. Which of the 12 "match_" options have you configured as YES? Please keep in mind these work as AND statements where ALL marked as YES must match in order for a device to match in the dB; otherwise a new entry will be made.
I also noticed you're running https over 54443, which may be creating problems with the audit scripts returning information back to the server. Please make sure you have selected the correct Network Address in your Discovery, and updated the config option oae_server located in /usr/local/omk/conf/opCommon.nmis under the openauditenterprise section.
the only "match_" active in discovery config is "match_mac", all other "match_" are set to "n". With this configuration every device is being duplicated on every run of discovery task.
Port 54443 is used only for connecting to the Open Audit web interface from internet, there is a nat from port 443 on server to port 54443 on the gateway. From the LAN, where discoveries runs, Open Audit is reachable on standard port 443.
I'll send those information to Support team.
If your devices are not on the same physical subnet as your Open-AudIT server, Open-AudIT cannot retrieve their MAC addresses. Hence there is no MAC to match. This is why matching IP does work. I'd suggest you work on the list and get the required credentials. Without those, you will always be running uphill.
Menu -> Report -> Device -> Devices Without Credentials
Open-AudIT treats each of the "match_" config options as part of an AND statement. So, if you have both match_mac and match_ip set to YES BOTH have to match in order for a device found via Discovery to match a device already in the dB. The more match_ config items you enable (mark Yes) the more accurate your audit will be. However, as you noted, the more likely you are to create duplicate entries in the dB when one or more of the parameters don't match.
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.