Getting "Could not convert audit result from XML." for a bunch of systems. Some are working just fine.
Posting a follow-up.
Jonathon and I corresponded via email and determined the Linux audits were timing out. Using the "root" user imposes a timeout on the SSH session in Open-AudIT and it was set to 20 seconds. Jonathon had the option of using a user with sudo, or changing the configuration item for discovery_ssh_timeout. This was then resolved.
FYI - The code takes a different path when using the actual root user, versus a user with sudo access. Root user uses the timeout, sudo access tests for a response and doesn't need to use the timeout.
The default value for discovery_ssh_timeout is 300 seconds (5 minutes).
Here is what the validation tool produced
An error has been found!Click on to jump to the error. In the document, you can point at with your mouse to see the error message.Errors in the XML document:
data=<?xml version="1.0" encoding="UTF-8"?>
Only Some systems are getting this and all of them are either RHEL 6 or 7
In the audit script, the "data=" section should have been removed. I'll take a look as we have RHEL 7 machines here.
Mark Unwin Thanks for the response, these are all Linux systems and I see the XML files are produced and on the OpenAudit server it is storing a copy of the XML file,
So I am assuming that your thinking that the server bein audited is producing garbage XML, hmm interesting. I will investigate that more.
I have just tested on Centos 6 and Redhat 7, both via discoveries and manually running it on the target machines. Both work as intended.I'm unsure why the data= would still be in the XML. Are your script options using submit_online=y, by chance?
Sorry for the delay, the option is set to y. I will change it to n and remove the agent on a system having the issue and run it on just the one to see what happens
Mark Unwin Nope, the Same issue. Any other suggestions?
Can you send a copy of the XML file as left on the Open-AudIT server to email@example.com please.
Then the most likely issue is that the XML is invalid.
Have you tried an online XML Validator to make sure it's OK?
To get the file, on a device having this issue copy open-audit\other\audit_windows.vbs (assuming it's a Windows machine) to the device and run:
cscript audit_windows.vbs submit_online=n create_file=y
And it will produce an XML file.
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.