Date: Tue, 19 Mar 2024 06:17:50 +0000 (UTC) Message-ID: <1523613693.2736.1710829070167@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_2735_574913636.1710829070167" ------=_Part_2735_574913636.1710829070167 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Items affecting Discovery times
When running a discovery, certain items will affect how fast a discovery= runs and processes devices. The below are items to consider when creating = and running discoveries.
Obviously the larger the provided subnet, the longer a discovery will ta= ke. We recommend /24's for efficiency. There is n= othing stopping you from using a /16 (65,535 hosts) or even a /8 (16777214 hosts), but do not expect them to com= plete in a reasonable timeframe. The first section of the discovery script = sends the non-responding IP addresses to the Open-AudIT server, so even bef= ore actually discovering a responding hosts, this section (on a large subne= t) may take minutes or even hours.
If you don't know what /24's you h= ave and do know everything on your network is contained within a /16 (for e= xample), personally I would run a /16 ONCE to determine what networks have = devices, then export the networks, massage the result in Excel and import d= iscoveries based upon those /24's. Obviously the first scan will take a lon= g time, but that's the price you will have to pay.
When we audit via SSH using a cred= ential set that is not root, we attempt toi use sudo. When we use sudo we m= ust set a timeout and weait for that to expire, before interactively provid= ing the password. The default for this timeout is 5 minutes and is set in t= he configuration as "discovery_ssh_timeout". Now before you go making this = nice and small, there is a gotcha. Your audit script must finish processing= within this timout or it will be incomplete and the data retrieved will ca= use issues in terms of changes.
Five minutes may be overly generous (most of my systems audit in well un= der one minute), but because we don't know how YOUR systems audit, we're ov= erly cautious. I usually set this to 2 minutes upon install.
When we have several sets of SNMP credentials, discovering which credent= ials work can take a little while. Open-AudIT will try each set in turn and= wait for them to timeout before attempting the next. For each SNMP (not SN= MP v3) credential set, we attempt both SNMP v1 and SNMPv2 - so two timeouts= . Needless to say, when you have a lot of SNMP credential sets and the work= ing set for a particular device is attempted last - you'll just need to be = patient.
Network speed is a factor. We use Nmap for the initial device detection = and then communicate over WMI, SMB, SSH and/or SNMP. All of these traverse = the network and compete will everything else on that network. Fats network = means faster discoveries.
When running a discovery against a computer, the rate that the computer = can complete the audit script depends on that computer, not on Open-AudIT. = Faster computers will complete the audit scritp faster and hence make for a= faster discovery.