Introduction

To Discover enable discovery on a regular basis, you need to be able to schedule the Open-AudIT discovery to run at the required frequency, e.g. every day.  To do this using a series of discover a subnet using a script can be useful to setup scheduled Discovery runs. These can be created using the cron scheduler on Linux. The script named discover_subnet_cron.sh is designed for this purpose and is included with Open-AudIT Enterprise. You can supply individual arguements on the command line or set them inside the script. Both ways have benefits.

...

• Only a single script is required for (potentially) multiple Discovery runs.

The script arguements arguments can be set on the command line by (for example):

...

The script has two basic types of arguements arguments - required and optional.

The required arguments are:

...

./discover_subnet_cron.sh form_subnet=192.168.0.1/24 form_ssh_username=root form_ssh_pass=rootpass form_snmp_community=snmpsecret form_windows_user=administrator form_windows_password=testpass form_windows_domain=open-audit.com

Scheduling using Cron

Because of file permissions, it may be easiest to set the crontab schedule using root. This is not necessary though and the script can be run (assuming file execute other permission is set) by any valid user, it is advisable that these files be restricted in their access, as they contain passwords.

A valid crontab line to schedule the Discovery job to run at 10am 1:00 am each day would look like:

0

...

 1 * * * /usr/local/open-audit/other/discover_subnet_cron.sh form_subnet=192.168.0.1/24 form_ssh_username=root form_ssh_pass=rootpass form_snmp_community=snmpsecret form_windows_user=administrator form_windows_password=testpass form_windows_domain=open-audit.com

As previously stated, the options above may be set in a copy

...

 of the script which can be copied and renamed as required.

If you wanted to include multiple subnets you might like to use an intermediate script like discover_many_subnets.sh, and schedule that in cron.  For example discovery_many_subnets.sh might include:

#!/bin/sh
SUBNETS="192.168.1.0/24 192.168.2.0/24 192.168.10.0/24 192.168.42.0/24 172.16.1.0/24"
for SUBNET in $SUBNETS
do
	/usr/local/open-audit/other/discover_subnet_cron.sh form_subnet=$SUBNET form_ssh_username=root form_ssh_pass=rootpass form_snmp_community=snmpsecret form_windows_user=administrator form_windows_password=testpass form_windows_domain=open-audit.com
done

Then in the crontab schedule the discovery using the intermediate script:

0 1 * * * /usr/local/open-audit/other/discover_many_subnets.sh

You might like to run infrastructure subnets at night, and user subnets during the day, there are many options available with this flexible solution.

Logging

Once a discovery job has been run, an entry into the standard Open-AudIT log will be created. This is viewable by Menu -> Admin -> Log -> View Log, inside Open-AudIT or Menu -> Views -> Log inside Open-AudIT Enterprise. The standard file location is /usr/local/open-audit/other/open-audit.log. Typical entries into the log for a discovery run will look like:

...