Page History

...

Step 2 - Now, click Details from the menu on the left under Summary. This will open the Details on the right side under the Summary panel. You should look for the Last Seen By field, depending on the version of Open-AudIT and type of device this may include NMAP, SNMP, or Audit. If it says NMAP, as the screen shot below, then a full audit has not been completed on this device. The next steps is to determine required ports are open, then if any of the supplied credential set(s) were accepted by the device.

Step 3 - Before continuing you should increase the log-level and rerun the audit on the device. This will give you in-depth debugging information that will help you determine exactly what went wrong during the audit. To adjust the log_level select Admin -> Configuration -> All from the Open-AudIT menu. Find the entry for log_level, which defaults to 5, and increase it to 7. This change will take effect immediately and detailed debug information will be captured during the next audit.

...

At this point we need to double-check the information NMAP is receiving from the device. Open a command/terminal window on the Open-AudIT server and execute this command (The -F argument is a fast scan of the first 100 ports of the device, the IP ip_of_device is the IP address or FQDN of the device not responding) -

nmap -F {F ip_of_device}

[root@myserver:~]# nmap -F 192.168.0.10

Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-16 13:27 UTC
Nmap scan report for targetdevice (192.168.0.10)
Host is up (0.18s latency).
Not shown: 94 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
514/tcp  open  shell
3306/tcp open  mysql

...

The next test is to determine if UDP/161 (SNMP) is open. The -sU argument sets NMAP for UDP, and the -p sets scanning for port 161 only, the ip_of_device is the IP address or FQDN of the device not responding.

nmap -sU -p 161 {ip_of_device}

[root@myserver:~](255)# nmap -sU -p 161 192.168.0.10

Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-19 13:59 UTC
Nmap scan report for targetdevice (192.168.0.10)
Host is up (0.18s latency).
PORT    STATE SERVICE
161/udp open  snmp

Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds

...

Your first step should be to check and see if the device was audited and added (or updated) in Open-AudIT. If the device was not found or updated you should check the discovery logs to determine why. To check the discovery logs in Open-AudIT navigate to menu -> Admin -> Database -> List Tables and look for discovery_log and click the blue details icon next to it. At this point export the file to CSV and you should be able to find your device entry there.

Problems with a runaway queue

If you are here from an in-application link, it is because the last discovery_log was more than 1 hour ago, but there is a count in the number of running queue items. This may mean the queue process has hung. You can restart Apache to resolve this (see below to restart Apache). Any queue items currently being processed when this is done will be deleted. Other items in the queue will wait for processing to being again (see below to start the queue).

View the number of jobs in the queue

mysql -u openaudit -popenauditpassword openaudit -e "SELECT COUNT(id) FROM queue;" 

Delete the remaining items from the queue

mysql -u openaudit -popenauditpassword openaudit -e "DELETE FROM queue;"

Reset the queue count

mysql -u openaudit -popenauditpassword openaudit -e "UPDATE configuration SET value = 0 WHERE name = 'queue_count';"

Restart Apache
Restart Apache to kill the running processes (or you should be able to wait for them to complete, your call).

sudo service httpd restart 

Start the Queue Processing

To start the queue being processed (automatically done if you execute a discovery), in a browser, call the below URL (substituting your server name).

You should only have to do this if you manually restart Apache and have items in your queue to be processed.

http://YOUR_SERVER/open-audit/index.php/util/queue