When Open-AudIT receives data about a device, either by discovering the device during an audit run or by the user importing the device, it must determine if this discovered device matches a device that already exists within its database, or if it is a new device that should be added. Open-AudIT uses a series of twelve property matches to determine this. The Match Rules work as OR comparisons, not AND. This means the first rule that matches a field in the discovered device to one in the dB resolves as an existing device. All Matching Rules have to fail in order for a device to be new and result in a new record being created.
It is important to note that when Open-AudIT determines a match any properties set to 'y' must match exactly (and not be blank) in order for Open-AudIT to determine that the discovered device matches a device already in the database. If none of the properties marked 'Y' match, then a new device entry will be created, which could result in duplicate device entries. In situations where properties are duplicated, for example a dbus_id is copied during a VM clone, then an existing device may incorrectly get overwritten/updated rather then a new entry being created resulting in missing devices.
Devices will not be matched if their status is set to "deleted". Any other status will allow a match to occur.
The logic for device matching is contained in the m_devices.php file, which on a Linux install can be found here: /usr/local/open-audit/code_igniter/application/models/
Matching is conducted in the following order:
- match_mac (ip table)
- match_mac (network table)
- match_mac (addresses)
These properties are stored in Open-AudIT's configuration; to access them select Admin -> Configuration -> Discovery from Open-AudIT's menu. The default values of 'y' and 'n' simply mean YES and NO. We will use YES and NO in the description, rather than 'y' and 'n'. The stored value should always be either a lowercase y or n.