I may be going crazy here. A server automatically audit itself. I did not run a script on the machine in question nor did I use the discovery tool. Possibly through SNMP, but I would like definitive evidence.
How can I track down the method in which the server was added from the Open-Audit Host.
Thanks in advanced.
I figured it out.
Using the time stamp in the Audit Log for the Device I checked it against the log_access in open-audit/other. Did an NSLookup on the Ip in question ang traced it back to a co-worker that is also working on this project.
Johnathon, I was going to suggest looking at the device details and it's audit log. Nice to see you beat me to it :-)