Discovery is broken after deleting of most devices.

 
1
0
-1

Hello,

So I ran a bunch of discovery on multiple subnets to test the platform and got my Windows workstation audited correctly. However SNMP did work for any network equipment (always says it's 'false'). 

So I deleted all discovered equipment following this procedure Delete a Device in order to restart from scratch. 

Now when running a subnet discovery, most IPs scanned log 'IP X.X.X.X responding, submitting' but then nothing, it just goes to the next IP and nothing is actually added to the DB (nor audited, nor nmap). However, SNMP network devices are now working and discovered correctly. 

Also, scanning a range is acting weird... for example, I setup a discovery for range 192.168.230.50-60 and the discovery log returns things such as 'IP 192.168.220.71 responding, submitting.' which isn't even in the range... 

So what's going on? How do I troubleshoot this?

I'm running OA on Opmantek VM (upgraded to 2.0.8)

    CommentAdd your comment...

    3 answers

    1.  
      1
      0
      -1

      Found that the 'open-audit.log' is filled with these, over and over: 

      [Wed Oct 4 16:35:01 2017] [error] 1806 get_device_count: could not retrieve device count from OAC.
[Wed Oct 4 16:36:01 2017] [error] 1807 OMK::oae->get: Invalid JSON returned in response from OAC.
[Wed Oct 4 16:36:01 2017] [error] 1807 OMK::oae->get: URL: http://127.0.0.1/open-audit/index.php/devices?system.oae_manage=y&system.status=production


      not sure if related however...

      To give a better idea, here is the discovery (command) configured: 

      nohup /usr/local/open-audit/other/discover_subnet.sh subnet_range=192.168.230.0/24 url=https://192.168.220.220/open-audit/index.php/input/discoveries submit_online=y echo_output=n create_file=n debugging=0 discovery_id=13 os_scan=n > /dev/null 2>&1 & 

      and here is an extract of the output:

      Oct 04 15:36:36 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.50 not responding, ignoring.
Oct 04 15:36:41 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.51 responding, submitting.
Oct 04 15:36:45 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.52 not responding, ignoring.
Oct 04 15:36:48 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.53 not responding, ignoring.
Oct 04 15:36:51 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.54 not responding, ignoring.
Oct 04 15:36:55 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.55 responding, submitting.
Oct 04 15:37:00 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.56 responding, submitting.
Oct 04 15:37:03 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.57 responding, submitting.
Oct 04 15:37:06 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.58 not responding, ignoring.
Oct 04 15:37:09 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.59 not responding, ignoring.
Oct 04 15:37:14 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.60 responding, submitting.
Oct 04 15:37:19 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.61 responding, submitting.
Oct 04 15:37:23 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.62 responding, submitting.
Oct 04 15:37:28 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.63 responding, submitting.
Oct 04 15:37:33 opmantek 4382 7 U:apache S:discover_subnet M:IP 192.168.230.64 responding, submitting.

      Before, when it was working, I'd see after 'submitting' the actual auditing info populating. Now just this and the 'failed' mark in the webUI once the subnet has been scanned. 

        CommentAdd your comment...
      1.  
        1
        0
        -1

        The discovery didn't stop working after the upgrade, but after the devices were deleted. 

        The discovery logs only contain the info I mentioned originally ('IP X.X.X.X responding, submitting'). 

        And yes, both pages were visited and the troubleshooting proposed was attempted without success. Should of mentioned that first.

        May I add that now some random devices are showing up in my devices list! 

        1. Mark Henry

          Regarding the discovery log, have you increase your log_level from the default 5 to 7? This will make the logs very verbose, but can assist in troubleshooting.

        2. Julien Lacasse-Roger

          Yes I did but no major change in the logs I see from the webUI. However, I see constant errors in the 'open-audit.log' file. I'll post them below

        CommentAdd your comment...
      2.  
        1
        0
        -1

        Hello Julien,

        A couple references from the Open-AudIT wiki that might be of interest -

        Regarding your discoveries not working after the upgrade: Open-AudIT FAQ#AudITFAQ-Discoveryhasstoppedworking

        General Troubleshooting instructions: Troubleshooting

        Let us know how your get along after you read these references and apply the concepts.

        Best,

        Mark H

          CommentAdd your comment...