1
0
-1

Hello,

So I ran a bunch of discovery on multiple subnets to test the platform and got my Windows workstation audited correctly. However SNMP did work for any network equipment (always says it's 'false'). 

So I deleted all discovered equipment following this procedure Delete a Device in order to restart from scratch. 

Now when running a subnet discovery, most IPs scanned log 'IP X.X.X.X responding, submitting' but then nothing, it just goes to the next IP and nothing is actually added to the DB (nor audited, nor nmap). However, SNMP network devices are now working and discovered correctly. 

Also, scanning a range is acting weird... for example, I setup a discovery for range 192.168.230.50-60 and the discovery log returns things such as 'IP 192.168.220.71 responding, submitting.' which isn't even in the range... 

So what's going on? How do I troubleshoot this?

I'm running OA on Opmantek VM (upgraded to 2.0.8)

    CommentAdd your comment...

    3 answers

    1.  
      1
      0
      -1

      Found that the 'open-audit.log' is filled with these, over and over: 


      not sure if related however...

      To give a better idea, here is the discovery (command) configured: 

      and here is an extract of the output:

      Before, when it was working, I'd see after 'submitting' the actual auditing info populating. Now just this and the 'failed' mark in the webUI once the subnet has been scanned. 

        CommentAdd your comment...
      1.  
        1
        0
        -1

        The discovery didn't stop working after the upgrade, but after the devices were deleted. 

        The discovery logs only contain the info I mentioned originally ('IP X.X.X.X responding, submitting'). 

        And yes, both pages were visited and the troubleshooting proposed was attempted without success. Should of mentioned that first.

        May I add that now some random devices are showing up in my devices list! 

        1. Mark Henry

          Regarding the discovery log, have you increase your log_level from the default 5 to 7? This will make the logs very verbose, but can assist in troubleshooting.

        2. Julien Lacasse-Roger

          Yes I did but no major change in the logs I see from the webUI. However, I see constant errors in the 'open-audit.log' file. I'll post them below

        CommentAdd your comment...
      2.  
        1
        0
        -1

        Hello Julien,

        A couple references from the Open-AudIT wiki that might be of interest -

        Regarding your discoveries not working after the upgrade: Open-AudIT FAQ#AudITFAQ-Discoveryhasstoppedworking

        General Troubleshooting instructions: Troubleshooting

        Let us know how your get along after you read these references and apply the concepts.

        Best,

        Mark H

          CommentAdd your comment...