Currently we have over 140 computers running Devon-IT's DeTOS version of Linux. This OS doesn't support SNMP and management only come by way of a web interface that communicates securely to client software. It is my understanding that there are no credentials I can provide Open-Audit to connect to these computers. I imported the details of these system from a csv file generated by the DeTOS management console.
The problem is that my scans add a new entries for an Unknown devices at the IP addresses of the DeTOS computers. What can I do to stop Open-Audit from adding duplicate entries day after day?
Would suggest you enable match_ip in the configuration.
That would not work. The DHCP scopes at our locations are shared between desktops, laptops, tablets and and the "problem" DeTOS devices. Many of those devices only attach to our network at intervals greater than our DHCP leases meaning that they frequently get a new IP on connection. They also are used at multiple site which means multiple subnets. DHCP reservations for DeTOS devices within their own scope along with listing them in the Config file for exclusion but my guess is that field couldn't handle a list of 141 IP addresses.
What is the character limit for the discovery_ip_exclude field?
You can see the database field definitions in the application. In this case, discovery_ip_exclude is part of the configuration take. You can see the definition for that table at http://YOUR_SERVER/omk/open-audit/database/configuration - the value field is a longtext. In MySQL, this means it can store 4,294,967,295 bytes. That should be enough :-) You could also set up a collector in each subnet. This would work because the scans would be initiated inside the subnet and the MAC address of the devices retrieved and matched upon. No need for IP exclusion lists and a complete scan of every device in the subnet.
I will be adding the exceptions to discovery_ip_exclude along with a plan to add reservation in DHCP.