I have installed Open-AudIT on a windows server 2012 R2 VM. Because I am also running IIS on this server I modified the Apache and Open-AudIT configs to use port 81 instead of port 80. I ran a few test discoveries against individual PCs on the network and they worked fine but when I do a subnet scan its starts returning data but after a while stops discovering new devices (with the total discovered being well below the actual number of devices on the network) but the discovery never completes. Checking task manager the Script Host Provider is running at 25% cpu (on a 4 vCPU system) but the script itself is no longer making any TCP connections. It then stays in this state indefinitely, I have left it running over night twice just to check!
I have tried running discoveries against restricted IP ranges to to try and isolate the issue but it doesn't seem to be a particular device causing the issue, I always get the same issue but it is not always trying to contact the same device when it fails.
Is there any logging I can look at to see why the script is failing?
I fed the discovery chunks of 10 ips at a time and it ran through fine in the end... A little tedious, but I got there in the end. If I upped the chunks to 15 addresses then it failed about 50% of the time, anything higher than 15 it failed more often until we got to 100% failure rate above 50%..
I assume this was caused by the number of responding devices exceeding the max connections allowed by apache but I haven't bothered trying to prove this.
Ian - How much ram and CPU does the server have assigned to it?
4 vCPU and dynamic memory upto 72GB.
CPU and RAM usage never got particularly high though. When the discovery is running normally CSscript.exe never got above 7% CPU usage,once the discovery hung CPU rose to 25% and stayed there.
Ian - to be clear, for a single discovery some items are discovered and added in Open-AudIT and at some random time during the discovery it just stops. Is this correct?
I would clear the discovery_log (Admin->Database->List Tables, open the discovery_log table, click the red trashcan icon), then set the log_level to 7 (Admin->Configuration->All) then run a Discovery. You can then go back to the discovery_log table and export that in CSV format for analysis. This should show what step is hanging.
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.