When running the inbuilt Failed Audit Report query I am getting no results displayed even with devices known to have failed audits existing in the database.
The current SQL query is as follows:-
SELECT system.id AS `system.id`, system.icon AS `system.icon`, system.type AS `system.type`, system.name AS `system.name`, system.domain AS `system.domain`, system.ip AS `system.ip`, audit_log.timestamp AS `audit_log.timestamp`, audit_log.debug AS `audit_log.debug` FROM system LEFT JOIN audit_log ON (system.id = audit_log.system_id) WHERE @filter AND audit_log.debug > ''
Can anyone spot an issue with this that would cause a blank report to be generated?
Thanks for the suggestion but we do have some scenarios where some devices may have already audited, then regular discoveries fail to audit them again for some reason. Also where some device characteristics may be guessed by Open Audit during a discovery providing a classification but could still fail to audit.
Given these I would prefer to have a report that still would indicate the Failed Audits as per the inbuilt feature.
With the latest version of Open-AudIT I prefer to use a query that provides a list of unknown or unclassified devices:
SELECT system.id AS `system.id`, system.icon AS `system.icon`, system.type AS `system.type`, system.name AS `system.name`, system.ip AS `system.ip` FROM system WHERE @filter AND (system.type = 'unknown' OR system.type = 'unclassified')
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.