Opmantek - Troubleshooting Open-AudIT Discoveries · Open-AudIT •Agentless device discovery and auditing •From network devices to servers and workstations, even HVAC units and
Post on 25-Jul-2020
24 Views
Preview:
Transcript
OPMANTEKNETWORK MANAGEMENT AND IT AUDIT SOFTWARE
Troubleshooting Open-AudIT Discoveries – v1 January 2019
We will send you the recording.
Submit your questions anytime. We’ll do Q&A throughout.
Please complete the Exit survey.
Topics for Today
In this Webinar we will review the processes and methodologies for understanding why your Discoveries aren't finding and auditing devices. We will cover everything from installation problems, to server and target device configuration, common network issues, and challenges cause by antivirus, firewalls, and credentials. Join us for this hour longsession while we explore –
• How to use Open-AudIT's logs and tables to aid in Troubleshooting• Command line options for testing connectivity from the Open-AudIT server to your
target device(s)• Options for determining what processes on the target device is stopping an audit from
running
IT Service Management Maturity Model
CHAOTIC• Ad Hoc• Undocumented• Unpredictable• Multiple help desks• Minimal IT operations• User call notification
REACTIVE• Fight fires• Inventory• Desktop software
distribution• Initiate problem
management process• Alert and event
management• Measure component
availability (up/down)
PROACTIVE• Analyze trends• Set thresholds• Predict problems• Measure application
availability• Automate• Mature problem
configuration, change, asset andperformance mgmt. processes
SERVICES• IT as a service provider• Define services, classes,
pricing• Understand costs• Guarantee SLAs• Measure and report
service availability• Integrate processes• Capacity Mgmt.
VALUE• IT as a strategic business
partner• IT and business metric
linkage• IT/business collaboration
improves business process• Real-time infrastructure• Business planning
Tool Leverage
Operational Process Engineering
Service Delivery Process Engineering
Service & Account Management
Manage IT as a Business
Level 0
Level 1
Level 2
Level 3
Level 4
Increasing Performance & Value to Organization
References
• Opmantek - https://opmantek.com/it-audit-configuration-and-compliance-bundle/• Open-AudIT Wiki – https://community.opmantek.com/display/OA/Home• Opmantek VM – https://tinyurl.com/ybqqn66h
• Community Questions Board - https://community.opmantek.com/questions• Support Issues – support@opmantek.com• Sales – usa@opmantek.com
Where can I go when I have questions?
Open-SourceOpen-AudIT Community: Basic Device Discovery and Auditing
Commercial SolutionsOpen-AudIT Professional: Scheduled discoveriesOpen-AudIT Enterprise: Cloud Auditing, scalability
Architecting a Solution
Community Professional EnterpriseNetwork Discovery Yes Yes Yes
Device and Software Auditing Yes Yes Yes
Configuration Changes Detection and Reporting Yes Yes Yes
Hardware Warranty Status Yes Yes Yes
Inventory Management Yes Yes Yes
Custom Fields Yes Yes Yes
Interactive Dashboard Yes Yes
Geographical Maps Yes Yes
Devices Export Yes Yes
Scheduling – discovery and reporting Yes Yes
Enhanced Reports incl. Time based, Historical and Multi Reporting Yes Yes
High Scale Yes
High Availability Yes
Visual Racks Yes
Cloud Auditing (AWS, Azure) Yes
File Auditing Yes
Baselines Yes
Configurable Role Based Access Control including AD and LDAP Yes
RESTful API Yes
Commercial Support Yes Yes
DEVICE DISCOVERY AND AUDITING
Open-AudIT
• Agentless device discovery and auditing
• From network devices to servers and workstations, even HVAC units and VOIP devices
• AIX, ESXi, HP-UX/Linux/Unix, macOS, Sun-Solaris, Windows (Win98/NT2k forward)
• Flexible auditing options to handle all network configurations and security configurations,
including air-gapped networks.
• Easily scales from laptop deployments through multi-site 100k+ device deployments
So, what is this Open-AudIT thing anyway?
Link A - Audit a computer with no network connectivityLink B - How to use Active Directory DiscoveryLink C - Collector / ServerLink D - Auditing with a ScriptLink E - Building your Network Discovery
Device Discovery Process Flow
Discovery Process
• NMAP is used to determine if a device exists at an IP
• Scans top 1k TCP ports, plus UDP 62078 (Apple IOS) and UDP 161 (SNMP)
• If any ports respond OPEN or CLOSED then Open-AudIT considers it a valid device
• A target that responds with ONLY UDP/161 and NO other ports is NOT a device
• The open NMAP ports are then used to determine what kind of device it is and how to
talk to it, i.e. WMI, SNMP, SSH, etc.
• WMI and SSH issues commands remotely, then execute discovery script
How does Open-AudIT work?
System Configuration
• 22/TCP – SSH
• 135/TCP – WMI
• 161/UDP - SNMP
• 80 or 443/TCP – HTTP/S
• 445/TCP – File and Print Sharing, AD
Port and Protocol Requirements
https://community.opmantek.com/display/OA/Information+about+Network+Ports
Target Client Configuration
• Ensure appropriate ports are open to the Open-AudIT server
• Ensure services (SNMP/WMI/SMB) are running and configured
• Appropriate credential sets
• Disable or configure firewall to allow audit
• Check Windows firewall and Linux iptables
Most common problems encountered….
https://community.opmantek.com/display/OA/Target+Client+Configuration
INTRODUCTION TO TROUBLESHOOTING DISCOVERY
Troubleshooting
• Check target client configuration
• Disable Blessed Subnets (Admin->Configuration->All, set blessed_subnets_use to n)
• Stop all running discoveries
• Set Log Level to verbose (Admin->Configuration->All, set log_level to 7)
• Audit an individual device
• Analyse the discovery_log table (Admin->Database-> List Tables)
Houston… we have a problem.
https://community.opmantek.com/display/OA/Troubleshooting
Device Discovery Process Flow
Log Analysis
1. Did NMAP recognize a device at that IP address
2. Which ports/protocols were open
3. Are the correct ports open for the protocol you would expect for the device type
4. Were the credentials accepted for the device
5. Was the audit script written to the device
6. Were results returned from the audit script back to Open-AudIT
Match the log entries to the discovery steps
https://community.opmantek.com/display/OA/Troubleshooting
Testing NMAP
• Execute these commands from the Open-AudIT server’s command line:
• Run a fast scan of the first 100 ports of the device
• nmap –F {ip_address}
• Run a scan on 161/UDP to check for SNMP
• nmap –sU –p 161 {ip_address}
Verify the ports and protocols you expect are open
https://community.opmantek.com/display/OA/Troubleshooting
Check Audit Ports Responding Open
• AIX/ESX/Linux/OSX/Solaris – 22/tcp (SSH) (SNMP is also supported)
• Windows – 135/tcp (WMI) (SNMP is also supported)
• Network gear – 161/udp (SNMP)
Verify the ports and protocols you expect are open
https://community.opmantek.com/display/OA/Target+Client+Configuration
Calling for Beta Testers
• The next version of Open-AudIT is now in development….
• If you are interested reach out to beta@opmantek.com
Interested in helping Opmantek improve the quality of OAE?
CONTACT FOR FOLLOW UP
Commercial enquiries:
Tom WiriAccount Executive+1 (512) 430-4450usa@opmantek.com
Technical enquiries:
Mark HenrySenior Engineer+1 (207) 951-2428markh@opmantek.com
top related