OPMANTEKNETWORK MANAGEMENT AND IT AUDIT SOFTWARE

Troubleshooting Open-AudIT Discoveries – v1 January 2019

We will send you the recording.

Submit your questions anytime. We’ll do Q&A throughout.

Please complete the Exit survey.

Topics for Today

In this Webinar we will review the processes and methodologies for understanding why your Discoveries aren't finding and auditing devices. We will cover everything from installation problems, to server and target device configuration, common network issues, and challenges cause by antivirus, firewalls, and credentials. Join us for this hour longsession while we explore –

• How to use Open-AudIT's logs and tables to aid in Troubleshooting• Command line options for testing connectivity from the Open-AudIT server to your

target device(s)• Options for determining what processes on the target device is stopping an audit from

running

IT Service Management Maturity Model

CHAOTIC• Ad Hoc• Undocumented• Unpredictable• Multiple help desks• Minimal IT operations• User call notification

REACTIVE• Fight fires• Inventory• Desktop software

distribution• Initiate problem

management process• Alert and event

management• Measure component

availability (up/down)

PROACTIVE• Analyze trends• Set thresholds• Predict problems• Measure application

availability• Automate• Mature problem

configuration, change, asset andperformance mgmt. processes

SERVICES• IT as a service provider• Define services, classes,

pricing• Understand costs• Guarantee SLAs• Measure and report

service availability• Integrate processes• Capacity Mgmt.

VALUE• IT as a strategic business

partner• IT and business metric

linkage• IT/business collaboration

improves business process• Real-time infrastructure• Business planning

Tool Leverage

Operational Process Engineering

Service Delivery Process Engineering

Service & Account Management

Manage IT as a Business

Level 0

Level 1

Level 2

Level 3

Level 4

Increasing Performance & Value to Organization

References

• Opmantek - https://opmantek.com/it-audit-configuration-and-compliance-bundle/• Open-AudIT Wiki – https://community.opmantek.com/display/OA/Home• Opmantek VM – https://tinyurl.com/ybqqn66h

• Community Questions Board - https://community.opmantek.com/questions• Support Issues – support@opmantek.com• Sales – usa@opmantek.com

Where can I go when I have questions?

Open-SourceOpen-AudIT Community: Basic Device Discovery and Auditing

Commercial SolutionsOpen-AudIT Professional: Scheduled discoveriesOpen-AudIT Enterprise: Cloud Auditing, scalability

Architecting a Solution

Community Professional EnterpriseNetwork Discovery Yes Yes Yes

Device and Software Auditing Yes Yes Yes

Configuration Changes Detection and Reporting Yes Yes Yes

Hardware Warranty Status Yes Yes Yes

Inventory Management Yes Yes Yes

Custom Fields Yes Yes Yes

Interactive Dashboard Yes Yes

Geographical Maps Yes Yes

Devices Export Yes Yes

Scheduling – discovery and reporting Yes Yes

Enhanced Reports incl. Time based, Historical and Multi Reporting Yes Yes

High Scale Yes

High Availability Yes

Visual Racks Yes

Cloud Auditing (AWS, Azure) Yes

File Auditing Yes

Baselines Yes

Configurable Role Based Access Control including AD and LDAP Yes

RESTful API Yes

Commercial Support Yes Yes

DEVICE DISCOVERY AND AUDITING

Open-AudIT

• Agentless device discovery and auditing

• From network devices to servers and workstations, even HVAC units and VOIP devices

• AIX, ESXi, HP-UX/Linux/Unix, macOS, Sun-Solaris, Windows (Win98/NT2k forward)

• Flexible auditing options to handle all network configurations and security configurations,

including air-gapped networks.

• Easily scales from laptop deployments through multi-site 100k+ device deployments

So, what is this Open-AudIT thing anyway?

Link A - Audit a computer with no network connectivityLink B - How to use Active Directory DiscoveryLink C - Collector / ServerLink D - Auditing with a ScriptLink E - Building your Network Discovery

Device Discovery Process Flow

Discovery Process

• NMAP is used to determine if a device exists at an IP

• Scans top 1k TCP ports, plus UDP 62078 (Apple IOS) and UDP 161 (SNMP)

• If any ports respond OPEN or CLOSED then Open-AudIT considers it a valid device

• A target that responds with ONLY UDP/161 and NO other ports is NOT a device

• The open NMAP ports are then used to determine what kind of device it is and how to

talk to it, i.e. WMI, SNMP, SSH, etc.

• WMI and SSH issues commands remotely, then execute discovery script

How does Open-AudIT work?

System Configuration

• 22/TCP – SSH

• 135/TCP – WMI

• 161/UDP - SNMP

• 80 or 443/TCP – HTTP/S

• 445/TCP – File and Print Sharing, AD

Port and Protocol Requirements

https://community.opmantek.com/display/OA/Information+about+Network+Ports

Target Client Configuration

• Ensure appropriate ports are open to the Open-AudIT server

• Ensure services (SNMP/WMI/SMB) are running and configured

• Appropriate credential sets

• Disable or configure firewall to allow audit

• Check Windows firewall and Linux iptables

Most common problems encountered….

https://community.opmantek.com/display/OA/Target+Client+Configuration

INTRODUCTION TO TROUBLESHOOTING DISCOVERY

Troubleshooting

• Check target client configuration

• Disable Blessed Subnets (Admin->Configuration->All, set blessed_subnets_use to n)

• Stop all running discoveries

• Set Log Level to verbose (Admin->Configuration->All, set log_level to 7)

• Audit an individual device

• Analyse the discovery_log table (Admin->Database-> List Tables)

Houston… we have a problem.

https://community.opmantek.com/display/OA/Troubleshooting

Device Discovery Process Flow

Log Analysis

1. Did NMAP recognize a device at that IP address

2. Which ports/protocols were open

3. Are the correct ports open for the protocol you would expect for the device type

4. Were the credentials accepted for the device

5. Was the audit script written to the device

6. Were results returned from the audit script back to Open-AudIT

Match the log entries to the discovery steps

https://community.opmantek.com/display/OA/Troubleshooting

Testing NMAP

• Execute these commands from the Open-AudIT server’s command line:

• Run a fast scan of the first 100 ports of the device

• nmap –F {ip_address}

• Run a scan on 161/UDP to check for SNMP

• nmap –sU –p 161 {ip_address}

Verify the ports and protocols you expect are open

https://community.opmantek.com/display/OA/Troubleshooting

Check Audit Ports Responding Open

• AIX/ESX/Linux/OSX/Solaris – 22/tcp (SSH) (SNMP is also supported)

• Windows – 135/tcp (WMI) (SNMP is also supported)

• Network gear – 161/udp (SNMP)

Verify the ports and protocols you expect are open

https://community.opmantek.com/display/OA/Target+Client+Configuration

Calling for Beta Testers

• The next version of Open-AudIT is now in development….

• If you are interested reach out to beta@opmantek.com

Interested in helping Opmantek improve the quality of OAE?

CONTACT FOR FOLLOW UP

Commercial enquiries:

Tom WiriAccount Executive+1 (512) 430-4450usa@opmantek.com

Technical enquiries:

Mark HenrySenior Engineer+1 (207) 951-2428markh@opmantek.com