OPMANTEK NETWORK MANAGEMENT AND IT AUDIT SOFTWARE Troubleshooting Open-AudIT Discoveries v1 January 2019
We will send you the recording. Submit your questions anytime. We ll do Q&A throughout. Please complete the Exit survey.
Topics for Today In this Webinar we will review the processes and methodologies for understanding why your Discoveries aren't finding and auditing devices. We will cover everything from installation problems, to server and target device configuration, common network issues, and challenges cause by antivirus, firewalls, and credentials. Join us for this hour long session while we explore How to use Open-AudIT's logs and tables to aid in Troubleshooting Command line options for testing connectivity from the Open-AudIT server to your target device(s) Options for determining what processes on the target device is stopping an audit from running
IT Service Management Maturity Model Level 0 CHAOTIC Ad Hoc Undocumented Unpredictable Multiple help desks Minimal IT operations User call notification Tool Leverage Level 1 REACTIVE Fight fires Inventory Desktop software distribution Initiate problem management process Alert and event management Measure component availability (up/down) Level 2 PROACTIVE Analyze trends Set thresholds Predict problems Measure application availability Automate Mature problem configuration, change, asset and performance mgmt. processes Operational Process Engineering SERVICES Level 3 Increasing Performance & Value to Organization VALUE IT as a strategic business partner IT as a service provider IT and business metric Define services, classes, linkage pricing IT/business collaboration Understand costs improves business process Guarantee SLAs Real-time infrastructure Measure and report Business planning service availability Integrate processes Capacity Mgmt. Service Delivery Process Engineering Level 4 Service & Account Management Manage IT as a Business
References Where can I go when I have questions? Opmantek - https://opmantek.com/it-audit-configuration-and-compliance-bundle/ Open-AudIT Wiki https://community.opmantek.com/display/oa/home Opmantek VM https://tinyurl.com/ybqqn66h Community Questions Board - https://community.opmantek.com/questions Support Issues support@opmantek.com Sales usa@opmantek.com
Architecting a Solution Open-Source Open-AudIT Community: Basic Device Discovery and Auditing Commercial Solutions Open-AudIT Professional: Scheduled discoveries Open-AudIT Enterprise: Cloud Auditing, scalability
Community Professional Enterprise Network Discovery Yes Yes Yes Device and Software Auditing Yes Yes Yes Configuration Changes Detection and Reporting Yes Yes Yes Hardware Warranty Status Yes Yes Yes Inventory Management Yes Yes Yes Custom Fields Yes Yes Yes Interactive Dashboard Yes Yes Geographical Maps Yes Yes Devices Export Yes Yes Scheduling discovery and reporting Yes Yes Enhanced Reports incl. Time based, Historical and Multi Reporting Yes Yes High Scale Yes High Availability Yes Visual Racks Yes Cloud Auditing (AWS, Azure) Yes File Auditing Yes Baselines Yes Configurable Role Based Access Control including AD and LDAP Yes RESTful API Yes Commercial Support Yes Yes
DEVICE DISCOVERY AND AUDITING
Open-AudIT So, what is this Open-AudIT thing anyway? Agentless device discovery and auditing From network devices to servers and workstations, even HVAC units and VOIP devices AIX, ESXi, HP-UX/Linux/Unix, macos, Sun-Solaris, Windows (Win98/NT2k forward) Flexible auditing options to handle all network configurations and security configurations, including air-gapped networks. Easily scales from laptop deployments through multi-site 100k+ device deployments
Link A - Audit a computer with no network connectivity Link B - How to use Active Directory Discovery Link C - Collector / Server Link D - Auditing with a Script Link E - Building your Network Discovery
Device Discovery Process Flow
Discovery Process How does Open-AudIT work? NMAP is used to determine if a device exists at an IP Scans top 1k TCP ports, plus UDP 62078 (Apple IOS) and UDP 161 (SNMP) If any ports respond OPEN or CLOSED then Open-AudIT considers it a valid device A target that responds with ONLY UDP/161 and NO other ports is NOT a device The open NMAP ports are then used to determine what kind of device it is and how to talk to it, i.e. WMI, SNMP, SSH, etc. WMI and SSH issues commands remotely, then execute discovery script
System Configuration Port and Protocol Requirements 22/TCP SSH 135/TCP WMI 161/UDP - SNMP 80 or 443/TCP HTTP/S 445/TCP File and Print Sharing, AD https://community.opmantek.com/display/oa/information+about+network+ports
Target Client Configuration Most common problems encountered. Ensure appropriate ports are open to the Open-AudIT server Ensure services (SNMP/WMI/SMB) are running and configured Appropriate credential sets Disable or configure firewall to allow audit Check Windows firewall and Linux iptables https://community.opmantek.com/display/oa/target+client+configuration
INTRODUCTION TO TROUBLESHOOTING DISCOVERY
Troubleshooting Houston we have a problem. Check target client configuration Disable Blessed Subnets (Admin->Configuration->All, set blessed_subnets_use to n) Stop all running discoveries Set Log Level to verbose (Admin->Configuration->All, set log_level to 7) Audit an individual device Analyse the discovery_log table (Admin->Database-> List Tables) https://community.opmantek.com/display/oa/troubleshooting
Device Discovery Process Flow
Log Analysis Match the log entries to the discovery steps 1. Did NMAP recognize a device at that IP address 2. Which ports/protocols were open 3. Are the correct ports open for the protocol you would expect for the device type 4. Were the credentials accepted for the device 5. Was the audit script written to the device 6. Were results returned from the audit script back to Open-AudIT https://community.opmantek.com/display/oa/troubleshooting
Testing NMAP Verify the ports and protocols you expect are open Execute these commands from the Open-AudIT server s command line: Run a fast scan of the first 100 ports of the device nmap F {ip_address} Run a scan on 161/UDP to check for SNMP nmap su p 161 {ip_address} https://community.opmantek.com/display/oa/troubleshooting
Check Audit Ports Responding Open Verify the ports and protocols you expect are open AIX/ESX/Linux/OSX/Solaris 22/tcp (SSH) (SNMP is also supported) Windows 135/tcp (WMI) (SNMP is also supported) Network gear 161/udp (SNMP) https://community.opmantek.com/display/oa/target+client+configuration
Calling for Beta Testers Interested in helping Opmantek improve the quality of OAE? The next version of Open-AudIT is now in development. If you are interested reach out to beta@opmantek.com
CONTACT FOR FOLLOW UP Commercial enquiries: Tom Wiri Account Executive +1 (512) 430-4450 usa@opmantek.com Technical enquiries: Mark Henry Senior Engineer +1 (207) 951-2428 markh@opmantek.com