If the machine was turned off, and the Audit reported as successful, that means it did Audit a machine, just not the one you thought it going to. One of the very last checks that the Audit Now process does after trying to find the machine by name, is a simple call to the IP Address alone. If that IP address is actually associated with a different asset at the time, that's the machine that will actually be audited.
As Chris said, it's not uncommon to see "audit successful", but the record that you're looking at isn't the one that updated. In order to find what did audit, you can go to Current View > All Audited Assets, and sort by Audit Date.
We are still getting some duplicates. I am trying to understand how auditcfg.inin works. If one of my assets has a MAC address listed below does that mean when we audit, only the second of the 3 merge criteria will be used?
MAC Address + Computer Name
Computer Name + Service Tag
MAC Address + Service Tag
;MAC Addresses to ignore when merge attempts to match an audit result file
;with an existing workstation record via hardware values. (Note, this type of
;matching generally only occurs the first time a machine is audited.)
;These MAC Addresses represent known pseudo-addresses
;generated by popular adaptors by AOL, VMWare, etc
; -- values should be entered one per line in the following format:
; <MAC Address1>=
; <MAC Address2>=
; Undetected 00:00:00:00:00:00= ;
PPP Adapter 44:45:53:54:00:00= ;
WAN Adapter 00:03:8a:00:00:11= ;
VMWare NAT 00:50:56:C0:00:08= ;
VMWare basic host 00:50:56:C0:00:01= ;
Nortel VPN Adapter 44:45:53:54:42:00=
1 of 1 people found this helpful
The "Ignore MACAddress" section of the auditcfg.ini allows you to specify a "common MAC address" to exclude from the matching process. For example, let's say that you have 2 home users, and they connect to your network over VPN software. In this situation, both will have a VPN adapter listed as one of their network adapters. And most likely, both will show the same MAC address for their VPN adapters.
The audit will then pick up the MAC address of that VPN adapter along with any other MAC addresses. While we say that we use the MAC address and the name, the MAC address is more heavily weighted, and is assumed to be unique. In this case, the audits of those two machines may end up updating the same record in the Inventory module, because both had the same MAC address. When you see this behavior, you add the MAC address of that VPN adapter to the auditcfg.ini file, so that any future merge ignores that MAC address as a possible matching criteria.
This would be the opposite of "duplicates". Duplicates would be when you have two records in the Inventory module that both represent the same physical machine.....in the situation above, you have two physical machines that are represented by a single Inventory record.
For your duplicates, the Audit Trail is the first thing to look at. Compare the Audit Trails from both of the Inventory records that are duplicated. Make note of how each was created or entered into the Inventory module, and from there we can try to come up with a plan of action.
Hi - we have this exact issue at the moment.
We use Forticlient (VPN) solution - and TrackIT is incorrectly merging one users asset into another. A real headache for us.
We believe its the Forticlient MAC address causing it.
I need to know if the syntax of the Exclude MAC address field is correct.
Here is what we have this in our auditcfg.ini file - but not sure if the heading should have a space, and if the equals space semi colon at the end is correct or not...
Can someone please help clarify?