[{"data":1,"prerenderedAt":414},["ShallowReactive",2],{"docs-discovery-how-discovery-works-":3,"docs-navigation":271},{"id":4,"title":5,"body":6,"dateModified":260,"datePublished":260,"description":261,"extension":262,"meta":263,"navigation":264,"path":266,"proficiencyLevel":267,"seo":268,"stem":269,"__hash__":270},"docs\u002Fdocs\u002F3.discovery\u002F5.how-discovery-works.md","How Discovery Works",{"type":7,"value":8,"toc":244},"minimark",[9,13,17,22,25,43,46,50,55,58,70,85,89,92,96,99,102,106,109,113,116,135,138,141,145,154,158,161,178,181,185],[10,11,5],"h1",{"id":12},"how-discovery-works",[14,15,16],"p",{},"Understanding what Open-AudIT does during a discovery helps you troubleshoot problems, tune performance, and set realistic expectations. Here's a look at the process from start to finish.",[18,19,21],"h2",{"id":20},"the-high-level-process","The High-Level Process",[14,23,24],{},"When you click Execute on a discovery, Open-AudIT spawns a background process and returns you to the discovery details page immediately (so you're not sitting there waiting). That background process then:",[26,27,28,32,35],"ol",{},[29,30,31],"li",{},"Runs an Nmap command to identify live IP addresses in the range",[29,33,34],{},"Places each live IP into a processing queue",[29,36,37,38,42],{},"Spawns up to 20 parallel worker processes (configurable via ",[39,40,41],"code",{},"discovery_limit",") to scan each IP",[14,44,45],{},"Each worker process handles one IP at a time, working through the steps below.",[18,47,49],{"id":48},"per-device-steps","Per-Device Steps",[51,52,54],"h3",{"id":53},"step-1-port-scan","Step 1: Port Scan",[14,56,57],{},"Nmap scans the top 1,000 TCP ports on the device, plus UDP port 161 (SNMP) and UDP port 62078 (Apple iOS). Based on what responds, Open-AudIT determines which protocol to use:",[59,60,61,64,67],"ul",{},[29,62,63],{},"Port 22 open → try SSH",[29,65,66],{},"Port 135 open → try WMI (Windows)",[29,68,69],{},"UDP 161 open → try SNMP",[71,72,74],"docs-callout",{"type":73},"note",[14,75,76,77,80,81,84],{},"A device with only UDP\u002F161 open is treated as a false positive (many firewalls respond to SNMP queries even if no device is there). To override this, you can edit the discovery script and set ",[39,78,79],{},"consider_161_enough"," to ",[39,82,83],{},"\"y\"",".",[51,86,88],{"id":87},"step-2-snmp","Step 2: SNMP",[14,90,91],{},"If SNMP is available, Open-AudIT queries the device first. SNMP gives basic device information and works on almost everything — routers, switches, printers, Linux servers, and Windows machines with SNMP enabled.",[51,93,95],{"id":94},"step-3-ssh","Step 3: SSH",[14,97,98],{},"SSH is next. Open-AudIT supports both password and key-based authentication. For best results, use the root user or a sudo-enabled account. On Linux systems where sudo without a TTY is blocked, you'll need root credentials to get a complete audit.",[14,100,101],{},"If a Windows machine is running SSH, Open-AudIT detects this and switches to WMI instead.",[51,103,105],{"id":104},"step-4-wmi","Step 4: WMI",[14,107,108],{},"WMI (Windows Management Instrumentation) is used for Windows devices. An account with Administrator-level access is required for complete results.",[51,110,112],{"id":111},"step-5-audit-script","Step 5: Audit Script",[14,114,115],{},"Once the initial connection is made, Open-AudIT copies the appropriate audit script to the device and runs it:",[59,117,118,129,132],{},[29,119,120,121,124,125,128],{},"On Linux\u002FSSH: the script is copied to ",[39,122,123],{},"\u002Ftmp\u002F"," (configurable via ",[39,126,127],{},"discovery_linux_script_directory",") and executed remotely. The device audits itself, generates an XML result file, and Open-AudIT retrieves and deletes it.",[29,130,131],{},"On Windows\u002FWMI from a Linux server: the script is copied via SMB and executed remotely.",[29,133,134],{},"On Windows\u002FWMI from a Windows server: the script runs directly.",[14,136,137],{},"Supported operating systems for full audit scripts: Windows, Linux, macOS, AIX, HP-UX, Solaris, and ESXi.",[14,139,140],{},"The audit script is self-deleting on the target — it removes itself after running.",[51,142,144],{"id":143},"step-6-data-processing","Step 6: Data Processing",[14,146,147,148,153],{},"The returned audit results are matched against existing devices in the database (see ",[149,150,152],"a",{"href":151},"\u002Fdocs\u002Fdiscovery\u002Fmatching-devices\u002F","Matching Devices","). If a match is found, the record is updated. If not, a new device record is created.",[18,155,157],{"id":156},"how-long-does-it-take","How Long Does it Take?",[14,159,160],{},"The honest answer: it depends. Factors include:",[59,162,163,166,169,172,175],{},[29,164,165],{},"Number of IPs in the scan range",[29,167,168],{},"Network speed and latency",[29,170,171],{},"Number of unique credentials being tested",[29,173,174],{},"Device response times",[29,176,177],{},"Type of devices (full OS audit takes longer than SNMP-only)",[14,179,180],{},"A practical guideline: keep discoveries to \u002F24 subnets (256 IPs). Open-AudIT can handle larger ranges (customers have successfully scanned \u002F16 subnets with 65,000+ IPs), but \u002F24 blocks are far more manageable and easier to troubleshoot.",[18,182,184],{"id":183},"useful-configuration-items","Useful Configuration Items",[186,187,188,204],"table",{},[189,190,191],"thead",{},[192,193,194,198,201],"tr",{},[195,196,197],"th",{},"Config Item",[195,199,200],{},"Default",[195,202,203],{},"What it Does",[205,206,207,220,231],"tbody",{},[192,208,209,214,217],{},[210,211,212],"td",{},[39,213,41],{},[210,215,216],{},"20",[210,218,219],{},"Max parallel discovery processes",[192,221,222,226,228],{},[210,223,224],{},[39,225,127],{},[210,227,123],{},[210,229,230],{},"Where the audit script is copied on Linux targets",[192,232,233,238,241],{},[210,234,235],{},[39,236,237],{},"log_level",[210,239,240],{},"5",[210,242,243],{},"Increase to 7 for detailed debug output",{"title":245,"searchDepth":246,"depth":246,"links":247},"",2,[248,249,258,259],{"id":20,"depth":246,"text":21},{"id":48,"depth":246,"text":49,"children":250},[251,253,254,255,256,257],{"id":53,"depth":252,"text":54},3,{"id":87,"depth":252,"text":88},{"id":94,"depth":252,"text":95},{"id":104,"depth":252,"text":105},{"id":111,"depth":252,"text":112},{"id":143,"depth":252,"text":144},{"id":156,"depth":246,"text":157},{"id":183,"depth":246,"text":184},"2026-04-10","A detailed look at what Open-AudIT does during a discovery — from Nmap scanning through credential testing, audit script execution, and data processing.","md",{},{"title":265},"How It Works","\u002Fdocs\u002Fdiscovery\u002Fhow-discovery-works","Intermediate",{"title":5,"description":261},"docs\u002F3.discovery\u002F5.how-discovery-works","2T233hfFDGse7_YxiVNByWtfHn9jYt_IGyfn4tVLrK0",[272],{"title":273,"path":274,"stem":275,"children":276},"Docs","\u002Fdocs","docs",[277,281,293,315,341,363,370,392,409],{"title":278,"path":274,"stem":279,"description":280},"Overview","docs\u002Findex","Guides to help you install, configure, and get the most out of Open-AudIT — a powerful network discovery, audit, and asset tracking system.",{"title":282,"path":283,"stem":284,"children":285,"description":287},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002F1.getting-started\u002F1.index",[286,288],{"title":282,"path":283,"stem":284,"description":287},"Get from a fresh install to discovering devices on your network in under 10 minutes. This guide walks through each step in order.",{"title":289,"path":290,"stem":291,"description":292},"Activating Your License","\u002Fdocs\u002Fgetting-started\u002Factivating-your-license","docs\u002F1.getting-started\u002F2.activating-your-license","How to activate your free 100-device Open-AudIT Enterprise license after installation.",{"title":294,"path":295,"stem":296,"children":297,"description":299},"Installation","\u002Fdocs\u002Finstallation","docs\u002F2.installation\u002F1.index",[298,300,305,310],{"title":294,"path":295,"stem":296,"description":299},"Install or upgrade Open-AudIT on Windows Server or Linux. Includes virtual appliance option for the fastest setup.",{"title":301,"path":302,"stem":303,"description":304},"Server Requirements","\u002Fdocs\u002Finstallation\u002Fserver-requirements","docs\u002F2.installation\u002F2.server-requirements","Hardware, operating system, browser, and dependency requirements for running Open-AudIT.",{"title":306,"path":307,"stem":308,"description":309},"Install on Linux","\u002Fdocs\u002Finstallation\u002Finstall-linux","docs\u002F2.installation\u002F3.install-linux","Step-by-step guide to installing Open-AudIT on supported Linux distributions including Red Hat, Rocky Linux, Debian, and Ubuntu.",{"title":311,"path":312,"stem":313,"description":314},"Install on Windows","\u002Fdocs\u002Finstallation\u002Finstall-windows","docs\u002F2.installation\u002F4.install-windows","Step-by-step guide to installing Open-AudIT on Windows Server, including Nmap and Visual C++ prerequisites.",{"title":278,"path":316,"stem":317,"children":318,"description":320},"\u002Fdocs\u002Fdiscovery","docs\u002F3.discovery\u002F1.index",[319,321,326,331,336,337],{"title":278,"path":316,"stem":317,"description":320},"Discovery is how Open-AudIT finds and audits devices on your network. Learn about credentials, running scans, discovery types, and how it all works under the hood.",{"title":322,"path":323,"stem":324,"description":325},"Credentials","\u002Fdocs\u002Fdiscovery\u002Fcredentials","docs\u002F3.discovery\u002F2.credentials","Learn how to create and manage the credential sets Open-AudIT uses to authenticate with devices during network discovery.",{"title":327,"path":328,"stem":329,"description":330},"Running a Discovery","\u002Fdocs\u002Fdiscovery\u002Frunning-a-discovery","docs\u002F3.discovery\u002F3.running-a-discovery","Step-by-step guide to creating and running your first network discovery in Open-AudIT, including advanced options and scheduling.",{"title":332,"path":333,"stem":334,"description":335},"Discovery Types","\u002Fdocs\u002Fdiscovery\u002Fdiscovery-types","docs\u002F3.discovery\u002F4.discovery-types","Open-AudIT supports Subnet, Active Directory, and Seed discovery types. Learn when to use each and how they work.",{"title":265,"path":266,"stem":269,"description":261},{"title":152,"path":338,"stem":339,"description":340},"\u002Fdocs\u002Fdiscovery\u002Fmatching-devices","docs\u002F3.discovery\u002F6.matching-devices","How Open-AudIT decides whether a discovered device is new or already exists in the database, and how to configure match rules to avoid duplicates.",{"title":342,"path":343,"stem":344,"children":345,"description":347},"Reporting","\u002Fdocs\u002Freporting","docs\u002F4.reporting\u002F1.index",[346,348,353,358],{"title":342,"path":343,"stem":344,"description":347},"Open-AudIT gives you multiple ways to pull meaningful information out of collected data using Queries, Summaries, and Reports.",{"title":349,"path":350,"stem":351,"description":352},"Queries, Summaries & Reports","\u002Fdocs\u002Freporting\u002Fqueries-summaries-reports","docs\u002F4.reporting\u002F2.queries-summaries-reports","Understand the three types of reporting in Open-AudIT — Queries, Summaries, and Reports — how they differ, and how to use filters and permissions.",{"title":354,"path":355,"stem":356,"description":357},"Creating a Query","\u002Fdocs\u002Freporting\u002Fcreating-a-query","docs\u002F4.reporting\u002F3.creating-a-query","Learn how to write custom SQL queries in Open-AudIT to extract device information, with examples for common use cases like warranty tracking and open ports.",{"title":359,"path":360,"stem":361,"description":362},"Groups","\u002Fdocs\u002Freporting\u002Fgroups","docs\u002F4.reporting\u002F4.groups","Learn how to use Groups in Open-AudIT to create dynamic collections of devices for filtering reports, building dashboards, and baselining configurations.",{"title":364,"path":365,"stem":366,"children":367,"description":369},"Dashboards","\u002Fdocs\u002Fdashboards","docs\u002F5.dashboards\u002F1.index",[368],{"title":364,"path":365,"stem":366,"description":369},"Configure and customise Open-AudIT dashboards and widgets to create at-a-glance visual overviews of your network environment.",{"title":371,"path":372,"stem":373,"children":374,"description":376},"Administration","\u002Fdocs\u002Fadministration","docs\u002F6.administration\u002F1.index",[375,377,382,387],{"title":371,"path":372,"stem":373,"description":376},"Covers the ongoing administration of Open-AudIT including configuration, user management, permissions, and backup procedures.",{"title":378,"path":379,"stem":380,"description":381},"Configuration","\u002Fdocs\u002Fadministration\u002Fconfiguration","docs\u002F6.administration\u002F2.configuration","Key configuration settings in Open-AudIT covering discovery behaviour, change logging, data retention, and how to edit them.",{"title":383,"path":384,"stem":385,"description":386},"Users, Roles & Orgs","\u002Fdocs\u002Fadministration\u002Fusers-roles-orgs","docs\u002F6.administration\u002F3.users-roles-orgs","Understand Open-AudIT's role-based access control system including users, roles, organisations, LDAP integration, and permission inheritance.",{"title":388,"path":389,"stem":390,"description":391},"Backup & Restore","\u002Fdocs\u002Fadministration\u002Fbackup-restore","docs\u002F6.administration\u002F4.backup-restore","How to back up and restore your Open-AudIT database on Linux and Windows, including database reset procedures.",{"title":393,"path":394,"stem":395,"children":396,"description":398},"Troubleshooting","\u002Fdocs\u002Ftroubleshooting","docs\u002F7.troubleshooting\u002F1.index",[397,399,404],{"title":393,"path":394,"stem":395,"description":398},"General troubleshooting guidance for Open-AudIT covering discovery problems, common errors, and first steps for diagnosing issues.",{"title":400,"path":401,"stem":402,"description":403},"Common Errors","\u002Fdocs\u002Ftroubleshooting\u002Fcommon-errors","docs\u002F7.troubleshooting\u002F2.common-errors","Explanations and solutions for common Open-AudIT error messages including MySQL lock errors, LDAP issues, Apache problems, and license screens.",{"title":405,"path":406,"stem":407,"description":408},"Discovery Problems","\u002Fdocs\u002Ftroubleshooting\u002Fdiscovery-problems","docs\u002F7.troubleshooting\u002F3.discovery-problems","Troubleshoot Open-AudIT discovery issues including devices not found, duplicate records, Nmap problems, stuck queues, and cross-platform auditing.",{"title":410,"path":411,"stem":412,"description":413},"Release Notes","\u002Fdocs\u002Frelease-notes","docs\u002Frelease-notes","What's new in each Open-AudIT release — features, fixes, and improvements.",1779864901158]