Matching Devices

How Open-AudIT decides whether a discovered device is new or already exists in the database, and how to configure match rules to avoid duplicates.

IntermediateUpdated Apr 10, 2026
On this page

Matching Devices

Every time Open-AudIT discovers or imports a device, it needs to decide: is this something I've already seen, or is it new? This process is called device matching, and understanding how it works helps you avoid duplicate records and missing devices.

How Matching Works

Open-AudIT checks a series of properties against existing records in the database. The rules operate as OR conditions — if any single rule finds a match, Open-AudIT treats the incoming data as belonging to that existing device.

If all rules fail, the device is treated as new and a new record is created.

Devices with a status of "deleted" are excluded from matching.

Match Order

Matching is checked in this order:

  1. Opmantek UUID (internal identifier, not configurable)
  2. Google Cloud ID (not configurable)
  3. Hostname + UUID combination
  4. Hostname + D-Bus ID (Linux only)
  5. Hostname + Serial
  6. D-Bus ID alone
  7. DNS FQDN
  8. DNS Hostname
  9. FQDN
  10. Serial + Type
  11. Serial alone
  12. SNMP sysName + Serial
  13. SNMP sysName
  14. MAC address (from multiple tables)
  15. IP address
  16. Hostname
  17. IP address (for devices with no other data)

Configuring Match Rules

Most match rules can be turned on or off. Find them under Menu → Admin → Configuration (search for match_) or via Menu → Discover → Discoveries → Discovery Match Options.

Key defaults to be aware of:

RuleDefaultNotes
match_hostnameYesGood in most cases; may cause issues on networks with duplicate hostnames
match_macYesMAC addresses are generally unique, but VMware workstations can share MACs
match_serialYesVery reliable — serials are hardware-assigned
match_ipNoDHCP makes IP-only matching unreliable
match_dbusNoESXi clones don't regenerate the D-Bus ID, causing false matches
match_ip_no_dataYesIf a device has almost no data and its IP matches, assume it's the same device

Duplicate and Missing Devices

Duplicate devices happen when none of the match rules fire for a real existing device — Open-AudIT creates a new record instead of updating the old one. This is common after VM cloning (where identifiers may be duplicated) or when scanning the same device from different subnets.

Missing devices (or overwritten devices) happen when a match rule fires incorrectly — Open-AudIT updates the wrong existing record. VM cloning is again the culprit here; a cloned ESXi guest may share a D-Bus ID with its source, causing the source device's record to be overwritten.

If you're seeing duplicates or missing devices, check the Discovery Log for the affected device to see which field triggered the match. Then review your match rule configuration.

Enterprise: Per-Discovery Match Rules

If you're running Open-AudIT Enterprise, you can set match rules on a per-discovery basis, overriding the global defaults for specific subnets or environments.

Using OrgID in Matching

From v4.3.4 onwards, you can include a device's Organization ID as part of the match criteria. This is useful when you're auditing multiple customer networks that might share the same hostnames or IP ranges. See the wiki for details on Matching Devices - Including OrgID.

Previous · DocumentationHow It WorksDocumentation · NextReporting

Was this page helpful?