Greetings. Is there a way to look at client host names and __RelayServer1 names and compare the first 7 characters of both to check and see if they are the same? I’m trying to find a quick way to identify clients that are improperly subscribed to a local relay. Thanks!
1 Like
There are 2 different ways to approach this:
- Through the Client itself (Relevance & Applicability)
- Across all clients (Session Relevance & Reporting)
Both are useful in different ways.
One advantage to using client relevance is you can use it as the basis of the applicability for an action that corrects the problem, only if the problem exists.
One advantage of using Session Relevance to figure this out is you don’t need to wait for clients to report in to know if they are “likely misconfigured” or not, plus you can see in what way they are misconfigured and if there is a commonality to the apparent misconfiguration. (this is a good way to expose edge cases you aren’t accounting for)
The session relevance approach to this question works right away because these are both values that BigFix collects from all endpoints at all times, so you don’t first need to make a new property to collect these values in order to report on them with session relevance like you would in other cases.
Client Relevance:
Relay value:
values of settings "__RelayServer1" of clients
First 7 characters of the Computer Name:
(first 7 of it | it) of computer names
This will give you the first 7 characters of the computer name, unless the computer name is less than 7 characters in total, in which case it will return the full computer name.
Likely Misconfigured:
not exists values whose(it as lowercase contains ( unique value of (it as lowercase) of (first 7 of it | it) of computer names ) ) of settings "__RelayServer1" of clients
The above should be TRUE if the relay value does not contain the first 7 characters of the computer name ANYWHERE in the string. (It will be FALSE if the relay value DOES contain the first 7 characters of the computer name ANYWHERE in the string)
Session Relevance: (Reporting)
The following was tested and created using the BigFix Console Presentation Debugger.
See how to open it here: https://github.com/jgstew/jgstew.github.io/blob/master/_posts/2018-10-29-Open-BigFix-Console-Presentation-Debugger.md
Relay Value:
unique values of values of client settings whose("__RelayServer1" = name of it) of bes computers
First 7 of Computer Name:
(first 7 of it | it) of names of bes computers
(ComputerName, Relay) of Likely Misconfigured Computers:
( ( /* Item0 */ names of it ) , ( /* Item1 */ (it as lowercase) of values of client settings whose("__RelayServer1" = name of it) of it ) ) whose( /* __RelayServer1 */ item 1 of it does not contain ( (it as lowercase) of (first 7 of it | it) of /* ComputerName */ item 0 of it ) ) of bes computers
(Count, Relay) of Likely Misconfigured Relay Values:
(multiplicity of it, it) of unique values of items 1 of ( ( /* Item0 */ names of it ) , ( /* Item1 */ (it as lowercase) of values of client settings whose("__RelayServer1" = name of it) of it ) ) whose( /* __RelayServer1 */ item 1 of it does not contain ( (it as lowercase) of (first 7 of it | it) of /* ComputerName */ item 0 of it ) ) of bes computers
Now what?
So now that you have the above what do you want to do with it?
There are many possibilities.
- Web Report
- Dashboard
- Fixlet/Task/Action
- Console Right Click Context Menu
3 Likes
Yep; this nailed it - ty very much!
1 Like