I’m looking to create an analysis that will display only the primary IP address in use on a machine, which I assume is represented by the first IP address listed. If my assumption is incorrect, please let me know.
Below is the relevance statement I’ve been working with. While it’s close to what I need, it’s returning an error, specifically: Singular expression refers to non-unique object. I would appreciate any guidance on how to resolve this issue or adjust the relevance to meet my goal.
q: (if exists addresses whose (it as string does not contain "0.0.0.0") of ip interfaces of network then (address of ip interface whose (loopback of it = false and exists address of it) of network as string) else "No IP Address Found")
A: 192.168.2.111
E: Singular expression refers to non-unique object.
We have a Property for IP Address (Actual) that uses:
registration address of client
I don’t know where it’s a safe assumption that the first IP in that prior relevance query is the “Primary” ip address though.
Your relevance above isn’t going to give you a correct representation though because your using a singular reference with address of IP interface instead of a plural to confirm that you don’t have more than one. You can use plural addresses of ip interfaces and it will give you all of the ip addresses but I’d be hesitant to trust that the first one is the one you should trust. I would say that the one provided from the registration address of client relevance would be more in line with what your trying to gather.
(if exists addresses whose (it as string does not contain “0.0.0.0”) of ip interfaces of network then (addresses of ip interfaces whose (loopback of it = false and exists address of it) of network as string) else “No IP Address Found”)
In our case it wasn’t but it is a case of how consistent your standards are. In others it can be.
Couple of pointers of things that have helped us write a way to identify the primary IP:
On Linux - matching up the interface that has the gateway tag within the routing table to the network interfaces and retrieving the IP address of matched interface:
(item 0 of item 1 of it) of ((interface of it) of routes whose (destination of it as string = "0.0.0.0" and gateway flag of it and up flag of it) of ipv4 routing table, (address of it as string, friendly name of it) of adapters whose (loopback of it = false and exists address of it) of network) whose (item 0 of it = item 1 of item 1 of it)
On WIndows - we ended up using interfaces that have gateway configured and the name of the connections. Things that throw it off though is if machine is MS Cluster and has shared network connections.
((if (exists friendly name of it) then (friendly name of it) else ""), (address of it as string)) of adapters whose (exists gateway of it and exists address of it) of network
On Unix - map the IP address for whatever is listed in the hosts file for the computer name (Solaris’ hosts file has different path: /etc/inet/hosts)
unique values of (if (it contains " ") then (preceding text of first " " of it) else (it)) of (if (it contains "%09") then (preceding text of first "%09" of it) else (it)) of lines whose (not (it starts with "#") and not (it contains "127.0.0.1") and not (it contains "::1") and exists (computer name as lowercase, substrings separated by "%09" of substrings separated by " " of it) whose (item 1 of it as lowercase = item 0 of it)) of file "/etc/hosts"
Hope it helps you but it is generally very much environment/configuration-specific and one size is most-likely never going to fit all.
One of the other tricks I have used before registration address of client
It tells you which IP your BigFix agent registers with, which is frequently the primary IP of the machine. There are some issues when you have more than 4 Adapters, so it is also not a 100% solution, but can be combined with some of the other techniques that @ageorgiev shared.
But now that I think about it - perhaps you want to find the local IP with the greatest amount of local sockets… and I think you can do this too.
q: (concatenation "|" of tuple string items 0 of item 0 of it ) of (substrings separated by "|" of it,maximum of (it as integer) of tuple string items 1 of substrings separated by "|" of it) whose (tuple string item 1 of item 0 of it as integer = item 1 of it) of concatenation "|" of (it as string) of (it, multiplicity of it) of unique values of local addresses of sockets whose (exists remote addresses of it and local address of it !="0.0.0.0" and local address of it != "127.0.0.1") of network
Another potential option would be based on checking for Default Gateways. Ideally even a system with multiple IP addresses should have only one Default Gateway. There may be other edge cases to this (like a cluster with multiple IP addresses defined on a single adapter, perhaps?), and if so, I’d like to see some data from them.
Here’s something that works on my lab anyway. The first query shows all of my IP addresses and default gateways, if they exist; the second shows what I would call my ‘Primary’ address - the address of the adapter that contains a Default Gateway.
q: (addresses of it, gateway of it as string | "None") of adapters of networks
A: 10.134.194.203, None
A: 192.168.1.107, 192.168.1.1
A: 172.28.48.1, None
T: 26.691 ms
I: plural ( ipv4 address, string )
q: addresses of adapters whose (exists gateways of it) of networks
A: 192.168.1.107
T: 13.428 ms
I: plural ipv4 address