Auto discovery of agents

mail2vij · July 25, 2016, 1:01pm

Hi, i want to know how i can configure auto discovery settings for endpoint where agent is not there and install them. is there any requirement to open any port on the network for scan ?

mfuglem · July 25, 2016, 1:06pm

I would start looking at IBM Asset Discovery,

mail2vij · July 25, 2016, 1:07pm

i tried to found doc for asset discover
but do not see any link mostly links are disabled or moved out

steini44 · July 25, 2016, 1:10pm

http://www.ibm.com/support/knowledgecenter/SS63NW_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Asset_discovery/c_setting_up_your_environment.html

This is for 9.2.0. But I guess other versions are similar (I’m using 9.2.6).

mail2vij · July 25, 2016, 6:44pm

Thanks for your help, i have a doubt i have select one server as scan point and install import nmap service at BES root server, but when i want to run the scan then i found few servers got selected automatically and getting data as scan point . so what is the role of that server which i configured dedicated scan point ?? even i do not see that particular server is scanning anything?

JasonWalker · July 25, 2016, 11:26pm

They don’t scan automatically. You designate many scan points (ideally, at least one scan point on every IP subnet). Then there is a separate task you can execute to initiate a scan, that is executed by each scan point. The results are uploaded to the root server, which imports the found systems and displays them under the “unmanaged assets” tree.

mail2vij · July 26, 2016, 7:16am

Hi Jason,

I got it, but when i see Run a scan action , it does not list the server where i have opted scan point , but randomly chose some servers. Even when i check the un-managed assets i have seen designated scan point server does not have any info?

mail2vij · July 26, 2016, 8:25am

I checked when i install NMAP on relay server ( windows 2008R2) , it does not work ? is there any limitation of windows 2012R2 or relay server x64 bit?

vikki · July 26, 2016, 9:06am

Hi @mail2vij

Install designate scan point on your local bigfix server and install same on any one win7 machine and start the NMAP scan through both scan points.

I think you didn’t install Importer service on scan point machine that’s why results not updated into your IBM Bigfix console on Unmanaged asset tab

So please check with this last configuration ( Importer service install on scan point)

Thanks & Regards
Vicky

mail2vij · July 26, 2016, 9:08am

Results are coming but when i install scan point on relay server it does not work , is there any limitation not to have relay as scan point?

vikki · July 26, 2016, 9:12am

Hi @mail2vij

Please share the screenshot and log for scan point failure.

Regards
Vicky

mail2vij · July 26, 2016, 10:50am

client logs of the relay server where scan point installed. and screen dump.

With default scan

Downloaded ‘http://127.0.0.1:52311/mailbox/files/73/56/735660006f2373c04d94d27155499ee15835f3dc’ as ‘Action 3486896.fxf’
Gather::SyncSiteByFile adding files - count: 1
At 05:24:29 -0500 -
Successful Synchronization with site ‘mailboxsite’ (version 71,0,0,0,0,1) - ‘http://rootserver:52311/cgi-bin/bfgather.exe/mailboxsite8177259’
At 05:24:30 -0500 -
Processing action site.
At 05:26:13 -0500 -
Report posted successfully
At 05:27:49 -0500 -
GatherHashMV command received.
At 05:27:51 -0500 - opsite190 (http://rootserver:52311/cgi-bin/bfgather.exe/opsite190)
Downloaded ‘http://127.0.0.1:52311/bfmirror/bfsites/manydirlists_154/__diffsite_b673560f22d5080ed1264ace6f5f36e7b3da6846_to_f123344e92dfd9a302257a671586da07c6fd2157’ as ‘__TempUpdateFilename’
Gather::SyncSiteByFile adding files - count: 1
At 05:27:52 -0500 -
Successful Synchronization with site ‘opsite190’ (version 3620805,0,0,0,0,614802,1571827,265) - ‘http://rootserver:52311/cgi-bin/bfgather.exe/opsite190’
At 05:27:53 -0500 -
Processing action site.
At 05:29:41 -0500 -
Report posted successfully
At 05:37:11 -0500 -

===============================================================
with custom scan created by me

Command succeeded parameter “current_time”=“1469511718” (action:3486898)
Command succeeded parameter “nmapXMLFilePath”=“C:\Windows\temp\nmap\nmap-PEPWAP07608-1469511718.xml” (action:3486898)
Command succeeded delete __appendfile (action:3486898)
Command succeeded delete No ‘D:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite\folder.bat’ exists to delete, no failure reported (action:3486898)
Command succeeded appendfile @ECHO OFF (action:3486898)
Command succeeded (file created) appendfile @ECHO OFF (action:3486898)
Command succeeded appendfile @ECHO OFF (action:3486898)
Command succeeded appendfile mkdir “C:\Windows\temp\nmap” > NUL 2>NUL (action:3486898)
Command succeeded move __appendfile folder.bat (action:3486898)
Command started - waithidden folder.bat (action:3486898)
At 05:42:12 -0500 -
Report posted successfully
At 05:42:12 -0500 - actionsite (http://rootserver:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded (Exit Code=1) waithidden folder.bat (action:3486898)
Command succeeded regset “[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BESScanner-NMAP]” “LastScanStartTime”=“Tue, 26 Jul 2016 05:42:12 -0500” (action:3486898)
Command succeeded delete No ‘D:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite\nmapquiet.bat’ exists to delete, no failure reported (action:3486898)
Command succeeded delete No ‘D:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite__appendfile’ exists to delete, no failure reported (action:3486898)
Command succeeded appendfile @ECHO OFF (action:3486898)
**

Command failed (Relevance substitution failed) appendfile "{pathname of folder "BESScanner-

**NMAP\NMAP" of parent folder of regapp “BESClient.exe”}\nmap.exe" -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:445,T:61616,U:{value “ListenPort” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions” of x32 registry} --exclude “{concatenation “,” of (addresses whose (it as string != “0.0.0.0”) of ip interfaces whose (loopback of it = false) of network as string)}”{if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BESScanner-NMAP” whose (value “NmapVersion” of it as string as version = “4.20”) of x32 registry) then " -O1 --osscan-guess" else " -O --osscan-guess"} -PE -PA80 -T 4 “{(unique value of (subnet addresses whose (it as string != “0.0.0.0”) of ip interfaces whose (loopback of it = false) of network as string)) & “/” & (number of bits (0;1;2;3;4;5;6;7) whose (it) of ( it as integer ) of ( if it contains “.” then preceding text of first “.” of it else it ) of ( it; following texts of substrings “.” of it ) of ( unique value of (subnet masks of ip interfaces whose (loopback of it = false) of network as string )) as string) }” -oX “{parameter “nmapXMLFilePath”}” >NUL 2>NUL (action:3486898)
At 05:42:12 -0500 -
ActionLogMessage: (action:3486898) ending action
At 05:42:12 -0500 - mailboxsite (http://rootserver:52311/cgi-bin/bfgather.exe/mailboxsite8177259)
Not Relevant - Run Nmap with Custom Scan Options - Local Subnet (7/26/2016) -VJ (fixlet:3486898)

vikki · July 26, 2016, 11:16am

Hi @mail2vij

I noticed from log its failed on nmap.exe location find state by default it check the native location(parent folder), So please let us know where you installed nmap scanner its on C:\ or D:\

Regards
Vicky

mail2vij · July 26, 2016, 12:45pm

I think there is an issue with nmap version?