BES Client API Tester

(imported topic written by Lee Wei)

Hi all,

I often find myself needing to write relevance statements against the BES Client context. Some inspectors are only available in the actual BES Client, but not the Relevance Debugger.

Some example statements otherwise not possible from the Relevance Debugger.

  • name of current user keys (logged on users) of registry
  • names of application usage summaries
  • urls of sites
  • values of headers “Subject” of relevant fixlets of sites whose (name of it = “Enterprise Security”)

A few additional notes.

  • It is tested against XP, W2K, Vista, Windows 7.
  • It requires the .NET framework 2.0 or above.
  • Works on x64 systems.
  • Tested to work against 8.0.
  • The queries are sent to the BigFix Client via the Client API, so the results are not immediate, rather the BigFix Client will process and prioritize accordingly.
  • Install via the following MSI.

Last updated on July 28th, 2010.

Download BigFix Client API Tester MSI

Lee Wei

(imported comment written by Dzinh91)

Lee,

I have tried using the tool and consistently receive an error stating “Error attempting to access BES Client API” as the title and “Exception from HRESULTS: 0xFFFFFFF8” as the content of the dialog box. I am currently using BES 7.1.1.315. Can you please suggest how I can workaround this issue?

Thanks,

Dzinh

(imported comment written by Lee Wei)

I have told Dzinh to contact me directly to debug the problem.

Lee Wei

(imported comment written by Lee Wei)

Someone asked about the same issue today, so I am putting the solution here.

Check that the “InstallLocation” registry entry has the correct location of the BigFix Client.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{BF7023BC-319B-4FE1-B569-C854A19F81F8}\InstallLocation

It should not be empty and should have something like the following.

C:\Program Files\BigFix Enterprise\BES Client

Lee Wei

(imported comment written by grant7bar791)

Can you post the source code?

Thanks!

-Grant Barker

(imported comment written by Lee Wei)

Grant,

Thanks again for your interest.

The program uses the BigFix Client Compliance API, which you can get a manual and PDF to.

Maybe one day I will clean up the code to where it is suitable for external view. :slight_smile:

Lee Wei

(imported comment written by grant7bar791)

Lee -

Thanks for your reply. How can I get this API and the PDF about it? All I can see is “(contact us for more information)” on http://forum.bigfix.com/viewtopic.php?pid=3312. I’d like BES API, BES Agent API, and BES Client Compliance API information, so I can evaluate what my options are for making my own console.

Thanks

-Grant Barker

(imported comment written by BenKus)

Hi Grant,

Can you give us some more info on why you would be interested in making your own console?

Ben

(imported comment written by Lee Wei)

Updated the binary to include support for x64 and BigFix 8.0.

(imported comment written by grant7bar791)

@Ben - I want a console that’s completely customized for my needs, and includes personalized features.

(imported comment written by dagentfur91)

thank you for the post

(imported comment written by khanand91)

Hi Lee,

useful tool!

It would be great if there were a CLI for the tool, we could then use it scripts where it could become really useful :slight_smile:

Thanks

Andreas

(imported comment written by Lee Wei)

Andreas,

Yes I do have a command line version that I use on my own. You can download it here:

http://www.leewei.com/bigfix/prod/clientapi/bfclientcli.zip

Syntax:

bfclientcli.exe  <file_with_relevance>

Example:

bfclientcli.exe  test.qna

Use this syntax to pipe to file:

bfclientcli.exe  test.qna  2>  output.log

Lee Wei

(imported comment written by BenKus)

You can also look at “eval.exe” that comes with the Fixlet Debugger to work with your CLI tool.

Ben

(imported comment written by nberger91)

Is there a client API tester to support v.8.1.551.0 on Win7 ?

(imported comment written by Lee Wei)

Hi Nick,

I know of a bug about locating the BigFix Client.

The reason is that we have changed the name of the client to TEM.

However, more importantly, the new Fixlet Debugger now supports running relevance against the client context.

So please use that instead.

Before running the query, goto select menu

color=blue

Debug/Evaluate Using/Local Client Evaluator[/color]

Lee Wei

(imported comment written by nberger91)

Hi Lee Wei, this is great, thanks !

What we’re trying to deliver is a way of presenting locally the associated download link for each relevant fixlet.

We don’t use Webreports, and console access is very much restricted in our environment as BigFix is primarily used for reporting. This piece would prove that the BigFix relevance is way better than WSUS/Windows Update/SCCM. I know this, but i’m not the one that needs convincing.

This kind of gets me where I want, is there a way of appending the actions script, after the first ‘download …’, in ‘take default action’ for example …

example

q: (values of headers “Subject” of relevant fixlets whose (value of header “Subject” of it as lowercase starts with “ms” AND value of header “Subject” of it as lowercase does not contain “corrupt”) of site “http://sync.bigfix.com/cgi-bin/bfgather/bessecurity”)

A: MS09-059: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service - Windows 7 (x64) : http://download.microsoft.com/download/C/4/6/C46520AE-84C2-42BE-8FB8-AA4709C14458/Windows6.1-KB975467-x64.msu

Are there any better ways to retrieve this type of information locally ?

(imported comment written by Lee Wei)

Nick,

Unfortunately, the info (Fixlet Relevance and ActionScripts) is not available from the client, only on the server.

On the client side, only header type fields are available.

You can see what is available by running:

unique values of names of headers of fixlets of sites

Lee Wei

(imported comment written by nberger91)

Interesting, so the following expression will return the bulletin, together with the relevance which I would like to pipe to txt file, my next question is how do I make this more elegant and have it return a single bulletin followed by the associated relevance, followed by the next bulletin followed by associated relevance … ? (i need something like a line break between the concatenation or something …)

I want to remove “ms11-003” and replace with “ms”

concatenation of (values of headers “Subject” of relevant fixlets whose (value of header “Subject” of it as lowercase starts with “ms11-003” as lowercase AND value of header “Subject” of it as lowercase does not contain “corrupt”) of sites whose (name of it = “Enterprise Security”)) & " is required because one of the following conditions are TRUE : " & concatenation " AND " of (values of headers “X-Relevant-When” of relevant fixlets whose (value of header “Subject” of it as lowercase starts with “ms11-003” as lowercase AND value of header “Subject” of it as lowercase does not contain “corrupt”) of sites whose (name of it = “Enterprise Security”))

(imported comment written by Lee Wei)

I think you meant “all of the following conditions are TRUE”.

Here is an example statement that will concatenation the results with HTML formatting.

(html “

” & it & html “
”) of concatenations of trs of (td of value of header “Subject” of it & td of concatenations (html " AND
") of values of headers “X-Relevant-When” of it) of relevant fixlets whose (value of header “Subject” of it as lowercase starts with “ms” as lowercase AND value of header “Subject” of it as lowercase does not contain “corrupt”) of sites whose (name of it = “Enterprise Security”)

I kept the formatting simple, and here is how this statement will look like from the Client UI Dashboard.

Nick, when you reply, can you please start a new thread because we are veering from the original thread.

Lee Wei