I need to create a fixlet that would copy bigfix endpoint logs to a network destination. The fixlet would have to copy the logs to the destination so that bf-logfile.log is saved as computername-date-bflogfile.log at the destination.
To collect and manage logs using BigFix, you have a couple of options depending on your environment and use case:
Use the Archive Feature:
Instruct BigFix to archive the logs via the relay system to the root server using the ‘archive now’ function.
Set up a process on the root server to gather these archived logs and transfer them to a network share.
Directly Use a Network Share from the Endpoint:
Ensure the network share has appropriate permissions for access, keeping in mind this could increase security risks.
Remember, the BigFix agent operates under the system account, not a user account. So, if only users have access to the share, you’ll need to run the script as a user. This might be problematic unless the user has admin rights to access the BigFix client directory.
For my specific task, I collected logs no older than 14 days since I didn’t need everything. To avoid creating a separate folder for each computer, you can:
Set a single destination name.
Include both the Computer Name and Timestamp variables in the file names to differentiate them when copying to the destination path.
action uses wow64 redirection {not x64 of operating system}
if {exists logged on user}
parameter “CName” = “”{(name of logged on user as string)}“”
else
parameter “CName” = “$ComputerName”
endif
override run
runas=agent
run { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -windowstyle hidden -File backupAppLogs.ps1