Why does BigFix Inventory scan results on UNIX not show all apps installed like Apache for example? It seems to just detect the BigFix Client and the OS on UNIX, but nearly all installed apps on Windows.
thanks
@cstoneba Some questions for you:
- Are the UNIX computers subscribed to the BigFix Inventory site?
- Have you activated the Installed UNIX Packages analysis and have the UNIX computers reported results for it?
- Has the Initiate Software Scan action been run on the UNIX computers, and has it run recently?
- Has the Upload Software Scan action been run on the UNIX computers, and has it run recently?
- Is the same Software Catalog installed on the UNIX computers and the BFI server?
- Is the Import process on the BFI server running regularly and without error?
1 Like
Are the UNIX computers subscribed to the BigFix Inventory site?
-Yes, they were able to run the the fixlets “Install or Upgrade Scanner”, “Initiate Software Scan”, “Catalog Download”, and “Upload Software Scan Results”.
Have you activated the Installed UNIX Packages analysis and have the UNIX computers reported results for it?
-YES
Has the Initiate Software Scan action been run on the UNIX computers, and has it run recently?
-YES
Has the Upload Software Scan action been run on the UNIX computers, and has it run recently?
-YES
Is the same Software Catalog installed on the UNIX computers and the BFI server?
-YES
Is the Import process on the BFI server running regularly and without error?
-YES
When I go to Reports > Computers > and click on a Oracle Linux 6.3 computer, the results are:
“2 Software Installations including IBM BigFix Platform Agent and Oracle Linux”
It appears that the data flow is correct, although I’ve never seen line breaks in the Description data like you show.
Do the data from Installed Unix Packages List match what you see in BFI -> Reports -> Package Data for the UNIX Computers?
yes, looks like a match:
<RPMPackage><Name>alsa-utils</Name><Version>1.0.22-3.el6</Version><Vendor>Oracle America</Vendor><Description>Advanced Linux Sound Architecture (ALSA) utilities</Description></RPMPackage>
package data results looks well populated. Am I just misunderstanding that package data doesn’t show up under Software Inventory by design and only Package Data?
One of the functions of the Import process is to compare the Catalog signatures to the package data. There must be a match in order for BFI to consider it “installed software”.
You can use the Package Data report to create custom catalog signatures for products you wish to track that are not in the Catalog from IBM. The little gray arrow next to the package name allows you to send the data from that row to the Custom Signature creation page, where you can refine it before storing it with the existing catalog data. One of the cool things about this approach, you only need to run another Import for the “new” software to show up in the BFI data.
I guess I assumed that there would be an existing signature for common apps like Apache. On Linux, the only Software Signatures matches that seems to occur are for things like the BigFix Client and the OS, which wasn’t what I expected.
Strange, I’m seeing Apache results on my Linux hosts. Result came from running the CIT tool scanner, have you run that on your Linux hosts, uploaded to the BES Server, and imported into Inventory?
"<Variable name=\"IS_INSTALLED\" export=\"true\"><PackageInfoMatch vendor=\"*\" name=\"httpd\" version=\"2.2.*\"/></Variable><Condition withVariable=\"IS_INSTALLED\"><Action do=\"SKIP\" onValue=\"false\" /></Condition>"
by “CIT Tool scanner”, do you mean the File system scan (which requires BES Client v9.5.5+ on UNIX)?
On your Apache server, do you have BES Client v9.5.5+ installed? I’m running v9.5.4 so maybe that is the issue.
Actually this is BES client 9.2.9.36 on Red Hat Enterprise Server 6.9.
From “IBM BigFix Inventory v9”, we run Task 1 “Install or Upgrade Scanner”.
Once the Scanner is installed, the client should be relevant for an existing Action “Catalog Download (Version: xxxxx)”. That Action should be executed under the Operator account you used when installing the BFI Web application, and gets created whenever you upload a new Catalog through the BFI web interface.
Once the client has both the scanner and the updated Catalog installed, it should be relevant & needs to run Task 2 “Initiate Software Scan”. Note that this kicks off a software scan in the background; the Action will show Completed for its status while the scan is still running, so you may need to wait some time for the next step. Depending on the size of your environment, use of SAN and Virtualization, I’d strongly recommend you use the options on the “Description” tab to throttle the CPU usage of the scanner.
Once the scan has completed, the client will be relevant for & needs to run Task 3 “Upload Software Scan Results”.
On a schedule basis (by default once a day), the BigFix Inventory web app will perform its “Import” operation, where it retrieves the results from the BES Root Server and imports them into the Inventory database. After that, the software listings should be available. You can also manually trigger an import through the Management tab of the web interface.
Once you have everything up and running, you should create Policy Actions for Task 1, Task 2, and Task 3 from the “IBM BigFix Inventory v9” site. Task 1 and Task 3 should run “whenever they become relevant again”, and Task 2 should run “While relevant, waiting 7 days between reapplications”. After that, subscribing clients to the site should automatically run all the actions that are needed, in order. You’ll also need to periodically update the software catalog on the BFI Web Interface (which in turn will create its own Actions to update the catalogs on endpoints).
those look just like the steps I have completed for a OEL 7.1 server running BF Client v9.5.4.
Can you provide an example of what your sample computer output looks like in BF Inventory > Computers > ?
Clearly the Windows catalog is matching more content in my environment, but admittedly the RHEL box that I’ve scanned doesn’t have many installed applications (this client was built exclusively to download content from Red Hat Network)…
But the Red Hat box does see a few installations matching the catalog (the Symantec Antivirus is based on a custom signature we added to our catalog)
Interesting. So I guess I’m still unclear if I have a data problem or not. I had expectations of seeing many more matched signatures for Linux.