Hi All,
I wanted to see if anyone may be seeing the same issue with their endpoints. I have two flavors of Linux running in my environment. CentOS Linux and Oracle Enterprise Linux (OEL). When I kick off any actions via BF console my OEL servers seem to pick up the action(s) right away. My CentOS systems seem to take a very long time to receive the actions. Many times I have to restart the besagent on my CentOS systems to “wake them up” so to speak.
Has anyone else seen this behavior?
Check if there is an active firewall on the CentOS. Actions are notified using UDP that could be blocked by the local CentOS firewall. The Bigfix agent log (/var/opt/BESClient/__BESData/__Global/Logs/xxxxx.log) should log the the following message just after the action is submitted:
The above log suggests that the UDP notification is working correctly. From the BES console create an “empty” custom action (Tools -> Take Custom Action) and submit it to the affected CentOS machine. Collect the related agent log and attach it.
it took a while for the it to run but it finally did. i kicked it off at 12:48 EST but the actual start time of it was 1331 EST
*note the server is in MST
It’s telling that the GatherHashMV message only came as the result of a Command Poll. It indicates your client is probably actually not receiving the notifications that the Relay is sending it on udp-52311. You should still look at a firewall, host-based firewall, or NAT preventing the UDP notifications from going through.
That could simply be the client isn’t receiving new action notifications until it reaches out and checks for them. It does that based on the CommandPollInterval you have defined, or when you restart the client.
If UDP were not blocked, the relay would be notifying the client when there is a new action and it would respond quickly.
Sorry for not replying sooner. I agrre with Jason, the log (with time) shows that the agent did not receive the UDP notification. Please investigate that, the firewall command on CentOS depend on the version, if you google “disable firewall CentoOS” you will find the command for your OS version. Try to disable the firewall for a while, and test the action again. The agent should receive the “GatherHashMV command” right after the action is submitted.
Thanks so much for your help. I don’t think i can disable the FW in the event its being used for a reason by applications or services on my servers. I will add the suggestion n the iptables and see where that gets me. I may even try to do it via a bigfix action so i don’t have to touch every server once i get the logic down.
Sounds like a good plan. Once you test that on a machine and determine whether that fixes your issue, I’ll be happy to help with the fixlet logic to mass-deploy.
May I also ask for help to determine first if the firewall is indeed running before i run any changes to iptables? I dont want to interject any issues to my servers that are not needed.
Also, did you use ‘iptables’ or ‘firewall-cmd’? And which version of CentOS are you on, I don’t recall where it changed. I built myself a CentOS 6.0 machine yesterday to look at this but I’m afraid I got interrupted.
We have default content in the BES Support site to add an exception for BESClient to the iptables firewall for RHEL, I’m pretty sure I can adapt that to CentOS.
Actually, even better than adapting the fixlet to CentOS, is finding that someone else has already done it… Have a look at https://bigfix.me/fixlet/details/3984 , test it out, and let us know whether that works for you.