Check to see if BigFix UDP packets are getting through to the client

(imported topic written by SystemAdmin)

All,

We have a large deployment, and we don’t always know if there are network ACL’s that are blocking BigFix UDP traffic. I’m trying to figure out a way to create a retrieved property that will provide me information if a BES Client is receiving UDP packets.

Here’s my relevance I’m currently using (checks if polling is enabled, if not, checks if yesterday’s BES Client log has lines with the “GatherHashMV” or “GatherActionMV”):

( ( exists setting 
"_BESClient_Comm_CommandPollEnable" whose ( value of it = 
"1" ) of client ) AND ( exists setting 
"_BESClient_Comm_CommandPollIntervalSeconds" whose ( value of it <= 
"3600" ) of client ) ) OR ( 

if ( exists file ( preceding text of first 
"Upload" of ( value of setting 
"_BESClient_UploadManager_BufferDirectory" of client ) & 
"Logs\" &  ( year of it as string & month of it as two digits as string & day_of_month of it as string ) of ( current date - 1 * day ) & 
".log" ) ) then ( exists file ( preceding text of first 
"Upload" of ( value of setting 
"_BESClient_UploadManager_BufferDirectory" of client ) & 
"Logs\" &  ( year of it as string & month of it as two digits as string & day_of_month of it as string ) of ( current date - 1 * day ) & 
".log" ) whose ( exists ( line of it ) whose ( it starts with 
"   GatherHashMV" or it starts with 
"   GatherActionMV" ) ) ) 

else ( error 
"Log Not Found" ) )

I tried looking at today’s BES Client log, but relevance apparently does not like looking at files in use. Is there a way around this limitation?

Also, anyone else have better ideas?

thanks,

Disco

(imported comment written by Bill.Ehardt)

The slow way I did it was to create a new “dummy” property, give it a few minutes, and see what didn’t update. Send a refresh or to to those… and if they don’t update then there is an issue. As you can expect some servers would just happen to update from their command polling, I grabbed the IP, and sorted results of if that property existed or not.

In other words, if this property was on one of only 35 machines on that segment, I know it probably just did it command poll updating.

I’m sure there is a more elegant way to do it… I’m just not sure what :slight_smile:

(imported comment written by mgelmer23)

I take a slightly different approach to searching the log files for text strings, using the command line “find” utility.

It looks something like this:

// Search the BigFix client log files for “authentication” errors using the builtin Find command.

// Systems with issues either have a corrupt agent or there is a problem with the action\site.

Parameter “LogPath” = “{pathname of parent folder of regapp “BESClient.exe” & “__BESData__Global\Logs”}”

Parameter “LogFile” = “{parameter “LogPath” & “Errors.Txt”}”

// Search the BF Log files for the string listed. /i = ignore case differences.

// Pipe the output to find again, so (using the /v option) we can exclude the log entries for this action.

// Send the output of the 2nd find command to a text file in the BF client logs folder

waithidden cmd /c find /i “could not verify the authenticity of the site” “{parameter “LogPath” & “2*”}” | find /i /v “find” >"{parameter “LogFile”}"

if {exists file (parameter “LogFile”)}

if {content of file (parameter “LogFile”) as lowercase contains “authenticity”}

setting “! BESClient_Log_Errors”=“Yes” on “{now}” for client

else

setting “! BESClient_Log_Errors”=“No” on “{now}” for client

endif

else

setting “! BESClient_Log_Errors”="" on “{now}” for client

endif

(imported comment written by mgelmer23)

Oh yeah, then I have a retrieved property to collect the results of the client setting which is set by the action.