Collecting BES Client and EDR logs from Unix machines from fixlet

tarwaniv · July 9, 2023, 10:27am

Hi All,

I came across a situation in Unix patching where in I could update the Fixlet in Bigfix to collect the client logs from Unix machines from the below Fixlet available on BigFix.me:

https://bigfix.me/fixlet/details/26977

It gives me the ability to collect the client logs but not the EDR deployment logs for detailed troubleshooting, can you guide me to append its action script which can bring the content of /var/opt/BESClient so that I can have the EDR logs as well.

I did change the parameter in “Export folder” to “pathname of parent folder of data folder of client as string” which evaluates to /var/Opt/BESClient and could not see the zipped file created on root with BES Client folder.

Thank you!!

JasonWalker · July 9, 2023, 7:41pm

I’m not entirely familiar with that task, but reading the ActionScript you shouldn’t try to upload the entire BESClient folder. That probably exceeds the archive size, and also since the archive itself will be generated under BESData there could be a problem with the archive trying to add itself. Instead use one task to upload the BESClient Logs and another for the EDR logs.

Edit: the EDRDeployData folder might also have copies of the RPM/DebianPkg repo so don’t upload the whole EDRDeployData folder, instead target the Logs only.