After creating this entry, I ran an import for distributing the catalog to endpoint and then ran a Software scan. However nothing is being discovered against the signature.
Is there something I am missing?
check catalog.xml file on endpoint, if it contains your signature
next check <EP_ID>_citlog.xml file which contains CIT error/warn log for sigantures, see if your signature was correctly evaluated
I can see the signature in catalog.xml file on endpoint and the citlog.xml file does not how any errors for that signature guid. Does it have something to do with the .txt file used in the signature? _cit.xml.bz2 does not contain any matches.
Also I tried running the command wscansw and I didn’t get any match.
I have used content provided by IBM in the BFI Catalog as template and it doesn’t work at all. What are we missing? Is there any documentation besides the User’s guide that we can review?
I just tested this signature and it works just fine. Here is what I did.
created my small test_catalog.xml, note I removed the condition just to be able to see it in output even if it fails (you can see content here: https://justpaste.it/3k1a7)
defined paths for CIT (if you do not do that you will see in error.txt Expression [FindFilePathEx] could not be resolved.)
LIBPATH="/opt/tivoli/cit/bin:$LIBPATH"
export LIBPATH
SHLIB_PATH="/opt/tivoli/cit/bin:$SHLIB_PATH"
export SHLIB_PATH
LD_LIBRARY_PATH="/opt/tivoli/cit/bin:$LD_LIBRARY_PATH"
export LD_LIBRARY_PATH
ran:
./wscansw -i test_catalog.xml -e error.txt -o out.txt -l MAX -c /var/opt/BESClient/LMT/CIT/sw_config.xml
If there is no MYFILE.txt on file system, you will see in max logs:
Signature [e6c4375b9bc14eb40a7f36f887443115] skipped because no instances are available.
However, if there is MYFILE.txt but content doesnt match, the out.txt contains: https://justpaste.it/6ij62
Yeah this is working for me too now. I was getting below error when i tried this on Windows
18/10/24 09:43:14 I [Plugin ] ReadFile::getScalarResult(Plug [85892] File: C:\Program Files\MYAPP\MYFILE.txt opened successfully (native mode)
18/10/24 09:43:14 I [Plugin ] ReadFile::getScalarResult::_fo [85892] ----------------------------------> ENTRY
18/10/24 09:43:14 I [Plugin ] ReadFile::getScalarResult::_fo [85892] <---------------------------------- EXIT
18/10/24 09:43:14 I [Plugin ] ReadFile::getScalarResult(Plug [85892] <-------------------------------- EXIT
18/10/24 09:43:14 I [XSE ] ExpressionShell::~ExpressionSh [85892] --------------------------------> ENTRY
18/10/24 09:43:14 I [XSE ] ExpressionShell::~ExpressionSh [85892] <-------------------------------- EXIT
18/10/24 09:43:14 I [XSE ] ProcessorUtility::evaluateVari [85892] Adding variable file_read value: ÿþM
18/10/24 09:43:14 I [XSE ] ProcessorUtility::evaluateVari [85892] <------------------------------ EXIT
MYFILE.txt contains the line “MYAPP_version=1.3” but i think the scanner was not able to read it because of the encoding. Once i fixed the encoding, signature matched.
Nope, you should add it to the production siignature. I removed it only for test puropse, but in fact BFI expects only matched GUIDs in the output file, hence the condition.