Hello Gurus,
That’s my question: How can I determine what group a host belonged to before it was moved to a new one?
I had host A assigned to “Group 1” now I moved it onto “Group 2” for maintenance purposes. However, for auditing reasons I have to track back what group it was before.
I’ve looked into the host properties but couldn’t find anything useful and l like to know if you have any thoughts about this one.
Thanks in advance,
Hi @Andres_cl,
Greetings!!
As per what I know BigFix is an real time tool, which will give you the data which is there currently configured on the system. Historical data are hard to find in the BigFix console.
But you can try to check on the database by querying the same.
Thanks and regards,
KK
It’s going to be a long road to walk I assume.
Thanks for the tip and all the best!
Andrés.
You’re referring to BigFix computer groups , not AD group membership?
If this is for a group change that has already happened, the options are very limited. Perhaps reading the client logs, if they’ve been retained, as they would show the old group evaluating as False at the time the client is removed.
To track groups in the future, you might set a scheduled Web Report to archive a list of computer group memberships daily or weekly.
Good one Jason.
I’ll try that one.
Thanks a lot.
Andrés.
Actually, I gave this some more thought, and if we treat the Computer Group as its base ‘bes fixlet’ type, we can query Web Reports through session relevance to get some interesting properties from the ‘bes fixlet results’ for the computer/group fixlet results.
‘relevant flag of it’ should show whether the computer is currently a member of the group. ‘first became relevant’ would be the first time the computer joined the group; ‘last became relevant’ is the most recent time the computer joined the group (if it’s been in-and-out of the group); and ‘last became nonrelevant’ is the most recent time a computer left the group.
This session relevance should show a report of all the group memberships. You can add filters on either the ‘bes computers’ or ‘bes fixlets’ to filter out the computers or computer groups in which you’re interested.
The ‘first became’ and ‘last became’ properties are only available in Web Reports, not in the Console Debugger, so you can run this in the Web Reports QNA page
q: (id of computer of it, name of computer of it | "Computername Not Reported", id of fixlet of it, name of fixlet of it, "Current Membership:", relevant flag of it, "First Joined:", first became relevant of it as string | "never", "Most Recently Joined:", last became relevant of it as string | "never", "Most Recently Left:", last became nonrelevant of it as string | "never") of (results (elements of item 0 of it, elements of item 1 of it)) of (set of bes fixlets whose (group flag of it), set of bes computers)
Sample results:
A: 10369450, WEBUI, 49, BigFix Infrastructure, Current Membership:, True, First Joined:, ( Fri, 24 Feb 2023 10:09:05 -0600 ), Most Recently Joined:, ( Fri, 24 Feb 2023 10:09:05 -0600 ), Most Recently Left:, never
A: 10369450, WEBUI, 50, Everything except BigFix, Current Membership:, False, First Joined:, ( Fri, 24 Feb 2023 10:09:05 -0600 ), Most Recently Joined:, ( Fri, 24 Feb 2023 10:09:05 -0600 ), Most Recently Left:, ( Fri, 24 Feb 2023 10:10:10 -0600 )
Here I have a host “WEBUI”, that joined the “BigFix Infrastructure” group on Fri, 24 Feb 2023 10:09:05 -0600 (when I installed the WebUI service on it); a few seconds later, at Fri, 24 Feb 2023 10:10:10 -0600, it left the “Everything except BigFix” computer group.
edit - brief note on using the hidden QNA page in Web Reports at REST API, Query, Relevance and three states
First of all, thank you for the time you taken to look at it in more depth.
This is the output for these 4 machines of interest:
A: 528165 CCAVP871 83714 SERVIDORES WINDOWS TRUE ( Fri, 18 Nov 2022 19:09:20 -0300 ) ( Fri, 18 Nov 2022 19:09:20 -0300 ) never
A: 9690054 CCAVP870 83714 SERVIDORES WINDOWS TRUE ( Fri, 18 Nov 2022 18:42:10 -0300 ) ( Fri, 18 Nov 2022 18:42:10 -0300 ) never
A: 12405582 CCAVP859 83714 SERVIDORES WINDOWS TRUE ( Mon, 06 Feb 2023 15:16:27 -0300 ) ( Mon, 06 Feb 2023 15:16:27 -0300 ) never
A: 13400316 CCAVP858 83714 SERVIDORES WINDOWS TRUE ( Mon, 06 Feb 2023 14:00:01 -0300 ) ( Mon, 06 Feb 2023 14:00:01 -0300 ) never
All these machines are currently configured into ‘Grupo 10’ BigFix computer group with the exception of CCAVP871 that is present in BigFix but no enrolled into any BigFix computer group.
I would have expected a result similar to your output but it doesn’t. Where would you suggest to look at from this point?
Thanks again for all the help !
Andres.
Is “Group 10” an Automatic Group, or a Manual Group? I’m not sure that Manual Groups would be reflected
Thank you very much Jason!