How Do You Monitor Changes To Your BigFix Infrastructure?

mtrain · June 5, 2018, 7:24pm

Hi all …

How do you monitor changes to your BigFix server? By changes, I don’t mean running tasks/fixlets that perform work on other machines; what I mean is, tracking configuration changes to the BigFix server itself. Is the BigFix server log sufficient for this purpose? [Maybe what I really mean is an audit trail?]

–Mark

cmcannady · June 5, 2018, 7:43pm

@mtrain,

I’ve had success in the past with Nagios for monitoring BigFix services on Linux and Windows infrastructure. There are plug-ins for Nagios that you can implement to extend the core functionality. For example, beyond the standard monitoring of BES service up/down, I’ve implemented a HTTP-200 test of the RD page (i.e. http://server_name:52311/rd) for the root server and top-level relays.

There’s also the log server module that could be used to audit the serveraudit.log and other critical BES logs if desired. Another possible open source log auditing solution would be Graylog.

If you’re going to audit the BES logs from the root server and top-level relays, you may want to consider adding the relevant DB2 or MSSQL logs for the BigFix database instances.

Hope that helps.

Best,
@cmcannady

TimRice · June 6, 2018, 12:32am

One other option is to use BigFix itself to Enforce the settings you are concerned with.

cmcannady · June 6, 2018, 12:41pm

While @TimRice is correct that you can monitor BigFix with content/policies, the downside to doing so is that your implementation can encounter stability, performance or other issues with the BESClient. While this doesn’t happen often, it did happen back in v9.5.5 with the lines of file inspector for all NIX endpoints. In that case the service PID remained up, but it became completely unresponsive to any/all commands. In that scenario any monitoring via content/policies would be rendered useless until the BESClient is restarted.

Issue 138234 - APAR IV93412 - SLOW EVALUATION CYCLE FOR CLIENTS 9.5.X WHEN USING “LINES OF FILE” INSPECTOR

While it’s more work and infrastructure to implement an external monitoring solution like Nagios, it does offer an higher degree of reliability for monitoring and alerting. In many medium to large enterprises there may be an existing monitoring solution that you can leverage for this purpose.

mtrain · June 11, 2018, 1:12pm

Hi all … thank you for your insights! --Mark