Linux Patching: EDR_DeploymentResults.txt - how is this log managed? Max size? Overwritten?

I need to use the EDR_DeploymentResult.txt file for evidence of patching results. How is the log file managed such as size of file, does in overwrite or create new log file and retain old log file , etc. I don’t see any documentation regarding the file management.of this log file.

What OS are you using?

Where is this log referenced and used? Can you provide the names of some example fixlets / dashboards / wizards that use this?

Is there a particular patch that you are having issues with?

Is there any documentation that references this file?


This is all I could find on it:

I am just looking for the management process for the log file. It is used in RedHat Native and Ubuntu patching sites. I just cannot find any details that provides information how the log file is managed. How large in size, when does the file either start a new one or overwrite as i need to preserve the file.

1 Like

I had never heard of it until today.

What do you need to preserve it for?

The file is used by the patching on Linux systems, it’s part of the implementation and I don’t think it be can considered something for external consumption.

When you say evidence of patching results what do you mean ?

An agent’s report of its relevance for a given fixlet will tell you about the state of the computer with respect to the package in question.

The action results will tell you if the action has applied the package or not.

1 Like

The reason I am using the file is that I have to show evidence of installed patches for Linux for regulatory purposes. I have to run the report for 400 machines. This is for NERC CIP audit. of which installed patches is just one aspect of the content that must be captured. the requirement is to run the report on day 1 and day 30 and compare the two and show what has changed, this compare process must be within BigFix and cannot use a 3rd party diff tool. So in order to do this I must collect the data on the endpoint and write all data to a file on the endpoint so that the compare happens only on the endpoint. These systems are behind firewalls layers of which there is no internet access. I must report only on installed security patches. APT-GET and YUM utilities plugin depend on internet access to list installed security patches only. RPM and Dpkg do not know how to detect what is only a security patch. If you know different please let me know as that would be preferred. The customer has agreed to only going forward of BigFix installing patches. So I cannot run session relevance due to compare process complexity and I cannot run cURL on the endpoint do to clear txt username password.

So I can use the EDR file which is logging intalled BigFix security patches. Now I need to know how the file is managed. Hope that helps

1 Like

What @gearoid is saying is, if all patches are installed through BigFix, then you can query which patches were applied through BigFix actions on a particular endpoint from the console / session relevance.

You can also tell which patches are outstanding or unsuccessful based upon which ones are still relevant.

Understand using session relevance to do this. Cannot however as I need to do this at the endpoint using QNA relevance. No choice. So I am looking for source to get this and the EDR file provides the source.

The data that’s in the BigFix server has come from the endpoint and is generated by the agent - so you could consider it equivalent to anything you generate your self.

If this is for an audit then my thinking is you cannot rely on an application’s internal file.
You need to use a published API that will be stable and supported.