Understood. The version of Adoptium JDK that we use to run the scan does require glibc 2.12 or higher, a less strict requirement than the Logpresso prebuilt binaries.
That’s not a limitation we can work around, if you have trouble with the Logpresso prebuilt binary you’ll need to switch to the Java version (as used in our content) or install the requisite glibc versions.
Yep, it’s much better than the pre-built binaries indeeed.
Definitely easier to switch to java based version
Running Logpress 2.7.2 on Linux using the correct switches to exclude NFS but ts not working as expected.
Anyone else using the tool and successfully excluding NFS ?
We are experiencing performance issues on the filers caused by open handles as a result of the scan.
Any advice ?
@jgstew
1 Like
Can you post the command-line you’re running?
How does it compare with the command line we use in our tasks?
1 Like
run /bin/sh -c "cd /tmp && ./log4j2-scan --exclude-fs {("--exclude " & it) of concatenations " --exclude " of unique values whose(it does not contain " ") of (it;"/mnt";"/dev";"/cdrom") of items 0 of (mount points of it, filesystem types of it, types of it) whose(item 2 of it != "DRIVE_FIXED" OR item 1 of it is contained by set of ("cgroup";"cifs";"nfs";"cgroup2";"sysfs";"proc";"cpuset")) of filesystems} / > {parameter "ListFile"}"also noticing that the relevance for detecting the process is not working as expected, tried with exists running application “log4j2-scan” and exists process “log4j2-scan”
Something to note is if you use the ‘–exclude-fs’ parameter, that overwrites all the default filesystem exclusions so you need to exclude every type of filesystem you want to skip, not just add more to be excluded.
You may also have cases where a symlink to a remote filesystem is being scanned, even if the actual mountpoint for the filesystem is not, so be sure to include --no-symlink as well to skip those.
An example of the full command line we’re using in our content would be
java -jar ./logpresso-log4j2-scan.jar --silent --scan-log4j1 --no-symlink --no-empty-report --exclude-fs nfs,nfs3,nfs4,cifs,tmpfs,devtmpfs,iso9660,autofs,afs --exclude-config '/path/to/exclusions.txt' --report-json --report-path '/var/opt/BESClient/BPS-Scans/report-output.json
1 Like
I’m afraid you’re asking us to comment on relevance that we don’t have - this is some custom relevance you built, right? What OS are you running this on?
On Mac machine, there is no process “name” creation class, I’m afraid, I’ve run into that problem myself. On Mac you’d have to use something like
not exists processes whose (name of it = "log4j2-scan")
so …
run /bin/sh -c "cd /tmp && ./log4j2-scan --no-symlink --exclude-fs nfs,nfs3,nfs4,cifs,tmpfs,devtmpfs,iso9660,autofs,afs {("--exclude " & it) of concatenations " --exclude " of unique values whose(it does not contain " ") of (it;"/mnt";"/dev";"/cdrom") of items 0 of (mount points of it, filesystem types of it, types of it) whose(item 2 of it != "DRIVE_FIXED" OR item 1 of it is contained by set of ("cgroup";"cifs";"nfs";"cgroup2";"sysfs";"proc";"cpuset")) of filesystems} / > {parameter "ListFile"}"
Yes - I think so, but run the exclude piece through the fixlet debugger or qna to see if it’s actually building the exclude list that you expect. It should result in something like the string
--exclude /mnt --exclude /dev --exclude /cdrom
and have --exclude parameters for any of your nfs / cifs filesystems.
If your filer mounts don’t appear as NFS links, or maybe if their mounts are triggered by automount, there may be more work for you to do on the exclusions or with the --exclude-fs line. Getting the filesystem types would help, if you can run the ‘mount’ command on one of these clients to show what kind of filesystems they are.
2 Likes
Works as expected now, as always thanks for your help.
2 Likes