I would like to know if there is a relevance script that acts almost like the dos command NETSTAT, in where I can look for a connection to a server on each machine. Our windows messenger cleints connect to our old Exchange 2000 server, and I want to create a property that searches the computers for a connection to the server so that we know who is running and is actually connected to the server via the old client.
I hope this makes sense! Does anyone know of anything that can help me? I am going to look in the mean time and see if I can figure it out. If I do then I will post it.
Awesome. I knew I was on the right tract but something little was stopping me.
cry
I had my test action working to dump the netstat into a text file “netstat -o -a >> c:\emessnet.txt”. I started to try to get it to delete the emessnet.txt file before creating the new one (so that it doesn’t just keep adding to the file" and now it is not working. All that is happening now is that the action is putting the bes client path with “netstat -o -a >> c:\emessnet.txt” at the end over and over in the file, making a 2MB file of nothing but that…
What would be the “proper” way to run “netstat -o -a >> c:\emessnet.txt” into an action?
I have tried making a BAT file with “createfile” and running that, have tried the bes action “dos”, have tried the action “waithidden” and so forth. They are all now giving me this false file.
C:\Program Files (x86)\BigFix Enterprise\BES Console\QnA__BESData>netstat -o -a 1>>c:\netstat.txt
It is taking “netstat -o -a >> c:\netstat.txt” and putting a 1 in there? This was working JUST FINE initially and now I absolutely cannot figure out what is going on. This happens on 2 machines
Alright, last night I created a new BAT file and imported it with the software dist wizard. It works now. I am not touching anything, and I am good to go!
I wished to do it the “createfile” route right in the action so that I can easily edit it in the future, but I know how to edit it the other way as well so I guess either method works fine.
With version 9 you can also achieve this using inspector relevance. Be forewarned though it may bring back a large amount of data:
Show established or recently established connections:
(remote addresses whose (it as string != “127.0.0.1”) of it,remote ports of it,tcp states whose (it as string != “LISTENING”) of it,names of processes of it,users of processes of it) of sockets of network
Show listening ports:
(local addresses whose (it as string != “127.0.0.1”) of it,local ports of it,tcp states whose (it as string = “LISTENING”) of it,names of processes of it,users of processes of it) of sockets of network