Number of fixlets have failed on the Linux clients last night. No packages have been installed or updated, the action was showing as “Failed” in the BigFix console.
Is there a way to find the details - it appears that the fixlet destroyed the evidence after completion, I see “delete” commands in the log.
Investigation:
I looked at “/var/opt/BESClient/__BESData/__Global/Logs/20190715.log”, searching for “RHSA-2019:1294 - Bind Security Update - Red Hat Enterprise Linux 7 (x86_64)”.
By looking at the log below I have decided that fixlet was trying to run:
yum install bind-libs-9.9.4-74.el7_6.1.x86_64 bind-libs-lite-9.9.4-74.el7_6.1.x86_64 bind-license-9.9.4-74.el7_6.1.noarch bind-utils-9.9.4-74.el7_6.1.x86_64
I have run the command above and it completed successfully (causing the action status to change to completed ).
====== fragment of the log =====
Command succeeded parameter “t17” = “” (group:2441275,action:2441276)
Command succeeded parameter “t18” = “” (group:2441275,action:2441276)
Command succeeded parameter “t19” = “bind-utils-9.9.4-74.el7_6.1.x86_64” (group:2441275,action:2441276)
Command succeeded parameter “packages” = " bind-libs-9.9.4-74.el7_6.1.x86_64 bind-libs-lite-9.9.4-74.el7_6.1.x86_64 bind-license-9.9.4-74.el7_6.1 .noarch bind-utils-9.9.4-74.el7_6.1.x86_64" (group:2441275,action:2441276)
Command succeeded parameter “outputfile” = “/var/opt/BESClient/EDRDeployData//MultiPkgInstall.txt” (group:2441275,action:2441276)
Command succeeded parameter “flag” = “/var/opt/BESClient/EDRDeployData//opsite141-MultiPkgInstallFlag.txt” (group:2441275,action:2441276)
Command succeeded parameter “expire_timestamp” = “Mon, 15 Jul 2019 23:18:52 -0500” (group:2441275,action:2441276)
Command started - wait “/bin/bash” -c “TMPDIR=’/var/opt/BESClient/__BESData/Patches for RHEL 7’ ‘/var/opt/BESClient/__BESData/Patches for RHEL 7/redha t-client-x64’ --log_level ‘20’ --id ‘2441276’ --exit_code_file ‘/var/opt/BESClient/EDRDeployData//EDR_ExitCode_2441276’ --log_file ‘/var/opt/BESClient/ED RDeployData//EDR_DeploymentResults.txt’ yum_run --yumconfig ‘/var/opt/BESClient/EDRDeployData//EDR_Yumconfig_2441276’ --yum_cmd ‘install’ bind-libs- 9.9.4-74.el7_6.1.x86_64 bind-libs-lite-9.9.4-74.el7_6.1.x86_64 bind-license-9.9.4-74.el7_6.1.noarch bind-utils-9.9.4-74.el7_6.1.x86_64” (group :2441275,action:2441276)
Command succeeded (Exit Code=0) wait “/bin/bash” -c “TMPDIR=’/var/opt/BESClient/__BESData/Patches for RHEL 7’ ‘/var/opt/BESClient/__BESData/Patches fo r RHEL 7/redhat-client-x64’ --log_level ‘20’ --id ‘2441276’ --exit_code_file ‘/var/opt/BESClient/EDRDeployData//EDR_ExitCode_2441276’ --log_file ‘/var/op t/BESClient/EDRDeployData//EDR_DeploymentResults.txt’ yum_run --yumconfig ‘/var/opt/BESClient/EDRDeployData//EDR_Yumconfig_2441276’ --yum_cmd ‘install’ bind-libs-9.9.4-74.el7_6.1.x86_64 bind-libs-lite-9.9.4-74.el7_6.1.x86_64 bind-license-9.9.4-74.el7_6.1.noarch bind-utils-9.9.4-74.el7_6.1. x86_64” (group:2441275,action:2441276)
Command succeeded parameter “exit_code” = “1” (group:2441275,action:2441276)
Command succeeded delete “/var/opt/BESClient/EDRDeployData//EDR_RepoList_2441276” (group:2441275,action:2441276)
Command succeeded delete “/var/opt/BESClient/EDRDeployData//EDR_ExitCode_2441276” (group:2441275,action:2441276)
Command succeeded delete “/var/opt/BESClient/EDRDeployData//EDR_Yumconfig_2441276” (group:2441275,action:2441276)
Command succeeded delete “/var/opt/BESClient/EDRDeployData//EDR_RepomdRequest_2441276” (group:2441275,action:2441276)
Command succeeded delete “/var/opt/BESClient/EDRDeployData//EDR_RepomdMapping_2441276” (group:2441275,action:2441276)
====== end of the log =====
Thank you,
Aleksandr