Printing Output of an Action on BigFix Server

ihsano 2022-06-09 13:13:47 UTC #1

Hi,

I want to run a ‘.vbs’ script (service_list.vbs) on windows computers and this script should create an output ‘services.txt’ file for each computer.
I created required task and the execution of .vbs part is solved. I saw the ‘services.txt’ files on the computers locally.

My problem is;
I want to see all output files of all computers in one place (like BigFix server) but can not find corresponding method. I tried “archive now” method so output of a computer is created on Bigfix server (under directory BufferDir/sha1) but it was hashed and I did not understand the content.

Can you help me please?
Thanks.

ageorgiev 2022-06-09 13:45:52 UTC #2

You can work around it with basic powershell script - in my case I am adding them to a .zip file but feel free to change it to Copy-Item or Move-item. I am assuming your root server is Windows, but I am sure something similar can be done with sh script.

Get-ChildItem -Path “#path_to_BES_server_folder#\BES Server\UploadManagerData\BufferDir\sha1*\*\*services.txt” -Recurse | Compress-Archive -DestinationPath “C:\Temp\CombinedResults.zip”

That said, what exactly is that you are trying to collect on services? Are you sure you can’t retrieve it via inspectors in a property and remove the need to run scripts, produce outputs, collect outputs, then merge them… service inspectors on Windows are generally pretty good!

ihsano 2022-06-10 05:54:12 UTC #3

Thanks for your answer.

I am using the script mentioned above for collecting service account names on each windows computers.
I am working for a hardening process: “restriction of privileged service accounts” so I need to know all service account names and it should be in one central location for ease of read and investigate.

In your script, you are collecting content of “C:\Temp\CombinedResults.zip” files on computers and writing them to “services.txt” on BigFix Server. Is it right?

ageorgiev 2022-06-10 06:00:28 UTC #4

That’s what you said your output is but it really depends how you use “archive now”, if you are renaming the file to something else then you need to adjust the command to match - whatever the actual file as is on the root server is what you need to specify.

ihsano 2022-06-10 08:11:47 UTC #5

Sorry, I guess I cannot explain my problem well
I have a ‘.vbs’ script that will be run 1 time for each windows computer and print an output to somewhere like C:\services.txt.
In the output, there will be names of all users of all services (like “Windows Time-Local Service”)
Script is ready and running well but i want to collect all output files in one place.
What kind of action must be used for taking all outputs to one place (ex: BigFix server)

my current action is like this (it works and creating output files in computers local disks):

prefetch and extract part
waithidden cmd.exe /C Cscript.exe __Download\service_list.vbs /ALL /Quiet

trn 2022-06-10 08:19:13 UTC #6

Archive is definitely the way to get this uploaded to the Bigfix server, but there is more to do than simply including the ‘archive now’ statement.

https://support.bigfix.com/product/documents/Upload_Archive_Manager_80_101211.pdf should help.

ihsano 2022-06-10 08:46:22 UTC #7

Thanks for the answer.
I used “archive now” by setting “_BESClient_ArchiveManager_OperatingMode” var to '2’
Then I found my output in UploadManagerData\BufferDir\sha1***index.txt” but it was all encrypted

prefetch and extract part
waithidden cmd.exe /C Cscript.exe __Download\service_list.vbs /ALL /Quiet
archive now

ageorgiev 2022-06-10 08:51:18 UTC #8

What do you mean “encrypted”? The file structure is a bit messy cause it should be in …\sha1#last_two_digits_of_computerID##computerID##prefix#_services.txt but if you open the actual text file, it should be in readable format.

The above script will only help you “combine” the results once uploaded to the sha1 folder from all machines. If the text file is not readable or not collected, the script by itself won’t do you any good and you need to troubleshoot your original action…

trn 2022-06-10 08:52:44 UTC #9

index.txt is not the upload - it is an artefact to be ignored.

What size is the file you create? The archive has quite a small default size limit.

Also, did you set all the other values to let the archive know what to upload?

ageorgiev 2022-06-10 09:28:03 UTC #10

@trn is actually right. Are you sure you are setting the same exact settings for the “archive now” to work? Just changing the “mode” and do “archive now” doesn’t work by itself - you need to specify exactly what you need to be uploaded. Here is an example that I’ve used (I reset back the mode after done, so other stuff doesn’t get impacted, if you are not worried about that, you can skip it):
// save existing ArchiveManager settings
parameter “saved_operatingmode” = “{if (exists setting whose (name of it = “_BESClient_ArchiveManager_OperatingMode” and exists value of it) of client) then value of setting “_BESClient_ArchiveManager_OperatingMode” of client else “0”}”

//manual upload settings
setting “_BESClient_ArchiveManager_OperatingMode”=“2” on “{now}” for client
// specify what files/file you want to upload (in my case it’s any files that matches _PS1_*.txt from %systemdrive\Temp folder
setting “_BESClient_ArchiveManager_FileSet-ffe_ps1”="{(value of variable “systemdrive” of environment) & “\Temp\_PS1_*.txt”}" on “{now}” for client

//upload the file
archive now

//restore previous settings
setting “_BESClient_ArchiveManager_OperatingMode”="{parameter “saved_operatingmode”}" on “{now}” for client

ihsano 2022-06-10 14:08:42 UTC #11

Firstly, thanks for your helps and valuable informations.
I have not enough experience about these operations and bigfix.
@trn output file has only 4 lines.
I did settings on a test computer->right click->edit computer settings->more options->custom settings
Here, I chose “_BESClient_ArchiveManager_OperatingMode” on “name” part and set its value to ‘2’
@ageorgiev, did you set the values on action part?

JasonWalker 2022-06-10 14:22:30 UTC #12

I really believe you should reconsider the approach. If all you are doing is reporting on some services, build an Analysis for that and retrieve the results via Web Reports.

In fact we have some built-in Services analyses in the “BES Inventory and License” Site that may be useful.

What are you actually trying to retrieve?

JasonWalker 2022-06-10 15:00:39 UTC #13

I was going to post a link to our documentation on the Archive & Upload Manager, but … it’s not very clear. So I’ll point at this Wiki article that summarizes it instead.

https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/Upload%20and%20Archive%20Manager

ihsano 2022-06-10 16:07:17 UTC #14

Thank you @JasonWalker,

Actually we are using bigfix for periodic patches (like browsers) ın my company.
Sometimes we need for some other things.
Maybe this problem can be solved in different ways but I want to learn the solution of main problem in Bigfix:
When we use scripts and scripts print outputs. I don’t want to connect all of our computers for read them.

I will scan the documents you shared, thanks again.

ihsano 2022-06-14 07:48:44 UTC #15

Hi eveyone,

I read the documents and set the settings below.
I want to ask one last question with apologies, where did I go wrong:

Relevance Part:
-Bring all windows machines

Action Part:
-prefetch and extract the script
-waithidden cmd.exe /C Cscript.exe __Download<script> /ALL /Quiet
-archive now

Edit settings Part:
-BESClient_ArchiveManager_FileSet-(txt) — value: C:\services.txt
-BESClient_ArchiveManager_MaxArchiveSize: 1000000
-BESClient_ArchiveManager_OperatingMode: 2

Take Action Part
-I selected just one server to make action and console show “completed” but I cannot find the file in Bigfix server.
(When I edit the ArchiveManager settings, the relay setting of computer changing manual to automatic relay. I don’t know why)

ageorgiev 2022-06-14 10:17:33 UTC #16

I think you may need to build it all in the same task. The “Edit settings” part needs to be done BEFORE “archive now” is executed and obviously AFTER the cscript.exe (the file should be in place), otherwise, you are trying to send something completely different (whatever else archive manager is configured to upload prior to this execution).

ihsano 2022-06-14 12:28:26 UTC #17

Hi @ageorgiev

As you said, I built all the processes in the same task.
In latest status, my task was look like:

waithidden cmd.exe /C Cscript.exe __Download /ALL /Quiet
setting “BESClient_ArchiveManager_OperatingMode” = “2” on “{now}” for client
setting “BESClient_ArchiveManager_FileSet-txt” = “{“C:\services.txt”}” on “{now}” for client
archive now

Task status shown as completed but again I cannot found the file in anywhere

ageorgiev 2022-06-14 16:13:34 UTC #18

try without the curly brackets - they denote relevance substitution which you don’t really have one:

waithidden cmd.exe /C Cscript.exe __Download /ALL /Quiet
setting “BESClient_ArchiveManager_OperatingMode” = “2” on “{now}” for client
setting “BESClient_ArchiveManager_FileSet-txt” = “C:\services.txt” on “{now}” for client
archive now

Have you confirmed that the c:\services.txt exists after the execution? What do you see in the agent log file when the action is ran (any errors)?

ihsano 2022-06-15 06:16:36 UTC #19

I tried without brackets but result is same.
Yes, I confirmed that services.txt exists in target computer’s local disk C after execution of the script and didn’t see any error about the task or archiving

ageorgiev 2022-06-15 07:05:04 UTC #20

Ok, assuming it works - what is the ComputerID of the machine you are running it and where on the root server are you looking for the file?