Read a log file?

(imported topic written by RemQuadriga91)

Hello,

I’ve created an action running HijackThis utility, which generates a log file (hijackthis.exe /silentautolog). Basically, it scans the endpoint for malicious entries in registry and some other places. Is there way I can get the log file (hijackthis.log) back to the console?

Thanks in advance!

(imported comment written by Lee Wei)

Hi,

We use the Upload and Archive Manager to move files from the Clients to the Server.

http://support.bigfix.com/product/documents/Upload_Archive_Manager_80_101211.pdf

There are a few examples in the system to reference.

For example, the “Run Nmap Scan” Task in the Asset Discovery site uses this feature to move the scan results.

// upload results

// set setting to send up results infrequently as optimization
setting “_BESClient_ArchiveManager_IntervalSeconds”=“604800” on “{parameter “action issue date” of action}” for client

// set max size to 8 MB to prevent too much data
setting “_BESClient_ArchiveManager_MaxArchiveSize”=“8388608” on “{parameter “action issue date” of action}” for client

// check for oversize
continue if {(exists file whose (name of it starts with “nmap-” AND name of it contains (parameter “current_time”) AND exists line whose (((exists key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BESScanner-NMAP” whose (value “NmapVersion” of it as string as version < ") of x32 registry) AND it as lowercase contains “nmap run completed at”) OR ((exists key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BESScanner-NMAP” whose (value “NmapVersion” of it as string as version >= “4.52”) of x32 registry) AND it as lowercase contains “nmap done at”)) of it AND size of it <= ((value of setting “_BESClient_ArchiveManager_MaxArchiveSize” of client) as integer)) of folder (pathname of windows folder & “\temp\nmap”))}

setting “_BESClient_ArchiveManager_OperatingMode”=“1” on “{parameter “action issue date” of action}” for client

setting “_BESClient_ArchiveManager_FileSet-nmap{parameter “current_time”}”="{parameter “nmapXMLFilePath”}" on “{parameter “action issue date” of action}” for client

// send results
setting “__BESClient_ArchiveManager_LastIntervalNumber”=“0” on “{parameter “action issue date” of action}” for client

Lee Wei

(imported comment written by RemQuadriga91)

Lee Wei

We use the Upload and Archive Manager to move files from the Clients to the Server.
http://support.bigfix.com/product/documents/Upload_Archive_Manager_80_101211.pdf

Thanks for the link! That’s exactly what I need.

Though, I’ve got one more question. The document states:

Once the file finally arrives at the BigFix Server, it is saved in a special directory location based on the ID of the client computer.

Is there way I can find the uploaded archive in the Console?

(imported comment written by Lee Wei)

The files are uploaded into a location similar to the following on the TEM Server.

C:\Program Files\BigFix Enterprise\BES Server\UploadManagerData\BufferDir\sha1

However, you cannot browse these directories and their content via the TEM Consoles.

  • If you are on the TEM Server, of course this is easier to browse.
  • If on remote computers, then some file sharing and mounting will be required.
  • Or as most of the TEM modules will do, the uploaded files are being processed in some way. For example, NMAP scan files are processed by a service, then imported into the database for browsing from the Console.

Lee Wei

(imported comment written by RemQuadriga91)

Got it. I guess, the document has some hints on how to convert directory names inside sha1 into computer names. Going to earch for it. Thanks!

(imported comment written by bolobi91)

HI,

Can you please share how you chnaged the directory names to computer Name?? Or where you find the hints…

Thanks in advance…