Because the lines are well-formatted you can use the “variables of file” inspector. Be aware of bugs in the 9.5.1 version of the inspector though, as long as you’re not using that particular BigFix client version you should be okay with
exists (variables whose (it starts with ".STOREIP=") of files "/var/log/boot.msg", variables whose (it starts with ".IPADDR=") of files "/etc/sysconfig/network/eth0000.txt") whose (following text of first "=" of item 0 of it = following text of first "=" of item 1 of it)
It turns out the “STOREIP=” sections leaves off the last octect for the IP address.
using this same file (boot.msg) there is some text that has the full ip address, here is the text From 10.x.x.x: icmp_seq=1 Destination Host Unreachable
Is there a way to grab the IP from that string and compare it to the IP in the other file (eth0000.txt)?
I was trying to use “preceding text” but i can’t get it working, here is what i have.
exists (variables whose preceding texts of lasts “: icmp” of following texts of firsts “From” of lines whose(it contains “From” and (following text of first “From” of it contains “: icmp”)) of files “/var/log/boot.msg”, variables whose (it starts with “IPADDR=”) of files “/etc/sysconfig/network/eth0000.txt”) whose (following text of first “=” of item 0 of it = following text of first “=” of item 1 of it)
Well, that gets a lot messier because “variables of file” won’t match the line from boot.msg. The “variables” inspector looks for lines matching the “variable = value” pattern.
The “lines of file” inspectors are very slow (at least on Windows) in all of the 9.5 versions so far. Check on the Linux side to see how this performs. It could be used in an Analysis as long as it’s not evaluated too frequently, but shouldn’t be used for Fixlet relevance.
This is untested, but see if it works…first grab the target IP address from eth0000.txt, and see whether there are lines matching it in boot.msg.
I haven’t tested this, but see whether it works for you.
exists lines whose (it starts with "From " & (concatenation of following texts of firsts "=" of variables whose (preceding text of first "=" of it starts with ".IPADDR") of files "/etc/sysconfig/network/eth0000.txt") & ": icmp") of files "/var/log/boot.msg"
I use the plural “variables of files” to retrieve the IP address, so it won’t get an error if the file or line doesn’t exist; then I have to concatenate those results (which should only be a single result) to force back to a singular value, as required for the string concat "From " & it & “: icmp”.
I’m not sure I understand the purpose for looking this up though. Maybe if you tell us what you’re trying to accomplish we could find a better way to do it …
Thank you for the replies I really appreciate the help! The code above runs, but I’m getting a (false) even on a good PC where I would expect a True.
We are trying to compare the IP address assigned to the PC at boot (/var/log) to the IP address configured (eth000.txt)
We can go a different route however.
We are going to just pull the IP assigned to the PC and ignore the other part for now.
I’m running
preceding text of position 2 of (if exists file
("/etc/sysconfig/network/ifcfg-eth-id-00:00:00:00:00:1e") then following texts of firsts “IPADDR=” of lines whose (it contains “IPADDR=”) of file ("/etc/sysconfig/network/ifcfg-eth-id-00:00:00:00:00:1e") else “n/a”)
However this returns 2 answers because the file has two “IPADDR=” strings,
is there anyway i can get it to only give me 1 answer?
In the original query, maybe there’s a problem with the spacing. Or it could be a problem that IPADDR is listed twice. Can you get the results for these queries:
(following texts of firsts "=" of variables whose (preceding text of first "=" of it starts with ".IPADDR") of files "/etc/sysconfig/network/eth0000.txt")
lines whose (it starts with "From " and it contains ": icmp") of files "/var/log/boot.msg"
For the second form – is the IPADDR line identical in both instances (same address listed twice)? We could try to use “unique value” -
preceding text of position 2 of (if exists file
("/etc/sysconfig/network/ifcfg-eth-id-00:00:00:00:00:1e") then unique values of following texts of firsts "IPADDR=" of lines whose (it as trimmed string starts with "IPADDR=") of file ("/etc/sysconfig/network/ifcfg-eth-id-00:00:00:00:00:1e") else "n/a")