I’m looking for some help with a relevance expression and site subscriptions.
We have a public-facing BigFix relay (RELAYSERVER1) that services a large number of clients (thousands of computers).
All of these computers are subscribed to a shared site which, for the sake of this example, I’ll call AllComputersSite. This site is subscribes to all computer objects.
Within AllComputersSite, I want to create a computer group called CUSTOMER1_SERVERS to logically group all of their machines together.
The end goal is to create a separate site called CUSTOMER1 that only subscribes computers which are members of the CUSTOMER1_SERVERS group from AllComputersSite. These computers are a mix of Windows and Linux systems, and include both domain-joined and non-domain-joined machines.
In most cases, our customers have their own dedicated private relay, so we simply subscribe all computers connected to that relay. However, because this is a shared relay, that approach is not suitable here.
What I’m trying to work out is the best way to write the relevance for the CUSTOMER1 site subscription so that it dynamically includes only the computers in the CUSTOMER1_SERVERS (need help with that relevance too) group from the shared site.
Any guidance or examples would be greatly appreciated.
Maybe it’s me but I am not exactly following why do you need separate site for the 2nd relay at all? Sites are generally meant to hold different content, so unless you need machines pointing to one relay to allow different set of tasks/fixlets/baselines/analysis available against them than the one on the other relay, I don’t see the point. Generally speaking, the approach should be you sites are mapped to user-roles where you want to specify which role can see/use what content but as far as the machines are concerned the sites are the same and relay selection doesn’t make a difference.
What I have done is create a bunch of computer groups based on IP-addresses that correspond to our different geographical office/data centre locations and based on the groups assign different Relay Affiliation tags, so servers in location1 would point to all the relays in locaiton1; severs in location2 would point to all relays in location2; etc.
Anyway, here is the relevance to check membership of a group in a site to use (by GroupID), so if you are really set on using in site subscription you can do so too but I personally use it in if statements in a task that assigns the relay affiliations instead.
exist site "CustomSite_NameOfSite" whose (exist subscribe time whose (now - it >= 1 * hour) of it /* Purposely putting a delay because it takes time after a machine subscribes to a site to then evaluate all content, including group memberships */ and member of group 2419537 of it /* GroupID needs to be changed */)
Just a word of caution - if the site name contains special characters it may represent those differently.