Hello,
I need to use IPV6 address and Mac Address for an endpoint to obtain it’s BigFix ID. The query works fine with IPV4 address and MAC Address. I get “The operator “ipv6 address” is not defined.” error when I use IPV6 address instead. Given below is the query. Please help
“(ids of it , ipv6 addresses of it) of bes computers whose ( exists IPv6 Address whose (it as string equals "[xxxx:xxx:xxxx:xxxx:xxx:xxxx:xxxx:xxxx]" ) of it AND (concatenation of (values of results of (bes property whose (id of it = ((2299719139,1041,1)))) of it) as lowercase) contains "xx-xx-xx-xx-xx-xx" as lowercase)”>
where property id 2299719139,1041,1 corresponds to MAC Address
There currently is not an ‘ipv6 address’ inspector for <bes computer> objects in session relevance, but with newer versions of BigFix, both IPv6 and MAC addresses are now reserved properties of Clients, so, we can reference them that way and return their results.
Here is an example session relevance that should return the BigFix Computer ID, and IPv6 addresses for any computer matching a specific ipv6 address and mac address:
(id of it, "|" & concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "IPv6 Address"), it) & "|") of bes computers whose (("|" & concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "IPv6 Address"), it) & "|") contains ("|" & "xxxx:xxx:xxxx:xxxx:xxx:xxxx:xxxx:xxxx" & "|") AND ("|" & concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "MAC Address"), it) & "|") contains ("|" & "xx-xx-xx-xx-xx-xx" & "|"))
Thank you very much Aram! I have been trying to modify your query to use to have multiple IPV6 addresses in the contains but with no success
Given below is the query using IPV6 reserved name and bes property id for MAC Address. This works. I want to change this to use multiple IPV6 addresses. Query to return BigFix Computer ID for a computer with IPV6 address in any of that list and a given MAC Address.
%28id+of+it%2C+%22%7C%22+%26+concatenation+%22%7C%22+of+values+of+results+%28bes+property+whose+%28reserved+flag+of+it+AND+name+of+it+%3D+%22IPv6+Address%22%29%2C+it%29+%26+%22%7C%22%29+of+bes+computers+whose+%28%28%22%7C%22+%26+concatenation+%22%7C%22+of+values+of+results+%28bes+property+whose+%28reserved+flag+of+it+AND+name+of+it+%3D+%22IPv6+Address%22%29%2C+it%29+%26+%22%7C%22%29+contains**+%28%22%7C%22+%26+%22fd6f:9d5e:221e:1672:e5ec:5b21:4798:49b9%22+%26+%22%7C%22%29**+AND+%28%22%7C%22+%26+concatenation+%22%7C%22+of+values+of+results+%28bes+property+whose+%28id+of+it+%3D+%282299719139%2C1041%2C1%29%29+%2C+it%29+%26+%22%7C%22%29+contains+%28%22%7C%22+%26+%2200-50-56-b8-3f-8e%22+%26+%22%7C%22%29%29 -v
This is what I tried and it returned “could not parse” error
<Query Resource="(id of it, "|" & concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "IPv6 Address"), it) & "|") of bes computers whose (("|" & concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "IPv6 Address"), it) & "|") contains (("fd6f:9d5e:221e:1672:e5ec:5b21:4798:49b9") OR contains ("fd6f:9d5e:221e:1672:e5ec:5b21:4798:59b3")) AND ("|" & concatenation "|" of values of results (bes property whose (id of it = (2299719139,1041,1)) , it) & "|") contains ("|" & "00-50-56-b8-3f-8e" & "|"))">
As you can tell, I am new to BigFix relevance language and any help will be much appreciated. Thanks!
Are you looking to query by a ‘long’ list of IPv6 OR MAC addresses? If you’re looking to have a formulaic query where you can essentially make the list of IPv6 (or MAC addresses) a variable of sorts, there are better ways of doing this, but here is an example that allows you to query by 2 IPv6 or Mac addresses:
(id of it, "|" & concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "IPv6 Address"), it) & "|") of bes computers whose (((it contains "xxxx:xxx:xxxx:xxxx:xxx:xxxx:xxxx:xxxx" OR it contains "xxxx:xxx:xxxx:xxxx:xxx:xxxx:xxxx:xxxy") of (concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "IPv6 Address"), it))) OR ((it contains "xx-xx-xx-xx-xx-xx" OR it contains "xx-xx-xx-xx-xx-xy") of (concatenation "|" of values of results (bes property whose (reserved flag of it AND name of it = "MAC Address"), it))))
What is the end goal? Is this for use in the REST API or could it be a console dashboard or web report?
Do you want to search such that only computer results are returned in which BOTH the MAC Address and IPv6 address match? Or do you want to search based upon either criteria… or potentially other criteria as well?
From what I’m seeing on my console, although the builtin type for ‘ip address of bes computer’ is the ipv4of6address type, only ipv4 addresses actually appear.
It may be possible that an ipv6 address could appear if the system had only ipv6 addresses, but all my systems have both and only the ipv4 addresses appear in the property result.
You are correct. Only IPv4 addresses appear in that specific property result. Seems I need to add an IPv6 specific thing in my existing console dashboard / web report.
If you wanted to search across many properties and you don’t care where the results come from specifically, I might do something like this:
(it as string) whose(it contains "|172." OR it contains "|b6-b6-") of (ids of it, ("|" & it & "|") of concatenation "|" of (it as string) of ip addresses of it | "<NoIPv4>" , ("|" & it & "|") of concatenation "|" of values of results (bes properties whose (reserved flag of it AND name of it = "IPv6 Address"), it) | "<NoIPv6>" , ("|" & it & "|") of concatenation "|" of values of results (bes properties whose (reserved flag of it AND name of it = "MAC Address"), it) | "<NoMAC>" ) of bes computers whose(last report time of it > now - 30 * day)
In the (it as string) whose () section, you can basically search across any of the properties regardless of what you put in, you don’t need to know if it is a MAC address or IPv6 ahead of time.
Can you tell if BigFix 9.5 supports IPV6. I could not find information online. Just found this matrix on BigFix KB. It says All versions support IPV4/IPV6. Does BigFix version 9.5 fall under it as well for compliance ? Thanks!
9.5 supported IPv6, at least in mixed-mode. I don’t know whether the IPv6-Only configuration was backported to 9.5; the initial releases did not work in an IPv6-only configuration but that may have been added later.
edit: Digging through the links and release announcements I see that IPv6-only support was added in 11.0.2. Up to that point, at least Relay Autoselection was still based on IPv4 addresses, so it worked in mixed-mode. For an IPv6-only deployment one must be at least on 11.0.2.