Is there a way to send output from a Bigfix custom action Linux shell script that is run on multiple Linux targets to the Bigfix server itself so that one would not have to login to each Linux server individually to verify that the script ran correctly?
For example, a simple custom action shell script might run a single command to check the version of an application on a set of targeted Linux servers. Can that output be captured centrally on the Bigfix server in a log file or some similar way?
@bfmyee, please take a look at my HCL - Ubuntu - APT Dist-Upgrade with Autoremove fixlet in my personal GitHub. This fixlet will bubble up the return code from the wait command in the Action Script. Please make sure that your Linux shell script doesnât somehow suppress any error/exit codes. For a more involved example, please take a look at my Linux-Watchdog content and Bash scripts. Hope this helps.
Hello cmcannady, Sorry, I donât quite understand how your action script works to âbubble upâ the return code. Iâm looking for more than just getting a return code. For example, I have this super simple Bigfix shell (sh) action script that works to write to a log file on the server while also emailing a recipient. How could I get this output sent to the Bigfix server? Reason why is because I will have other more complicated scripts that will be targeted to multiple Linux VMs and Iâd like to see the output for each in one central location instead of spread out everywhere. BTW, I use âshâ to create my action scripts because the âShell Script to Action Script Conversion Utilityâ in https://bigfix.me/content/shelltoaction never worked for me. Thx, Mike
#!/bin/sh
logfile=/tmp/hello.log
/bin/cat /dev/null > $logfile
echo "hello on date" | tee $logfile | mailx -s âtest from $HOSTNAMEâ recipient@somecompany.com
@bfmyee, if you want more than just the exit/return code from the bash script thatâs been executed via BigFix, then youâll have to redirect the output of interest to an execution or other log file and then have an appropriate analysis to report back those details.
Take a look at the âShell Shockâ fixlet and analysis (CVE-2014-7169) located in the âPatching Supportâ external site for an example of this two part solution.
Hello, thanks again for your reply. I looked at that fixlet and itâs in two parts. First the fixlet itself and for the second part I can, "activate an analysis 1829 âShell Shock Bash Vulnerability (CVE-2014-7169) Statusâ ". However, I could not find this analysis in my Bigfix console nor could I find it online to download. Where can I find this analysis? Thx!
@bfmyee, both the fixlet and analysis mentioned in my prior post are available by default when subscribed to the âPatching Supportâ external site. If youâre unable to locate the fixlet and/or analysis in question, Iâd imagine said content may be hidden.
I was looking for this today as well and found what I think you are looking for
to get the output of ls > mydir.txt, I had to wrap in shell.
wait sh -c "ls > mydir.txt"
more info here:
Hello brolly33. Sorry that itâs taken me until now to respond. I tried this in a BigFix Action sh script (/bin/wait sh -c âls > ls.txtâ) but it didnât work. Where does the âls.txtâ file go? I performed a search on the C: drive of the BigFix server but found nothing. Itâs not on the Linux server where I ran it from either. Thx.
Brollys script just writes the ls output locally on the bes client. What you are looking for might be the âarchive and uplod managerâ which might be an alternative to using an analysis.
I would highly appreciate to get a more convenient way to gather some files as a one time action. On the other hand, as BigFix works on highest access level, this might cause security issues.
