I am using below relevance to gather service/process status from all the flavour of the operating system, Relevance is working fine for windows but for non-windows I am getting an error.
Relevance used :-
if (name of operating system as lowercase starts with "win") then (state of service "teagent") else if (not exists (operating system) whose (it as string as lowercase contains "Win" as lowercase)) then (exists process "twdaemon") else "Not Present"
Process status from AIX System
Kindly suggest what modification need to be done in relevance.
All results from an if-then-else statement have to be the same type (or throw an Error result as well)
Your Windows clause returns a string (“Running”,“Stopped”) but your aix returns a boolean True/False. You can refactor it a couple of ways, but you need to return the same types on both checks. Also, I don’t think your last “Not Present” does what you think - that’s an else for the second OS name check, not for the running process check. You don’t need the second os name check at all in fact.
You can try this
if (name of operating system as lowercase starts with “win”) then (exists service “teagent” whose(state of it ="Running")) else (exists process “twdaemon”)
Thanks, Jason.
Relevance is working but wherever “twdaemon” Process is running, I am getting an output as False.
I’m little confused as an output should be true correct?
Hmm.
Well, I see you’re using “twdaemon” to retrieve the status. But is this the correct name for a running instance of Tripwire (I don’t know).
If you run 'ps -ef |grep twdaemon` does it give a good result?
When I ran the grep command I got the below output
[/opt/tripwire/te/agent/bin]>ps -ef |grep twdaemon
root 11927636 9175176 0 14:44:42 pts/24 0:00 grep twdaemon
That means there’s no running process named “twdaemon” (the only result you got was your own grep command). You’d need to determine what is the real process name for Tripwire.
The service should have a running process, and you could check for the process on both OSes using similar relevance without all the extra hassle. You could also have an additional service check for windows only.