Service/Process Status check through BigFix

Hello All,

I am using below relevance to gather service/process status from all the flavour of the operating system, Relevance is working fine for windows but for non-windows I am getting an error.
Relevance used :-

if (name of operating system as lowercase starts with "win") then (state of service "teagent") else if (not exists (operating system) whose (it as string as lowercase contains "Win" as lowercase)) then (exists process "twdaemon") else "Not Present"

Process status from AIX System
service

Kindly suggest what modification need to be done in relevance.

1 Like

What is the error message returned from the relevance on the non-windows endpoint that you are receiving?

output I’m getting as “error”

If you hover over error does a little popup appear that gives more detail on what the actual error is?

it says incompitable types

All results from an if-then-else statement have to be the same type (or throw an Error result as well)

Your Windows clause returns a string (“Running”,“Stopped”) but your aix returns a boolean True/False. You can refactor it a couple of ways, but you need to return the same types on both checks. Also, I don’t think your last “Not Present” does what you think - that’s an else for the second OS name check, not for the running process check. You don’t need the second os name check at all in fact.

You can try this

if (name of operating system as lowercase starts with “win”) then (exists service “teagent” whose(state of it ="Running")) else (exists process “twdaemon”)

3 Likes

Thanks, Jason.
Relevance is working but wherever “twdaemon” Process is running, I am getting an output as False.
I’m little confused as an output should be true correct?

Hmm.
Well, I see you’re using “twdaemon” to retrieve the status. But is this the correct name for a running instance of Tripwire (I don’t know).
If you run 'ps -ef |grep twdaemon` does it give a good result?

When I ran the grep command I got the below output
[/opt/tripwire/te/agent/bin]>ps -ef |grep twdaemon
root 11927636 9175176 0 14:44:42 pts/24 0:00 grep twdaemon

1 Like

That means there’s no running process named “twdaemon” (the only result you got was your own grep command). You’d need to determine what is the real process name for Tripwire.

1 Like

The service should have a running process, and you could check for the process on both OSes using similar relevance without all the extra hassle. You could also have an additional service check for windows only.

Theoretical example:

exists ( processes "teagent.exe"; processes "twdaemon" )
2 Likes

Thanks, Jason.
Actually, the process Name was wrapper.