Structured way to test query when not supported in "qna"

Windows has a nice® qna - at least it seems so.

On AIX - it seems there are many things it cannot supply - so I was wondering if there is a fairly easy to test different statements outside of qna.

One thing I am thinking of of using “Edit Properties”. A bit of lag (Every Report is fastest) so maybe someone has a suggestion for a better, more structured approach.

Thx.

If you’ve got the WebUI in your environment you can use the Query tab to query any computer.

1 Like

afaik - webui is not really ‘supported’ (read fully developed) in the *nix environments.

But I can try turning it on again. Maybe! it works for this.

Update:
not attempted to use since 9.5.5 - now at 9.5.8. The dialog (fixlet) to get it started asked more - notably the db username (is that db2inst1, or is that IEMAdmin?) - anyway, why did it stop - ideas?

[root@t430 opt]# cat BESWebUI/service-wrapper.log
Mon, 07 May 2018 11:50:03 +0000 -- WebUI service version 9.5.8.38 starting
Mon, 07 May 2018 11:50:05 +0000 -- OpenSSL Initialized (Non-FIPS Mode)
Mon, 07 May 2018 11:50:05 +0000 -- Using OpenSSL crypto library libBEScrypto - OpenSSL 1.0.2j-fips  26 Sep 2016
Mon, 07 May 2018 11:50:14 +0000 -- [WebUI] Found updated WebUI Common site WebUI Common v41 available for download
Mon, 07 May 2018 11:59:14 +0000 -- [WebUI] Stopping WebUI service app

Have you tried creating group based on your relevance statements?

No. Not sure how relevance statements would affect anything I am trying to do with “QNA”.

Further, lucky me - my sandbox harddisk (with BigFix Server) died (so no further replies since then). While I could save my license copies I am doing a fresh install and learning how other things go wrong (which is great for my workshop).

Ultimately, I hope to see that QNA in the WEBUI supplies my needs.

Update: Question: WebUI is operational. Basically ignored until now because it is not really targeted for *NIX systems. So, maybe there is a “not obvious to me, but obvious to others” way to get the ‘WebUI Query’ open and working. In any case, I am not finding it - and would appreciate some assistance! or suggestions.

Will update further (in a few weeks probably) as I learn more.

I’ll start by saying our AIX Admin’s have not let me upgrade to the newer BES Client versions yet. Paranoia is a terrible thing (:wink:). But I do have Query returning responses from several thousand properly configured Red Hat systems.

What version of BigFix are you running?

Has your Master Operator Enabled the “Query” application?

OperatorWebUIRights

It should show up in WebUI as in the image below …

QueryButton

The way I test relevance is I create an analysis just for testing and I make a new property for every “test”, and just wait for results to come back. As long as computers are getting UDP notifications, it usually takes about 1 minute to get results.

If you are testing relevance that is OS specific, you can make the analysis only relevant on those machines that the test is valid for.

I eventually either delete the analysis, or I end up turning it into a new refined analysis that gets raw data I was looking for, as well as some specific data that is useful.

The advantage of an analysis is that you can get both raw data, as well as true/false results and see if the true/false values that are returned line up with what you expect based upon the raw data, that way you can debug the logic statements in the relevance.

Even if what I eventually need is relevance that returns a True/False value, that is NEVER where I start. I always start with raw data, filtering it down, then turning that into a True/False.

When making said analysis, I set the property report time to be like once every 30 days… as long as the property is brand new inside the analysis, then every computer will report in ASAP for the first time, they just won’t refresh the value, which is fine with this kind of testing.


The WebUI Query option will not solve the issue of testing relevance that the client CAN run but QnA cannot run, because WebUI Query uses QnA to get the results, so it has the same limits as QnA does on the command line.


Another option is to use an action to remotely query relevance results and then use that action to send the results back to a central system, like this: https://github.com/jgstew/remote-relevance/tree/master/python

My code is a not great proof of concept that did work last I tried it, but I never built a UI around it. For it to work, it does require that the remote client be able to directly communicate with the system issuing the relevance query.

Because an Action is used to perform the relevance evaluation, it does use the Client to evaluate relevance. It also does it at the faster CPU usage of an action, rather than passive background relevance evaluation.

1 Like

Tim and James - thanks.

@TimRice Tim - no, query was not turned on. When I researched WebUI a year ago it seemed to not be working for *NIX systems - at least nothing like the defaults for Windows and MacOS - so I just tabled it.

Because I was having issues - and WebUI query was suggested as a possible solution - I tried to reactivate it on my sandbox - only to have the sandbox die.

So, as IEMAdmin it is not showing up obviously to me - so maybe by default it is off for all. Am still in ‘install from scratch’ mode - just to test my memory and notes - what did I forget.

So, this is one of the things I never had in my notes - so thanks for the reminder.

@jgstew James - great idea. Wish I had thought of it. Would you happen to have a “template” (for a BES file) on how to best write an analysis like that.

It is still slow-going, as I have a horrible with the Inspector syntax aka grammar and immediate feedback is handy.

Anyway, food for thought! Many thanks!

+++
Update - this is a day later - and yes, the query app now shows up on the “opening” screen. Maybe I was just too quick with my login.

Happy enough for today!

1 Like

Does the AIX client not have the qna binary? On Linux you’d find in the same path as BESClient - /var/opt/BESClient/bin/qna

(Dunno cause our AIX admins are still stuck on 8.2)

Not entirely applicable, you just make a new analysis and optionally set the relevance of it to only be relevant on the applicable OS and/or set of machines that you are trying to test relevance on. The only thing that could really go in the template is the name of the analysis, which really doesn’t matter.

You have to add each property for the relevance you want to test yourself, since that is basically what you are doing. The only trick is to set the eval period to once every 30 days, to not reuse the same property, keep making new ones, then deactivate / delete it once you are done.

Ok - update since last reply.

a) of course AIX has the binary qna - my apologies for not making it clearer that I have been working from that from the start.
b) I got WebUI ‘query’ working. Thanks for the assistence. However, all that seems to do is do distrubuted calls to the qna tool. I had been hoping for queries to the BESClient.

So, back again - and I hope a bit more structured in my question:

Q: (usr part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
E: The operator "string" is not defined.

From Common Relevance Error Messages I found that the issue here is: The is a very common error message that indicates you are trying to return an object that has no default return value. In order to fix it you just need to query a property of that object. So:

Q: exists (usr part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
A: True
T: 2026

I assume I have a string - and I so wished that strings would just print themselves :slight_smile: - almost do -:

Q: "abcd"
A: abcd
T: 88

and

Q: code of "abcd"
A: <code>abcd</code>
T: 54855

I had hoped that “having a string” as the error message seems to indicate, even if null string, that “code of …” would give me something to look at.

Again:

Q: (usr part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
E: The operator "string" is not defined.

Q: exists (usr part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
A: True
T: 1933

Q: exists (root part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
A: False
T: 1915

Q: code of (usr part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
E: The operator "code" is not defined.

I assume I am not understanding something quite basic, sigh!

p.s. while I am struggleing here with AIX things the issue I face is not limited to AIX. For me it is how to get farther than to know more than a ‘type’, e.g., a string, exists or does not exist.

Thanks for your time (even reading this!)

1 Like

I don’t work with AIX at all, but like you said, it seems that this is more about getting the right information out of the right type of property.

According to this document, it looks like usr part is an object of type fileset part: https://developer.bigfix.com/relevance/reference/fileset-part.html

The only property listed on that page is state. Do you get the output you expect if you do (state of usr part of (fileset with name "aixtools.gnu.bash.rte" of object repository))?

1 Like

Does the AIX version of qna have a command line parameter for “show type information” ? If so, you could use the Introspectors to find the properties for a result, or use that when searching developer.bigfix.com.

Introspector example:

Q: properties of type "file"

1 Like

Yes, this works:

Q: (state of usr part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
A: COMMITTED
T: 15331

Q: (state of root part of (fileset with name "aixtools.gnu.bash.rte" of object repository))
E: Singular expression refers to nonexistent object.
T: 651

And yes, @JasonWalker “Q: properties of type “xxx”” works.

And getting back to @alinder - I should have read more carefully. The comments under “user part of …” plus the “error message” E: The operator "string" is not defined. gave me the wrong idea (that it was the equivalent of lslpp -f - but only for the ‘usr’ part AND it also had a ‘string’ property.

Great comments! Thanks!

1 Like