Agent Client collector enable-patterns-on-agent mass update

HermanDR
Tera Contributor

We are setting up Agent Client Collector Visibility.

We will use it for Service mapping as well as horizontal Discovery.

To use patterns you need to set 

enable-patterns-on-agent : true

 

This is not default when installing the agents.

What could be used to set this value?

Replacing the complete acc.yml does not seem an option as the agent id is in there too.

4 REPLIES 4

Doci1
Kilo Sage

Pattern Execution with Agent Client Collector (KB1323623):

Prerequisites

  • Instance on Utah
  • Agent Client Collector Framework and Visibility 3.1.0
  • MID server with Agent Client Collector capability and Discovery in supported applications
  • MID web server active (listener enabled)
  • MID java heap size 1024m minimum, 2048m recommended
  • MID properties to force SNC SSH library (j2ssh and maverick unsupported for ACC):

mid.sa.ssh.use_sncssh set to true

mid.ssh.use_snc set to true

 

  • Agent Client Collector version 3.1.0 deployed on the target systems (Linux and Windows servers only)
    • plugin signature verification enabled
    • check allow list at the responsibility of the customer
    • on Linux, sudoers enabled with regular Discovery commands
    • on Windows, the agent can be installed either as SYSTEM, or using a local account with the
  • following privileges:
    • Logon as a Service
    • Backup (SeBackupPrivilege)
    • Debug Programs
  • Agents connected to the MID listener with the agent records up, data collection on, host record
  • created, no error in the ECC queue

Activation

1. On ServiceNow instance, enter sys_properties.LIST in the navigation bar and press enter

2. Edit the sn_agent.appl_classification_behavior property: change the value to "full" to enable pattern

execution; confirm

3. If you run horizontal discovery in parallel, set the sys_property

sn_agent.disco_disable_ci_clobber_of_agentless_disco to false

 

Validation

1. Switch the view on the agent record to Discovery; a new tab "Application Pattern Logs" appears

2. Click on Collect Host Data and trace the agent logs

3. Once the regular ACC enhanced discovery is completed, the pattern associated with each classified

process is executed; the execution logs are available from the agent record

4. Click on View log for the pattern of your choice and confirm the data points have been extracted via

the agent, for example: "2023-05-18 02:32:19: Using ACC connection to execute command on Unix agent

with id: f2a9ade796b52cd7"

5. Refresh the host CI and confirm the application CI and subsequent records have been created

Note: as you explore the pattern logs, you can select a step and open Debug mode. Check the box to use the

ACC connection.

Known Limitations and Additional Notes

The "Put File" operation is currently not supported. Patterns that copy a script to the remote target

for execution will fail with the error message "Put File Operation is not supported on agent"

Top-Down Service Mapping is not supported and the connection extensions are not executed

Probes (Oracle GLAS, File-Based Discovery) are not supported

There is no Discovery Status record, only the pattern execution logs

Some shell commands may have a different behavior when executed on the agent vs. ssh, for

example if the shell is "/bin/sh" running non-interactively and the command contains some shell

scripting operators and built-ins (open defect)

HermanDR
Tera Contributor

Yes, I am aware and did all of this.

The question is: how to update the acc.yml file... I guess that will be up to the sysadmin via some tool like powershell or chef. But maybe someone has already done it, maybe in a more efficient way.

OK, now I understand. Well, based on doc there is not even msi install parameter.

 

I was changing the acc.yml based via my custom ruby script with cert signature, because I was changing API key and URL for switching between instances. However, SN changed approach and now all those custom plugins cert signatures has to be installed in OS trust store, and basically we dont know how to do that, so I dont know if creating custom plugin with that check is the correct approach.  

tschneider
Tera Expert

I use the following script to achieve any paramater changes to the acc.yaml file. Currently, we use MECM to push changes:

# --- this scripts changes the the parameter in $searchKey to $newValue
# --- if not found, it will be added
# --- a backup of the file acc.yaml file is created. ACC agent restarted to reload configuration

$ErrorActionPreference = "SilentlyContinue"

$searchKey = "enable-patterns-on-agent:"
$newValue = "true"

# ----

stop-service -name agentclientcollector

$target_cnt = 0
$filename = "$($env:ProgramData)\ServiceNow\agent-client-collector\config\acc.yml"

get-item "$($filename)-BAK" | Remove-Item -Force 
get-item "$($filename)-NEW" | Remove-Item -Force

get-content $filename | % { 

    if ($_ -imatch $searchKey) 
    {
        "$($searchKey) $($newValue)"
        $target_cnt++

    }
    else
    {
        $_
    }
} | out-file "$($filename)-NEW"

if ($target_cnt -eq 0)
{
    "$($searchKey) $($newValue)" | out-file "$($filename)-NEW" -Append
}
rename-item -path $filename -NewName "$($filename)-BAK" -Force
rename-item -path "$($filename)-NEW" -NewName $filename -Force

# --- Restart the ACC service
start-service -name agentclientcollector