Customizing a Classifier to determine which probe gets triggered in exploration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2013 12:49 PM
Wanted to pull this out of a reply in another thread where our friend Nikhil needed to trigger a specific probe base on the build of a linux operating system.
If you look at your probes you can set a condition script to determine when something gets fired. In this case a specific disk probe for SuSE build of linux.. Details below if its something you might need to do as well...
First you have to understand how to 'see' the values that are returning from your classify probe.. To see this you would want to enable(create) a sys_property to turn on classification debug..
glide.discovery.debug.classification
type: True/false
value: true
*be sure to shut it off when you're done, no reason to add to the logs if you dont need to*
Run your scan against the device then check the logs.. You'll see an output like this...
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.ip_address = 10.200.2.40
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value ip_address = 10.200.2.40
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value name = Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value discover = CIs
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value output = Linux doogiehat.doogiesd.com 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.output = Linux doogiehat.doogiesd.com 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value type = unix
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.os_version = 2.6.35.6-45.fc14.i686
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.os_name = Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.name = doogiehat
Now you can see the values that we are using to match up in a classifier AND values that you can use to ensure only a particular probe gets triggered...
For example in your condition script on a particular probe you can use
values.get('name')=='linux'
See how it matches up with value:
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value name = Linux
Now where do we get these 'values' from? .. well thats all from uname -a (classify probe) and to set these we parse out the return in the Unix Classifer SENSOR > Responds to probe script for Unix
*******
function(result, ciData, debug, sensor) {
var output = result.output;
if (output === null || gs.nil(output))
return;
run(output, ciData, debug);
function run(output, ciData, debug) {
var ci_data = ciData.getData();
var uname = output;
var unameParts = uname.split(/ /);
var osName = unameParts[0];
var osHostname = unameParts[1] ? unameParts[1] : "unknown.host";
var osVersion = unameParts[2] ? unameParts[2] : "";
ci_data.os_name = osName;
ci_data.os_version = osVersion;
ci_data.output = output;
// Don't bother with ssh hostname if we shouldn't trust the ssh name and DNS already has already populated it
var trusted = JSUtil.toBoolean(gs.getProperty("glide.discovery.hostname.ssh_trusted", "false"));
var haveNow = JSUtil.notNil(ci_data['name']);
var haveNew = JSUtil.notNil(osHostname);
if (!haveNew)
return;
if (!trusted && haveNow)
return;
var hn = new HostnameJS();
ci_data['name'] = hn.format(osHostname, JSUtil.notNil(ciData.ip_address)? ciData.ip_address:null);
}
}
*****
So you would want to add catch for the part of uname you want to grab.. in my case if I wanted to catch GNU from my output:
Linux doogiehat.doogiesd.com 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux
I would have to edit (below) the number of that value based on the spaces..
function run(output, ciData, debug) {
var ci_data = ciData.getData();
var uname = output;
var unameParts = uname.split(/ /);
var osName = unameParts[0];
var osHostname = unameParts[1] ? unameParts[1] : "unknown.host";
var osVersion = unameParts[2] ? unameParts[2] : "";
ci_data.os_name = osName;
ci_data.os_version = osVersion;
ci_data.output = output;
so maybe (check my math here) var osBuild = unameParts[14];
Then set ci_data.osbuild = osBuild
now back to the sensor and in the sensor script you set that value from the new ci_data you just created...
classify: function() {
var values = {};
values[ 'name' ] = this.ci_data.os_name;
values[ 'output' ] = this.ci_data.output;
values[ 'type' ] = 'unix';
values[ 'ip_address' ] = this.ci_data.ip_address;
values[ 'discover' ] = this.discover;
(havent tested but) values[ 'osbuild' ] = this.ci_data.osbuild;
now in your condition script you can set for the specific probe you want run based on the build of the OS
values.get('osbuild')=='GNU\Linux'
- Labels:
-
Discovery
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-02-2015 09:10 AM
I have added a sys_property glide.discovery.debug.classification=true and ran several Quick Discoveries against a particular target Linux host. I'm not getting any debug logging in the Discovery or System Log.
Where should I expect this logging to appear?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-03-2015 06:14 AM
Hi,
After enabling the sys_property glide.discovery.debug.classification and setting it to true. Run your discovery, then head to ::
In Dublin --> System Logs --> Utilities --> Log File Browser
In Eureka --> System Logs --> Utilities --> Node Log File Browser
Note the time of your discovery status, keeping in mind all times are in 24hr format and set the following ::
Start Time :: (as close to the time of discovery start)
Level :: Info
Max Rows :: 1000 should be sufficient
Thread Name :: worker
This works for me - let me know if you have any questions....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-03-2015 07:14 AM
This is all I get:
| worker.3 Processing sensor: UNIX - OS Uptime (172.27.30.194) | ||||
| 07:06:27.479 | Info | worker.1 | worker.1 Processing sensor: UNIX - OS Filesystems (172.27.30.194) | |
| 07:06:27.479 | Info | worker.4 | worker.4 Processing sensor: DNS (172.27.30.194) | |
| 07:06:27.545 | Info | worker.4 | worker.4 Processed sensors in 0:00:00.090 (DNS) | |
| 07:06:27.555 | Info | worker.3 | worker.3 Processed sensors in 0:00:00.101 (UNIX - OS Uptime) | |
| 07:06:27.696 | Info | worker.1 | worker.1 Processed sensors in 0:00:00.241 (UNIX - OS Filesystems) | |
| 07:06:37.537 | Info | worker.6 | worker.6 Processing sensor: Linux - Memory (172.27.30.194) | |
| 07:06:37.540 | Info | worker.5 | worker.5 Processing sensor: Linux - Active Processes (172.27.30.194) | |
| 07:06:37.547 | Info | worker.0 | worker.0 Processing sensor: Unix - ADM (172.27.30.194) | |
| 07:06:37.548 | Info | worker.4 | worker.4 Processing sensor: Linux - Active Connections (172.27.30.194) | |
| 07:06:37.587 | Info | worker.6 | worker.6 Processed sensors in 0:00:00.075 (Linux - Memory) | |
| 07:06:37.882 | Info | worker.5 | worker.5 Processed sensors in 0:00:00.368 (Linux - Active Processes) | |
| 07:06:38.175 | Info | worker.4 | worker.4 Making connections | |
| 07:06:38.515 | Info | worker.4 | worker.4 Processed sensors in 0:00:00.998 (Linux - Active Connections) | |
| 07:06:38.798 | Info | worker.0 | worker.0 Processed sensors in 0:00:01.277 (Unix - ADM) |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-03-2015 07:45 AM
Hi - if you want me to take a look, give me the instance name & disco status number...
