Customizing a Classifier to determine which probe gets triggered in exploration

doug_schulze
ServiceNow Employee
ServiceNow Employee

‎06-27-2013 12:49 PM

Wanted to pull this out of a reply in another thread where our friend Nikhil needed to trigger a specific probe base on the build of a linux operating system.

If you look at your probes you can set a condition script to determine when something gets fired. In this case a specific disk probe for SuSE build of linux.. Details below if its something you might need to do as well...

First you have to understand how to 'see' the values that are returning from your classify probe.. To see this you would want to enable(create) a sys_property to turn on classification debug..

glide.discovery.debug.classification
type: True/false
value: true
*be sure to shut it off when you're done, no reason to add to the logs if you dont need to*

Run your scan against the device then check the logs.. You'll see an output like this...

06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.ip_address = 10.200.2.40
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value ip_address = 10.200.2.40
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value name = Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value discover = CIs
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value output = Linux doogiehat.doogiesd.com 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.output = Linux doogiehat.doogiesd.com 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value type = unix
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.os_version = 2.6.35.6-45.fc14.i686
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.os_name = Linux
06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value cidata.name = doogiehat

Now you can see the values that we are using to match up in a classifier AND values that you can use to ensure only a particular probe gets triggered...

For example in your condition script on a particular probe you can use

values.get('name')=='linux'

See how it matches up with value:

06/27/13 12:36:39 (084) glide.scheduler.worker.7 DEBUG Classification: Value name = Linux



Now where do we get these 'values' from? .. well thats all from uname -a (classify probe) and to set these we parse out the return in the Unix Classifer SENSOR > Responds to probe script for Unix

*******


function(result, ciData, debug, sensor) {
       var output = result.output;
       if (output === null || gs.nil(output))
               return;

       run(output, ciData, debug);

       function run(output, ciData, debug) {
               var ci_data = ciData.getData();
               var uname = output;
               var unameParts = uname.split(/ /);

               var osName = unameParts[0];
               var osHostname = unameParts[1] ? unameParts[1] : "unknown.host";
               var osVersion = unameParts[2] ? unameParts[2] : "";

               ci_data.os_name = osName;
               ci_data.os_version = osVersion;
               ci_data.output = output;

               // Don't bother with ssh hostname if we shouldn't trust the ssh name and DNS already has already populated it
               var trusted = JSUtil.toBoolean(gs.getProperty("glide.discovery.hostname.ssh_trusted", "false"));
               var haveNow = JSUtil.notNil(ci_data['name']);
               var haveNew = JSUtil.notNil(osHostname);

               if (!haveNew)
                       return;

               if (!trusted && haveNow)
                       return;
             
               var hn = new HostnameJS();
               ci_data['name'] = hn.format(osHostname, JSUtil.notNil(ciData.ip_address)? ciData.ip_address:null);
       }
}


*****

So you would want to add catch for the part of uname you want to grab.. in my case if I wanted to catch GNU from my output:

Linux doogiehat.doogiesd.com 2.6.35.6-45.fc14.i686 #1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux

I would have to edit (below) the number of that value based on the spaces..



function run(output, ciData, debug) {
               var ci_data = ciData.getData();
               var uname = output;
               var unameParts = uname.split(/ /);

               var osName = unameParts[0];
               var osHostname = unameParts[1] ? unameParts[1] : "unknown.host";
               var osVersion = unameParts[2] ? unameParts[2] : "";

               ci_data.os_name = osName;
               ci_data.os_version = osVersion;
               ci_data.output = output;


so maybe (check my math here) var osBuild = unameParts[14];

Then set ci_data.osbuild = osBuild

now back to the sensor and in the sensor script you set that value from the new ci_data you just created...




       classify: function() {
               var values = {};
               values[ 'name'                   ] = this.ci_data.os_name;
               values[ 'output'               ] = this.ci_data.output;
               values[ 'type'                   ] = 'unix';
               values[ 'ip_address'       ] = this.ci_data.ip_address;
               values[ 'discover'           ] = this.discover;


(havent tested but) values[ 'osbuild' ] = this.ci_data.osbuild;


now in your condition script you can set for the specific probe you want run based on the build of the OS

values.get('osbuild')=='GNU\Linux'
Labels:
  • 4,325 Views
22 REPLIES 22

alexbones
Tera Expert
In response to doug_schulze

‎03-13-2019 10:29 AM

I did try adding it into the Classification Criteria, but it was still picking up those devices. Is this the correct way to be setting those conditions?

find_real_file.png

Preview file
35 KB
0 Helpfuls

doug_schulze
ServiceNow Employee
ServiceNow Employee
In response to alexbones

‎03-13-2019 11:09 AM

Be sure to match 'any', not 'all' on the top of your classifier form.  If it still doesn't work send me an email (doug.schulze@servicenow.com) with the instance information and I can take a look.

0 Helpfuls

jimmillet
Mega Guru

‎08-31-2021 12:12 PM

I have the same issue with HMC Pattern not starting, even thought I see HMC info in the classify log. I set the classification debug property, but CAN NOT SEE any debug statement on the Node Log. I can not see any classification log statements. I am on Quebec version. Am I looking in the right place?

0 Helpfuls

doug_schulze
ServiceNow Employee
ServiceNow Employee
In response to jimmillet

‎08-31-2021 12:27 PM

you may need to download the log to see it, I have to do that sometime.. and I looked at some internal KBs and you might try this for the HMC..Havent tested it myself, but maybe it can put you on a good path.

 

Go to probe: UNIX - OS and under probe parameters, add a probe parameter "set_path" value to 'false' (allow probe to alter the session's PATH variable or not. By default, during session setup, the PATH variable is set to /usr/sbin:/usr/bin:/bin:/sbin.Type: true | false . Default value: true).

0 Helpfuls

Andy M1
Tera Contributor

‎10-12-2023 03:49 PM

Hi @doug_schulze , I'm trying to conditionally run an exploration probe, and I'm having difficulties passing a parameter from the classifier to the probe I'm trying to conditionally run based on the on classification script.

 

Here's my on classification script  (set to simple string for proof of concept):

AndyM1_0-1697150867134.png


Here's the probe & condition script:

AndyM1_1-1697150935290.png

 



0 Helpfuls