Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Linux Discovery-How to extend running processes discovery to capture user id (cmdb_running_process)

hz2
Tera Expert

‎10-27-2022 05:59 AM

I'm looking the best approach on how to extend ServiceNow Linux discovery to capture the user id for active processes - table cmdb_running_process.

 

Screenshot 2022-10-27 135616.png

 

My understanding is that running processes are collected the following way:

1) Probe "Unix - Active Processes" runs and collects active processes with the following command:

 

 

ps awwxo pid,ppid,command | sed -n '/<defunct>/!p'

 

 

2) Sensors store data in cmdb_running_process

 

 

-----

To collect User Id that triggered the process, I'd run the command below:

 

 

>ps -ef
Results:

UID               PID  PPID  C STIME TTY          TIME CMD
_srvuserid        142   141  0 Oct26 pts/2    00:00:00 -bash
root              1       0  0 Oct25 ?        00:00:00 /init

 

 

What are the options to store the UID in table cmdb_running_process?

 

1) Through a Discovery Pattern? Note that cmdb_running_process does not inherit from cmdb_ci, so not a good candidate for Pattern extension? I don't know for sure.

 

2) Update out-of-the-box ServiceNow's probes and sensors to store this information? Seems like a lot of bits to modify.

 

3) What other options are there?

 

Any advice is much appreciated.

0 Helpfuls
  • 2,099 Views
5 REPLIES 5

Robin J_
Tera Guru
In response to hz2

‎11-09-2022 04:40 AM

Hi again,

I have done more testing and also found this on ServiceNow docs:
4. To save the whole of the command output as a variable, select NONE from the Define Parsing list and define the variable as described in 7.
- https://docs.servicenow.com/bundle/rome-it-operations-management/page/product/service-mapping/task/t...

 


Anyways I did not get this working and saw this Community thread about the same topic:
- https://www.servicenow.com/community/itom-forum/service-mapping-parse-entire-result-of-command-outpu...
- It is no option to save variable when you select "none" on parsing strategy and even if it would be, question is if that also only captures the 1 line.


Tested to change my regex to (.*) instead of .* - but same result still only captures the first row.

RobinJ__0-1667997547029.pngRobinJ__1-1667997556727.png


The question is how and if at all there is a way to actually save all lines into only 1 variable. Even if that would be possible it would not be rather pretty.


Curious about if ServiceNow some day adds "username/UID" to out-of-the-box running processes table! That would been great and I think it is weird that it currently is not there 🙂


Have a nice day!
- Robin

0 Helpfuls