Linux Discovery-How to extend running processes discovery to capture user id (cmdb_running_process)

hz2
Tera Expert

‎10-27-2022 05:59 AM

I'm looking the best approach on how to extend ServiceNow Linux discovery to capture the user id for active processes - table cmdb_running_process.

 

Screenshot 2022-10-27 135616.png

 

My understanding is that running processes are collected the following way:

1) Probe "Unix - Active Processes" runs and collects active processes with the following command:

 

 

ps awwxo pid,ppid,command | sed -n '/<defunct>/!p'

 

 

2) Sensors store data in cmdb_running_process

 

 

-----

To collect User Id that triggered the process, I'd run the command below:

 

 

>ps -ef
Results:

UID               PID  PPID  C STIME TTY          TIME CMD
_srvuserid        142   141  0 Oct26 pts/2    00:00:00 -bash
root              1       0  0 Oct25 ?        00:00:00 /init

 

 

What are the options to store the UID in table cmdb_running_process?

 

1) Through a Discovery Pattern? Note that cmdb_running_process does not inherit from cmdb_ci, so not a good candidate for Pattern extension? I don't know for sure.

 

2) Update out-of-the-box ServiceNow's probes and sensors to store this information? Seems like a lot of bits to modify.

 

3) What other options are there?

 

Any advice is much appreciated.

0 Helpfuls
  • 1,269 Views
5 REPLIES 5

Robin J_
Tera Guru
In response to hz2

‎11-09-2022 04:40 AM

Hi again,

I have done more testing and also found this on ServiceNow docs:
4. To save the whole of the command output as a variable, select NONE from the Define Parsing list and define the variable as described in 7.
- https://docs.servicenow.com/bundle/rome-it-operations-management/page/product/service-mapping/task/t...

 


Anyways I did not get this working and saw this Community thread about the same topic:
- https://www.servicenow.com/community/itom-forum/service-mapping-parse-entire-result-of-command-outpu...
- It is no option to save variable when you select "none" on parsing strategy and even if it would be, question is if that also only captures the 1 line.


Tested to change my regex to (.*) instead of .* - but same result still only captures the first row.

RobinJ__0-1667997547029.pngRobinJ__1-1667997556727.png


The question is how and if at all there is a way to actually save all lines into only 1 variable. Even if that would be possible it would not be rather pretty.


Curious about if ServiceNow some day adds "username/UID" to out-of-the-box running processes table! That would been great and I think it is weird that it currently is not there 🙂


Have a nice day!
- Robin

0 Helpfuls