Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

ACC-V with SAM pro

mayurirathi153
Tera Contributor

Wednesday

I am implementing acc-v with sam, however I do not see data being populated in samp_sw_usage.
I have followed below article and installed osquery on the device. Enabled sam policies and checks as per article below.

Note - I have installed midless acc.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1005005

 

Kindly let me know if anyone have faced similar issues and if I am missing anything.

0 Helpfuls
  • 192 Views
2 REPLIES 2

dreinhardt
Kilo Patron

Wednesday

Hi @mayurirathi153 ,

 

could you please the outcome of each step to get a better understanding of “where” the process of gathering usage data stucks?

 

Like, does the acc-v is generating a .snapshot file as result of the osquery setup etc.

 

Thanks, Dennis

Should my response prove helpful, please consider marking it as the Accepted Solution/Helpful to assist closing this thread.
0 Helpfuls

mayuri_rathi
Mega Contributor
In response to dreinhardt

Thursday

Hi,

 

1)installed osquery on the device. And can see below log files created.

I do not see snapshot file.

mayuri_rathi_0-1776936908314.png

 

2)Modified osquery.conf and osquery.flags as per document below .

https://docs.servicenow.com/bundle/xanadu-it-operations-management/page/product/agent-client-collect...

 

Content of osquery.conf file-

  "packs": {

 

     "sam-metering": "C:\\ProgramData\\ServiceNow\\agent-client-collector\\cache\\acc-visibility-modules\\bin\\sam-metering.conf"

Content of osquery.flags file –

--logger_rotate=true
--logger_rotate_size=26214400
--logger_rotate_max_files=1
--watchdog_level=1

 

3)Can see below sam related files generated in bin folder

mayuri_rathi_1-1776936908320.png

 

 

There are two things which I am confused about –

  • Acc created below location-

C:\Users\servicenow\AppData\Local\AgentClientCollector

 

Where as osquery is running at below -

C:\Users\servicenow.PREC8PYP8Y3.000\AppData\Local\AgentClientCollector\SAM à where I see marker.json file

mayuri_rathi_2-1776936908324.png

 

 

 

Does it have to be under same location? Which is - C:\Users\servicenow\AppData\Local\AgentClientCollector

If yes, how do I change it? These are auto generated folders.

 

Note- ACC is midless and silent installation.

 

2)There are two sam policy one with osquery and other with non osquery.

mayuri_rathi_3-1776936908329.png

 

 

So if we enable non-osquery policy, do I still need to install osquery for sw usage?

 

 

0 Helpfuls