ACC-V with SAM pro

mayurirathi153
Tera Contributor

3 weeks ago

I am implementing acc-v with sam, however I do not see data being populated in samp_sw_usage.
I have followed below article and installed osquery on the device. Enabled sam policies and checks as per article below.

Note - I have installed midless acc.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1005005

 

Kindly let me know if anyone have faced similar issues and if I am missing anything.

0 Helpfuls
  • 416 Views
2 REPLIES 2

dreinhardt
Kilo Patron

3 weeks ago

Hi @mayurirathi153 ,

 

could you please the outcome of each step to get a better understanding of “where” the process of gathering usage data stucks?

 

Like, does the acc-v is generating a .snapshot file as result of the osquery setup etc.

 

Thanks, Dennis

Should my response prove helpful, please consider marking it as the Accepted Solution/Helpful to assist closing this thread.
0 Helpfuls

mayuri_rathi
Giga Contributor
In response to dreinhardt

3 weeks ago

Hi,

 

1)installed osquery on the device. And can see below log files created.

I do not see snapshot file.

mayuri_rathi_0-1776936908314.png

 

2)Modified osquery.conf and osquery.flags as per document below .

https://docs.servicenow.com/bundle/xanadu-it-operations-management/page/product/agent-client-collect...

 

Content of osquery.conf file-

  "packs": {

 

     "sam-metering": "C:\\ProgramData\\ServiceNow\\agent-client-collector\\cache\\acc-visibility-modules\\bin\\sam-metering.conf"

Content of osquery.flags file –

--logger_rotate=true
--logger_rotate_size=26214400
--logger_rotate_max_files=1
--watchdog_level=1

 

3)Can see below sam related files generated in bin folder

mayuri_rathi_1-1776936908320.png

 

 

There are two things which I am confused about –

  • Acc created below location-

C:\Users\servicenow\AppData\Local\AgentClientCollector

 

Where as osquery is running at below -

C:\Users\servicenow.PREC8PYP8Y3.000\AppData\Local\AgentClientCollector\SAM à where I see marker.json file

mayuri_rathi_2-1776936908324.png

 

 

 

Does it have to be under same location? Which is - C:\Users\servicenow\AppData\Local\AgentClientCollector

If yes, how do I change it? These are auto generated folders.

 

Note- ACC is midless and silent installation.

 

2)There are two sam policy one with osquery and other with non osquery.

mayuri_rathi_3-1776936908329.png

 

 

So if we enable non-osquery policy, do I still need to install osquery for sw usage?

 

 

0 Helpfuls