...
The final command set looks like this:
| Code Block |
|---|
{
"Linux_Log4j" : {
"commands" : [
{
"privileged" : "true",
"command" : "Log4jSearch",
"exec" : "sudo find / -name \"log4j*\"",
"tags" : [
"HOURLY",
"Linux",
"operations",
"detect-change",
"report-change"
]
}
],
"scheduling_info" : {
"run_commands_on_separate_connection" : "false"
},
"os_info" : {
"os" : "/(Linux|CentOS|Ubuntu)/"
}
}
} |
Running the command set
Because it is tagged with "HOURLY" the command set will run automatically every hour. If you want to run it manually for testing, you run the following command:
|
Check for any errors, if all good, run manually for all nodes or wait an hour or so.
You may need to increase the timeout if you see the console lines as below.
| Code Block |
|---|
[2021-12-22 03:58:48.21513] [23682] [warn] failed to make session privileged: read timed-out
[2021-12-22 03:58:48.21573] [23682] [warn] Failed to run command Log4jSearch: Could not make session privileged: read timed-out
[2021-12-22 03:58:48.21587] [23682] [warn] Command timed out - partial response was: "" |
The /usr/local/omk/conf/opCommon.json file can be edited and the value for opconfig_command_timeout increased to a suitable number of seconds.
Diagnose
Now I can go to the opConfig GUI and find the matching nodes.
Access the Commands Overview
From the opConfig menu, select "Views → Commands Overview" and you should be seeing a screen which looks like the one below, first we can see how many instances of "perl version" we have collected.
In the box enter "perl version" change the select to "Command" and click "Go", you will have a list of nodes and the command name, all of these are samples we can not check for. Step 2 is to click on the "Advanced" button on the right.