7 Replies Latest reply on Dec 21, 2017 7:25 PM by Rajat Jain

    Extended Discovery for a SI

    Rajat Jain
      Share This:

      Hello Everyone,

       

      I need to discover some more attributes/information for Control-M SI. I wrote a TPL as below to capture one registry value (SSL Certificate). The TPL is picking up the correct value but the required SSL-Filename is not coming up.

       

      TPL Written

      ------------------

       

          triggers
              on si := SoftwareInstance created, confirmed where type = "BMC CONTROL-M/Agent Tracker";
          end triggers;

          body
              pattern_name := "EnrichControlMAgentTrackerSI";
              host := model.host(si);
              log.debug("%pattern_name%: %host.name%: Starting CONTROL-M Agent Enrichment...");

              if not (host.name = 'server1111' or host.name = 'server2222') then
                  stop;
              end if;

              ssl_filename := "";
              ssl_short_filename := "";
              agent_directory := "";
              registry_path := "HKLM\\SOFTWARE\\BMC Software\\Control-M/Agent\\SecurityPolicy\\site\\client";

              all_discoveredprocess_nodes := search(in si traverse InferredElement:Inference:Primary:DiscoveredProcess);
              primary_process := "";
              for discoveredprocess_node in all_discoveredprocess_nodes do
                  if discoveredprocess_node.cmd then
                      primary_process := discoveredprocess_node.cmd;
                  end if;
              end for;
              log.debug("%pattern_name%: %host.name%: Primary process: %primary_process%");

              if primary_process then
                  if host.os_class = "Windows" then
                      agent_directory := regex.extract(primary_process, regex '(.*)\\\w+\\\w+\.\w+$', raw '\1');
                      log.debug("%pattern_name%: %host.name%: Agent directory: %agent_directory%");
                      registry_value := registry_path + raw "\keyfile";
                      log.debug("%pattern_name%: %host.name%: Querying registry value \"%registry_value%\"");
                      registry_query_result := discovery.registryKey(host, registry_value);
                      if registry_query_result and "value" in registry_query_result then
                          log.debug("%pattern_name%: %host.name%: Successfully retrieved registry value data: \"%registry_query_result.value%\"");
                          ssl_short_filename := registry_query_result.value;
                          ssl_filename := agent_directory + "\\DATA\\SSL\\CERT\\" + registry_query_result.value;
                          log.debug("%pattern_name%: %host.name%: SSL Filename: \"%ssl_filename%\"");
                      end if;
                  end if;
                  if host.os_class = "UNIX" then
                      agent_directory := regex.extract(primary_process, regex '(.*)/\w+/\w+$', raw '\1');
                      log.debug("%pattern_name%: %host.name%: Agent directory: %agent_directory%");
                      policy_filename := agent_directory + "/data/SSL/cert/ag.plc";
                      policy_file := discovery.fileGet(host, policy_filename);
                      if policy_file and policy_file.content then
                          log.debug("%pattern_name%: %host.name%: Successfully read policy file %policy_filename%");
                          ssl_filename := regex.extract(policy_file.content, regex '(?i)keyfile=(.*)', raw '\1');
                          log.debug("%pattern_name%: %host.name%: SSL filename extracted from policy file: \"%ssl_filename%\"");
                          ssl_short_filename := regex.extract(ssl_filename, regex '(\w+\.\w+)$', raw '\1');
                          log.debug("%pattern_name%: %host.name%: Short SSL filename: \"%ssl_short_filename%\"");
                      end if;
                  end if;
              end if;

              if agent_directory then
                  si.agent_directory := agent_directory;
                  model.addDisplayAttribute(si, 'agent_directory');
              else
                  si.agent_directory := void;
                  model.removeDisplayAttribute(si, 'agent_directory');
              end if;

              if ssl_filename then
                  ssl_file := discovery.fileInfo(host, ssl_filename);
                  if ssl_file and ssl_file.size then
                      log.debug("%pattern_name%: %host.name%: Successfully queried metadata for SSL File %ssl_filename%.  File size: %ssl_file.size%");
                      si.ssl_filename := ssl_short_filename;
                      model.addDisplayAttribute(si, 'ssl_filename');
                  else
                      log.debug("%pattern_name%: %host.name%: Failed to query metadata for SSL File %ssl_filename%.");
                      si.ssl_filename := void;
                      model.removeDisplayAttribute(si, 'ssl_filename');
                  end if;
              else
                  si.ssl_filename := void;
                  model.removeDisplayAttribute(si, 'ssl_filename');
              end if;

       

       

       

       

      Logs after Adhoc Run

      -----------------------------------

       

      E01-139704772298496: 2017-11-14
      04:02:19,967:
      engine.pattern.Custom.Scheduler.ControlMAgent.EnrichControlMAgentTrackerSI:
      DEBUG: EnrichControlMAgentTrackerSI: server1111: Starting CONTROL-M Agent
      Enrichment...

      E01-139704772298496: 2017-11-14
      04:02:19,980: engine.pattern.Custom.Scheduler.ControlMAgent.EnrichControlMAgentTrackerSI:
      DEBUG: EnrichControlMAgentTrackerSI: server1111: Primary process: D:\Program
      Files\BMC Software\Control-M Agent\Default\EXE\P_CTMAT.EXE

      E01-139704772298496: 2017-11-14
      04:02:19,981: engine.pattern.Custom.Scheduler.ControlMAgent.EnrichControlMAgentTrackerSI:
      DEBUG: EnrichControlMAgentTrackerSI: server1111: Agent directory: D:\Program
      Files\BMC Software\Control-M Agent\Default

      E01-139704772298496: 2017-11-14
      04:02:19,981: engine.pattern.Custom.Scheduler.ControlMAgent.EnrichControlMAgentTrackerSI:
      DEBUG: EnrichControlMAgentTrackerSI: server1111: Querying registry value
      "HKLM\SOFTWARE\BMC
      Software\Control-M/Agent\SecurityPolicy\site\client\keyfile"

      E01-139704772298496: 2017-11-14
      04:02:20,391:
      engine.pattern.Custom.Scheduler.ControlMAgent.EnrichControlMAgentTrackerSI:
      DEBUG: EnrichControlMAgentTrackerSI: server1111: Successfully retrieved registry
      value data: "MGL_CTMA_AGDN_2018.kdb"

      E01-139704772298496:
      2017-11-14 04:02:20,392: engine.pattern.Custom.Scheduler.ControlMAgent.EnrichControlMAgentTrackerSI:
      DEBUG: EnrichControlMAgentTrackerSI: server1111: SSL Filename: "D:\Program
      Files\BMC Software\Control-M
      Agent\Default\DATA\SSL\CERT\MGL_CTMA_AGDN_2018.kdb"

      E01-139704772298496: 2017-11-14 04:02:22,515:
      engine.pattern.Custom.Scheduler.ControlMAgent.EnrichControlMAgentTrackerSI:
      DEBUG: EnrichControlMAgentTrackerSI: server1111: Failed to query metadata for
      SSL File D:\Program Files\BMC Software\Control-M
      Agent\Default\DATA\SSL\CERT\MGL_CTMA_AGDN_2018.kdb.

      E01-139704772298496: 2017-11-14
      04:02:23,369: engine.pattern.BMC.ProductRegistryFile.ProductRegistryFileLoad:
      INFO: Unable to determine the path to ProductRegistry.xml on server1111

      E01-139704772298496: 2017-11-14
      04:02:23,383: engine.pattern.Custom.Database.Software.enrichDatabaseSoftwareInstances:
      DEBUG: enrichDatabaseSoftwareInstances: Adding node update time attribute
      (mgl_node_update_time) to Software Instance: "BMC CONTROL-M/Agent Tracker
      8.0.00 identified as Default on server1111"

      E01-139704772298496: 2017-11-14
      04:02:23,417:
      engine.pattern.Custom.Database.Software.enrichDatabaseSoftwareInstances: DEBUG:
      enrichDatabaseSoftwareInstances: Adding node update time attribute
      (mgl_node_update_time) to Software Instance: "BMC CONTROL-M/Agent Listener
      8 identified as Default on server1111"

      E01-139704772298496: 2017-11-14
      04:02:23,452: engine.pattern.BMC.ProductRegistryFile.ProductRegistryFileLoad:
      INFO: Unable to determine the path to ProductRegistry.xml on server1111

      E01-139704772298496: 2017-11-14
      04:02:25,064: engine.pattern.BMC.CONTROL_M_CMforAFT.ControlModuleforAFT: INFO:
      The pattern can find no evidence this BMC CONTRL-M/Agent Listener instance
      corresponds to a BMC Control-M for AFT instance

      E01-139704772298496: 2017-11-14
      04:02:25,070: engine.pattern.SupportDetail.SI.BMC_CONTROL_M.BMC_CONTROL_M_SI_SD:
      DEBUG: No Support Details data found for BMC CONTROL-M 8

      E01-139704772298496: 2017-11-14
      04:02:25,081: engine.pattern.BMC.CONTROLMforHadoop.CONTROLMforHadoop: DEBUG:
      Encountered a Windows host. Pattern stopping...

      E01-139704772298496: 2017-11-14
      04:02:25,085:
      engine.pattern.Custom.Database.Software.enrichDatabaseSoftwareInstances: DEBUG:
      enrichDatabaseSoftwareInstances: Adding node update time attribute
      (mgl_node_update_time) to Software Instance: "McAfee VirusScan 8.8 on
      server1111"

      E01-139704772298496: 2017-11-14
      04:02:25,104:
      engine.pattern.SupportDetail.SI.McAfee_VirusScan.McAfee_VirusScan_SI_SD: INFO:
      Created Support Detail node for McAfee VirusScan Enterprise 8.8