7 Replies Latest reply on Jul 24, 2020 5:35 PM by Lisa Keeler

    Trying to report Unix OS type discovered hosts

    David Hicks
      Share This:

      Hello,

       

      I'm very new to DIscovery (only about 5 months thus far). However, I'm picking things up pretty decently.

       

      Within my BMC Discovery 11.3.04 appliance server, there's a report section that is for Operating Systems > Unix Type Distribution.

       

      When I run it, it's completely blank.

       

      Yet, when I have setup a discovery schedule for SNMP devices and other network hosts, I came back with a list of what I could access, and of what I couldn't access. I looked at what I was not able to access and received a good report that had the following headers:

       

      OS ClassEndpointHostnameDiscovered OSOS Type

      OS Version

       

      Received OS Type to include: GNU/Linux, OpenBSD/ FreeBSE, and etc. All under the "OS Class" of "UNIX".

       

      Yet, when I ran the OOTB report for "Unix Type Distribution", it comes up completely blank.

       

      Could someone please assist me in creating a query or a raw query, that will help me pull what already appears to be in the datastore?

       

      Thank you,

      David Hicks

      davidhicks911@yahoo.com

        • 1. Re: Trying to report Unix OS type discovered hosts
          Andrew Waters

          Are you doing sweep scans rather than full discovery? If so that gives you basic information but does not build Host nodes. Sweep scans return very basic information missing many of the details retrieved by a full scan.

           

          The first report you mention looks for the Host nodes.

           

          I assume, though it is not very clear, that in the second case you are running a report from the DiscoveryRun which is looking at the sweep scan information returned.

           

          You can do something like

          SEARCH DiscoveryAccess

          WHERE _last_marker

          TRAVERSE DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo

          WHERE os_class = "UNIX"

          SHOW

            #DiscoveytResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.endpoint,

            hostname,

            os_class,

            os

          If you want a distribution then something like

          SEARCH DiscoveryAccess

          WHERE _last_marker

          TRAVERSE DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo

          WHERE os_class = "UNIX"

          SHOW os_type

          PROCESSWITH countUnique(0, 1)

          2 of 2 people found this helpful
          • 2. Re: Trying to report Unix OS type discovered hosts
            David Hicks

            Wow, thank you very much!

             

            I tried the 'distribution' area you provided and it worked great!

             

            How could I achieve what I accidentally did in the first place? Which was:

             

            "OS Class, Endpoint, Hostname, Discovered OS, OS Type, and OS Version"

             

            I believe these are the attributes and 'details' about each Linux, Unix, and etc., host that it finds.

             

            Sorry if these are fundamental to you, but I greatly appreciate the kind assistance!

             

            Respectfully,

            David Hicks

            • 3. Re: Trying to report Unix OS type discovered hosts
              Andrew Waters

              You mean something like

              SEARCH DiscoveryAccess

              WHERE _last_marker

              TRAVERSE DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo

              WHERE kind = "Host"

              SHOW

                os_class,

                #DiscoveytResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.endpoint,

                hostname,

                os,

                os_type,

                os_version

              1 of 1 people found this helpful
              • 4. Re: Trying to report Unix OS type discovered hosts
                David Hicks

                Thank you this was very helpful and managed to get me what I needed. Is there a blog where I can start to better educate myself upon "how" to use custom reports? I've been looking at the custom report features and it's great information! Only issue is that there's 'too many' options to choose from, and it gets a little confusing to me, especially with the transverse concept and etc.

                • 5. Re: Trying to report Unix OS type discovered hosts
                  Lisa Keeler

                  You are talking about the Customize button in the UI, correct?  (i.e. You want to know more about how to use it)

                   

                  Support would be glad to give you a tutorial ... just open a case and ask.

                   

                  (Custom reports are a related but different feature)

                  • 6. Re: Trying to report Unix OS type discovered hosts
                    David Hicks

                    Hi Lisa,

                     

                    Well, if a custom report can provide me the last user login id of the host that was last scanned, then yes, I suspect a custom report is what I'm looking for. Otherwise,  I was thinking that the answer might be found in the TPL code...which I'm starting to break into, finally,  too.