6 Replies Latest reply on Sep 23, 2009 5:54 PM by Bill Robinson

    32bit (Program Files) and 64bit [Program Files (x86)]

      We have a Symantec AV parent machine that pushes the latest SAV virus def. to all of our servers. We just instituted some 64bit servers, and altho they are using Symantec EndPoint, how we see SAV and the Virus Definition file (definfo.dat) are basically the same, except for the primary "Program Files" location:

      for 32bit servers, the path is: c:\program files\common files\symantec shared\virusdefs\definfo.dat

      for 64bit servers, the path is: c:\program files (x86)\common files\symantec shared\virusdefs\definfo.dat


      The problem starts with the location of the definfo.dat file on our parent AV server - it's 32bit. Auditing the other 32bit servers using the info taken from the definfo.dat file is no problem (since the path & location are the same).


      On our 64bit servers, however, it gets messy because there is no "program files (x86)" folder on out 32bit parent AV server. (In essence, i want to compare the contents of [master] c:\program files\common files\symantec shared\virusdefs\definfo.dat to [target] c:\program files (x86)\common files\symantec shared\virusdefs\definfo.dat. An audit will tells us that each 64bit server is "missing" the c:\program files\...\definfo.dat.


      Is there a way to compare content to content, irregardless of path? Can I force BladeLogic to see just data, and not care if the paths don't match up? Can I force BL to use the value of one Config Entry against a completely different Config Entry? Even tho the end-files are the same?



      Also, I've setup a configuration entry for both "definfo.dat" files (32 & 64bit). In this file (irreardless of the platform), the entry that tells me the date of a server's AV defintion is listed as NAME=CurDefs and VALUE1=4digityear2digitmonth2digitday.version (ex. 20090917.002)


      Using a Configuration Entry, I was able to easily find out the value for CURDEFS, but I was wondering if there was a way to get on the first 8digits - I'd like to drop the version number because it's not important. (i've found that there are several versions for any given day). Is this possible?

        • 1. Re: 32bit (Program Files) and 64bit [Program Files (x86)]
          Bill Robinson

          Create a server property called "PROGRAMFILES" and set the values up like "/C/Program Files" and "/C/Program Files (x86)"


          Create a component template w/ the part of "??TARGET.PROGRAMFILES??/common files/symantec shared/virusdefs/definfo.dat".  use this part as a discovery condition.


          then run your snapshot and audit jobs using this template and the associated components. 


          you can use that parameterized path in the config file definition too...


          I'm not sure about cutting off the version, you'd have to have a different grammar file that could handle the delimiters of = and .


          or you could write an extended object like:


          cat //??TARGET.HOST??"??TARGET.PROGRAMFILES??/common files/symantec shared/virusdefs/definfo.dat | grep NAME= | cut -f1 -d.


          might need to play w/ that a bit.

          • 2. Re: 32bit (Program Files) and 64bit [Program Files (x86)]

            Thanks Bill... I was thinking that variables would be the way to go - problem is, the BladeLogic documentation is a little "lacking"... But this sounds like it will work!


            QUESTION: This property will be something that will will need to be defined for each Wintel server, correct? Or will this be something that will automatically deduce? ("oh, it's a 32bit -> /c/Program\ Files\.... or 64bit -> /c/Program\ Files\ (x86)\ or... It's not a wintel box at all -> <empty>")


            Also, the CAT command is great, too! I'll play around with it.

            • 3. Re: 32bit (Program Files) and 64bit [Program Files (x86)]



              Your suggestion for using a variable in my configuration object was perfect. It audits both 32- & 64-bit servers in one audit with no issue - thanks.


              Now, trying to get an EO going here but i'm having trouble.


              I've got the NSH command that will run in a putty session that will parse out the info I need from the DEFINFO.DAT file on 32-bit servers:

              cat //<servername>/c/Program\ Files/common\ files/symantec\ shared/virusdefs/definfo.dat | grep CurDefs= | cut -c 9-16

              and for 64-bit:

              cat //<servername>/c/Program\ Files\ (x86)/common\ files/symantec\ shared/virusdefs/definfo.dat | grep CurDefs= | cut -c 9-16


              Now, I am trying to remember what I learned about EO's and I just can't seem to get it right.


              I've played around with it a little and got this to work:

              cat //??TARGET.HOST??/c/Progra~1/common~1/symant~1/virusdefs/definfo.dat


              Problem with this is, it won't take advantage of my ??TARGET.PROGRAMFILES?? variable (which is set to /C/Program Files, /C/Program Files (x86) or \) - I can't believe that I have to use "Progra~1" - there has to be a way that this one command will work on both windows platforms...


              Second problem is, it konks out when i throw a "|" at the end (for example: "| grep CurDefs=")


              Is there a way I can utilize my TARGET.PROGRAMFILES variable in the above EO?

              Second, how can I implement the "grep" and "cut" that I'll need to extract just the info that I need?

              Third, in going thru other EO's, i saw commands that were prefaced with "nsh -c" and "nexec" - will I need any of those to make this work my way?

              • 4. Re: 32bit (Program Files) and 64bit [Program Files (x86)]
                Bill Robinson

                use double quotes like:

                cat "//??TARGET.HOST????TARGET.PROGRAMFILES??/common files/symantec shared/virusdefs/definfo.dat" | grep CurDefs= | cut -c 9-16


                to deal w/ the pipe, you might need to do something like:


                nsh -c "

                cat \"//??TARGET.HOST????TARGET.PROGRAMFILES??/common files/symantec shared/virusdefs/definfo.dat\" | grep CurDefs= | cut -c 9-16"

                • 5. Re: 32bit (Program Files) and 64bit [Program Files (x86)]

                  Ok, this is still not working for me. I've created a vbscript that will

                  find the info that I am looking for, while also compensating the change in platforms:



                  Set WshShell = CreateObject("WScript.Shell")

                  OsType = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")

                  If OsType = "x86" then
                  PathSuffix=" (x86)"
                  end if

                  Const ForReading = 1

                  Set objFSO = CreateObject("Scripting.FileSystemObject")
                  Set objFile = objFSO.OpenTextFile("c:\Program Files" & PathSuffix & "\Common Files\Symantec Shared\VirusDefs\DefInfo.Dat", ForReading)

                  strContents = objFile.ReadAll

                  DefDate= right(left(strContents,20+8),8)




                  What the whole text file looks like:


                  what gets pulled out in the DefDate variable:



                  Now, my question is (since I am new to this), how do I get the DefDate value sent back to the extended object?


                  This is getting too confusing... I'm not even certain on how to use NEXEC to execute this script (whether it's located on the AppServer or locally on the target server)....

                  • 6. Re: 32bit (Program Files) and 64bit [Program Files (x86)]
                    Bill Robinson

                    You need to get your output to cut off the .blah.  When that comes into BladeLogic, the grammar engine will parse it and it doesn't know what to do w/ something you want to delimit first by '=', then by '.'


                    You should be able to use either name=value or ini as the grammar.