Need to gather log files for Support to troubleshoot Linux/Unix
How to Get Verbose Logs for All Processes of a Client with LDMS 2016
Attached is a perl script that will gather and tar files that support will request. It will create a file called gather.tar.gz in the /tmp folder.
1. Download file
2. Copy to machine displaying issue
3. chmod +x gatherlogs.pl
4. Run ./gatherlogs.pl
5. Attach the /tmp/gather.tar.gz to case
Basic inventory is supported on all Linux platforms as long as certain dependencies are met, such as compat-libstdc++. LANDesk has, however, created supports to deploy the Linux Agent to certain Linux Platforms using a Scheduled Agent Configuration. SSH is used by the task.
In the LANDesk Help file, refer to the section titled
Configuring Linux and UNIX device agents found under LANDesk Management Suite | Configuring device agents.
NOTE: Make sure name resolution back to the core works from the client. If it doesn't then the /etc/hosts file on the client can be edited with the correct resolution.
For information on troubleshooting the Linux Agent deployment, see the following document:
How to troubleshoot the Linux agent deployment?
To deploy the Linux agent to an unmanaged device, follow the steps below:
(Requirements tested with RH3U7 and a minimal installation.)
sysstat - (Server Manager agent only.) This is found on Disk 3 of the Red Hat Enterprise 3 CDs.
Note:
Red Hat 3 version prior to update 7 may or may not need additional RPMs installed. I did not test them.</ol>
Red Hat Enterprise 4
(Requirements tested with update 4 and a minimal installation.)
Tested with SUSE 10 SP1
Tested with SUSE 10 SP3 x64
Tested with SUSE 11 SP2 x64
(Tested with Kubuntu 7.0.4 and the push wasn't working, will have to test again later)
These two applications, xinetd and openssh-server, are not installed by the default Kubuntu 7.0.4 installation CD. There may be other software that is required, but these are the only two items required after a default installation.
sudo apt-get install xinetd
sudo apt-get install openssh-server
Description: This document is intended to help with troubleshooting Linux and Unix LANDesk agents. The document will contain several tips and tricks to discover problems on various features of the agent. The document is written around Linux so if Unix is the client then changes to the listed options will probably be needed but most of the executables are the same.
Analyzing logs dynamically while they are being updated
Linux and Unix includes a tool called "tail". Tail has the ability to constantly display a file and list the changes that are added to it AS they are being added. This is helpful in many circumstances. You can monitor several log files at once and easily see the order they are updated. You can watch a particular log to see if anything changes while running an application. Etc. Here is an example command that should work on many Linux distributions. (Note: The syntax may be slightly different on Unix platforms etc. Search the internet for proper syntax). This command is especially helpful to watch /var/log/messages. For those that are familiar with Windows this file is as close to the Event logs as you can get.
tail -f -n 100 /opt/landesk/logs/landesk.log
-f = A continous monitor of the file instead of just listing the last few lines of the file.
-n = The number of lines at the end of the file to list or watch
See the screen shot below...tail is watching landesk.log, scheduler.log, and vulscan.log at the same time in separate windows while an inventory or vulscan can be run in the top terminal window
Searching for files on the entire system
Command: find / -name filename
Description: The find command will start searching in the / (root directory) and search for the name of a file. Other parameters may include size or other file options.
Listing ports that are open
Command: netstat -auntp
Description: General command for Windows and Linux that shows open ports. (command options differ from Windows) This is good to see if cba is listening on the right ports. Ensuring the ports are open on the firewall is good as well.
Quick Information on using VI to edit a file
Description: Simple instructions for opening a file, editing it, then saving it again. VI is a simple editor that has two modes. One edits like a normal text editor while the other performs operations/commands. Toggling back and forth is key to using VI.
Example: Editing a hosts file to add a static name resolution
1- vi /etc/hosts
2- Press the letter "i" to enter "Insert" mode.
3- Edit the file and perform what operations you like.
4- Hit the ESC button to return to "Command" mode when you're done.
5- Press ":" to get a command prompt within the editor. Or type a ":" to apply one of the following commands.
6- Exit the editor with what action you want:
q! = Quit, discard changes, and I mean it
wq! = Write changes, quit, and I mean it.
While navigating in command mode, it doesn't use arrow keys, but letters:
H(Left) J(Down) K(Up) L(Right)
Searching a file for specific words and content
Description: cat filename | grep searchword
Explanation: "cat" will display the contents of a file. "grep" will search a file for a specific word. The "|" or pipe symbol chains the commands together to produce a more powerful command that searches a file
Example: See below...cat and grep are used twice...once to search for the word "sender" and the other to search for the word "PipeToProxyHost"
Checking applications that are running in memory
Description: "top" is the command to display all applications running on a Linux system. No command line options are needed. It will also display free space, memory, and other information.
h = The help menu
SHIFT + < = Toggles left on the list
SHIFT + > = Toggles right on the list
q = Quit
Example: The screen shot below shows map-scheduler listed which is part of the 64-bit LANDesk agent
Checking disk space
Command: df
Output: See below
File Permissions and Other Properties
Description: See below...the following diagram will show the file rights that are located on just about everything in Linux. If you use "ls -l" in a particular directory it will list all the files and display the information below. Example: In order for a file to be executable by everyone it will have an "x" in all three columns.
Command to change permissions: chmod +x filename
Description: This command will add execute permission to everyone on the file. The "+x" can be a "-" as well as "r" or "w" to add or subtract permissions across Owner, Group, and Others.
It looks like the daily inventory scan is running everyday around the time that the package was originally installed. I definitely don't want it running during the day and I definitely don't want it running at the same time on all of my machines. I'm guessing that I'll need to modify ldclient.db - and that there are 2 options:
1) modify the resource_values table entry where feature_id = crontime to be some random time during the night.
2) modify the resource_values table entry where feature_id = cronperiod to be something like 'never' and rely on a cron.daily script to run it at a random time overnight.
Thoughts, suggestions, criticisms?
This article covers the creation / use of custom data files with the LANDesk MAP-agent for Linux, used predominantly between versions of LANDesk Management Suite 9.5 and up to (and including) Ivanti Enterprise Manager 2017.1 !
Please be aware that as of Ivanti Enterprise Manager 2017.3, a freshly architected Linux agent (the "component architecture" agent) exists, which operates quite differently.
A separate article will be created for the new component agent architecture and its use of custom data overe here -- How to scan custom data on Linux Platforms in detail (EPM 2017.3 onwards) !
The purpose of this article is to familiarise the user with the ways in which the LANDesk *-IX inventory scanner picks up / process custom-data - and to do so in a manner to help people who may not necessarily have had a lot of experience with *-IX OS'es.
So whilst this has effectively very similar content to the Article here this one goes through the process without assuming any significant experience with either XML files and/or *-IX OS'es
This is a new feature that is currently only available with the 64-bit agent, the 32-bit agent is not able to pick up Custom Data by means of reading files. A "workdaround" for 32-bit agents up to LANDesk Management Suite 9.5 is provided towards the end of this document for anyone interested.
Before we begin - a few things to be aware of:
You do this via running:
chown landesk:landesk <DIRECTORY_OR_FILE>
so for instance, if we want to change the ownership of the "customdata" directory, we can do so via:
chown landesk:landesk customdata
- or, if you want to use the full path, you can do so as well:
chown landesk:landesk /opt/landesk/var/customdata
Whilst the data may be sent to your Core Server, remember that you need to "un-block" it as per this document HERE.
./opt/landesk/bin/map-reporter -V 255
This will launch the part of the inventory scanner that (among other things) processes the custom data. The "-V 255" flag enabled maximum verbosity. This way, you can easily check whether there are any problems with the files themselves (usually the act of forgetting to change ownership of the files), or with their data structure (and there's a few potential gotchas here to stumble into).
Here's a generic template for the format you need to follow (in essence - you're looking at a pretty standard XML file)::
<?xml version="1.0"?>
<!-- OPTIONAL COMMENT #1 -->
<!-- OPTIONALCOMMENT #2 -->
<!-- OPTIONALCOMMENT #3 -->
<NAME_OF_CONTAINER_UNDER_CUSTOM_DATA>
<OPTIONAL_CONTAINER_SHORTNAME name="Some Optional Container Name">
<MyData1>VALUE</MyData1>
<MyData2>VALUE</MyData2>
(...)
<MyLastData>VALUE</MyLastData>
</OPTIONAL_CONTAINER_SHORTNAME>
</NAME_OF_CONTAINER_UNDER_CUSTOM_DATA>
... and we would aim to achieve something like the following for our custom data:
Note that you can EITHER use "your intended names" directly (as we do in the case of "<LongWindedWay>"-line below), or you can use a shorthand variable inside the XML whose 'full display name' you define (such as in the line "<LDCF name="LANDesk Custom Fields">"-line below)
A filled out Custom Data XML-file can then look like so:
* Note - for ease of readbility, I'm marking XML comments in THIS COLOUR.
<?xml version="1.0"?>
<!-- LANDesk Unix/Linux Agent - Custom Data XML Example File -->
<!-- Version 1.2.3.4 -->
<!-- My Team / My Date -->
<!-- You can use long-names in the XML for your categories / attributes, such as for "Asset Information"-->
<!-- Note that you MUST NOT have spaces in your object-names/tags! -->
<!-- Addition of White Space for added readability is fine -->
<Asset_Information2>
<LDCF name="LANDesk Custom Fields_2">
<!-- Note that I use "REL-L-NUM" here! -->
<RELLNUM name="Location RELEASE NUMBER">9.5.0.1</RELLNUM>
<LOC name="Location In The World">London</LOC>
<LongWindedWay name="Comment">
This is me. Aren't I pretty?
</LongWindedWay>
</LDCF>
<!-- Note that you *CANNOT* use multiple "root" categories in a single XML. -->
<!-- So you cannot have both the "ASSET_INFORMATION" and the "USERINFO" groups in a single XML. -->
<!-- Just use multiple XML's in this case - the inventory scan will pick them all up.-->
<SC name="Some Other Category_2">
<!-- Note that I use "REL-U-NUM" here! Beware of similar attributes (such as REL-L-NUM above), it can make mistakes more likely -->
<RELUNUM name="User RELEASE NUMBER">9.5.0.1</RELUNUM>
<ORGUNIT name="Organisational Unit">MyUnit</ORGUNIT>
</SC>
</Asset_Information2>
This would then present itself in inventory as per the following two screenshots:
PLEASE NOTE:
It does *NOT* matter in what order you add the custom inventory data. By default, LANDesk will sort things alphabetically for you in the console anyway (as you can see in the screenshot used above). The below version of the very same XML-data has been reformatted to closer represent the inventory scan showing on the screenshot.
Keeping to such an alphabetic theme might make things easier for you to work with whilst your designing your custom data / if you have to edit it, but is not a requirement in the slightest.
This is a favourable option because it's easier to control & modify and you can have segragated data (i,e, a "Asset Information" and a "User Information" category for instance).
Also this makes it a lot more manageable if you need to update anything - if you have different scripts collecting different bits of custom data, it's much easier to just have "one function/script change one small file" rather than having a singular, massive XML.
This is by far the more manageable an friendly option.
This is less recommended for two reasons:
* You're more likely to make mistakes (more lines == more likelihood, after all), and ...
* A single error would effectively prevent ALL of your custom data from being processed, rather than "just the particular part file".
* More complex to update and manage via scripts.
I'm not saying "it can't be done" (as I'm certain some people might take it as a challenge) - I'm merely highlighting the fact that you're inviting a lot of considerable problems with really no benefit in return.
Just a recap and listing of experiences made.
* Don't forget to run "chown" and change ownership over to "landesk:landesk" on the directory as well as the XML file(-s), else we may not be able to read the contents of the file(-s).
* Don't assume that you get everything right the first time round. Test & re-test as it's it's simple to do. Remember - all it takes is "map-reporter -V 255". The verbose option will generally be your best friend to highlight problems with your XML's.
* Don't be adventurous with naming your XML-tags or object names. Generally, sticking to the following list is "safe":
- Characters from "a-z"
- Characters from "A-Z"
- Numbers (so 0-9)
- Using a dash ( - ) and an underscore ( _ )
XML doesn't necessarily deal very well with certain characters outside of those listed above - so try and avoid that risk.
Just to clarify, I'm talking about the XML-tags and object-names only here. So in the example given above in Section III, XML-tags would be things such as:
Whilst certain characters such as ( & ) or ( * ) are relatively commonly avoided, some unexpected stumbling blocks do occur. For instance, I was reading out a certain piece of hardware information and the data that was given to me was a single string with a few ( : ) colons in it ... due to uniqueness concerns, we ended up trying auto-naming the attribute with such a ( : ) in it ... such as "Disk:0" for instance ... and this can get you into trouble.
Using such characters in the DATA VALUE tends to be fine (so that'd be for instance the "9.5.0.1" string in the above example of RELLNUM) but outside of that, be mindful that XML can scupper your well-laid plans. Test and re-test.
* ... think carefully about what custom data you WANT to collect and what you may want to collect in the future / further down the line.
* ... design your XML's sensibly with this in mind will save you headaches further down the line (moving data from "place A" to "place B" is a pain - not only would it need to be done in the database, but in the XML's as well, and you'd be potentially facing some clients that don't update properly, etc. - so all sorts of fun to go wrong with data in (potentially) multiple places for different devices. Data consistency is your friend!
Due to current differences in architectural differences between the 64-bit MAP agent and the 32-bit agent the above process is not applicable to 32-bit agents.
If you end up being in a situation where you do need to add custom data to a current (up to LANDesk Management Suite version 9.5 at the time of writing) is essentially the following:
1 - Run inventory with the option to create an output file.
2 - Append your desired data in regulard inventory scanner format to the output file.
For the example used here, the correspondonding format data would look like so:
Custom Data - Asset_Information2 - LANDesk Custom Fields_2 - Location RELEASE NUMBER = 9.5.0.1
Custom Data - Asset_Information2 - LANDesk Custom Fields_2 - Location In The World = London
Custom Data - Asset_Information2 - LANDesk Custom Fields_2 - Comment = This is me. Aren't I pretty?
Custom Data - Asset_Information2 - Some Other Category_2 - User RELEASE NUMBER = 9.5.0.1
Custom Data - Asset_Information2 - Some Other Category_2 - Organisational Unit = MyUnit
Please note that as of IEM 2016, the MAP-agent does come in 32-bit format, so the use of the XML's described here is fine with that.
This article should provide all of the information that you might require to work with custom data on *-IX operating systems, even if you have very little experience with it.
Description:
The Installation of the new linux agent might not have changed on the front-end but we have made some major changes on how the agent works on the back-end. The below doc describes the nixconfig.sh which is now used for installation of the agent with some new features. The change occurred to make the agent less bulky and consistency with other agents like Windows and Mac. These include agent settings, conf files and new switches for our components. We will be covering the installation, prerequisites and new OS support.
Verify your platform:
New Items:
Installation Guide
Nixconfig.sh is updated to remove legacy packages, install new component architecture packages on Linux hosts and support legacy agent on Unix (AIX, HP-UX and Solaris) hosts.
/opt/landesk/etc.
Push Install:
Manual Install
Script Features:
Script Usage:
Usage: ./nixconfig.sh [OPTION]...
LDMS Agent installation, upgrade and removal processing.
-a core FQDN of LDMS core.
-c INI_file Uses INI configuration file for installation preferences.
-d Add debug lines to output.
-h Prints help message.
-i pkg Installs specified agent packages [all, cba8, ldiscan, sdclient or vulscan].
-l log_file Log file for logging output [default: stdout].
-k cert_file Certificate file.
-p Install prerequisites - pulled from distribution repositories or Core.
-r pkg Remove specified agent packages [all, cba8, ldiscan, sdclient or vulscan].
-R With option -r, ensures the /opt/landesk directory is gone including the GUID file.
-u repo_url Custom repository definition (Linux Only).
-D Install assuming no network connection except to core. (Overrides -p and -u options).
Script Examples:
./bin/sh /tmp/nixconfig.sh -a win-pt2tta27i1n.ivanti.com -i all -p
./nixconfig.sh -a win-pt2tta27i1n.ivanti.com -i all -p
./nixconfig.sh -r allNotes:
[Custom Repository]Repository=”http://www.example1.com/example1.repo”
Prerequisites
CentOS/Red Hat Enterprise Linux 6 Packages:
glibc, pam, xinetd, libgcc, libxml2, zlib, openssl, libtool-ltdl
CentOS/Red Hat Enterprise Linux 7 Packages:
glibc, pam, xinetd, libgcc, libxml2, zlib, openssl, libtool-ltdl
SuSE Linux Enterprise Server 11 Packages:
glibc, pam, xinetd, libgcc46, libxml2, zlib, util-linux, libtool
SuSE Linux Enterprise Server 12 Packages:
glibc, pam, xinetd, libgcc_s1, libxml2-2, libz1, openssl, util-linux, libtool
Ubuntu 14.04 and 16.04 Packages:
libpam-runtime, xinetd, libxml2, zlib1g, openssl, libltdl7
Configuration Files:
This info is fairly extensive and have created a separate doc to over the full details. Please see doc: 2017.3+ Linux Agent Conf Files
Script Tools:
Executable | Requires Escalated Privileges | AIX | HPUX | Solaris | CentOS | RHEL | SLES | Ubuntu |
apt-get | X |
|
|
|
|
|
| X |
basename |
| X | X | X | X | X | X | X |
chmod | X | X | X | X | X | X | X | X |
chown | X | X | X | X | X | X | X | X |
crontab | X | X | X | X | X | X | X | X |
wget (or curl) |
| X | X | X | X | X | X | X |
cut |
| X | X | X | X | X | X | X |
date |
| X | X | X | X | X | X | X |
dpkg | X |
|
|
|
|
|
| X |
dpkg-query |
|
|
|
|
|
|
| X |
ed | X | X | X | X | X | X | X | X |
echo |
| X | X | X | X | X | X | X |
expr |
| X | X | X | X | X | X | X |
grep |
| X | X | X | X | X | X | X |
groupadd | X | X | X | X | X | X | X | X |
groupdel | X | X | X | X | X | X | X | X |
gzip |
| X | X | X | X | X | X | X |
id |
| X | X | X | X | X | X | X |
kill | X | X | X | X | X | X | X | X |
ls |
| X | X | X | X | X | X | X |
mkdir | X | X | X | X | X | X | X | X |
mv | X | X | X | X | X | X | X | X |
paste |
| X | X | X | X | X | X | X |
pkgadd | X |
|
| X |
|
|
|
|
pkginfo |
|
|
| X |
|
|
|
|
pkgrm | X |
|
| X |
|
|
|
|
profiles |
|
|
| X |
|
|
|
|
ps |
| X | X | X | X | X | X | X |
pwd |
| X | X | X | X | X | X | X |
rm | X | X | X | X | X | X | X | X |
rmgroup | X | X |
|
|
|
|
|
|
rpm | X | X |
|
| X | X | X |
|
sed |
| X | X | X | X | X | X | X |
sleep |
| X | X | X | X | X | X | X |
sort |
| X | X | X | X | X | X | X |
swinstall | X |
| X |
|
|
|
|
|
swlist | X |
| X |
|
|
|
|
|
swremove | X |
| X |
|
|
|
|
|
sudo | X |
|
|
|
|
|
|
|
tar |
| X | X | X | X | X | X | X |
tr |
| X | X | X | X | X | X | X |
uname |
| X | X | X | X | X | X | X |
yes |
| X | X | X | X | X | X | X |
yum | X |
|
|
| X | X |
|
|
yum-config-manager | X |
|
|
| X | X |
|
|
useradd | X | X | X | X | X | X | X | X |
userdel | X | X | X | X | X | X | X | X |
wget (or curl) |
| X | X | X | X | X | X | X |
zonename |
|
|
| X |
|
|
|
|
zypper | X |
|
|
|
|
| X |
|
Questions:
Hello,
I would like to install the linux agent on a Debian server. I have the Endpoint Security 8.5 U1 installed and tried with some of the agents provided in the "Tools / Download agent installer" menu.
Each time I have the following on the Linux Debian server :
root@GCRM01:~/UnixPatchAgent# ./install
Installing HEAT PatchLink Agent 8.3051
Copyright (c) 2015 HEAT Software USA Inc.
Performing tests for Manual install...
Manual installation tests successfully completed.
Enter the directory where HEAT PatchLink Agent should be installed [/usr/local]:
Expanding archive...
ERROR: A proper release file was not found in /etc/
Please install the correct redhat-relese or suse-release package and retry the installation
Is there any way to install the agent on a Debian server ?
Thanks
Best regards
Gabriel Maret
The task is in pending status and does not change when deploying software to Linux platform agent with Policy method. It happens to when you try to apply a Linux patch with Policy too.
Get the policy.log, scheduler.log, vulnerability.log from the Linux platform agent.
You may find below in the log:
Force Redeployment: false, Is Multi-Task Protected: true, Policy Deployable: false, Policy Type (roll-up): true, Push Policy (roll-up): false]
This is a configuration issue. If Force Redeployment has NOT been checked on the core and multitask-protection is true on the core then this policy task should NOT be rescheduled to run on the client.
Either force redeployment needs to be true which translates to the Task setting “Ignore subsequent requests on successfully targeted clients” being checked:
Or multi-task protection needs to be false which translates to the Distribution and Patch agent setting under Install/remove options “If a multiple-patch task is running, then…” be checked. This is under Software Distribution agent setting:
Description: This is a quick reference list of some agent errors or problems that have been noticed and the fixes that are needed to remedy them. These issues (if not already addressed) should be fixed in future service updates.
Issue 1: "cannot use operator[] with boolean" message when running vulscan. Message should appear in the /opt/landesk/log/vulnerability.log
Resolution:This was a bug in the vulnerability scanner that was fixed in 2017.3 SU3. A work around would be to remove any patches from the unassigned group for Linux.
Issue 2: "terminate called after throwing an instance of 'std::out_of_range' what(): basic_string::substr" when running a vulnerability scan. This message should also appear in the /opt/landesk/log/vulnerability.log
Resolution:This is a bug that should be addressed in a future service update. A complete removal and reinstall with specifying the core certificate should resolve the problem.
Issue 3: "Failed to uncompress stream" when running a vulnerability scan
Resolution:The cause/resolution is still being researched however the vulnerabilitydata on the core may be at fault.
Issue 4: Agent Status Icons are not working or the right-click request a scan is grayed out.
Resolution: This issue can be caused by a few sources. The core is attempting to reach the client so DNS, network issues, etc can all cause the problem. If the core does reach the client it will then compare the DeviceID. Make sure the ID matches what is shown in inventory. If the client doesn't match then remove the database record for the client and perform a full inventory scan.
The client DeviceID is located in the file: /opt/landesk/etc/landesk.conf
The core DeviceID is located in the inventory record:
Hello everybody,
Has someone experience with agent installation on Ubuntu?
I have tried this instructions : Manual Install of 64 Bit Linux/Unix Agent
After all I successfully installed the client and the process is running.
But now the problem: I get no information about this device in our Management Suite.
I'm not sure if the scan fails or if it has problems to send data to our server. This is how the scan file looks like.
Can somebody help?
Thank you
This document is designed to give a new IVANTI Administrator a quick way to patch linux agent via patch manager component. It will get you started so you have a solid starting place to build upon.
A license for Linux OS is required for patch installation, you need active your Linux subscription by registering with Linux Vendor.
As we call on YUM to download and install linux patch, you can check the YUM configure file once you complete the registration
1, Download Linux patch definition
2, Run vulscan on Linux client
[root@localhost Desktop]# cd /opt/landesk/bin/
[root@localhost bin]# ./vulscan -V255
3, Go to Ivanti core server and right-click that device. Then select "Security and Patch Information"
4,Right click the the detected vulnerability, and select "Repair" to create a repair task.
Once you run the task, the client will call on YUM to download the patches you have specified, then run YUM install to install the package.
Note: If you want to learn more about YUM, please see article as below
How to use YUM to fix linux agent dependency package issue
When experiencing problems with the security scan (vulscan stays in memory or fails to report a vulnerability, etc) a helpful step for troubleshooting is to use the Linux "tail" command in one terminal window while executing the security scan in another. See the screen shot below. The tail command will constantly monitor the vulscan log after it's executed and report updates to the log in real time. If the scan gets stuck or hung on a specific vulnerability it will be identified in the log.
Command to execute the tail: (note: the 500 in the command below just dictates how many lines to watch at the end of the log file)
tail -f -n 500 /opt/landesk/logs/vulscan.log
Command to execute the security scan:
/opt/landesk/bin/vulscan -V255
After executing the command it may be a minute before the scan starts. You can see two copies of the putty.exe application is running with the same user logged into both. The scan gets sent as a job and waits for the job to be executed. The scan is currently running and parsing through each vulnerability.
This article details the troubleshooting steps and other related information for Linux and Unix agents. This information will help configure and resolve issues with the Linux and Unix agents.
Linux and Unix agents in Ivanti have changed their structure 2 times over several versions. Below is a timeline of sorts that explains each version
| Name | Description |
|---|---|
| 32-bit Agent | Old agent that only worked on 32-bit clients. MAP agent (below) replaced this agent late in 9.6 service packs. |
| MAP Agent | Released initially in 9.0 SP2 as the 64-bit agent for Linux/Unix. This agent is still in use today on some Unix flavors. |
| 2017.3 Agent | Released in 2017.3. This is the newest agent and will be the structure going forward. On all supported Linux clients this replaced the MAP Agent. As noted above the MAP agent is still used on some Unix clients. |
Supported Flavors and Versions of Linux can be found in the following article: Supported Platforms and Compatibility Matrix
How to tell the difference between the 64-bit and 32-bit Linux agents
General Information on the 2017.3 Linux Agent
| Filename | Location | Description |
|---|---|---|
| RAXfer.log | C:\ProgramData\LANDesk\Log\raxfer.log | Core side log that controls initial access/authentication to the machine. In addition to authentication problems this log will also include missing dependency and other errors |
| Varies | /var/log | Update logs for various flavors of Linux can be found here. The name of the log depends on the update tool used in the particular Linux OS. This information can help with patching and installing prerequisite packages. |
Dependency and permission problems are the most common issues when installing the Linux and Unix agents. Be sure to analyze firewall traffic (or disable as a test), look at various logs, and test with different users. DNS problems going to the device and back to the core can also be an issue. Please test with both hostname and Fully Qualified Domain Name (FQDN) in both directions.Also see the General Errors and Fixes section below. Prerequisite applications needed by the agent can also be an installation problem. Please reference the update log for the particular Linux OS that you're working with.
Note: There are several circumstances that may require the agent to be removed before a new agent can be installed properly. If you're experiencing problems please run these tools and verify the directories and files are removed before installing the agent again.
2017.3 and MAP Agent
| Location | Description |
|---|---|
| /opt/landesk/log/vulnerability.log | Contains information on vulnerability detection, remediation, settings, etc. |
| /opt/landesk/log/inventory.log | Contains information on the various items scanned by the inventory scanner as well as transmit information to the core |
| /opt/landesk/log/policy.log | Contains information on the processing of policy tasks on the client, which configuration file it's using, and more |
| Location | Description |
|---|---|
| 32-bit Agent | /usr/LANDesk |
| MAP Agent | /opt/landesk |
| 2017.3 Agent | /opt/landesk |
| Filename | Location | Description |
|---|---|---|
| RAXfer.log | C:\ProgramData\LANDesk\Log\raxfer.log | Core side log that controls initial access/authentication to the machine. In addition to authentication problems this log will also include missing dependency and other errors |
| All | /opt/landesk/log | All logs from this location on the client machine |
| yum.log | /var/log | Yum.log is the update tool used by Red Hat and CentOS Distributions |
| history.log | /var/log/apt/history.log | Apt-get is the update tool used by Ubuntu Distributions |
Linux / Unix for Ivanti Endpoint Manager |
|---|
Product Help Documents IEM 2017 / LDMS 2016 | LDMS 9.6
How to Troubleshoot Linux and Unix
This is a list of highly recommended documents for increasing overall knowledge of this component. The article's listed below are applicable to LANDESK Management Suite 9.0, 9.5 and, 9.6 If you want to review additional content regarding this component, please use Documents or Discussions buttons on the overview page. |
| LDMS 2016 Information | Older Documents (May or may not apply to current release) |
|---|---|
| Policy based support for *NIX in LDMS 2016 | How to install the Linux agent through the command prompt version 8.8 and prior |
| How to Get Verbose Logs for All Processes of a Client with LDMS 2016 | How to install the Unix agents: HP-UX, Solaris, and AIX (version 8.8 and prior) |
| How to configure the LANDesk Virtual OS Hosts? | |
| Release Notes: Post LD9.0 SP2 x64bit Linux/Unix MAP agent | |
| How to perform an agentless inventory scan of a Linux machine | |
| How to gather DNS information or other configuration text files on a Linux client |
Notice:Any E-Learning content is available by default to Members who have a minimum support agreement at Professional level.
This article is not a comprehensive list of documents and issues. You can continue to search the rest of the community or the portion specific to the Linux/Unix Agent if this page hasn't helped.
Description: On 9.0 and above LANDesk core servers there is an option in the Agent Configuration to specify if that agent is 32-bit or 64-bit. Each agent configuration will employ a different set of files and those files operate completely different from one another. Also, with the release of 2017.3 a new agent structure is now in place. Telling the difference between these agents can be difficult. The 32-bit agent technically can be installed on both a 32-bit and 64-bit OS's for example.
NOTE: Only 1 agent (either 32-bit or 64-bit) can be used at a time. Both agents on 1 device will cause problems.
[2017.3 Agent]
This is the newest Linux agent. The agent is in use on all supported Linux distributions in 2017.3 and onwards. Unix clients still use the MAP Agent below. This is a directory listing of /opt/landesk/bin.
[64-bit MAP Agent]
The 64-bit agent is newer than the 32-bit agent but it's also more self-sufficient. This agent will include it's own scheduler that runs in memory and will execute tasks according to configuration. The primary installation directory is /opt while it will configure links in the /usr/LANDesk directory.
[32-bit Agent]
The 32-bit agent is older and operates much differently. Inventory and Security scans are scheduled manually through cron. The inventory scanner is found in /usr/LANDesk/ldms.
It's recommended to use a naming convention with the agent which will make it easier to tell through the inventory scan. See below..the Agent Configuration Name is shown:
Description: When repairing kernel related patches these patches may remain in the "All Detected" section of Security and Patch Information while some may move to "All Installed". The reason for this is the old kernels still remain on the machine. If the machine is booted with the old kernels then the machine will be vulnerable.
Solution: A code change is planned to address the design in a different way and detect the current running kernel. To make reports and the GUI show as "fixed" remove the old kernel files from the machine and they should no longer show vulnerable.
Example: CESA-2017-3200 below. Depending on the particular vulnerability some may move correctly while others do not.
Description: This document is intended to help with troubleshooting Linux and Unix LANDesk agents. The document will contain several tips and tricks to discover problems on various features of the agent. The document is written around Linux so if Unix is the client then changes to the listed options will probably be needed but most of the executables are the same.
Analyzing logs dynamically while they are being updated
Linux and Unix includes a tool called "tail". Tail has the ability to constantly display a file and list the changes that are added to it AS they are being added. This is helpful in many circumstances. You can monitor several log files at once and easily see the order they are updated. You can watch a particular log to see if anything changes while running an application. Etc. Here is an example command that should work on many Linux distributions. (Note: The syntax may be slightly different on Unix platforms etc. Search the internet for proper syntax). This command is especially helpful to watch /var/log/messages. For those that are familiar with Windows this file is as close to the Event logs as you can get.
tail -f -n 100 /opt/landesk/logs/landesk.log
-f = A continous monitor of the file instead of just listing the last few lines of the file.
-n = The number of lines at the end of the file to list or watch
See the screen shot below...tail is watching landesk.log, scheduler.log, and vulscan.log at the same time in separate windows while an inventory or vulscan can be run in the top terminal window
Searching for files on the entire system
Command: find / -name filename
Description: The find command will start searching in the / (root directory) and search for the name of a file. Other parameters may include size or other file options.
Listing ports that are open
Command: netstat -auntp
Description: General command for Windows and Linux that shows open ports. (command options differ from Windows) This is good to see if cba is listening on the right ports. Ensuring the ports are open on the firewall is good as well.
Quick Information on using VI to edit a file
Description: Simple instructions for opening a file, editing it, then saving it again. VI is a simple editor that has two modes. One edits like a normal text editor while the other performs operations/commands. Toggling back and forth is key to using VI.
Example: Editing a hosts file to add a static name resolution
1- vi /etc/hosts
2- Press the letter "i" to enter "Insert" mode.
3- Edit the file and perform what operations you like.
4- Hit the ESC button to return to "Command" mode when you're done.
5- Press ":" to get a command prompt within the editor. Or type a ":" to apply one of the following commands.
6- Exit the editor with what action you want:
q! = Quit, discard changes, and I mean it
wq! = Write changes, quit, and I mean it.
While navigating in command mode, it doesn't use arrow keys, but letters:
H(Left) J(Down) K(Up) L(Right)
Searching a file for specific words and content
Description: cat filename | grep searchword
Explanation: "cat" will display the contents of a file. "grep" will search a file for a specific word. The "|" or pipe symbol chains the commands together to produce a more powerful command that searches a file
Example: See below...cat and grep are used twice...once to search for the word "sender" and the other to search for the word "PipeToProxyHost"
Checking applications that are running in memory
Description: "top" is the command to display all applications running on a Linux system. No command line options are needed. It will also display free space, memory, and other information.
h = The help menu
SHIFT + < = Toggles left on the list
SHIFT + > = Toggles right on the list
q = Quit
Example: The screen shot below shows map-scheduler listed which is part of the 64-bit LANDesk agent
Checking disk space
Command: df
Output: See below
File Permissions and Other Properties
Description: See below...the following diagram will show the file rights that are located on just about everything in Linux. If you use "ls -l" in a particular directory it will list all the files and display the information below. Example: In order for a file to be executable by everyone it will have an "x" in all three columns.
Command to change permissions: chmod +x filename
Description: This command will add execute permission to everyone on the file. The "+x" can be a "-" as well as "r" or "w" to add or subtract permissions across Owner, Group, and Others.
The goal of this document is to act as a guide on not only how to perform a vulnerability scan but also what to do when a scan doesn't work correctly.
Additional Note: You can see what a machine is vulnerable for by right-clicking and selecting "Security and Patch Information".
3. Search for the vulnerability by package name. You can find the name in the properties of the vulnerability. You can search by prefacing the name with a "/"
Example: NetworkManager-wwan-1.0.6-29.e17_2.x86_64.rpm
Note: In this case I searched using the first part of the full name but the full name can be used
Note: The cursor moves to the targeted line in the file. Repeat the steps to find the next line.
In most cases the requested package and installed package are compared and the results are displayed.
Example: This screen shot shows what platforms the vulnerability affects. This information is usually correct but if it's not, log a case with support to get the content corrected. Other settings should be verified too when troubleshooting.
Hi team,
We have Ivanti Endpoint Security 8.5.0.20 (8.5 Update 1) installed and I would like to install the agent on our Red Hat 7.4 servers, but face several issues:
So my question is the following: did I miss something or does the Agent 8.3057 really not support RHEL 7 ?
Thanks in advance for your feedback,
Stefane
Hi folks,
In this topic "Supported Platforms and Compatibility Matrix for LANDESK Management Suite/Ivanti Endpoint Manager" https://community.ivanti.com/docs/DOC-23848I can see AIX,Ubuntu are supported for Ivanti Agent.
But in Patch & Compliance --> Download --> Updates I can not see AIX, Ubuntu.
Could it be possible if anyone can confirm the Patch and Compliance is supported or not for download patches for following operating system:
- AIX
- Red Hat Enterprise Linux
- Oracle Linux
- Oracle Solaris, Sun Solaris
- CentOS
- SUSE Linux Enterprise
- Ubuntu Linux
Thanks a lot!
Hi, Can you help to answer the following?
Thank you.
