Check evaluation results from UNIX servers return an "Unknown" value in CCS.
Last Updated July 30, 2014
Check evaluation results from UNIX servers return an "Unknown" value in Control Compliance Suite (CCS).
Symptoms In the 'Messages' or 'Errors' tab for a Data Collection job an error is returned:
The query was halted before completion... Query time out in command execution: sh -c "du -k..."
Also in an Evaluation job an error may be returned:
Failed to retrieve data from SQL for asset...
Both errors may appear together in a Collection-Evaluation-Reporting job.
A timeout occurring due to large number of files being searched. Other typical causes include targeting large file systems or remote file systems via a mount point.
Determine the check that uses the Files data source (Entity) that is causing the timeout, copy the Standard and remove the check from the copy. An example of a predefined check that can have this issue is in 'Security Essentials for AIX, section 6.3, "Files owned by unknown user". Removing this check will mean that the standard will no longer be performing that check so be aware that this can affect compliance with the standard.
Switch to agent based mode. If the check is timing out as a result of collector or network resource issues, using an agent may alleviate the issue.
Using results of log files or df -k command on server determine the largest file system. It may also be necessary to examine the fstab (file system table) file to determine if there are remote file systems being mounted. By implementing the following parameters we can limit which directories are scanned. Follow these steps to exclude the directory path from the data collection jobs:
The location of the config file depends on the version and data collection method (agentless or agent-based).
CCS 11, agentless: On the CCS Manager in the data collector role, edit Dn:\Program Files (x86)\Symantec\CCS\Reporting and Analytics\DPS\control\Unix\ConfigFiles\bvAgentlessConfig.ini
CCS 11, agent-based: On the Unix agent machine, /esm/bin/dcmodules/<PLATFORM>/UNIX/bv.conf
CCS 10.5.1 or earlier, agentless: On the RMS Information Server, Dn:\Program Files\Symantec\RMS\Control\UNIX\ConfigFiles\bvAgentlessConfig.ini
CCS 10.5.1 or earlier, agent-based: On the bv-Control for unix agent machine, /<INSTALLDIR>/BindView/bvcontrol/bv.conf
Edit the conf file located in Step 1. Enable the following parameters by uncommenting one or both of the statements: The parameters specify the path and name of a text file that contains a list of any paths that will be ignored during file and find data collection commands.
Edit the two files pointed to by the parameters, either IgnoreDirectoryPathsAlways.dat or IgnoreDirectoryPathsForFind.dat, and list the paths to ignore in the appropriate file. Each directory should be listed, one per line with an extra blank line at the bottom of the file. Ex: /path/to/ignore /path/to/network/share /rabbit/hole <blank line>
Additionally, in the conf file, the line #IgnoreRemoteFileSystems=false, can also be uncommented and set to true to eliminate scans on remote filesystem.
On agent-based installations, the agent must be restarted after making the changes to the conf file.
In CCS 11, from the command line on the agent system, /esm/esmrc restart
In CCS 10.5.1 and earlier, from the command line on the agent system, /<INSTALLDIR>/BindView/bvcontrol/bvunix.startup restart
Imported Document ID: TECH116251
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe