I’ve posted in https://community.squaredup.com/answers/question/permissions-needed-for-vada-in-linux/?show_answer=3795#answer_3795#comment-525
but then thought it’s better to start a new thread. 🙂
When I run VADA on Linux it just sits there and does nothing. This seems to be on RH6 and RH7 boxes. RH5 is fine.
run the Get Netstat CSV in SCOM I get a lot of info back on processes. I’ve pasted last few lines (and sanitised IP addresses/servernames)
server1,18515,sshd,”sshd: ausername [priv]”,TCP,000.000.000.181,22,000.000.000.000,56947,ESTABLISHED,000.000.000.000
ERROR: Process ID list syntax error.
********* simple selection ********* ********* selection by list *********
-A all processes -C by command name
-N negate selection -G by real group ID (supports names)
-a all w/ tty except session leaders -U by real user ID (supports names)
We have a privileged run-as account configured in SCOM. I can ssh into the box and execute Netstat and PS with no issues.
If I copy/paste the script from
unix 3 [ ] STREAM CONNECTED 14153 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 18033
Unknown format type
netstat -tpn returns a – (dash) in the final column.
Thanks for the help. 🙂 For your two comments:
- I’m lost on the & and &. I read that as replacing one character with an identical one? (ie & and & ). So I’m confused 🙂
2. I ran sudo netstat -tpn
output sample is (IP address sanitized)
tcp6 0 0 220.127.116.11:80 18.104.22.168:47785 TIME_WAIT –
tcp6 0 0 22.214.171.124:55362 126.96.36.199:12201 ESTABLISHED 1468/java
tcp6 0 0 188.8.131.52:80 184.108.40.206:14464 TIME_WAIT –
tcp6 0 0 220.127.116.11:80 18.104.22.168:28805 TIME_WAIT –
tcp6 0 0 22.214.171.124:80 126.96.36.199:53221 TIME_WAIT –
tcp6 0 0 188.8.131.52:80 184.108.40.206:31029 TIME_WAIT –
No worries, I meant replace:
with & – didn’t see that it was of course displaying as & in my reply!
That output looks fine as the script then sends it to grep and filters out non-established connections (you can run netstat -tpn | grep ESTABLISHED if you wanted output as per the script).
You might have to execute a couple of times, to get the offending connections to show up – do you know if these servers have any traffic that’s going to a kernal owned port (such as NFS) rather than a process owned one? Might explain the problem (and would mean we’d need to raise an issue on github, as the script as is doesn’t support that).
grep ESTABLISHED showed better results, however two entries had a dash.
not sure about the traffic question – this is getting past my linux knowledge. But I’m happy to ask our linux engineers – will take a day to get a reply (it’s 10.30pm at moment). So if you have some specific questions you want me to find out as well, let me know.
OK, answer I got was that those servers do mount an NFS share. They are not NFS servers, just clients.
can’t run lsof as it reports ‘command not found’. ss didn’t shed any light on the owning process either.
I found a little used RH7 server and ran VADA on it. Worked perfectly.
Tried another busier server and got the same issues as originally. So it’s something in the output that’s causing it to fall over I think.
So the solution is to modify the script?
I have issue with VADA since my upgrade to 2016, working with support too. Worked perfectly before this,
System.ArgumentNullException: Value cannot be null.
Parameter name: s
at System.IO.StringReader..ctor(String s)
at SquaredUp.Connector.ScomTask.ScomTaskController.GetOutputAsTable(String output, String format)