I’ve posted in https://community.squaredup.com/answers/question/permissions-needed-for-vada-in-linux/?show_answer=3795#answer_3795#comment-525

but then thought it’s better to start a new thread. 🙂

When I run VADA on Linux it just sits there and does nothing. This seems to be on RH6 and RH7 boxes. RH5 is fine.

run the Get Netstat CSV in SCOM I get a lot of info back on processes. I’ve pasted last few lines (and sanitised IP addresses/servernames)

server1,16389,cfagent,”/var/cfengine/bin/cfagent -Dfrom_cfexecd:scheduled_run”,TCP,,54620,,5308,ESTABLISHED,

server1,18515,sshd,”sshd: ausername [priv]”,TCP,,22,,56947,ESTABLISHED,

ERROR: Process ID list syntax error.
********* simple selection ********* ********* selection by list *********
-A all processes -C by command name
-N negate selection -G by real group ID (supports names)
-a all w/ tty except session leaders -U by real user ID (supports names)


We have a privileged run-as account configured in SCOM.  I can ssh into the box and execute Netstat and PS with no issues.

If I copy/paste the script from


It returns

unix 3 [ ] STREAM CONNECTED 14153 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 18033
Unknown format type
[scomaccount@server1 ~]$

bacus answered
    • The two sample lines look fine - can you confirm that all of the result rows have their PID and process information present? Also be aware when using the script outside SCOM you'll need to decode the & references into & (this is required for nesting the script inside a management pack).
    • Just saw your previous comment on the prior question - the script takes the PID returned from each Netstat result and calls the following commands with the pid concatenated on the end. So from your sample: ps -o args= --pid 16389 ps -o comm= --pid 16389 So if that is valid syntax on your RH6/7 systems, it suggests that the concatenation didn't work - which either means column 7 didn't contain any data for a particular connection, or that it… Continue reading
    • all the rows have their PID and process, except two rows which have - for the PID, but the process is listed. There is over 60 rows returned. Not sure what you meant by decoding the & references - I'm not a linux guy 🙂
    • Just means replace all instances of & with & - it's an XML thing relevant to the MPs, and SCOM automatically replaces them prior to running the script on your system 🙂