What permissions does the UNIX/Linux run as account need on the monitored server in order for Linux VADA to work? I’ve added the run as account to the UNIX/Linux profiles in SCOM, but it’s very low privilege and only allowed on 1270 TCP, are there any other ports involved? (I don’t have much experience with *nix!)
Running VADA discovery on Linux is a two step process. The first thing Squared Up does is trigger execution of the Get Netstat CSV (Data On Demand) SCOM task. This will use your Linux agent’s monitoring configuration (so not at all related to any Squared Up service account) and requires that the agent has access to a privileged account (either because you have configured the “UNIX/Linux Privileged Account” run as profile or the monitoring account is privileged and either doesn’t require or is correctly configured for elevation).
If you want to see what commands the task runs (and therefore if you need to modify your sudo configuration) you can check it out here (huzzah for open source!): https://github.com/squaredup/Community.DataOnDemand.MP/blob/master/ManagementPacks/Community.DataOnDemand.Unix/Scripts/GetNetstatCSV.sh
Short version is it needs to be able to execute Netstat and PS as privileged user – if you are not the Linux admin for this system you should talk to them to understand the security configuration and how best they want this implemented (there is not one option or setting here).
Once the task has run VADA will then extract the output from SCOM and attempt to process it using the same mechanism as it does for Windows or any other component. If you can see the task has run successfully and has valid output (it needs to have PIDs, IPs and ports for every row and be valid CSV data) that would probably indicate a bug with VADA and you should contact Squared Up support and give them your task output so they can troubleshoot it further with you.
Hope that helps!
But from what I understand you need to ensure the Netstat task can run as a privileged user. I think this just requires an entry in the sudoers file, but again, not entirely sure how you would go about this.
I too am having some issues with my Linux servers and am currently working with Oracle to resolve. Some of the things to look at is what account is the VADA using? For instance, my SCOM server can get information back from the Linux server with the SCOM administrator domain account, because it was added to the Linux server. My SquaredUp server is running with the SquaredUp service account, which does not have permissions on the Linux side, so it was getting nothing. I also had to configure SCOrch to execute the runbooks using the SCOM administrator account to get any results back because my SCOrch server use a SCOrch service account by default. Not sure if that helps or not.
Interestingly, if i run the ‘Get Netstat CSV (Data on Demand) Task in the SCOM console it does run successfully and comes back with some output. When I click on the server in App Discovery in VADA it thinks for a couple of seconds and then doesn’t do anything.
I’ll add to this. I can’t seem to use VADA on our RedHat7 and RH6 machines. RH5 seems fine. It just sits there thinking and then nothing.
If I run the Get Netstat CSV in SCOM I get a lot of info back on processes, but it is truncated with
error: process ID list syntax error
Try ‘ps –help <simple|list|output|threads|misc|all>’
or ‘ps –help <s|l|o|t|m|a>’
for additional help text.
For more details see ps(1).
error: process ID list syntax error
We have a privileged run-as account configured in SCOM.