Task + Analysis combo
This procedure documents the very common scenario of using a Task to run a command and then creating an Analysis to read in the results of that command. The most common scenario that a "Task + Analysis combo" is needed occurs when you need to read in the output of a command. You need the Task to execute the command and you then use the Analysis to read in and parse the results.
At a high-level process works like this:
- Decide what information you want to gather
- Figure out how to automate the generation of that data on the target platform (in a format easy to consume using Relevance)
- Create a Task that executes the command with an ActionScript, setup the task as a Policy
- Create an Analysis that reads in the output data created by the Task
Cautions about creating the Task:
- Will the Task create load on the target system? For instance, avoid using a search function that will scan thousands of files.
- How often do you need to run the task? If you only need a resolution of "one day" then be sure the Task only runs that often.
- Are you over-writing the output file each time? If you are not, be careful to include a clean-up function in your ActionScript.
Example 1 -- Gather Open Ports from Mac OS X
This example shows how to run the netstat command on Mac OS X (or any Linux/Unix system), export the info to a file, and then view it in the Console with an analysis.