Updating scanner catalogs

Scanner catalogs are used by the scanner to discover software on the endpoints. The catalogs are automatically updated after each import of the BigFix software catalog. Use this procedure only if the automatic update of the scanner catalogs fails.

Before you begin

Before you force the update of scanner catalogs, ensure that the following requirements are met.
  • The BigFix Inventory server is visible to the BigFix server.
  • If Secure Socket Layer (SSL) is enabled in BigFix Inventory, the BigFix server recognizes SSL certificates of BigFix Inventory as valid.

Procedure

  1. Check whether the action that automatically updates scanner catalogs was created.
    1. Log in to the BigFix console.
    2. In the navigation bar, click Actions.
    3. In the upper-right pane, locate the Catalog Download (Version version) action.
      The source of the action should be Master Operator Site.
  2. If the action exists, check whether it failed due to prefetch problems. If it does not exist, go to step 3.
    1. Select the Catalog Download (Version version) action.
    2. Open the Computers tab, and double-click a computer on which the status of the action is Failed.
    3. Check whether the reason of the failure is a problem with prefetching the catalog.
      Failed prefetch catalog.xml.bz2
    If the status is Failed, communication between the BigFix server and the BigFix Inventory server is blocked. Ensure that the servers can communicate. Then, download the Catalog Download Fixlet to force the catalog update. If you cannot change the configuration to allow communication between servers, edit the fixlet so that the BigFix Inventory server can download catalogs from the BigFix server, and then run the fixlet.
  3. Download the fixlet for forcing the update of scanner catalogs.
    1. Log in to BigFix Inventory.
    2. In the top navigation bar, click Management > Catalog Upload.
    3. Click the question mark sign Question mark sign. Then, click Catalog Download Fixlet. Choose the location where you want to save the catalog_download.bes file, and click Save.
  4. Optional: If the problem is caused by the lack of communication between servers, edit the catalog_download.bes file and substitute the host_name and port of the BigFix Inventory server with values that allow the server for downloading scanner catalogs from the BigFix server.
    prefetch catalog.xml.bz2 sha1:24dcb13c743f2f92b0c5e9887e9df1d4491c4a66 
    size:398083 http://host_name:port/sam/catalogs/CIT_catalog_WINDOWS.xml.bz2 
    sha256:1e81c865d7fc96468649dbd5c334a2d77b12c5dd252671e22a7e5df0bd7ccbbe
    
    Important: Change the host_name and port for all catalogs.
  5. Upload the catalog_download.bes file to the BigFix console and run the Catalog Download (Version: version) fixlet.
    1. Copy the file to the computer where the BigFix console is installed.
    2. Log in to the BigFix console.
    3. To import the file to the console, click File > Import.
    4. Open the directory where you store the catalog_download.bes file, select the file, and click Open. The file is imported.
    5. In the left pane, click Sites > Master Action Site > Fixlets and Tasks. The list of available fixlets opens in the upper right pane.
    6. Select Catalog Download (Version: version), and click Take Action.
    7. Select computers on which you want to run the fixlet, and click OK.
  6. Wait for the next scheduled software scan and import of data or run these actions manually. For more information, see: Initiating software scans and Scheduling imports of data.
  7. Optional: If the problem is not solved, manually copy the catalog files from the BigFix Inventory server to the BigFix server.
    1. Log in to the computer where the BigFix Inventory server is installed and go to the following directory.
      • Linux /opt/BFI/wlp/usr/servers/server1/data/sam/public/catalogs
      • Windows C:\Program Files\IBM\BFI\wlp\usr\servers\server1\data\sam\public\catalogs
    2. Copy the following files to a temporary folder on the computer where the BigFix server is installed.
      • CIT_catalog_AIX.xml.bz2
      • CIT_catalog_HPUX.xml.bz2
      • CIT_catalog_I5OS.xml.bz2
      • CIT_catalog_LINUX.xml.bz2
      • CIT_catalog_SUN.xml.bz2
      • CIT_catalog_WINDOWS.xml.bz2
    3. Open the catalog_download.bes file that you downloaded in step 3 in a text editor, and check the sha1 value for each catalog file.
      For example, the sha1 value for the catalog on Windows is 24dcb13c743f2f92b0c5e9887e9df1d4491c4a66.
      prefetch catalog.xml.bz2 sha1:24dcb13c743f2f92b0c5e9887e9df1d4491c4a66 
      size:398083 http://host_name:port/sam/catalogs/CIT_catalog_WINDOWS.xml.bz2 
      sha256:1e81c865d7fc96468649dbd5c334a2d77b12c5dd252671e22a7e5df0bd7ccbbe
      Change the names of all catalog files to their sha1 values.
    4. Copy the renamed catalog files to the following directory.
      • Linux /var/opt/BESServer/wwwrootbes/bfmirror/downloads/sha1
      • Windows C:\Program Files (x86)\BigFix Enterprise\BES Server\wwwrootbes\bfmirror\downloads\sha1
    5. Wait for the next scheduled software scan and import of data or run these actions manually.

Results

Scanner catalogs are imported to the computers in your infrastructure and are used to discover the installed software.

Install or Upgrade Scanner in private mode on windows

About this task

If the catalog is not propagated to the scanner that is installed in the private mode, you have to run the 'Update Catalog Download fixlet templates on BFI server' fixlet. The templates will be regenerated after the next software catalog upload. The templates will be regenerated after the next software catalog upload.

In case you have already the newest catalog uploaded the BFI server and then you have installed agent in the private mode, the newest catalog may not be automatically propagated to the agent. In such case follow the steps:

Procedure

  1. Download the fixlet for forcing the update of scanner catalogs.
    1. Log in to BigFix Inventory.
    2. In the top navigation bar, click Management > Catalog Upload.
    3. Click the question mark sign Question mark sign. Then, click Catalog Download Fixlet. Choose the location where you want to save the catalog_download.bes file, and click Save.
  2. Edit the catalog_download.bes file and substitute the relevances:

    This:

    <Relevance><![CDATA[if (name of operating system as lowercase starts with "win") 
    then (exists (folder "cit" of folder (value of variable "windir" of environment)) 
    whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" 
    of folder (value of variable "windir" of environment)) & "\bin") whose ((exists file "wscansw.exe" of it)
     and (exists file "wscanfs.exe" of it)))) else (exists (folder "/etc/cit") whose (exists file "cit.ini" of it)
     and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "/etc/cit") & "/bin") whose 
    ((exists file "wscansw" of it) and (exists file "wscanfs" of it))))]]></Relevance>
    with the following:
    <Relevance><![CDATA[if (name of operating system as lowercase starts with "win") then 
    ((exists (folder "cit" of folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it) 
    and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" of folder (value of variable "windir" 
    of environment)) & "\bin") whose ((exists file "wscansw.exe" of it) and (exists file "wscanfs.exe" of it)))) 
    OR (exists folder ((pathname of parent folder of data folder of client) & "\LMT\CIT\scanner\bin") whose 
    ((exists file "wscansw.exe" of it) and (exists file "wscanfs.exe" of it)))) else (exists (folder "/etc/cit") 
    whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder 
    "/etc/cit") & "/bin") whose ((exists file "wscansw" of it) and (exists file "wscanfs" of it))))]]></Relevance>

    this:

    <Relevance>if (name of operating system as lowercase starts with "win") then ((exists (folder "cit" of folder 
    (value of variable "windir" of environment)) whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of 
    file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) contains "SUA:")) else 
    ((exists (folder "/etc/cit") whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of file "cit.ini" 
    of folder "/etc/cit") contains "SUA:"))</Relevance>

    With the following:

    <Relevance><![CDATA[if (name of operating system as lowercase starts with "win") then (((exists (folder "cit" of 
    folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" 
    of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) contains "SUA:")) OR 
    (exists folder ((pathname of parent folder of data folder of client) & "\LMT\CIT\scanner\config") whose 
    (exists file "Cit.properties" of it))) else ((exists (folder "/etc/cit") whose (exists file "cit.ini" of it)) 
    and ((key "CIT_Exploiters" of file "cit.ini" of folder "/etc/cit") contains "SUA:"))]]></Relevance>
  3. Upload the catalog_download.bes file to the BigFix console and run the Catalog Download (Version: version) fixlet.
    1. Copy the file to the computer where the BigFix console is installed.
    2. Log in to the BigFix console.
    3. To import the file to the console, click File > Import.
    4. Open the directory where you store the catalog_download.bes file, select the file, and click Open. The file is imported.
    5. In the left pane, click Sites > Master Action Site > Fixlets and Tasks. The list of available fixlets opens in the upper right pane.
    6. Select Catalog Download (Version: version), and click Take Action.
    7. Select computers on which you want to run the fixlet, and click OK.