search cancel

How to exclude folders in CCS using Agentless and Agent-based data collection

book

Article ID: 161484

calendar_today

Updated On:

Products

Control Compliance Suite Control Compliance Suite Standards Server

Issue/Introduction

Control Compliance Suite (CCS)

Possible scenarios:

  • CCS data collection jobs will time out when UNIX\Linux agents use the 'find' command to collect data on remote mounts.
  • A directory is rather large and/or slow and commands are taking a long time to run.

Possible error in the CCS Console is shown below.  (the command listed after the bolded error below will vary depending on which command is running when it times out)

This query was halted before completion.  Query timed out in command execution: <command_that_was_running_at_timeout>

Example:
This query was halted before completion.  Query timed out in command execution
: find / name !-fstype nfs -a ! -fstype autofs -a ! -fstype cifs -a ! -fstype -a ! -fstype ncp -a ! -fstype afp -a ! -fstype afs -type d \\ ( -perm -0002 -a ! -perm -1000 \\) @ lt/dev/null

Environment

CCS 12.5.X
CCS 12.6.X

Cause

A timeout occurring due to targeting large file systems (e.g. NFS, CIFS, etc.) on local or remote file systems, or folders that contain a lot of files.

Resolution

Follow these steps to exclude the directory path from the data collection jobs depending if you are using Agentless or Agent-based Data collection.

NOTE: There are two files that can be modified depending what you want to accomplish.  In this example we will modify the IgnoreDirectoryPathAlways.dat file, but you can modify the IgnoreDirectoryPathsForFind.dat in a similar way if you only want to eliminate the path when using the 'FIND' command.

For Agentless data collection:

  1. On each CCS Manager Server: find the file IgnoreDirectoryPathAlways.dat file, located in InstallDir:\Program Files (x86)\Symantec\CCS\Reporting and Analytics\DPS\control\Unix\ConfigFiles and make a backup.
  2. Open the IgnoreDirectoryPathAlways.dat using notepad. (WARNING: Do not use any editor that can insert control characters or formatting into the file).

Modify the IgnoreDirectoryPathAlways.dat file listing the directories you would like to be ignored.  After modification, the file should contain a list of any paths that will be ignored during file and find data collection commands to keep timeouts from occurring. (Each directory should be listed, one per line, with an extra blank line at the bottom of the file.)

Example:
/path/to/ignore
/path/to/network/share
/rabbit/hole
<blank line>

For Agent-based data collection:

  1. To exclude remote Filesystems: On each of the agent machines, locate the bv.conf file, located in /esm/bin/dcmodules/<PLATFORM>/UNIX/bv.conf, and modify it as follows:
    1. Uncomment the IgnoreRemoteFilesystems parameter and change it to True.  
      # Possible Values: true or false
      # Description: Used for ignoring remote filesystems while query
      IgnoreRemoteFileSystems=true

 

  1. To ignore certain paths or directories, create a file named IgnoreDirectoryPathAlways.dat in the /esm/bin/dcmodules/<PLATFORM>/UNIX/ directory on the agent.  Modify that IgnoreDirectoryPathAlways.dat file with the list of any paths that will be ignored during file and find data collection commands to keep timeouts from occurring. (Each directory should be listed, one per line, with an extra blank line at the bottom of the file.)

    Example:
    /path/to/ignore
    /path/to/network/share
    /rabbit/hole
    <blank line>

  2. In the /esm/bin/dcmodules/<PLATFORM>/UNIX/bv.conf file, uncomment the IgnoreDirectoryPathAlways= parameter and add the path where the IgnoreDirectoryPathAlways.dat file is located that you created in the step above.  (you can also add the path for the IgnoreDirectoryPathForFind.dat if you chose that file to modify).
    # Specifies the path to the file containing list of directories to be ignored for all queries
    IgnoreDirectoryPathAlways=/esm/bin/dcmodules/lnx-x86/UNIX/IgnoreDirectoryPathAlways.dat

  3. Save the bv.conf file

Restart the agent after saving the bv.conf file. (from the command line on the agent system,  /esm/esmrc restart)