Log based signatures run as part of Active or Historical Findings fail with “Timed out fetching logs for the log signature” as seen in the image below:
Log based signatures executes queries against VMware Aria Operation for Logs. For a large inventory or incorrectly sized VMware Aria Operation for Logs instance, these queries can run for longer periods of time causing the signatures to timeout. Default timeout for these queries is 3 minutes.
Increase the default timeout for the scans. The default timeout can be overridden by using Management Pack Configurations in VMware Aria Operations UI. Navigate to Operations->Configurations->Management Pack Configurations. Select User Defined checkbox and Add. In the Create Configuration Page, update name as diagnostics_mp_config_overwrites.json, toggle free form and then add the below content.
{
"queryTimeoutInMins": <desired_timeout_value>
}
Property or Log based Signatures can be skipped or disabled during scans by updating Management Pack Configurations in VMware Aria Operations UI. Navigate to Operations->Configurations->Management Pack Configurations. Select User Defined checkbox and Add. In the Create Configuration Page, update name as diagnostics_mp_config_overwrites.json, toggle free form and then add the below content.
{
""disabledRuleIds": [“Signature1”, “Signature2”...]
}
Accessing diagnostics logs from VMware Aria Operations UI
In the menu, click Administration, and in the left pane click Control Panel > Support Logs. Expand the node and select OTHER and look for diagnostics-info-controller.log. Double click to open the diagnostics log file. The log file should contain more details on the failures.
Accessing diagnostics logs from support bundle
Extract the support bundle for the required node, navigate to logs folder with the support bundle and look for diagnostics-info-controller.log file.