Exclusions removed on agent after upgrade
we just completed upgrade from 2018 r1 to 2019 r2 and noticed that the files exclusions we had configured in the config.ini on several Unix servers appear to have been removed. Note that the agents have not been upgraded yet.
An example of the config.ini entry is below and am wondering if the new feature where you can configure exclusions from UI pushed down via policy which is now removing the existing exclusions in the config.ini file on the yet to be upgraded agents.
Now that we have upgraded the application server is it now that manual updates of config.ini on specific servers is not supported and all exclusions must be configured on UI and applied globally?
IncludeDirectory=/ ExcludeDirectory=/ENTERPRISE-LDAP/*,/UNIX-LDAP/*,/var/crash,/cores ExcludeEmbedFileContentDirectory=/ENTERPRISE-LDAP/*,/UNIX-LDAP/*,/var/crash,/cores InventorySettingsPath=/var/opt/managesoft/tracker/inventorysettings/
Agreed, I can only guess that your agent folder exclusions got updated from the database (as mentioned by you). Can you check the WebUI ("Inventory & Discovery" > "Settings")? And maybe check the database tables:
Keys "CTrackerExcludeDirectory" and "CTrackerIncludeDirectory" is what you should be looking for.
Just had call with Flexera on this is apparently a bug.
Details below...until fix we need to adjust our steps when upgrading other customers where file exclusions are configured.
- Provided customer workaround
- Logged as bug and enhancement
Please refer to,
Only for on-prem:
- Run query, against FNMSCompliance db:
ORDER BY [FNMP].[dbo].[BeaconTargetPropertyValue_MT].BeaconTargetID
- Delete any records where KeyName is CTrackerExcludeDirectory (and the BeaconTargetID links to 'target__unix' in the BeaconTarget_MT table)
- 'UPDATE BeaconPolicy SET RevisionNumber = RevisionNumber + 1' - This will remove the exclude directory from the beacon policy, and then agent policy (for Unix devices).
- Note that the cached device configuration contents.ndc on an agent device will cause the 'original' value to be restored to config.ini on the next policy run after exclude directory is removed from the FNMS db policy properties. If this is not desired, the 'cache' and 'pkgcache' directories on the agent machine in /var/opt/managesoft/launcher should be deleted and then policy reapplied.
- However, please note that if the Inventory Settings page in the FNMS UI is saved again, the exclude directory property will be added to BeaconTargetPropertyValue_MT again, requiring the above workaround (1 - 4) to be applied to remove it.