IBM Support

Data Collection: BigFix Client

Technote (FAQ)


Question

Logs and data to collect from the IBM BigFix client for troubleshooting.

Answer



Client Logs

The BigFix Client will record its current activity into a log file with the current date as the file name in the format "[year][month][day].log". If an active log reaches 512K in size it will be moved to a backup (.bkg) file and a new log will be started for the current day. If the log reaches 512K again the backup will overwrite the existing backup. Both the active and backup logs will be deleted after ten days.

Here are the default locations of the BigFix Client logs for each operating system:
  • Windows: \Program Files\BigFix Enterprise\BES Client\__BESData\__Global\Logs
  • Unix/Linux:: /var/opt/BESClient/__BESData/__Global/Logs
  • Mac: /Library/Application Support/Bigfix/BES Agent/__BESData/__Global/Logs

Note: the following two client settings can be used to govern the number of days to keep client logs as well as the maximum size of the client log before the log rotates. It is best to leave these settings as their default values unless there is a compelling reason to increase them to something different:

_BESClient_Log_Days
Type: Numeric
Version: 5.1
Platform: All
MinNumeric: 1
MaxNumeric: 366
Default: 10
Requires Client Restart: NO
Description: number of days to save log files.

_BESClient_Log_MaxSize
Type: Numeric
Version: 7.0
Platform: All
MinNumeric: 0
MaxNumeric: maxuint32
Default: 512000
Requires Client Restart: NO
Description: Size of daily log file. When log gets this big, it is
renamed to 'date'.bak (unless this file already exists) and then the log
for the day is restarted. Result is that for any particular day, you
have the first part of the day, and the last part of the day.

Client logs can be collected using one of the following methods:
  1. Manually remote into the endpoint machine, copy/compress the logs directory, and transfer or FTP it to a network file share.
  2. Collect client logs via Client Diagnostics.

Client Debug Logging

Client debug logging (also called EMsg [extended message] logging) can be activated on a client to verbosely trace every operation a client performs. When setting the debug detail level, always set it to 10000.

Enabling/Disabling Client Debug logging:

Method 1: Take action on the following tasks in the BES Support site:
    Task # 157: BES Client Setting: Enable Debug Logging (specify 10000 as the debug detail level)
    Task # 196: BES Client Setting: Disable Debug Logging

Method 2: Create/Remove the following custom client settings via the BigFix Console. Select the computer(s) > right click > choose "Edit Computer Settings". To activate, create the following three client settings:
  • _BESClient_EMsg_Detail - This setting will enable the BigFix Client debug log level that will give extended information about BigFix Client activity. Set the value to 10000
  • _BESClient_EMsg_File - Set this setting's value to the full path of the file to store the extended messages to. The value should be the full path to the log (For example: C:\temp\BESClientEMsg.log)
      Note: The _BESClient_EMsg_Detail setting must be greater than 0 to use this option.
  • _BESClient_EMsg_EvalLog - Set this setting's value to 1 to enable EMsg (debug) logging of content identifiers in advance of relevance evaluation. This can be useful in helping to identify a relevance expression that may be crashing a client.

Method 3: Manually create/remove debug logging settings directly on the endpoint machine:

On Windows endpoints, add/remove the following registry keys and values:
  • [HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_Detail]
    "value"="10000"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_File]
    "value"="C:\Program Files (x86)\BigFix Enterprise\BES Client\besclientdebug.log"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_EvalLog]
    "value"="1"

On Non-Windows endpoints, add/remove the following lines in the config file located at /var/opt/BESClient/besclient.config:
  • [Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_File]
    value = /var/log/BESClient/besclientdebug.log
  • [Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_Detail]
    value = 10000
  • [Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_EvalLog]
    value = 1

Restart the client service after adding/removing the settings for them to take effect.

Client debug logging can be collected using one of the following methods:
  1. Manually remote into the endpoint machine, copy/compress the besclientdebug.log file, and transfer or FTP it to a network file share.
  2. Collect client logs via Client Diagnostics.

Client Usage Profiler

The client usage profiler will log time spent on evaluating content. This information easily allows you to see which pieces of content consume most of a client's time during its evaluation cycle. After the usage profiler has been enabled, the Client tracks the top 100 activities that take the longest time and stores them in files (in the client directory) with the following naming convention "usageprofiler.txt.xxxx"

Enabling/Disabling Client Debug logging:


Method 1: Take action on the following tasks in the BES Support site:
    Task # 361: TROUBLESHOOTING: Enable BES Client Usage Profiler
    Task # 418: TROUBLESHOOTING: Disable BES Client Usage Profiler


Method 2: Create/Remove the following custom client settings via the BigFix Console. Select the computer(s) > right click > choose "Edit Computer Settings". To activate, create the following three client settings:

_BESClient_Resource_TrackingMaxFiles - Set to 24 ( 24 hours of tracking )

_BESClient_Resource_TrackingCount - Set to 100

_BESClient_Resource_TrackingCycleSeconds - Set to 3600

_BESClient_Resource_TrackingFile - Set to C:\Program Files (x86)\BigFix Enterprise\BES Client\usageprofiler.txt for Windows endpoints and /var/opt/BESClient/usageprofiler.txt for non-Windows endpoints.


Method 3: Manually create/remove debug logging settings directly on the endpoint machine:

On Windows endpoints, add/remove the following registry keys and values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingMaxFiles]
    "value"="24"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingCount]
    "value"="100"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingCycleSeconds]
    "value"="3600"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingFile]
    "value"="C:\Program Files (x86)\BigFix Enterprise\BES Client\usageprofiler.txt"

On Non-Windows endpoints, add/remove the following lines in the config file located at /var/opt/BESClient/besclient.config:
  • [Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingMaxFiles]
    value = 24
  • [Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingCount]
    value = 100
  • [Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingCycleSeconds]
    value = 3600
  • [Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_Resource_TrackingFile]
    value = "/var/opt/BESClient/usageprofiler.txt"

Restart the client service after adding/removing the settings for them to take effect.

As a best practice, collect client usage data over an entire 24 hour period. This will allow the usage profiler to generate enough data samples to be useful in your analysis of the problem.

The following is a small example of a usage file that contains unusually long evaluation times. An efficient piece of content would typically take less that a second to evaluate. Items taking longer than a second should be further investigated.

Start:Thu, 30 Feb 2013 15:21:40 -0800
Elapsed Time:02:48:48
Tracking: Top 100
Samples:99
Elapsed Evaluation Time:18:18:32

Time in Seconds:Site.Item ID:Activity
1) 16478.126: actionsite.2147453787:Analysis Relevance
2) 16478.124: actionsite.2146599782:Analysis Relevance
3) 16478.119: actionsite.2142786964:Analysis Relevance
4) 16478.118: BES Support.521:Verify Fixlet Relevance

Note: The following article contains an analysis which can be imported into the console and activated. The analysis contains properties, that return evaluation statistics and top ten lengthiest evaluations, which can be used either in addition to or in lieu of the client usage profiler.

Client usage profiler files can be collected using one of the following methods:
  1. Manually remote into the endpoint machine, copy/compress the outputted files, and transfer or FTP them to a network file share.
  2. Collect client logs via Client Diagnostics.

Client Dump Files

If the client process on a Window's endpoint is stopping or crashing; dump files might get generated and could prove useful in determining the cause of the agent's stop/crash. Dump files output to the client's BES Client directory on the endpoint, for example to:
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.dmp

Client dump files can be collected using one of the following methods:
  1. Manually remote into the endpoint machine, copy/compress the dump files generated, and transfer or FTP them to a network file share.
  2. Collect client logs via Client Diagnostics.

Client Performance Counters

Performance counter properties that can be deployed to measure client evaluation performance and track the top 10 longest evaluating pieces of content on a client.

Client Diagnostics

See the following article for how to generate and collect Client Diagnostics

Historical Number

302

Document information

More support for: IBM BigFix family

Software version: All Versions

Operating system(s): Platform Independent

Reference #: 1505873

Modified date: 27 March 2014


Translate this page: