Notifications

247 views

Description

During discovery of some server with special application running. ADM input payload will stay in "ready" or "processing" status forever. And a worker will run this sensor forever. Should go to transaction table and manually kill this transaction.




Steps to Reproduce

 

1.Run a quick discovery

Go to -> Discovery -> Discovery Schedule -  Click on Quick Discovery 


2. Replace the processes and connections of ADM input payload with those in the attached ecc queue.


3. Run the input again.

Observe that there is a worker running the sensor forever. Following two are the problematic processes:

{
"name": "fcp_daemon",
"command": "/opt/itmagent/lx8266/lz/bin/fcp_daemon",
"parameters": "",
"pid": "1000041053",
"ppid": "50386",
"matched_to_real_proc": true,
"listening_on": ":41053:",
"classify": "true",
"_kids": {
"50386": true
},
"key_parameters": "",
"computer": "339389172311030023bda45fc7bf659b",
"alreadySeen": 1,
"sys_id": "879acd972311030023bda45fc7bf6582"
}

{
"pid": "50386",
"ppid": "1000041053",
"command": "/bin/ksh",
"parameters": "/opt/Tivoli/EHI/scripts/send_hb.sh",
"name": "ksh",
"classify": "true",
"connecting_to": ":59478:",
"_kids": {
"50397": true,
"1000041053": true
},
"key_parameters": "/opt/Tivoli/EHI/scripts/send_hb.sh",
"computer": "339389172311030023bda45fc7bf659b",
"alreadySeen": 1,
"parent": "879acd972311030023bda45fc7bf6582",
"sys_id": "0b9acd972311030023bda45fc7bf6582"
}

Workaround

Go to System Definition --> Script Includes --> Search for  "EnrichProcessesAndConnections"

Please change the "_listenOnPort" function of "Script Include" (sys_script_include) name "EnrichProcessesAndConnections" 
(sys_id: 7ca965319721300010cb1bd74b297501 ) with the following: Line# 740

  

    _listensOnPort : function(port, proc) {

            var curr_pid = proc.pid;
            var syn_pid = '' + (1000000000 + (port - 0)); // compute synthetic pid
            var syn_proc = this.byPID[syn_pid]; // get the process for the synthetic, may not be there
 
            while (!JSUtil.nil(curr_pid)) {
                    var curr_proc = this.byPID[curr_pid];
                    var parent_proc = this.byPID[curr_proc.ppid];
 
                    // Get out of here if we can't find process for whatever reason
                    if (JSUtil.nil(curr_proc))
                            return null;
 
                    // If process there and it contains listening port same as ours get rid of it else traverse up the tree
                    // Also check that the synthetic process is listening on the same port and it's parent(ppid) matches current pid as we traverse up the tree
                    if (!JSUtil.nil(curr_proc.listening_on) && curr_proc.listening_on.indexOf(port) >= 0)
                            return curr_proc;
                    else if (syn_proc && syn_proc.ppid == curr_pid)
                            return syn_proc;
                    else if (parent_proc && (curr_pid == parent_proc.pid || curr_pid == parent_proc.ppid))
                            break;
                    else
                            curr_pid = curr_proc.ppid;
            }
 
            return null;
    },

Related Problem: PRB1190701

Seen In

Istanbul

Fixed In

Jakarta Patch 9
Kingston Patch 3
London

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-08-17 00:23:49
Published:2017-11-17