Compliance Job - General

The General panel lets you provide information that identifies a Compliance Job and provides some options for how the job should execute.

Field definitions

Name

Identifying name.

Description

Optional descriptive text.

Save in

Folder in which to store the object.

Set execution override

Select if this job should always execute as if your current role and user are scheduling the job. After you click this option, the job definition shows the role:user combination under which the job executes.

Clear execution override

Remove an existing execution override.

Number of targets to process in parallel

Choose one of the following options:

  • Unlimited — Simultaneously runs the job on as many servers as possible. Application Server settings control the number of targets the job can access.
  • Limited — Specifies the maximum number of targets on which the job can run simultaneously. Limiting the number of targets is useful when a job might temporarily disrupt the functionality of a target server, and you want to limit that disruption to a small fraction of your managed servers.
    If you want the job processed serially at the target servers, set this value to 1. Note, however, that although this is the best approach for achieving serial processing, it does not always guarantee full serial processing at all targets; the first two or three targets might still run in parallel.

Continue despite compliance data collection errors

Whether Compliance evaluation should continue on a target server or component even though it encounters required parts that are missing or that throw errors.
If you select this option, the Compliance Job completes with warnings even though individual components might not satisfy some compliance rules because parts are missing, the target is not reachable, or errors were received from extended objects used by the Template. If this option is not selected and an asset collection error is encountered, no compliance evaluation is performed on that particular target, but other targets in the job are evaluated for compliance if they did not encounter any asset collection issues.

Note

If you select this option and the target server is unreachable (for example, the server is down or the RSCD agent is down), the resulting compliance status depends on exact rule structure.

For example, the following two rules are designed to evaluate file permissions:

RuleCompliance status

The rule first checks for the existence of the file, through a conditional construct (if... then...):

if   
"File:/etc/cron.d/cron.deny" exists
then
   "File:/etc/cron.d/cron.deny"."Permissions 
(Unix) (Unix)" does not have any flag 
["Owner Execute"]
end
Compliant

The rule does not perform a pre-check for existence of the file:

"File:/etc/cron.d/cron.deny"."Permissions 
(Unix) (Unix)" does not have any flag 
["Owner Execute"]
Non-compliant

Run auto-discovery

Whether to authorize the Compliance Job to perform component discovery for the associated component templates and generate components for use in the Compliance Job. This replaces the need to manually run a Component Discovery Job before running the Compliance Job.

See the following video for an example of how to use this option to automatically filter the targets for the job.

  https://www.youtube.com/watch?v=aKBsR33CCLM

Where to go from here

Compliance Job - Component templates for filtering

Was this page helpful? Yes No Submitting... Thank you

Comments