Configuring agents to gather details of files with a specified name 

The FlexNet inventory agent’s IncludeFile preference can be configured to specify names of files whose details should be included when gathering inventory. For example, setting this preference to: log4j-core-*.jar will include details of files found on the filesystem that match the pattern. 

Ways to configure the IncludeFile preference 

1. Windows registry setting 
   Set the value in the registry at: 

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageSoft Corp\ManageSoft\Tracker\CurrentVersion\IncludeFile 

2. UNIX-like systems configuration file 
   Add the setting to /var/opt/managesoft/etc/mgsconfig.ini. For example: 

cat >/tmp/tempconfig.ini <<EOF 

[ManageSoft\Tracker\CurrentVersion] 

IncludeFile=log4j-core-*.jar 

EOF 

 

/opt/managesoft/bin/mgsconfig -i /tmp/tempconfig.ini 
 

rm /tmp/tempconfig.ini 

3. Agent policy settings via SQL script 
   There’s no UI for this, but you can use a SQL script to update the compliance database: 

DECLARE @TargetName NVARCHAR(100) 

SET @TargetName = 'Target__windows' -- or 'Target__osx' or 'Target__unix' 

 

EXEC dbo.BeaconTargetPutByNameInternal 

    @Name = @TargetName, 

    @Internal = 1, 

    @Description = NULL, 

    @Visible = 0 

 

DECLARE @btid INT 

SELECT @btid = BeaconTargetID FROM dbo.BeaconTarget WHERE Name = @TargetName 

 

EXEC dbo.BeaconTargetPropertyValuePutByKeyNameBeaconTargetID 

    @KeyName = 'CTrackerIncludeFile', 

    @BeaconTargetID = @btid, 

    @Value = 'log4j-core-*.jar' 

 

EXEC dbo.BeaconPolicyUpdateRevision 

4. Command-line override 
   If invoking ndtrack directly, use: 

ndtrack -t Machine -o IncludeFile=log4j-core-*.jar 

NOTE: Agent settings to scan for file details must be enabled for the IncludeFile preference to be effective. These are typically configured via Discovery & Inventory > Settings in the FlexNet Manager Suite web UI.

Once configured, file details will appear in NDI inventory files like this: 

<Content MD5="NO_MD5" Size="5427604"> 

    <Instance Path="C:\Path\log4j-core-2.16.0.jar" DateTime="20211212T233542"/> 

</Content> 

Reporting on gathered details 

Once inventory has been uploaded and imported, you can run SQL queries against the inventory database to extract file details. 

Example query 

SELECT 

    ComputerName = c.ComputerCN, 

    FileName = sfn.Name, 

    sp.Path, 

    sf.Size, 

    Timestamp = sf.DateTime, 

    InventoryDate = ir.SWDate 

FROM dbo.SoftwareFileName sfn 

    JOIN dbo.SoftwareFile sf ON sf.SoftwareFileNameID = sfn.SoftwareFileNameID 

    JOIN dbo.SoftwareFilePath sp ON sp.SoftwareFilePathID = sf.SoftwareFilePathID 

    JOIN dbo.Computer c ON c.ComputerID = sf.ComputerID 

    JOIN dbo.InventoryReport ir ON ir.ComputerID = sf.ComputerID 

WHERE sfn.Name LIKE 'log4j-core-%.jar' 

Limitations of relying on file details for security assessments 

While identifying systems with specific files can be helpful, it’s not foolproof: 

• Presence ≠ vulnerability: Just because a file exists doesn’t mean it’s exploitable. 

• Absence ≠ safety: A missing file doesn’t guarantee the system is secure. 

This tactic should be one of many used in a layered security assessment. 

Possible extensions 

Import additional file types as evidence 

By default, FlexNet Manager Suite only imports files with extensions like .exe, .sys, .sig, etc. Advanced users may modify import procedures to include other extensions (like .jar). 

Use the reporting interface 

Instead of direct SQL queries, consider using built-in reporting tools to surface this data through the UI.