Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

{CWoC} A Command Line Based Inventory Rule Evaluator

Created: 21 Oct 2013 • Updated: 21 Oct 2013
Ludovic Ferre's picture
0 0 Votes
Login to vote

Inventory Rules, also known as Detection Rules in Software Management Solution, may not return the expected results on certain system or under certain conditions.

In order to understand whether the problem comes from the rule or the rule provider it is important to be able to test the rule execution on local or remote systems.

This can be done using the Patch Management troubleshooting tools provided from version 6.2 [1] however this toll does the rule evaluation in Internet Explorer which cannot be run unattended and has some issues running on Windows 7 (where COM generates an error).

This download contains an executable and the required interop assemblies (to use the COM object) that allows you to run Single Rule Evaluation from the command line, locally or remotely via Task for example.

File details:

Interop.AeXStdRuleProvide2Lib.dll
Interop.InventoryRuleAgentLib.dll
inventory-rule-cli.exe 

Command line options:

{CWoC} inventory-rule-cli command line help.

    This tool is designed to evaluate inventory rules (aka detection rules in
    Software Management) from the command line.

    The inventory rule is received from stdin (for multiline input).

    The following command line arguments are supported:

        '/?' or '--help': display this message
        '/test' or '--test': test the tool with a built-in string

    If the rule evaluates to true it returns 0.
    If the rule evaluates to false it returns 1.
    If an exception occurs during the evaluation it returns -1.

Sample execution:

Sample 1: running the /test command line option

D:\ns-tooling-git\agent-msd-asdk\inventory-rule-eval>inventory-rule-cli.exe /test
Inventory rule to be evaluated:
<ruleset type="Smart">
        <and>
                <or>
                        <rule engine="{dc9b3e4c-7273-4e88-981a-f27826ce8aee}">
                                <detection version="7.0" legacy62RuleProvider="standard">
                                        <installed>
                                                <expression>
                                                        <regKeyExists x64="true">
                                                                <key>HKEY_LOCAL_MACHINE\SOFTWARE\Altiris</key>
                                                        </regKeyExists>
                                                </expression>
                                        </installed>
                                </detection>
                        </rule>
                        <rule engine="{dc9b3e4c-7273-4e88-981a-f27826ce8aee}">
                                <detection version="7.0" legacy62RuleProvider="standard">
                                        <installed>
                                                <expression>
                                                        <regKeyExists x64="true">
                                                                <key>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Altiris</key>
                                                        </regKeyExists>
                                                </expression>
                                        </installed>
                                </detection>
                        </rule>
                </or>
        </and>
</ruleset>
Rule evaluated to true. Returning 0.

D:\ns-tooling-git\agent-msd-asdk\inventory-rule-eval>

Sample 2: check whether a registry key exist passing the data to the CLI:

D:\ns-tooling-git\agent-msd-asdk\inventory-rule-eval>inventory-rule-cli.exe
Enter the inventory rule text here - data will be parsed when an empty line is added...
<ruleset type="Smart">
        <and>
                        <rule engine="{dc9b3e4c-7273-4e88-981a-f27826ce8aee}">
                                <detection version="7.0" legacy62RuleProvider="standard">
                                        <installed>
                                                <expression>
                                                        <regKeyExists x64="true">
                                                                <key>HKEY_LOCAL_MACHINE\SOFTWARE\SomeKey\SomeSubKey</key>
                                                        </regKeyExists>
                                                </expression>
                                        </installed>
                                </detection>
                        </rule>
        </and>
</ruleset>

Input received. We will check the rule now...
Inventory rule to be evaluated:
<ruleset type="Smart">
        <and>
                        <rule engine="{dc9b3e4c-7273-4e88-981a-f27826ce8aee}">
                                <detection version="7.0" legacy62RuleProvider="standard">
                                        <installed>
                                                <expression>
                                                        <regKeyExists x64="true">
                                                                <key>HKEY_LOCAL_MACHINE\SOFTWARE\SomeKey\SomeSubKey</key>
                                                        </regKeyExists>
                                                </expression>
                                        </installed>
                                </detection>
                        </rule>
        </and>
</ruleset>

Rule evaluated to false. Returning 1.

D:\ns-tooling-git\agent-msd-asdk\inventory-rule-eval>

Sample 3: Check whether the "Software\Microsoft\Windows" key exists using an input file. Please note that the file must have a blank line at the end for the processing to start.

D:\ns-tooling-git\agent-msd-asdk\inventory-rule-eval>inventory-rule-cli < test.rule
Enter the inventory rule text here - data will be parsed when an empty line is added...
Input received. We will check the rule now...
Inventory rule to be evaluated:
<ruleset type="Smart">
        <and>
                        <rule engine="{dc9b3e4c-7273-4e88-981a-f27826ce8aee}">
                                <detection version="7.0" legacy62RuleProvider="standard">
                                        <installed>
                                                <expression>
                                                        <regKeyExists x64="true">
                                                                <key>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows</key>
                                                        </regKeyExists>
                                                </expression>
                                        </installed>
                                </detection>
                        </rule>
        </and>
</ruleset>

Rule evaluated to true. Returning 0.

D:\ns-tooling-git\agent-msd-asdk\inventory-rule-eval>

[1] Patch Management Single Rule Evaluator for 6.x and rule data gathering.