Run your desired compliance scan or an ad hoc scan on your nodes.
You can run scans on individual nodes by selecting the Scan
nodes drop-down menu on the node's Node detail
page, and then selecting Desired compliance or
Custom options if you have those set up. Then, follow the
scan wizard as outlined in steps 4-7.
-
In Comply, click
Scans, and then Run an ad hoc
scan.
-
In the Benchmark drop-down menu, select
Desired compliance or a benchmark and profile of
your choice.
-
Next, select an option from the Profile drop-down
menu. To use a custom profile for this scan, select the Use an
associated custom profile? option and choose the relevant
option from the Custom profile drop-down menu.
-
Click Next to see the nodes selected for scanning.
Use the drop-down menus to filter nodes by operating system, environment, or
node group.
To scan only a subset of nodes, deselect any nodes that you want to
exclude.
Debug mode: By default, assessor
logs are set to WARN level. To troubleshoot an issue, you can set the
logging level to DEBUG for the scan by clicking
Run in debug
mode. The assessor logs can then be retrieved from the
individual node.
On Linux and macOS platforms the assessor log is
located
at:
/opt/puppetlabs/comply/Assessor-CLI/logs/assessor-cli.log
On
Windows the assessor log is
located
at:
C:/ProgramData/PuppetLabs/comply/Assessor-CLI/logs/assessor-cli.log
Note
that scanning in debug mode increases the size of the assessor log
file significantly.
-
Click Scan.
You are taken to the Activity feed, which lists
each scan. Scans are run as a task in PE.
Click the scan name to see the scan report, or click the job ID to be taken
to PE.
-
Optionally, to review the results of your scan, navigate to the
Compliance Dashboard page.