Cleaning Up The Google Rapid Response Inventory
This post is inspired from Google Rapid Response (GRR) issue #49, and is relevant if you do testing against a GRR server instance for cleaning up historical debug clients in the inventory. If the client is offline, it will stay there, and yes it's quite annoying.
This receipe requires you to use the iPython console, which can be started on the server by running
grr_console. There is a neat feature for searching the inventory, so say the client name is
HOSTNAME - you may then run the following to get a listing of matching clients:
for client in SearchClients('host:HOSTNAME'): print(client)
Shows two matches, in this case one is live - the other one,
C.12c35ccfe21a0312, should be scheduled for deletion:
(<VFSGRRClient@XXXXXXXXXXX = aff4:/C.1dc35fcfe41bb3cf>, 'HOSTNAME_X', '6.4', '2015-02-08 14:10:36') (<VFSGRRClient@YYYYYYYYYYY = aff4:/C.12c35ccfe21a0312>, 'HOTNAME_Y', '6.7', '2015-02-08 10:56:15')
Quite straight forward, the client is removed by the following:
token = access_control.ACLToken(username="someone", reason="Why") aff4.FACTORY.Delete(rdfvalue.ClientURN("C.12c35ccfe21a0312"))
Which will immediately be noticable in the web GUI as well.