4 Replies Latest reply on Dec 18, 2012 4:27 AM by Frank Wils

    Alerts and Monitoring - Core rulesets not available

    Rookie

      I'm attempting to setup alerts and monitoring in LANDesk to possibly replace existing alerting and monitoring applications previously in place but I'm not seeing anything logged in the Management Suite Console for the ruleset created. Below is what I found in the AlertService.log file on our core server. I see errors stating "Core rulesets not available" and "Error examining rules". Host C002694 is my computer, from which I was attempting to trigger an alert. Checking the Security Logs I found entries for Blocked Devices but this alert should also send an email which is not occurring. Does anyone know what I've missed here?

       

      Thanks in advance,

      Tabryn

       

      Fri, 26 Aug 2011 10:00:46 1632: Processing file C:\Program Files\LANDesk\ManagementSuite\alertqueue\cddb.cd87a6d88f36cc1.alert.xml
      Fri, 26 Aug 2011 10:00:46 Alert {internal.ldms.DCM.DeviceBlocked, } from {E2F8AAA6-01C8-D144-B2FB-3861EB9006AD} state 3
      Fri, 26 Aug 2011 10:00:46 Host: C002694.towerfcu.org, IP Address: 144.144.11.3
      Fri, 26 Aug 2011 10:00:46 Core rulesets not available
      Fri, 26 Aug 2011 10:00:46 Error examining rules
      Fri, 26 Aug 2011 10:00:46 1632: Processing file C:\Program Files\LANDesk\ManagementSuite\alertqueue\4adb.00adb8d88f36cc1.alert.xml
      Fri, 26 Aug 2011 10:00:46 Alert {internal.ldms.DCM.DeviceBlocked, } from {E2F8AAA6-01C8-D144-B2FB-3861EB9006AD} state 3
      Fri, 26 Aug 2011 10:00:46 Host: C002694.towerfcu.org, IP Address: 144.144.11.3
      Fri, 26 Aug 2011 10:00:46 Core rulesets not available
      Fri, 26 Aug 2011 10:00:46 Error examining rules
      Fri, 26 Aug 2011 10:00:46 1632: Processing file C:\Program Files\LANDesk\ManagementSuite\alertqueue\c88b.6bbedbd88f36cc1.alert.xml
      Fri, 26 Aug 2011 10:00:46 Alert {internal.ldms.DCM.DeviceBlocked, } from {E2F8AAA6-01C8-D144-B2FB-3861EB9006AD} state 3
      Fri, 26 Aug 2011 10:00:46 Host: C002694.towerfcu.org, IP Address: 144.144.11.3
      Fri, 26 Aug 2011 10:00:46 Core rulesets not available
      Fri, 26 Aug 2011 10:00:46 Error examining rules
      Fri, 26 Aug 2011 10:28:43 1632: Processing file C:\Program Files\LANDesk\ManagementSuite\alertqueue\c08b.236de057cf36cc1.alert.xml
      Fri, 26 Aug 2011 10:28:43 Alert {internal.ldms.SPM.DefinitionInAlertGroupDetected, } from {17FC6779-639D-3D48-9D1C-C0502A9804AE} state 3
      Fri, 26 Aug 2011 10:28:43 Host: C002736.towerfcu.org, IP Address: 144.146.103.134
      Fri, 26 Aug 2011 10:28:43 Core rulesets not available
      Fri, 26 Aug 2011 10:28:43 Error examining rules
      Fri, 26 Aug 2011 10:50:26 1632: Processing file C:\Program Files\LANDesk\ManagementSuite\alertqueue\8cbb.e74abad7ff36cc1.alert.xml
      Fri, 26 Aug 2011 10:50:26 Alert {internal.ldms.SPM.DefinitionInAlertGroupDetected, } from {02E50A17-3B6B-1642-92FA-CB7126C3C8B2} state 3
      Fri, 26 Aug 2011 10:50:26 Host: C002273.towerfcu.org, IP Address: 144.146.104.75
      Fri, 26 Aug 2011 10:50:26 Core rulesets not available
      Fri, 26 Aug 2011 10:50:26 Error examining rules
      Fri, 26 Aug 2011 10:51:36 1632: Processing file C:\Program Files\LANDesk\ManagementSuite\alertqueue\c0eb.012c577aff36cc1.alert.xml
      Fri, 26 Aug 2011 10:51:36 Alert {internal.ldms.SPM.DefinitionInAlertGroupDetected, } from {65F71C2C-657B-4944-AED9-33FD13E0FCE4} state 3
      Fri, 26 Aug 2011 10:51:36 Host: C002019.towerfcu.org, IP Address: 144.146.103.88
      Fri, 26 Aug 2011 10:51:36 Core rulesets not available
      Fri, 26 Aug 2011 10:51:36 Error examining rules
      Fri, 26 Aug 2011 10:54:37 1632: Processing file C:\Program Files\LANDesk\ManagementSuite\alertqueue\cceb.6340e9310046cc1.alert.xml
      Fri, 26 Aug 2011 10:54:37 Alert {internal.ldms.SPM.DefinitionInAlertGroupDetected, } from {54EB0D03-12A9-AD4E-951E-062A41A369D3} state 3
      Fri, 26 Aug 2011 10:54:37 Host: C002029.towerfcu.org, IP Address: 144.146.103.18
      Fri, 26 Aug 2011 10:54:37 Core rulesets not available
      Fri, 26 Aug 2011 10:54:37 Error examining rules
        • 1. Re: Alerts and Monitoring - Core rulesets not available
          SupportEmployee

          AlertServer.log

          Fri, 16 Sep 2011 14:50:49 1800: Processing file D:\Program Files\LANDesk\ManagementSuite\alertqueue\47a.e334a9ce1547cc1.alert.xml
          Fri, 16 Sep 2011 14:50:49 Alert {internal.trustedaccess.servicewatcher.notstarted, } from {1405F9BB-EB1B-0D4A-9661-3D83067034D6} state 1
          Fri, 16 Sep 2011 14:50:49 Host: RCFWDLCOD0496.XXX.COM, IP Address: 10.XX.27.186
          Fri, 16 Sep 2011 14:50:49 Core rulesets not available

           

          We are also seeing the same issue here, any help is much appreciated.

          We also dont see the logs in the sendemail.log, so is unlikely to be an email authentication issue.

          • 2. Re: Alerts and Monitoring - Core rulesets not available
            Rookie

            We are experiencing the same issue in our production server but the same configuration is used on a test server with no problems. The test server is going to the same email server using the same credential as the production server so is definitely not related to an email authentication issue.

            I thought it was related to the LANDesk Alert Service that for some reason wasn't started on the productions server but even after restarting the service the issue persist.

            One more thing is that we are not getting the "Core rulesets not available" or "Error examining rules" log entries and we are also not getting any logs on the sendemail log

            Any help or more information related to this will be much appreciated.

            • 3. Re: Alerts and Monitoring - Core rulesets not available
              Rookie

              We are having the exact same isssue. Were you guys able to resolve this?

               

              Any help would be greatly appreciated.

              • 4. Re: Alerts and Monitoring - Core rulesets not available
                Frank Wils ITSMMVPGroup

                Do you see the ruleset in the Console under Alerting? Are they available in C:\Program Files (x86)\LANDesk\ManagementSuite\alertrulesets ?

                 

                If not in the console, but in the map, try to run:

                C:\Program Files (x86)\LANDesk\ManagementSuite\alertruleset2table.exe "C:\Program Files (x86)\LANDesk\ManagementSuite\alertrulesets"

                 

                Otherwise first find the *.ruleset.xml files in your source, copy them to the alertrulesets map and then run the command.

                 

                Frank