3 Replies Latest reply on Jan 21, 2014 9:34 AM by Truffles

    Alerts via Managment Gateway

    Rookie

      Hi everyone,

       

      I have instalation where all computers work external and connect only using managmen gateway.

       

      There is any posibility to send ruleset to PC and recive alert from them ?

       

      Now i can only recive information using "Inventory History" and "atribute modification"  Core ruleset alert but this is complicated to work with this log because all actions is releted to source = core noc pc name.

       

      * Managment suite 9.5 SP1

      * vCSA 4.3

       

      BR

      Piotr

        • 1. Re: Alerts via Managment Gateway
          Truffles SupportEmployee

          Hello,

           

          Alerting works through the Management Gateway just fine, however, distributing the rulesets is where the challenge arises. When creating a task in the 32-bit console to distribute the ruleset it appears to do a multicast distribution. Through the Gateway pushes will not work so a policy task needs to be performed. What is actually happening with the distribution is an executable called "alertsync.exe" is being called and it performs a "pull" of the ruleset. To put it more simple...you should be able to create a script to call alertsync.exe to download or update the ruleset you want. The script of course will need to be a policy distribution. 

           

          Here is a list of parameters for the executable.

           

          C:\Program Files (x86)\LANDesk\LDClient>AlertSync.exe /?

          Usage: alertsync [options]

          -c port      Notify collector

          -r URL       URL for ruleset to download

          -e           Erase managed rulesets before download

          -f           First sync (obtain rulesets from configuration)

          -n           No redirection

          -p           Peer only

          -b percent   Allowed bandwidth

          -d dir       Ruleset directory

          -V level     Change verbosity level

          • 2. Re: Alerts via Managment Gateway
            Rookie

            Here is the log alertsync from PC 

             

            2014-01-20 14:18:00(3240-3244) alertsync.exe:Alertsync started
            2014-01-20 14:18:00(3240-3244) alertsync.exe:First Sync requested from command
            Mon, 20 Jan 2014 15:18:00 Request failed, http status 503
            2014-01-20 14:18:00(3240-3244) alertsync.exe:Error downloading rulesets: Error downloading http://CORE.XXXXX.LOCAL/ldlogon/alertrules/ldms.default.ruleset.xml 0x-7279FFEA
            2014-01-20 14:18:00(3240-3244) alertsync.exe:Rulesets downloaded:
            2014-01-20 14:18:02(3240-3244) alertsync.exe:Unable to notify collector Port 21584
            2014-01-20 14:18:02(3240-3244) alertsync.exe:Collector complete
            2014-01-20 14:18:02(3240-3244) alertsync.exe:Health recalculation requested
            2014-01-20 14:18:02(3240-3244) alertsync.exe:AlertSync exiting

             

            i Still not recive any alerts from PC directly via gateway

             

            In alert log im only see alerts from core.xxxxx.local  - core server.

            • 3. Re: Alerts via Managment Gateway
              Truffles SupportEmployee

              If alertsync.exe is having problems downloading the XML file then the client doesn't have the rulesets yet which would be the next problem to be fixed. The error:

               

              2014-01-20 14:18:00(3240-3244) alertsync.exe:Error downloading rulesets: Error downloadinghttp://CORE.XXXXX.LOCAL/ldlogon/alertrules/ldms.default.ruleset.xml 0x-7279FFEA

               

              The client rulesets (after they are configured) are stored in the directory the error mentions. Distributing files through the Gateway has some requirements but the XML file mentioned isn't required to be on the core as well. You can also store the file on a public web server (or a web server local to the client) and reference the XML file that way. Once the XML is distributed to the client then it can follow the rules outlined in the XML, monitor the system, and alert back to the core.