3 Replies Latest reply on Nov 6, 2008 6:19 AM by rjager

    Contents of Alertqueue folder

    Rookie

      Just a quick question. Can I safely delete all files in the Landesk Alertqueue folder?

      Someone played with the alerts but now I'm getting a few hundred thousand alerts in 2 hours.

      I have now a alertqueue folder with more then 300.000 alerts files, so I want to clean it.

      Is it safe to delete all the XML files from tis folder?

       

      I have to say that this is a perfect stress test for a landesk server

        • 1. Re: Contents of Alertqueue folder
          phoffmann SupportEmployee

          ... a few HUNDRED THOUSAND? What on earth did they do? Send an alert every time the system clock changes?

           

          Holy moly.

           

          Urm - well - if you delete them, you'll delete the alert notifications. If you're OK with that, then sure - go ahead.

           

          I'm also worried about the state of your database's ALERTxxx tables, if you're getting several 100,000 entries / hour, then that's one heck of a way to clog up the database (and eat performance) ...

           

          But before you can get to the database side, I would say you need to sort out first the "incoming alert spam" -- not point in cleaning up the DB if a few minutes later it will be just as bad :).

           

          Paul Hoffmann

          LANDesk EMEA Technical Lead

          • 2. Re: Contents of Alertqueue folder
            Rookie

            Thanks, I'll delete the alerts from the queue. I've already cleaned this morning the alert log in the database.

             

            I'm still not sure what is going on. Yeah someone was funny and dropped a few thousand computers in the device monitoring.

            So I removed them, but I have still to reset the health status of the clients. Normally that can be done from the alert log, but that will not work now since I purged all alerts from the database, so I have to reset the health status directly in the database. (I have to figure out where, but we did it before)

             

            But we're getting storm alerts about the evenlogging on the servers and it looks like this generates a huge number of alerts.

            everything in the eventlog of the servers is logged in landesk, but the rule is defined to log critical alerts only. So I have to figure out what is going wrong.

            It looks like a combination of actions.

            • 3. Re: Contents of Alertqueue folder
              Rookie

              Hi Paul,

               

              I set an alertrule for monitoring the operating system logs, set an action for email alert only fire on critical systemlog events.

              Not to play but because we want to monitor the OS system event logs on our servers with LD Server Manager. Someone did put a couple of 1000 client pc's in the device monitoring group, but this generates no logging to the alertqueue folder as far as I can see.

              This alertrule for monitoring system logs generates storm alerts, but that is not a big issue.

              The problem is that setting this alert rule for Windows eventlog monitoring also includes a default log handler configuration which I cannot remove or edit. This means all events in the operating system logs of all servers generate xml files which que up in the alertqueue folder by tens of thousands an hour.

              Currently we have over 200 servers whith this alert rule, if this cannot be fixed I have to remove the Alert rules from the servers.

              Is there a way I can remove the default log handler configuration from the alertrule for monitoring the Operating System Logs?