... a few HUNDRED THOUSAND? What on earth did they do? Send an alert every time the system clock changes?
Urm - well - if you delete them, you'll delete the alert notifications. If you're OK with that, then sure - go ahead.
I'm also worried about the state of your database's ALERTxxx tables, if you're getting several 100,000 entries / hour, then that's one heck of a way to clog up the database (and eat performance) ...
But before you can get to the database side, I would say you need to sort out first the "incoming alert spam" -- not point in cleaning up the DB if a few minutes later it will be just as bad :).
LANDesk EMEA Technical Lead
Thanks, I'll delete the alerts from the queue. I've already cleaned this morning the alert log in the database.
I'm still not sure what is going on. Yeah someone was funny and dropped a few thousand computers in the device monitoring.
So I removed them, but I have still to reset the health status of the clients. Normally that can be done from the alert log, but that will not work now since I purged all alerts from the database, so I have to reset the health status directly in the database. (I have to figure out where, but we did it before)
But we're getting storm alerts about the evenlogging on the servers and it looks like this generates a huge number of alerts.
everything in the eventlog of the servers is logged in landesk, but the rule is defined to log critical alerts only. So I have to figure out what is going wrong.
It looks like a combination of actions.
I set an alertrule for monitoring the operating system logs, set an action for email alert only fire on critical systemlog events.
Not to play but because we want to monitor the OS system event logs on our servers with LD Server Manager. Someone did put a couple of 1000 client pc's in the device monitoring group, but this generates no logging to the alertqueue folder as far as I can see.
This alertrule for monitoring system logs generates storm alerts, but that is not a big issue.
The problem is that setting this alert rule for Windows eventlog monitoring also includes a default log handler configuration which I cannot remove or edit. This means all events in the operating system logs of all servers generate xml files which que up in the alertqueue folder by tens of thousands an hour.
Currently we have over 200 servers whith this alert rule, if this cannot be fixed I have to remove the Alert rules from the servers.
Is there a way I can remove the default log handler configuration from the alertrule for monitoring the Operating System Logs?