1 2 Previous Next 25 Replies Latest reply on Mar 25, 2009 9:46 AM by zman

    Add Defrag & Chkdsk data to Inventory?


      Hi all


      We're in the process of rolling out Checkpoint Full Disk Encryption (FDE) software to our firm's laptops.  One of the advised pre-requirements is to run a chkdsk and defrag.  If chkdsk reveals bad sectors we may need to run "chkdsk /F" and/or replace the hard drive(s) depending on the extent of the problem before installing FDE.  We have used the following LANDesk custom scripts to run a chkdsk and defrag and pipe logfiles to a server share for analysis:-


      remexec0= chkdsk >\\server\share\CheckPoint\Chkdsk\Logfiles\%computername%.log

      remexec0= defrag c: >\\server\share\Defrag\Analysis\%computername%.log


      This is fine in principle but we will have hundreds of logfiles to manually look through for chkdsk "bad sectors" and defrag "status".


      Is there a way either to:-

      1) Collate the .LOG files into a Logfile Analyser utility (I tried Splunk but seemed over-complicated for our needs)?  Is AutoIT an option here and if so how please?

      2) Run the LANDesk custom scripts on a machine then merge data from the .LOG file into the machine's LANDesk Inventory so that we can query/report on the results (this would be ideal!)?


      We have searched the net but cannot find a way of doing this.  Any help would be much appreciated.




        • 1. Re: Add Defrag & Chkdsk data to Inventory?



          we do alot of log file stuff, I use the following as it's free and easy.


          Results can be piped to a CSV for filtering etc.






          findstr /S /I /C:"Service tag:" *.log > DellServiceTag.csv






          Message was edited by: Chris Eales

          • 2. Re: Add Defrag & Chkdsk data to Inventory?

            Why do you need to check log files etc.  Can you not just run chkdsk /r on all machines - it will take longer to run a full sector scan on all drives, but that way you can be certain that no machine will have fde activated with any bad sectors or other drive issues?


            Alternatively,chkdsk records the result of a disk check to the event log (application log/Winlogon.exe if i remember correctly), could 3rd party software submit that to a central responsitory?

            • 3. Re: Add Defrag & Chkdsk data to Inventory?

              Chris - thanks for the suggestion, never used FindStr before but will give it a go...


              Mike - we'd prefer not to run chkdsk /r on all machines in case it renders machines useless while users are working.  We'd rather use chkdsk to report on those machines, if any, with bad sectors then we'll physically visit each machine and 'hand-hold' it through the process (backing up data, running chkdsk /r and responding to any issues that may arise).  In fact, I believe chkdsk /r only runs at next reboot anyway, so we'd rather have a Support person 'at the scene of the crime' just in case...




              • 4. Re: Add Defrag & Chkdsk data to Inventory?

                2) Run the LANDesk custom scripts on a machine then merge data from the .LOG file into the machine's LANDesk Inventory so that we can query/report on the results (this would be ideal!)?





                If all you want to do is to collect a log file and append it to the client's inventory, check out the CfgFiles section of the ldappl3 file. In short, you configure the ldappl3.template with the proper syntax (CfgFiles1 = c:\mylog.log), then publish those changes to the clients (from the SLM tool, click on 'Make available to clients') and the inventory scanner will start to gather this configuration file from the next scan.


                From the console, you'll be able to see this info under Computer.Configuration Files.File. However, keep in mind that configuration file content is saved as 'extended text' and you will not be able to query any of it, unfortunately.






                • 5. Re: Add Defrag & Chkdsk data to Inventory?

                  Hi David


                  Thanks for the info.  I knew how to add custom registry entries to ldappl3.template but I didn't know what or how to add configuration files.  Excuse my ignorance but if there's no way to query/report on the configuration file's contents ("extended value"), apart from manually checking every inventory, what use does this feature serve please?




                  • 6. Re: Add Defrag & Chkdsk data to Inventory?
                    egarlepp Employee

                    What you may want to do is have a VB script run on the log files and extract only the errors or text that you are looking for and write it to reg keys.  Each different error would get written to a different reg key and then you can have custom data(LDAPPL.Template) of LANDesk pull it in.  Basically, the error shoudl overwrite the reg key each time so that there is not millions of reg keys to list.  Thsi should allow you to query on it and also at the least signify if a system is problematic.


                    May not be the best or most eloquent solution but hope it helps...

                    • 7. Re: Add Defrag & Chkdsk data to Inventory?

                      EGarlepp, thanks for the advice.  We'll give it a go.

                      • 8. Re: Add Defrag & Chkdsk data to Inventory?

                        We decided to make life easier for ourselves by combining Notepad++'s ability to "Find in files..." with the following regular expression:-


                        \s*[1-9]+[0-9]* KB in bad sectors


                        This search criteria produces a list of the logfiles with "1KB in bad sectors" (or more) and delivers exactly what we required.


                        Thanks all for your help/advice.  Hope this helps others.



                        • 9. Re: Add Defrag & Chkdsk data to Inventory?
                          zman Master

                          Have you considered bypassing logfiles and scraping? Autoitscript has a StdoutRead function you can read the CLI of defrag and chkdsk and then direct it to the registry for LANDesk to pick and then you can report on it. When we rolled out Pointsec I wrote some code that puts the defrag % in the reg key for the LANDesk Inv. I think I even started on chkdsk. I can look around for the code if you are interested.

                          1 of 1 people found this helpful
                          • 10. Re: Add Defrag & Chkdsk data to Inventory?

                            Yes please, zman.

                            • 11. Re: Add Defrag & Chkdsk data to Inventory?
                              zman Master

                              OK I'm not a work now so I should have something posted tonight or tomorrow.

                              • 12. Re: Add Defrag & Chkdsk data to Inventory?
                                zman Master

                                Ok here is defrag. You may need to change. We always have a logs folder in our image, and we only have just a single drive/part. The code places to reg keys in the HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Landesk\Inventory\Custom Fields. FragLevel = Total system fragmentation and FragLevelFile File level fragementation. I only tested this on XP, so it should work. YOu may have to tweak a little but it should give you what you want.  I also upload the au3 file just incase the formatting is screwed up.


                                 $LogFile = "C:\LOGS\defrag.log" 
                                  $DrivetoCheck = "C:"


                                 #include <Array.au3> 
                                 #include <Date.au3> 
                                 Dim $Data ; Used to Read Stdout 
                                 Dim $Pid ; Process ID Variable 
                                 Dim $Return ; General Var 
                                 Dim $Fragit ; Var for Frag Levels all 
                                 Dim $FragPercentage ; Total System Fragmentation 
                                 Dim $FileFragLevel ; File Fragementation 
                                 Dim $LogError ; Log Message 
                                 Dim $LogFile ; Log Location 
                                 Dim $DrivetoCheck ; Drive to Check - just need one 
                                 $LogFile = "C:\LOGS\defrag.log"     ; Log file Location LOG FOLDER MUST EXIST 
                                 $DrivetoCheck = "C:" ; Drive to Check for Fragmentation 
                                 _WriteLogFile("Start Defrag Analysis " & $DrivetoCheck) ; Write log file 
                                 $Pid = Run(@ComSpec & ' /c defrag.exe -a ' & $DrivetoCheck, @SystemDir, @SW_HIDE, 2) ; Run defrag on c: drive. We only have c: drive to encrypt. So don't worry about multiple 
                                 Do ; Grab data from CLI 
                                  $Data &= StdOutRead($Pid) 
                                 Until @error 
                                 _WriteLogFile("Stop Defrag Analysis " & $DrivetoCheck) ; Write log file 
                                 ;MsgBox(0, "", $data) ; Debug see what is grabbed 
                                 If $Data = "" Then ; Must be an issue since there should be data 
                                  _WriteLogFile("Error Running Defrag " & $DrivetoCheck & " " &$Pid) ; Write log file 
                                  Exit 2 ; Hopefully should appear in LANDesk as The system cannot find the file specified. 
                                 $Return = StringSplit($Data, ",") ; Split data up into array using , as delimiter 
                                 ;_ArrayDisplay($return, "First Array with comma") ; Debug See Array 
                                 $Fragit=$Return[4] ; Element 4 is where the meat is. Lists frag levels 
                                 $Return=StringSplit($Fragit, "%") ; Split it at % - Just grab Numeric 
                                 ;_ArrayDisplay($return) ; Debug 
                                 $FragPercentage = StringStripWS($return[1],8) ; Remove white Space 
                                 ;MsgBox(0, "", $fragpercentage) ; Debug 
                                 _WriteLogFile($DrivetoCheck & " is " & $FragPercentage & "% Fragmented") ; Write log file 
                                 $FileFragLevel = $return[2] ; File Frag 
                                 $Return=StringSplit($FileFragLevel, "(") ; Split at ( so we just have the numeric 
                                 $FileFragLEvelpercentage = StringStripWS($return[2],8) ; Remove white Space 
                                 ;MsgBox(0, "", $FileFragLEvelpercentage) ; Debug 
                                 _WriteLogFile($DrivetoCheck & " is " & $FileFragLEvelpercentage & "% File Fragmented"); Write log file 
                                 If $FragPercentage <> "" Or $FileFragLEvelpercentage <> "" Then ; Make sure we have something to write to the LANDesk Reg 
                                  _WriteLogFile("Writing Keys to Reg") ; Write log file 
                                  RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Landesk\Inventory\Custom Fields", "FragLevel", "REG_SZ",$FragPercentage) 
                                  RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Landesk\Inventory\Custom Fields", "FragLevelFile", "REG_SZ",$FileFragLEvelpercentage) 
                                  _WriteLogFile("Finished Writing Keys to Reg") ; Write log file 
                                 _WriteLogFile("Exit") ; Write log file 
                                 ;Write Log File for CYA 
                                 Func _WriteLogFile($LogError) 
                                  $file = FileOpen($LogFile, 1) 
                                  FileWriteLine($file, _Now() & @TAB & @UserName & @TAB & $LogError) 
                                 EndFunc   ;==>_WriteLogFile 
                                • 13. Re: Add Defrag & Chkdsk data to Inventory?
                                  zman Master

                                  So if I understand the chkdsk portion of this, you want to find bad sectors.  So I think the only way to see if there are any bad sectors is to run chkdsk /r at reboot. chkdsk reports bad sectors it already knows about and they are marked bad so - no harm no foul.  What I believe you want to find and fix is bad sectors that are not identified and marked as such. Does this sound correct?


                                  So this is a daunting task that most FDE vendors don't want to really talk about since it is such a PITA.  Yeah, just whip the files out and run setup My suggestion is to either do what Mike recommended and mark all drives as dirty and run /r on reboot. This is not very efficient and will cost you a lot of money in lost productivity.


                                  My suggestion would be this. Do the defrag since this will have a severe impact on FDE performance.  I would also run a SMART utility on the drives to check the health. Chances are that most of the drives you have in your environment are SMART capable.  There are two very good CLI SMART utilities.  I'm no expert but I would think that Uncorrectable Sector Count would show signs of bad sectors, plus this will give you an overall health of the drive.


                                  Simple quick and effective



                                  More options than you can possibly use. Very good. Also does a test on the drives - online and much faster than chkdsk.



                                  These tools will not fix NTFS corruption etc, but may be a better choice than killing everyone with /R. Just to let you know, I chose not to do any drive analysis (chkdsk) with Pointsec (vendor recommendation) and had no issues.

                                  • 14. Re: Add Defrag & Chkdsk data to Inventory?

                                    Wow!  Thanks for all the info, zman - very helpful!


                                    We'll compile and test defrag.au3 when we get some time.  Looks comprehensive to say the least!


                                    Also, we take on board your advice RE: scrapping chkdsk in favour of a S.M.A.R.T. cmd-line utility, such as smart.exe and smartctl.exe.  Info overload form both utilities at the moment so will find some time to digest the options/switches that will be beneficial to our environment.


                                    In answer to your chkdsk question, we only wanted to run chkdsk in read-only mode silently and redirects the results to a logfile which we'd later analyse with Notepad++.  Essentially, we'd be looking for 2 scenarios 1) the words "Errors found.  CHKDSK cannot continue in read-only mode", and 2) anything greater than "0KB in bad sectors".  For those machines identified in either scenario will be visited by a Support person to troubleshoot (i.e. backup if required, run chkdsk /r, re-run chkdsk in read-only mode afterwards, etc...).




                                    1 2 Previous Next