2 Replies Latest reply on Sep 4, 2009 11:47 PM by ecoidan

    Alert Log, Litterally Useless

    Apprentice

      There are around 30,000 alerts, per day, in the LANDesk alert log.  The log is therefore completely useless to us, because to sort or search a column takes forever.  I want to be able to quickly see which devices are reporting vulnerabilities detected which are part of the alert group.

      I have gone through all the different rulesets and disabled all the alerts which consists of about 99% of all the information irrelevant to me (management agent started, agent watcher started, agent watcher service not started etc.), but this has not made any different.

      In trying to deploy the Client Ruleset, they only deployment method available in the console is Multicast (why oh why oh why????) and you are prevented from changing this to policy/policy supported push (again - why are we prevented from changing this???).

      Using Multicast, to distribute a 2 kb file is ridiculous.

      Can someone please tell me how I can stop all of the irrelevant information being logged?

       

      AlertLog.jpg

        • 1. Re: Alert Log, Litterally Useless
          zman Master

          30,000 is not bad ;-) See if this helps you http://community.landesk.com/support/docs/DOC-5036

          • 2. Re: Alert Log, Litterally Useless
            ecoidan Specialist

            Must remove the ALERTCBA8 line from actions.ini file. To receive an alert each time a system boots is just nuts!!!

             

            In the client build INI file I added these lines:

             

            [Common Pre Copy]

            FILE9079=PostLDC.vbs, %WINDOWS%\temp\PostLDC.vbs, COPYALWAYS

             

            [Policy Management Post Copy]

            EXEC8095=%WINDOWS%\system32\wscript.exe %WINDOWS%\temp\PostLDC.vbs
            WCDELETE12507=%WINDOWS%\temp\PostLDC.vbs

             

             

            The POSTLDC.vbs is located in the LDLogon directory and contains this code:

             

            On Error Resume Next
            Set WSHShell = CreateObject("Wscript.Shell")
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            Const ForReading = 1
            Const ForWriting = 2
            PROGFILES = WSHShell.ExpandEnvironmentStrings("%ProgramFiles%")

            'Blanks out the ALERTCBA8 Line in Actions.INI
            Set textFile = objFSO.OpenTextFile(PROGFILES &"\LANDesk\Shared Files\CBAROOT\actions.ini", ForReading)
            text = textFile.ReadAll
            textFile.Close
            newText1 = Replace( text, "ALERTCBA8="&CHR(34)&"C:\Program Files\LANDesk\Shared Files\alert.exe"&CHR(34)&" -f -n -p "&CHR(34)&"start:%CBA8_START%"&CHR(34)&" -p "&CHR(34)&"stop:%CBA8_STOP%"&CHR(34)&" internal.cba8.system.startup", " ")
            Set textFile = objFSO.OpenTextFile(PROGFILES &"\LANDesk\Shared Files\CBAROOT\actions.ini", ForWriting )
            textFile.WriteLine newText1
            textFile.Close

            'Blanks out the MINISCAN Line in Actions.INI
            Set textFile = objFSO.OpenTextFile(PROGFILES &"\LANDesk\Shared Files\CBAROOT\actions.ini", ForReading)
            text = textFile.ReadAll
            textFile.Close
            newText2 = Replace( text, "MINISCAN=C:\PROGRA~1\LANDesk\LDClient\miniscan.exe", " ")
            Set textFile = objFSO.OpenTextFile(PROGFILES &"\LANDesk\Shared Files\CBAROOT\actions.ini", ForWriting )
            textFile.WriteLine newText2
            textFile.Close

            'Removes Blank Lines in Actions.INI
            Set textFile = objFSO.OpenTextFile(PROGFILES &"\LANDesk\Shared Files\CBAROOT\actions.ini", ForReading)
            Do Until textfile.AtEndOfStream
            strLine = textfile.Readline
            strLine = Trim(strLine)
            If Len(strLine) > 0 Then newText3 = newText3 & strLine & vbCrLf
            Loop
            textfile.Close
            Set textfile = objFSO.OpenTextFile(PROGFILES &"\LANDesk\Shared Files\CBAROOT\actions.ini", ForWriting)
            textfile.Write newText3
            textfile.Close

             

            Hope that helps.. Stoped my 6000 plus alerts a day...