Jump to content

Slaggard

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

1 Neutral

My Information

  • Location
    Nashville, TN
  • Agent Count
    > 6000 Agents

Converted

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Slaggard

    Problem with RAWSQL internal monitor

    I'm not using a script to create tickets, just the same "Default - Create Automate Ticket" alert template we use for half our monitors. Never seen this merging behavior during 18 months of creating monitors. Thanks, that's good to know! It cuts-down on the number of pseudo-random combinations I have to try. I have a few other questions, if you happen to know off the top of your head; don't go to any trouble! - If I use a field like computers.computerid as IdentityField in the 2nd col, do I still need to include it again in the first part of the SELECT clause? - I'm using "Send Fail After Success", but the dialogue box says not to use date/time limiting with it. My monitor relies on several date conditions - could that be part of the problem? Gavsto's example here also uses DATE-based conditions, so it's obviously possible, which makes me wonder if there are just certain types of DATE-related syntax that this black-box of a SQL interpreter chokes on?
  2. Slaggard

    Problem with RAWSQL internal monitor

    Thanks Darren, looking at that now. BTW the official documentation says to use "IDField" instead of "IdentityField", but I'm assuming that's a typo? Every other guide I've looked at uses the latter. For your last 2 questions: No, the alerts are all for different computers at different clients. Yes there's a computer associated with the ticket. It's like it handled the first alert properly, but then just stuck the rest of the alerts for that monitor under the same ticket.
  3. This is only my 2nd RAWSQL monitor - hoping one of you guys spot the problem! It's designed to detect broken RMM agents by comparing Automate's lastcontact date to that of the Webroot GSM agent (the data for which is synced by its plugin into the plugin_webroot3_x tables). It's enabled Globally (not targeted at any group), and currently it shows 44 results in its "Status" tab, as expected. However, it only creates a single ticket, and logs all 44 alerts inside that ticket! Here's the "additional condition" query from SQLyog (which I copy with Normalized Whitespace to paste-into the monitor). SELECT c.lastcontact AS TestValue,c.name AS IdentityField,c.computerid AS ComputerID,c.lastcontact,cl.name,pwc.lastseen,acd.NoAlerts,acd.UpTimeStart,acd.UpTimeEnd FROM computers c INNER JOIN plugin_webroot3_computers pwc ON c.computerid=pwc.computerid LEFT JOIN clients cl ON c.clientid=cl.clientid LEFT JOIN plugin_webroot3_clients pwcl ON c.clientid=pwcl.clientid LEFT JOIN AgentComputerData AS acd ON c.ComputerID = acd.ComputerID WHERE (c.lastcontact <= pwc.lastseen - INTERVAL 5 DAY) AND (DATE(pwc.lastseen) >= NOW() - INTERVAL 1 DAY) AND (cl.clientid NOT IN (290,276)) AND (c.ComputerID NOT IN (SELECT computerid FROM AgentIgnore WHERE AgentID=1560627))
  4. In case it helps anyone, I found a quick-and-dirty way to monitor Dell PowerVaults for hardware or RAID problems without mucking-around with SNMP. Dell's Modular Disk Storage Manager (MDSM) software includes a command-line tool (SMcli.exe) that can output a list of the storage arrays it knows about and a brief health-status descriptor for each. "C:\Program Files (x86)\Dell\MD Storage Software\MD Storage Manager\client\smcli.exe" -d -v The output looks something like this: MAIN-SAN-1 [ip address] [ip address] Optimal BACKUP-SAN-1 [ip address] [ip address] Needs Attention SMcli completed successfully. So I created a remote EXE monitor on the server running MDSM that runs the above command and checks if the output contains the string "needs attention".
  5. Slaggard

    Temporarily disable Webroot

    The next version of the official Webroot plugin includes this function. You can also hide your API creds in EDF's, create a Labtech script that passes them along with computerID, etc to PowerShell, and then make any API call you want in PoSH (that's what we do).
  6. How are other people with Webroot monitoring for threat detections on Macs? The 3.0 plugin does not pull detection data from the GSM console into the plugin_webroot3_threathistory table (as it does for PC's), and thus the "Webroot 3 - Active Infection" monitor never triggers for Macs. Webroot support confirmed this is expected behavior (since the mac client isn't "fully supported" yet).
×