No tickets

This plugin monitors local admin group for changes and alerts admins when changes have been made.
jmstco
Posts: 6
Joined: Thu Aug 01, 2019 10:04 pm
4

No tickets

Post by jmstco »

I’ve had Admon installed for a while now but I’ve yet to receive a single ticket when a user is granted local admin rights. Scanning is enabled, plugin is on, “create ticket” is checked. Lists of users with admin rights are visible, no alerts need cleared. What am I missing? Thanks.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: No tickets

Post by Cubert »

Check the Internal monitors, That is where the alerting is taking place. Find monitor and make sure it has not died. Re-enable it if it has. You can change where and whom gets the emails , alarms or alerts in this monitor.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: No tickets

Post by Cubert »

Wow , I was way off here. So many plugins that I sometimes forget what plugin did what how.


Anyhow I went and took a peek and this plugin uses a script to alarm, alert or email. So we should be seeing the script engine do the ticketing and alarming.

So monitor the script tab while the admon script runs on agent. It should see flags to ticket or alarm and if a change exists it will note this there. Lets see what it sees and what it does.

Post the logs here

jmstco
Posts: 6
Joined: Thu Aug 01, 2019 10:04 pm
4

Re: No tickets

Post by jmstco »

Scripts tile shows this:

The Script(478) was successful in the Then section.

Commands tile shows the new admin user I added earlier today for testing:

Output:
,( 1 , 289 , NOW(), 'DOMAIN\\TEST-User')

So it seems like its seeing the users, but its not seeing them as new or the alerting/ticketing isn't firing.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: No tickets

Post by Cubert »

Perfect, So we are getting the data.

Now post the logs from the automate server at c:\program files\labtech\logs\plugin_Admon.txt.

Inside this log should be entries that are telling you that it sees a new item and is "alerting" or ticketing" it.

It should then schedule a new Admon Maintenance script with the Command or "Alert" or "Ticket" for that agent. The script then runs and does one of those 2 things.

So please post logs and a screenshot of the clients Admon view.

Also does the View Alarms show the alarm at all?

jmstco
Posts: 6
Joined: Thu Aug 01, 2019 10:04 pm
4

Re: No tickets

Post by jmstco »

I looked at both the current log and the Plugin_Admon.txtold.txt, every single entry is like this:

LTAgent v190.203 - 8/8/2019 2:01:15 AM - Plugin Admon, Version=1.0.0.94, Culture=neutral, PublicKeyToken=null: Admon Maintenance ISync Scans Executed on agent ID (367):::

There's not a single entry about alerting. The ADMON View Alerts is blank.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: No tickets

Post by Cubert »

send me a screenshot of your client console window where agent resides?

I need to see what you have set so I can see what flags it should see.

jmstco
Posts: 6
Joined: Thu Aug 01, 2019 10:04 pm
4

Re: No tickets

Post by jmstco »

Is this what you are asking for?

https://ibb.co/n8FCH4q

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: No tickets

Post by Cubert »

Yes sir,

so we should have addition flag and ticket flag set in database.

So now if we hop on LT server and review the c:\program files\labtech\logs\plugin-Admon.txt file

Do you see at anytime the following log entry?

Admon Alarm (Found) Executed on = System ID (123)

If so note the time and lets see if you have a scheduled script for that time frame (+/- 5 minutes)

If so what was output of script?


We are checking for:

#1 did automation see agent show issue and schedule the fix?

#2 did fix get scheduled?

#3 did fix do anything?

This way we can tell where to go look for failure.



The Automation starts off looking for issues.

Is your agent ID showing up in query?

Code: Select all

SELECT u.ClientID, u.ComputerID, u.Username, u.ScanDate, c.CreateTicket, c.AutoRestore,(SELECT IF(LastContact > DATE_ADD(NOW(),INTERVAL -5 MINUTE),'Yes','No') AS OnLine FROM computers WHERE ComputerID = u.ComputerID) AS Online FROM plugin_sw_admon_monitor u LEFT JOIN plugin_sw_admon_config c ON u.ClientID = c.ClientID WHERE (u.ClientID,u.ComputerID,u.Username) NOT IN (SELECT ClientID,ComputerID,Username FROM plugin_sw_admon_users WHERE ClientID IN (SELECT ClientID FROM plugin_sw_admon_config WHERE MonitorRemove = 1)) AND u.ClientID IN (SELECT ClientID FROM plugin_sw_admon_config WHERE MonitorRemove = 1)

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: No tickets

Post by Cubert »

And I may see a potential issue. If your not fixing the issue you can not ticket it.

I do not see the "Auto Restore checkbox" checked which looking at SQL query is required to be a "1" before ID will show in query. This means a ticket is a product of a repair and not an alarm.

Post Reply

Return to “ADMON Administrators Group Monitor plugin”