Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error Message Suppression in Enterprise Console.

Primax

Hi all, I am trying to suppress some messages in the enterprise console as they are not relevant and just taking up room.

This is the error that is annoying me :-) http://www.sophos.com/support/knowledgebase/article/14383.html

I have exported my savconf.xml file and adjusted with adding the following to the end of the file as instructed !

http://www.sophos.com/support/knowledgebase/article/54229.html

Placed before </config> tag in exported savconf.xml

<inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration">
 <onAccess>
  <suppressErrors>
   <item>53</item>
  </suppressErrors>
 </onAccess>
</inst:install>

I have then imported my savconf.xml file
by placing the xml file in my \\servername\interchk\esxp\ area
the output displayed in the dos windows does show that the file has been read but the messages still appear in my console.
just as a side note i did try this method but also had no joy http://www.sophos.com/support/knowledgebase/article/13872.html
Any help is appreciated on this
Kind regards
paul

:3070


This thread was automatically locked due to age.
  • 0

    Hello Paul,

    I know these messages ...

    I think only 13872 applies as the other two are about writing (or not writing) to the event log. I haven't tried it (yet) as I'm not sure how it will work in the long run.

    Question (especially to Sophos)

    How does using savconf.xml work and do savconf.xml and SEC "interact"?

    As far as I understand a client will pick up savconf.xml at installation or on the next update. When the AV policy is changed in SEC - what will happen? Will the blacklisting/whitelisting be kept even though it is not contained in the policy sent from SEC? How does the client know that it should not apply savconf.xml again?

    I'm too lazy to run some tests :smileywink:

    And - I vaguely remember an article about inserting "something" into the database which would keep certain error codes from being entered into the database and I might even have used it (perhaps it's the ErrorAlertFilters table). Can't find the article ....

    Christian

    :3077
  • 0

    Hi Chrisitian, thanks for the reply.

    The whole route of suppressing messages is a little vague and ould be handled better via the console for sure.

    These messages keep filling my console and with over 800 machines on the network...... well you can guess!

    If i find out anything more i will update this thread ......

    Thanks all !

    Paul

    :3080
  • 0

    Hi,

    The savconf.xml should work and prevent the client sending the message up to Enterprise Console.  I would check that machine.xml is being updated with this new code.  However, a simpler solution, if you don't mind the message being sent (if there aren't that many being sent and therefore bandwidth a concern) and you just don't want it to be stored when it arrives at the management server, you could try the following:

    In the SOPHOS3 and SOPHOS4 database (depending on the version you are running), there is a table called: "ErrorAlertFilters".  Can you guess what it does :)

    So you could add to this table by running:

    osql -E -S .\sophos -d SOPHOS4 -Q "insert into dbo.ErrorAlertFilters ([Source], [Number]) VALUES ('SAV', '-235130933')"

    where:

    .\sophos represents the local sophos sql instance, you may need to adjust this if you have a different instance name.

    SOPHOS4 is the database name, if you are using SEC 3, change this to SOPHOS3.

    as:

    e03d035 hex = 235130933 dec

    To check it has been inserted correctly run:

    osql -E -S .\sophos -d SOPHOS4 -Q "select * FROM dbo.ErrorAlertFilters" -o C:\ErrorAlertFilters.txt -w 1000

    Then check:
    C:\ErrorAlertFilters.txt.

    If you acknowledge all your existing ones I think this should prevent them coming back.  You can always remove this filter at any time.

    I hope this still works.

    Thanks,

    Jak

    :3086
  • 0

    Minor correction: the message number is e03d0035 (8 digits - the header for article 14383 incorrectly says e03d035) and the corresponding decimal value -532873163.

    I've added this value to ErrorAlertFilters on Friday late afternoon and acknowledged all outstanding e03d0035 errors. Since then SEC (4.0)  is "free" from these :smileyhappy:. I expect that it will still work with 4.5.

    Guess using savconf.xml will work and can co-exist with a SAV policy set from SEC without causing differs from policy alerts but, as I said, I'd like to get this confirmed by Sophos (or someone who has done it).

    Christian

    :3107
  • 0

    Hi all, many thanks for you replies on this. I have tried the savconf.xml method again and have cleared all my error and will check again in the morning to see.

    Would be alot nicer to have somthing in the console for this rather than messing about with configs etc.........

    Thanks again

    Paul

    :3111
  • 0

    Hi QC,

    Thanks for the heads-up about the missing digit in the article. I've now fixed the header.

    Cheers,

    spike

    :3177
Unfiltered HTML