Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1984 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update Failures will not clear from alerts

Z3roCool

Hello, I am running Sophos Enterprise Console and have had an issue where no clients were checking in for updates. I have resolved this issue now and all clients are up to date and checking in. I have cleared some viruses using the acknowledge alerts and erros method.

There are a number of clients that still show errors/warnings. On checking these are all alerts saying that on a date a while ago the update failed. How do I clear this alert as there is no option to do so and in the acknowledge alerts and errors section tey do not show up like a virus alert would??

I have treid purging the alerts but advises active alerts will not clear.

Also tried clearing EV logs on server as advised by someone. Apparently they are linked...

SEC is version 3.0.0

I ahve tried also the prugedb.exe commands but does not work.

Any help would be appreciated.

Cheers. 

:4934


This thread was automatically locked due to age.
  • 0

    Hi,

    The event logs are not linked and purgedb.exe only appeared with SEC 4.0 onwards.

    Alerts sent to SEC from AutoUpdate should auto-clear, I.e. if AutoUpdate is failing to update you should get an error in SEC, when the machine next successfully updates a message should be sent to clear the previous alert.  

    So if all the alerts are from AutoUpdate that you wish to acknowledge there are a few options:

    1. follow:

    http://www.sophos.com/support/knowledgebase/article/28359.html 
    which essentially breaks updating and fixes it by changing the policy from an invalid path to the correct one, hoping that this will force a success message.

    2. Update the sophos3 database to set all AutoUpdate alerts to not outstanding:

    OSQL -E -S .\sophos -d SOPHOS3 -Q "update errors set outstanding = 0 where source='ALC'"

    This will clear the errors table, however the computersanddeletedcomputers table has a reference to the errors table for outstanding alerts for each 'source', e.g. AutoUpdate, SAV, Firewall.  So the above command will not change the computer list view in SEC, machines will still have the warning icon, even though the associated error is not-outstanding.  We therefore need to run a second command to remove all the AutoUpdate error "links".

    OSQL -E -S .\sophos -d SOPHOS3 -Q "update computersanddeletedcomputers set lastauerroralert=null"

    3. Upgrade to SEC 4/4.5 where PurgeDB.exe is included, this can then be used to clear the alerts.  Many of the errors will probably auto clear during the major update.

    If you choose to update the database with the SQL commands, I would suggest taking a backup first with backupdb.bat just in case.  All clients which are genuinely are broken will send a new alert in on the next failure. 

    I hope this helps.

    Thanks,

    JaK

    :4944
Unfiltered HTML