Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 16795 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

log file and computer search

MEDREIMEDREI

Hi,

Where can I find the log file which records what's happening when I try to detect a new computer?
I'm using Entreprise Console 5.2.2 with Windows 2012 server.

Thanks for your help.



This thread was automatically locked due to age.
Parents
  • 0

    Hello MEDREIMEDREI,

    AFAIK recording of this activity is not part of normal logging.
    Are you trying to troubleshoot an issue or are you "just curious?

    Christian

  • 0 in reply to QC
    Hi Christian, thanks for your reply.

    I'm not very curious. In fact I'm trying to resolve an issue.

    I had to replace a computer, member of the AD, running Sophos client, with a new one having the same configuration. Except that it's a brand new one.
    I didn't remove the old one from the active directory, so it was still in the Sophos console.
    So I removed the old one manually from Sophos.

    The new computer took its place in the AD, but it was impossible to detect it from the Sophos console.

    That's why I send my message, after spending 2 hours trying to insert this new computer into the console.

    I went out for my lunch break and when I came back, the computer was in the console !
    For me it's OK because this part of the job is done. But I don't understand why it took so much time (within the same LAN).

    I was wondering if there was a log where I might find a clue.

    Regards
    Max
Reply
  • 0 in reply to QC
    Hi Christian, thanks for your reply.

    I'm not very curious. In fact I'm trying to resolve an issue.

    I had to replace a computer, member of the AD, running Sophos client, with a new one having the same configuration. Except that it's a brand new one.
    I didn't remove the old one from the active directory, so it was still in the Sophos console.
    So I removed the old one manually from Sophos.

    The new computer took its place in the AD, but it was impossible to detect it from the Sophos console.

    That's why I send my message, after spending 2 hours trying to insert this new computer into the console.

    I went out for my lunch break and when I came back, the computer was in the console !
    For me it's OK because this part of the job is done. But I don't understand why it took so much time (within the same LAN).

    I was wondering if there was a log where I might find a clue.

    Regards
    Max
Children
  • 0 in reply to MEDREIMEDREI

    Hello Max,

    it was impossible to detect it [,,,] when I came back, the computer was in the console
    what exactly is detect, and do you use AD sync? Was installing Sophos part of the replacement? BTW - if you remove a computer object from AD it is never deleted from SEC, if you use AD sync it's moved from its group to Unassigned, in all other cases it remains just where it was.

    Christian

  • 0 in reply to QC
    by "detect" I mean the action behind the button "discover computers".
    The server uses AD synch.
    Installing Sophos was a part of the replacement.

    As I didn't delete the old computer form the AD, I must have something wrong between ADE and Sophos.
    I can see my computer in the Unassigned group. Maybe it's a ghost from the old computer.

    The new one is not visible in its group from the Sophos console.

    Of course both computers have the same name, which makes everything easier to understand :-)

    Maybe the old one is "lost" in the unsassigned group, and the new one can't be discovered because as they both have the same name, Sophos thinks it's already there ?
  • 0 in reply to MEDREIMEDREI

    Hello Max,

    the "discover computers" button [...] server uses AD synch
    there are four different actions behind Discover (just mentioning the button is not how I understand exactly [;)]), two related to AD. As for AD sync please see  Active Directory not keeping in Sync, should explain a few things. There's no need to use Discover/Import if you use AD sync.

    Also note the Synchronization interval property of a syncpoint (default is 60 minutes). What happens depends also on whether you install Sophos before or after joining the computer to the domain. If you join first and then install Sophos the new endpoint will simply  "take over" the existing entry (with all its history). If you install before joining the computer will report as belonging to a workgroup, not the domain, SEC will create a new object and put it (by default) in Unassigned.  You now have an old entry from the domain and the new one. An endpoint has in addition an Identity in terms of Sophos management . SEC uses it to detect that an endpoint has been renamed. Thus if you then join the computer the new (Unassigned) entry is the best match and there will be two endpoints claiming to be the one from AD.   
    If SEC eventually doesn't make one disappear and keep the active in the correct group please try deleting the old entry (the logic has been revised several times and I haven't tested it lately).

    Christian 

  • 0 in reply to QC
    Hello, Christian

    I removed the computer from the "unassigned" list yersterday evening.

    This morning the computer came up in the correct AD group, after synchronization.

    Thanks a lot for your help.

    Max
Unfiltered HTML