cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

-Check for Seq not working?

Jump to solution

This could be PEMBAK

Here is the command I am running

"C:\Program Files\SBAdmin\sbadmcl" -adminuser:%AdminUser% %AdminAuth% %DatabaseString% -command:ShowOldMachines -Group:%OldMachineGroup% -CheckForSeq:Yes -DaysOld:%MachineDaysOld% -OutputFile:"C:\Temp\OldMachines.txt"

As I run it, it certainly highlights the old machines, and places them into the output file.  However, for machines that are definitely in Sequence, it seems to ignore that fact, and does nothing with them.  I have one host, that has 28 records,and this machine a single machine group.  When I run the command, it runs through the object and says “no audit information found” or something to that effect, but it doesn’t label them as in sequence.  The machine in this example, has machine name then 0001 => 0027 without any breaks in the sequencing, so a perfect candidate.    Anyone else actually have -CheckforSeq working?  I tried searching for some threads in the community, but didnt uncover anything.

Cheers

Message was edited by: 77larsson on 12/7/09 8:54:04 AM CST
1 Solution

Accepted Solutions
DLarson
Level 12
Report Inappropriate Content
Message 15 of 16

Re: -Check for Seq not working?

Jump to solution

Why don't we go after root cause here and figure out why you are getting duplicate objects in the first place? This is probably an architecture problem - the machines don't have a good enough connection to the server to sustain a sync during activation. So you should simplify your package (making the activation sync take less time/bandwidth), consider offline installs, or modify your architecture.

Also, one scriptable workaround would be to do this:

  1. Run a script every night that looks for machines that have no audit events
  2. Move those machines to a separate group
  3. This group now lists all your candidates for deletion/cleanup
  4. Run another script on just that group that again looks for audit events.
  5. If no events are found after 30 days, delete the machine


You can script all of this with the dumpmachineaudit, movemachine and deletemachine commands. The only trick is between steps 4 and 5. You need to make the delete relative to the time the machine was moved (i.e. +30 days from when the machine landed in the new group). You might be able to do this by adding a timestamp to the machine name (using the rename machine command), then filter your deletes based on the machine name. Rename the machine when it gets moved, and then tell your delete command to only delete machines with a timestamp that is at least 30 days before today.

15 Replies
rbarstow
Level 10
Report Inappropriate Content
Message 2 of 16

Re: -Check for Seq not working?

Jump to solution

I have seen the same issue, and been unable to program a way out of it. (I have 8 scheduled tasks to clean up the SB 5.1.8 server/db).  Right now, finding duplicates is a manual process, so it just doesn't happen very often.  There's something about not having an audit trail, that causes the sbadmcl to not find old machines, either.

Re: -Check for Seq not working?

Jump to solution

Great - so I'm not a complete lemming!  Someone else noticed it too 🙂

I know it is actually trying to do something, because when i change the checkforseq from Yes to No, the script runs 10 times faster. I have tried to move the place in the script it executes, but to no avail.

The 'no audit information' I believe is the safe option.  Although it would be nice to create a custom script to override that.  The Check for Sqe is really impt for me as I have thouands of dups and it's really a royal pain doing it manually as you have been.  I have better things to be doing on a Saturday night, I'm sure you are of the same opinion!

thx for the response.

DLarson
Level 12
Report Inappropriate Content
Message 4 of 16

Re: -Check for Seq not working?

Jump to solution

My memory is a bit fuzzy on this one, but I think -check for seq only works if the machine has an entry in its audit log. So if you have a bunch of duplicate machines with no audit events, then they get skipped or ignored. You'd have to test to confirm this.

Re: -Check for Seq not working?

Jump to solution

How would one force a client to create another db object Dan?  Mostly, it's autodomain doing it here, and there are never any seq events...  I'd really like to use the "desc" field instead of the audit log?

Something like - if sequence found (ignore audit log) and desc is set to 'not encrypted' then delete.

Mark

Re: -Check for Seq not working?

Jump to solution

How did you arrive with "thousands" of duplicate machine objects?

You could clean inactive ones (no audit) if they were created long time ago. With precautions taken, of course.

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 7 of 16

Re: -Check for Seq not working?

Jump to solution

yes, it requires the audit to be non-overlapping, and there to be audit.

it's not designed to capture the case of a lot of machine templates, only the real case of a refreshed machine.

Re: -Check for Seq not working?

Jump to solution

Wow - I am going to have carpal tunnel syndrome by the time I am done here.  Hopefully with a SQL back end it'll be prettier?  Please oh please say it will? 
Thanks for the feedback everyone.

Re: -Check for Seq not working?

Jump to solution

You can start playing with EEv6 (was released to world few days ago) to get a feel for that "SQL" easyness...

Speaking of which, what is the querry to get EE user failed login attempts info? Oops, that question should be in new discussion thread...

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 10 of 16

Re: -Check for Seq not working?

Jump to solution

just dump the audit for all users and all groups for that event and you'll get that - or use the report generator to do the same. Getting the failed attempt list is easy.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community