Open-AudIT

Hi folks,
I just got a call for a computer that has been failing. Took a look at the even logs and is riddled with Event ID: 51, Disk Error.
This is typically a sign that the HDD is failing, the system starts experiencing slowness but it can take months before an user reports problems, when we see this error, we pro-actively replace the hard drive.

I seldom use OA as a alert notification system since I only do audits at startup, I have groups that shows up whenever a particular field changes and does not conform with a hard-coded rule (e.g when SMART is not OK), but I'm thinking that capturing particular events (Warnings, Alerts) in the logs would actually be a good thing to have in OA.

I found how to mine the Event logs using VBS/WMI. Could this data be posted to the System Alerts Log table or somewhere else in OA?

_________________
Old OA Setup: 500 Windows 7 workstations & 200 Apple OSX with OA v1.5.2 on Windows Server 2003 and WAMP 2
New OA Setup: 100 Windows servers with OA 2.2 on Windows Server 2016 and WAMP 3

Open-AudIT is designed around discovery, inventory and asset management - not monitoring

I'm not opposed to the idea as such, but where does it end? Add alert for 'x' type of log, another for 'y', repeat adinfinitum.

I really think you're better off looking at a 'real' monitoring solution.

What's interesting to me is that you get a log entry, but no SMART status change? Can you confirm?

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

The EventID 51 is a generic error related to paging errors. Tipically the OS can't retrieve data from either a HDD, cache, memory, or external drive. In this case, I just ran a diskcheck on the offending HDD and a myriad of dead sectors needed to be corrected, I also repaired the one application that has been failing. I could continue to do this for months but HDD will just keep on degrading until SMART (either via BIOS or WMIC) will flag the HDD as not OK, then you are usually a day or two away from total failure.

To your questions as to "where does it end?" I completely agree with your point, OA is not a monitoring system, and hence my use of the word "seldom". My point is that there's some value that can be extracted with the routine "Inventory" process, and there's a couple of cases already in OA. Hard Drive utilization is another example that comes to mind. I'm just trying to piggy back out of our semi regular audits to do some "preemptive" support if possible.

So back to my question, and with all risks to customizing our OA install (which is why I have two servers -OA and OADev-). How can we data to the System Alerts Log table or the custom man_additional_field_data table for a particular device? What are the XML tags needed to be added to an audit?

_________________
Old OA Setup: 500 Windows 7 workstations & 200 Apple OSX with OA v1.5.2 on Windows Server 2003 and WAMP 2
New OA Setup: 100 Windows servers with OA 2.2 on Windows Server 2016 and WAMP 3

Yep, I understand - all good. Fair enough. If we can make it generic enough that we can put ANY alerts from ANY devices in there, that would be OK I think.

I'm trying to come up with a way (not read the complete article and linked report yet) to take advantage of the following linked info - [url]http://www.computerworld.com/article/2846009/the-5-smart-stats-that-actually-predict-hard-drive-failure.html[/url].

oa_alert_log table in the database is for items that have changed (a new memory stick is added, it has an entry in sys_hw_memory and an entry in oa_alert_log).

We would really need a new table for these alert type items.

sys_sw_alerts would be a good spot.

We can make it a generic alert table, so an example table definition would be below.

Please take a look and if you can think of any other required columns, please advise.

I will have to add code to process and store (and generate "oa alerts") for items to be processed and placed in here. Most of it will be copy/paste from another similar attribute. Then I'll need to add to the 'display' pages to show this section. And then I suppose I'll need to make a Query / Report to show them as well.

I'll add this to our list of Feature Requests at [url]https://support.opmantek.com/issues/?filter=10305[/url].

DROP TABLE IF EXISTS `sys_sw_alerts`;
CREATE TABLE `sys_sw_alerts` (
`alert_id` int(10) NOT NULL auto_increment,
`system_id` int(10) unsigned default NULL,
`alert_log_id` varchar(50) NOT NULL,
`alert_log_text` varchar(200) NOT NULL,
`user_id` int(10) unsigned default NULL,
`alert_ack_time` datetime NOT NULL default '0000-00-00 00:00:00',
`alert_note` varchar(200) NOT NULL,
`timestamp` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`alert_id`),
KEY `system_id` (`system_id`),
KEY `oa_alert_log_user_id` (`user_id`),
CONSTRAINT `oa_alert_log_system_id` FOREIGN KEY (`system_id`) REFERENCES `system` (`system_id`) ON DELETE CASCADE,
CONSTRAINT `oa_alert_log_user_id` FOREIGN KEY (`user_id`) REFERENCES `oa_user` (`user_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.