Cleaning house a little and i noticed our policy management for running latest, baseline and system audits might be out of wack
The latest audits were due to run daily but Baseline and System were set to never run. How do folk here run their audits? If System and Baseline were never running, i'd imagine it was so unnecessary load wasn't placed on the VSA - but i feel like we are missing out on data.
Have others forgone the baseline and system audits on a schedule? I want the data in any case, i just don't know why we never had those audits scheduled.
We run the following:
Latest Audit: 1/week
System Audit: once when the agent is installed
I've asked this question several times to Kaseya engineers on best practice, and they say latest should be all that's needed on a regular basis, but we've found repeatedly that Kaseya will fail to actually update the list of installed applications using latest audit, and the only fix is to re-run the baseline(and delete the local cache on the agent). The problem is you don't realize your list of applications is outdated until you notice one of your reports or view definitions are inaccurate, so we just run the baseline quarterly as a proactive approach.
Interesting. I have been scratching my head for ages trying to figure out why some agents never update their "installed applications" and are in the wrong views. Rerunning the latest audit doesn't fix it. Never considered rerunning the baseline audit as Kaseya advised it's not needed. Grrrrr.
How do you "delete the local cache on the agent"?
Hi Mark Boyd, mreinhart, Jo Bowers,
Has there been any word from support or PSE on whether this is being actively worked on or is it just another feature we will need to work around by running a baseline audit?
If any of you have an open ticket for this problem please post the ticket number and I will ask to be linked to the ticket.
Thanks! That seems sensible :)
Yep - that's what started this line of questioning, some of the data simply wasn't there even though i'm sure the baseline audit had happened.
Hey JB, i never actually logged a ticket. I'll keep mucking around it for a while and see if i need to - i haven't really had a problem yet that i've noticed, just didn't know what frequency to scan.
Mark Boyd Thanks Mark, I'll see how we get on. Don't want to raise another ticket unless I have to, we have loads on the go!
Mark Boyd JB1975 ,
You can delete the local audit cache by deleting C:\ProgramFiles\Kaseya\Agent\appAuditCache.txt. There's also a built in agent proc to do it called 'reset audit cache' .
I had Kaseya ticket 192466 open on the issue, but the end answer from Kaseya was the workaround that I mentioned above.
The two tickets I have had open for the issue were closed after we ran a baseline audit and the application audit updated. When I pressed support about it, they just said to run a baseline audit when we see the problem.
ummm "when we see the problem" isn't a "fix". So Kaseya don't consider accuracy of data important???
Jo Bowers I completely agree. Their attitude is wrong here. For a product that relies so incredibly heavily on audit data, you would think that this kind of issue would be given a higher priority. I believe that audit will be one of the next modules to leverage the new agent fabric and agent endpoint service so things may change. Or things may stay the same. Or it might get improved in 10.9. Who knows? There's no roadmap anymore so we have no idea of current direction.
The move towards the agent fabric and endpoint service is definitely a step in the right direction but from what we see it just does not seem stable enough to be called a service and causes us a lot of trouble. We have 1000s of agents with KAV deployed and the daily struggle to try and keep on top the agent endpoint issues with these machines wastes an incredible amount of time. We spend all of our time fixing issues and manage to save none though automation.