Kaseya Community

Log Parser Issues

  • I'm not sure why you are having this issue, but I've got the log parser working very well for MBAM results. Mine differs from your slightly. For the path locations I use mbam-logs-* to help narrow down what the parser has to discover. Are you on a dedicated server or are you running the cloud version? I found that I would get a similar error if I attempted to apply the log parse to too many machines at the same time. I ended up deploying it per machine group and no machine group has more than 50 PCs or so.

    Also, FYI, I modififed my actions a little. I wasn't able to get the parser to work with the varying results in the sections of the log that list the infections. So I end my template at the files infected counter like you did. The parser would email me when there was a hit, but I could never see the infected object details or actions taken. So I created a script that sends the latest full MBAM log into the body of an email. And I set the action to run this script when there is greater than 0 infected objects. This has been really useful because I can see exactly what was caught and the action MBAM took to fix it. The downside is that if MBAM hits on more than one section (ie: files infected and folders infected) it will send the log 2x in 2 different emails.

  • Mine also works well with the limitations you specified. I have a dedicated server. The problem is that I can not edit, save, assign, delete, or do anything else with parsers without the error I posted above. If I restart the KSERVER or the KSERVER Service then it works again until the next time I try to edit, save, assign, delete, or do anything else with the parser.

    "I wasn't able to get the parser to work with the varying results in the sections of the log that list the infections" - Yes. This isn't possible with the current iteration of the Log Parser. One would hope that might change in a future release as it would be very useful.