Events sometimes delayed (very long)

Discussion in 'ESET Server & Remote Administrator' started by RobJanssen, Aug 13, 2012.

Thread Status:
Not open for further replies.
  1. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    We use NOD32 4.2.76.1 with remote administrator (4.0.138.0)
    There are some 350 workstations.

    I noticed a few times that events from the workstations sometimes are delayed quite long (weeks) before they arrive at the remote administrator.

    For example, this weekend I did a scan task on all workstations, and on some of them it is not shown in the overview of clients. When looking on the client locally, the scan has been performed. The client connects to the server as normal, recieves updates and new tasks, but somehow the events do not come back immediately.

    It has happened that I saw "threat events" that occurred 2 months ago but were received only a week ago (visible as a large difference between the columns "occurred" and "received")

    The majority of the workstations has no such problem, but out of 350 there are about 10 that have this behavior.

    What can be going wrong here?
     
  2. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    Example (from the threat log page):

    Threat Id Client Name Primary Server Date Received Date Occurred
    Threat 674 C838 Dc-00-00 2 weeks ago 7 weeks ago
    Threat 673 C838 Dc-00-00 2 weeks ago 7 weeks ago
    Threat 672 C858 Dc-00-00 3 weeks ago 2 months ago
    Threat 671 C858 Dc-00-00 3 weeks ago 2 months ago

    those are systems that connect regularly but kept their event log for a long time.
    The first system now has not sent the report of the recent scan, but the second one has.
     
  3. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    Anyone knows how the event queue works?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I can't think of any other reason for this than that the clients hadn't connected for a very long time which doesn't seem to be the case, however. It would require deeper analysis and further logs to find out the cause so I'd suggest contacting Customer care on this matter.
     
  5. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    I have forwarded the message to customer care.
     
Thread Status:
Not open for further replies.