What SQL query can I use to check for unknown agents? (NETIQKB55554)

  • 7755554
  • 02-Feb-2007
  • 06-Jan-2010

Environment

Security Manager 5.x

Security Manager 6.x

Situation

What SQL query can I use to check for unknown agents?
How do I check for agent status outside of the Security Manager UI views?

Resolution

An agent communicates a heartbeat to a Central Computer once every 5 minutes. After 2 of these fail to get reported to the computer table in the OnePoint database, the agent is reported as being unknown.  This has changed in Security Manager 6.5 however.

Workstation computers are treated differently with the new communications protocol, and workstation agents are marked as unknown on a different schedule of 3 hours rather than 10 minutes.

It is not recommended to check directly against the database for this data if possible. Should you need an exported list of unknown agents, a sql query is needed.   In order to check for the offline agents via a SQL query, NetIQ Technical Support recommends checking every 11 minutes in order to give ample time for the second heartbeat to be reported (with the exception of 6.5 which would require querying for computer types).

Be sure to have a full database backup prior to contacting NetIQ Technical Support for additional assistance. Then, contact NetIQ Technical Support and refer to this KB article for working with a SQL query.

 

Additional Information

Formerly known as NETIQKB55554