2 Replies Latest reply on Apr 23, 2012 2:55 AM by Todd Xie

    Issues of agent upgrade from Trigeo 5.0 to "log & event management"

    Todd Xie

      The background, we have installed a new vm server - "log & event management", I use the fixed manager - swi-lem login "log & event management" console, our old Trigeo 5.0 server uses trigeo-companyname as manager (the old name displays and error in success agent installation log below).

       

      Issue: The Nodes picture below describes all nodes connected to the “Log & Event Manager”, I found whatever approaches I use, no any previous version agents (or node IP/name) displays here.

       

      I tried to uninstall previous agent with previous (5.0) remote uninstall management – Failed, as no previous agent was found by the  remote uninstall management tool.

      Tired to install the last agent followed with guideline on page 10 of user guide. – Success with following log below. But node doesn’t display in “Log & Event Manager”.

      Same for uninstall and reinstall the new version agent on old agent existed servers.

       

      By the way, I can’t remove 192.168.201.2 and 192.168.167.1, their logs bothering me a lot, they will appear again after deleted from the nodes list, they are not the IPs we mean to monitor, I'm not sure where they come from, they appears right after the console installation completed.

      Nodes.png

       

       

       

      New Agent installation Success Log with some errors:

       

      Sun Apr 15 18:58:42 CST 2012)
      II:NOTICE [NioComNetworkParent v24745] {ComModuleSpop:21} Install request
      completed (not installed);

       

      (Sun Apr 15 19:06:42 CST 2012)
      II:NOTICE [NioComNetworkParent v24745] {ComModuleSpop:21} Making install
      request to:
      trigeo-companyname;

       

      (Sun Apr 15 19:07:42 CST 2012) EE:ERR
      [NioComNetworkParent v24745] {ComModuleSpop:21} EXCEPTION: java.io.EOFException

                      
      at java.io.ObjectInputStream$BlockDataInputStream.peekByte(Unknown Source)

                    
      at java.io.ObjectInputStream.readObject0(Unknown Source)

                    
      at java.io.ObjectInputStream.readObject(Unknown Source)

                   
      at com.trigeo.core.communications.common.ComNetworkParent.writeMessageToCommandChannel(ComNetworkParent.java:1199)

                    
      at com.trigeo.core.communications.common.ComNetworkParent.sendParentViaCommandChannelForResponse(ComNetworkParent.java:327)

                    
      at com.trigeo.core.communications.common.ComNetworkParent.installRequest(ComNetworkParent.java:246)

                    
      at com.trigeo.core.communications.nio.client.NioComNetworkParent.installRequest(NioComNetworkParent.java:107)

                    
      at com.trigeo.core.communications.common.ComModule.autoInstall(ComModule.java:550)

                    
      at com.trigeo.core.communications.common.ComModule.setUp(ComModule.java:364)

                   
      at com.trigeo.core.communications.spop.ComModuleSpop.run(ComModuleSpop.java:172)

                    
      at java.lang.Thread.run(Unknown Source)

                   
      at com.trigeo.util.TriGeoThread.run(TriGeoThread.java:57)

      --------------------------------------------------------------

      (Mon Apr 16 14:15:54 CST 2012)
      II:NOTICE [NioComNetworkParent v24745] {ComModuleSpop:21} Install request
      completed (not installed);

       

      (Mon Apr 16 14:23:54 CST 2012)
      II:NOTICE [NioComNetworkParent v24745] {ComModuleSpop:21} Making install
      request to:
      trigeo-companyname;

       

      (Mon Apr 16 14:24:54 CST 2012) EE:ERR
      [NioComNetworkParent v24745] {ComModuleSpop:21} EXCEPTION: java.io.EOFException

                      
      at java.io.ObjectInputStream$BlockDataInputStream.peekByte(Unknown Source)

                    
      at java.io.ObjectInputStream.readObject0(Unknown Source)

                   
      at java.io.ObjectInputStream.readObject(Unknown Source)

                    
      at com.trigeo.core.communications.common.ComNetworkParent.writeMessageToCommandChannel(ComNetworkParent.java:1199)

                   
      at com.trigeo.core.communications.common.ComNetworkParent.sendParentViaCommandChannelForResponse(ComNetworkParent.java:327)

                    
      at com.trigeo.core.communications.common.ComNetworkParent.installRequest(ComNetworkParent.java:246)

                    
      at com.trigeo.core.communications.nio.client.NioComNetworkParent.installRequest(NioComNetworkParent.java:107)

                    
      at com.trigeo.core.communications.common.ComModule.autoInstall(ComModule.java:550)

                   
      at com.trigeo.core.communications.common.ComModule.setUp(ComModule.java:364)

                    
      at com.trigeo.core.communications.spop.ComModuleSpop.run(ComModuleSpop.java:172)

                    
      at java.lang.Thread.run(Unknown Source)

                    
      at com.trigeo.util.TriGeoThread.run(TriGeoThread.java:57)

       

      -------------------------------------------------------------

      (Mon Apr 16 14:24:54 CST 2012)
      II:NOTICE [NioComNetworkParent v24745] {ComModuleSpop:21} Install request
      completed (not installed);

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [Contego] {SPOP:8} Starting TriGeo Agent (Release 5.3.1) build
      [release];

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [SpopModule v24798] {SPOP:8} build server version string: 5.3.0;

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [InDepthConfigProps v24744] {SPOP:8} nDepth enabled via default
      because InDepthEnable not present;

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [InDepthConfigProps v24744] {SPOP:8} indepth.conf not found at
      C:\WINDOWS\system32\ContegoSPOP\indepth.conf;

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [RawDataClient v24744] {SPOP:8} Status Inactive;

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [Contego] {SPOP:8} Initializing database;

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [Contego] {SPOP:8} Database Initialized;

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [Contego] {Initialize Communications:10} Initializing Agent
      communications;

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [Contego] {Initialize Tools:13} Initializing ToolAPI;

       

      (Mon Apr 16 14:32:19 CST 2012)
      WW:STATUS [Communications] Operating System == Windows 2003;5.2;x86

       

      (Mon Apr 16 14:32:19 CST 2012)
      II:NOTICE [Contego] {Initialize Tools:13} Initializing FAST;

       

      (Mon Apr 16 14:32:20 CST 2012)
      II:NOTICE [NioComNetworkParent v24745] {Initialize Communications:10}
      CheckUSBDefender returned installed and running;

       

      (Mon Apr 16 14:32:20 CST 2012)
      DD:DEBUG 1 [Communications] Max number of agent install attempt property is not
      a numerical value, default to 10

       

      (Mon Apr 16 14:32:20 CST 2012)
      II:NOTICE [NioComNetworkParent v24745] {ComModuleSpop:21} Making install
      request to:
      trigeo-companyname;

        • Re: Issues of agent upgrade from Trigeo 5.0 to "log & event management"
          phil3

          Hi, Todd. Thanks for the post.

          Hopefully I understand your issues correctly:

          1. You were unable to uninstall agents that were running an earlier version of the agent (presumably 4.6), but you were able to upgrade them to the latest version (5.3.1). After upgrading the agents, you were unable to get them to connect to your new LEM console.
          2. You have some non-agent nodes showing in your console that you don't want to monitor.

          If I'm on track, I have some ideas of things you can try. For #1, verify that the agents are pointed at the "swi-lem" appliance and not the old "trigeo-companyname" appliance. You can change this using the following article: How to change the LEM Manager associated with your LEM Agents. If that doesn't do the trick (or if it doesn't address your particular issue), try the troubleshooting steps in this article: Troubleshooting LEM Agent Connections.

          For #2, it's important to note that deleting the node in the console does not stop the device from reporting to LEM. As long as the device is sending data to LEM, and you have a connector configured for the facility the device is reporting to, you'll see alerts in the console. If you can track those devices down on your network, try changing their logging settings so they'll stop logging to LEM. If you're having the opposite problem (i.e. you want the device to log to LEM, but you don't see the right alerts), try the troubleshooting steps in this article: Troubleshooting "Unmatched Data" or "Internal New Tool Data" alerts in your LEM Console.

          I hope these articles help. If I've misunderstood your issues, please let me know.

          Thanks.

          Phil

            • Re: Issues of agent upgrade from Trigeo 5.0 to "log & event management"
              Todd Xie

              Hi Phil,

               

               

               

              Sorry for reply you late, these guidelines are useful,

               

               

               

              1.       works for my old agents, I can see them on the LEM console now with the following steps, end process USBdefender.exe, end process SWLEMAgent.exe, delete folder “spop”, run SWLEMAgent.exe again, in my case the spop.conf was modified by remote installation correctly, the reason of no showing up in console might be old version data influence.

               

               

               

              2.       That’s good, I have found them in my network.

               

               

               

              Thanks for your excellent response,

               

               

               

              Todd