When a rule triggers locally on a machine, it should generate an alert and send it to the Event Console. There may be abnormal circumstances, however, that could prevent the alert from appearing, or being processed by, the agent or the Event Console. Suspicion can be validated by referring to the following file, located on the monitored resource:
Windows x86: [Symantec Management Agent install path]\Altiris Agent\Monitor Agent\RuleState
Windows x64: [Symantec Management Agent install path]\Altiris Agent\x64\Monitor Agent\RuleState
UNIX/Linux: [Symantec Management Agent install path]/notification/monitor/var/RuleState
The RuleState file contains all currently triggered rules for that resource by rule GUID. The rule GUID can be looked up by searching the Monitor Agent's Config.xml file, also located in the Monitor Agent installation path. Currently triggered rules in the RuleState file should have a corresponding alerts in the Event Console.
The exact cause is currently unknown.
Some causes can be:
- A service interruption or hiccup of some kind during the time frame when the rule is triggered and the alert is sent to the Symantec Management Platform (SMP) server.
- The configuration file is not populated correctly
To resolve if the alert is not being sent to the SMP:
- In the Console, access: Home > Monitoring and Alerting > Monitor > Jobs and Tasks
- Right-click Tasks and choose New > Task
- Under the Monitoring and Alerting folder, select Reset Monitored Resource, then OK
- Run this task against a target which contains the machines in question
Check the file C:\Program Files\Altiris\Altiris Agent\Monitor Agent\Config.xml. If it is 0kb, it can be reset as follows:
- Stop the AexMetricProv service on the agent
- Delete the Config.xml and RuleState files in C:\Program Files\Altiris\Altiris Agent\Monitor Agent
- Restart the AexMetricProv service.
- Monitor Solution for Servers 7.x
- Event Console 7.x