Open NiceGuyIT opened 1 year ago
Possibly related NATS errors in the agent.log
.
time="2023-01-16T09:21:12-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************06e0\""
time="2023-01-16T09:21:12-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:21:16-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************ed6c\""
time="2023-01-16T09:21:16-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:28:14-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************8c7d\""
time="2023-01-16T09:28:14-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:38:40-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************90be\""
time="2023-01-16T09:38:40-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:39:00-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************182a\""
time="2023-01-16T09:39:00-08:00" level=error msg="<nil>\n"
Server Info (please complete the following information):
Installation Method:
Agent Info (please complete the following information):
Describe the bug Due to various reasons, the event logs may contain thousands or tens of thousands of records. With a large number of records, TacticalRMM returns an error: 400 bad request
To Reproduce Steps to reproduce the behavior:
Expected behavior It would be nice if Tactical handled the situation gracefully. This could be done using pagination for the events, or perform the search on the agent instead of the server (or browser?). A simple solution is to return the first X records with a message that the rest were truncated due to volume. If the error is due to timeout, maybe provide a message that the agent timed out after X seconds.
Screenshots Here's the error message when showing the last 1 days. It's unclear if it's due to the number of events or a timeout when gathering the events.
Additional context A better error message would help with the troubleshooting effort.
As explained in the Discord thread above, querying
Win32_Product
will cause a bunch of "Windows Installer reconfigured the product" messages in the event logs. This is explained in Microsoft's KB articles. The suggestion to useWin32reg_AddRemovePrograms
is not a perfect replacement as that causes an error. There currently are 3 scripts that useWin32_Product
.