starred/tacticalrmm
1
0
Fork 0
mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 15:05:57 +03:00
Code Issues 919 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1404] An abnormally large number of event logs prevents TacticalAgent from querying or viewing the event logs #877

New issue
Open
opened 2026-03-02 02:19:40 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 02:19:40 +03:00
Owner
Copy link

Originally created by @NiceGuyIT on GitHub (Jan 16, 2023).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1404

Server Info (please complete the following information):

  • OS: Ubuntu 20.04.4 LTS
  • Browser: Firefox 108.0.2
  • RMM Version (as shown in top left of web UI): v0.15.6

Installation Method:

  • Standard
  • Docker

Agent Info (please complete the following information):

  • Agent version (as shown in the 'Summary' tab of the agent from web UI): Agent v2.4.4
  • Agent OS: Windows Server 2019 Standard, 64 bit v1809 (build 17763.3770)

Describe the bug
Due to various reasons, the event logs may contain thousands or tens of thousands of records. With a large number of records, TacticalRMM returns an error: 400 bad request

To Reproduce
Steps to reproduce the behavior:

  1. Find a system that has 10's of thousands of events. One such way is explained on a Discord thread.
  2. Remote Background > Event Log
  3. Add a search term to query the logs.
  4. If necessary, increase the number of days.
  5. Tactical will return "400 bad request" and "Unable to contact agent" error messages.

Expected behavior
It would be nice if Tactical handled the situation gracefully. This could be done using pagination for the events, or perform the search on the agent instead of the server (or browser?). A simple solution is to return the first X records with a message that the rest were truncated due to volume. If the error is due to timeout, maybe provide a message that the agent timed out after X seconds.

Screenshots
Here's the error message when showing the last 1 days. It's unclear if it's due to the number of events or a timeout when gathering the events.
image

Additional context
A better error message would help with the troubleshooting effort.

As explained in the Discord thread above, querying Win32_Product will cause a bunch of "Windows Installer reconfigured the product" messages in the event logs. This is explained in Microsoft's KB articles. The suggestion to use Win32reg_AddRemovePrograms is not a perfect replacement as that causes an error. There currently are 3 scripts that use Win32_Product.

Originally created by @NiceGuyIT on GitHub (Jan 16, 2023). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1404 **Server Info (please complete the following information):** - OS: Ubuntu 20.04.4 LTS - Browser: Firefox 108.0.2 - RMM Version (as shown in top left of web UI): v0.15.6 **Installation Method:** - [x] Standard - [ ] Docker **Agent Info (please complete the following information):** - Agent version (as shown in the 'Summary' tab of the agent from web UI): Agent v2.4.4 - Agent OS: Windows Server 2019 Standard, 64 bit v1809 (build 17763.3770) **Describe the bug** Due to various reasons, the event logs may contain thousands or tens of thousands of records. With a large number of records, TacticalRMM returns an error: 400 bad request **To Reproduce** Steps to reproduce the behavior: 1. Find a system that has 10's of thousands of events. One such way is explained on a [Discord thread](https://discord.com/channels/736478043522072608/744281869499105290/1064575875397468271). 2. Remote Background > Event Log 3. Add a search term to query the logs. 4. If necessary, increase the number of days. 5. Tactical will return "400 bad request" and "Unable to contact agent" error messages. **Expected behavior** It would be nice if Tactical handled the situation gracefully. This could be done using pagination for the events, or perform the search on the agent instead of the server (or browser?). A simple solution is to return the first X records with a message that the rest were truncated due to volume. If the error is due to timeout, maybe provide a message that the agent timed out after X seconds. **Screenshots** Here's the error message when showing the last 1 days. It's unclear if it's due to the number of events or a timeout when gathering the events. ![image](https://user-images.githubusercontent.com/7763429/212734409-3183cc07-1086-4964-ba83-ab51c89b8aa3.png) **Additional context** A better error message would help with the troubleshooting effort. As explained in the Discord thread above, querying `Win32_Product` will cause a bunch of "Windows Installer reconfigured the product" messages in the event logs. This is explained in Microsoft's [KB articles](https://learn.microsoft.com/en-us/troubleshoot/windows-server/admin-development/windows-installer-reconfigured-all-applications). The suggestion to use `Win32reg_AddRemovePrograms` is not a perfect replacement as that causes an error. There currently are 3 scripts that use `Win32_Product`.
kerem commented 2026-03-02 02:19:40 +03:00
Author
Owner
Copy link

@NiceGuyIT commented on GitHub (Jan 16, 2023):

Possibly related NATS errors in the agent.log.

time="2023-01-16T09:21:12-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************06e0\""
time="2023-01-16T09:21:12-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:21:16-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************ed6c\""
time="2023-01-16T09:21:16-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:28:14-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************8c7d\""
time="2023-01-16T09:28:14-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:38:40-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************90be\""
time="2023-01-16T09:38:40-08:00" level=error msg="<nil>\n"
time="2023-01-16T09:39:00-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************182a\""
time="2023-01-16T09:39:00-08:00" level=error msg="<nil>\n"
<!-- gh-comment-id:1384378824 --> @NiceGuyIT commented on GitHub (Jan 16, 2023): Possibly related NATS errors in the `agent.log`. ```text time="2023-01-16T09:21:12-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************06e0\"" time="2023-01-16T09:21:12-08:00" level=error msg="<nil>\n" time="2023-01-16T09:21:16-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************ed6c\"" time="2023-01-16T09:21:16-08:00" level=error msg="<nil>\n" time="2023-01-16T09:28:14-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************8c7d\"" time="2023-01-16T09:28:14-08:00" level=error msg="<nil>\n" time="2023-01-16T09:38:40-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************90be\"" time="2023-01-16T09:38:40-08:00" level=error msg="<nil>\n" time="2023-01-16T09:39:00-08:00" level=error msg="NATS error: nats: Permissions Violation for Publish to \"_INBOX.**********************.**********************182a\"" time="2023-01-16T09:39:00-08:00" level=error msg="<nil>\n" ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
1.0.0
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.12
v0.15.11
v0.15.10
v0.15.9
v0.15.8
v0.15.7
v0.15.6
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.32
v0.4.31
v0.4.30
v0.4.29
v0.4.28
v0.4.27
v0.4.26
v0.4.25
v0.4.24
v0.4.23
v0.4.22
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
In Process

   
bug

   
bug

   
dev-triage

   
documentation

   
duplicate

   
enhancement

   
fixed

   
good first issue

   
help wanted

   
integration

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
requires agent update

   
security

   
ui tweak

   
wontfix
No labels
In Process
bug
bug
dev-triage
documentation
duplicate
enhancement
fixed
good first issue
help wanted
integration
invalid
pull-request
question
requires agent update
security
ui tweak
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tacticalrmm#877
No description provided.