Enterprise Console: Centrally configuring the full reporting of multiple error messages from workstations

  • Article ID: 12458
  • Updated: 18 Jan 2011

You can use the command line tools ExportConfig.exe and ConfigCID.exe to centrally enable the reporting of suppressed repeat error messages from client workstations to Enterprise Console. You do this by whitelisting the error codes involved. This can be useful when analyzing network problems.

A separate article describes blacklisting error codes so as to suppress traffic.

What to do

1. Obtaining the error code

Multiple reports of some error codes are suppressed in Enterprise Console. Find out the code number for which you need to track reports.

2. Export the configuration file

Use ExportConfig.exe to export your current Sophos Anti-Virus configuration to the file savconf.xml.

3. Edit the configuration file

  1. Find your savconf.xml file in your Central Installation Directory (CID).
  2. Open the file savconf.xml in Notepad.
  3. In the menu bar, select 'Format'. Disable 'Word Wrap'.
  4. Scroll down to the bottom of the file.
  5. Immediately above the tag '</config>', copy and paste in the following text, changing the error code as required. For example, the code 0XE03D0036 enables multiple reporting of the error code e03d0036 - precede the code with '0X' to indicate hexadecimal format.
    Do not insert line breaks.

    <inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration">
    <!-- Custom settings for alerting (optional) -->
    <alerting>
    <!-- Enterprise Console alerts (optional) -->
    <ee>
    <!-- White list of console alerts (optional) -->
    <whiteList>
    <add>0xa028000f</add> <!-- E_PREMATURE_STOP -->
    </whiteList>
    </ee>
    </alerting>
    </inst:install>

  6. Save the file savconf.xml.

4. Implement the changes

Use ConfigCID.exe to implement the changes you have made.

Reversing the changes

To reverse the changes, update the copy of the file savconf.xml in your CID by deleting the error code entries that you added, but leave the outer tags:

<whiteList>
</whiteList>

Then re-run ConfigCID.exe. The customization will be removed the next time Sophos Anti-Virus updates.


Further information

Excluding multiple errors

If you want to exclude multiple errors, use the following XML format:

<whiteList>
<add>0xa028000f</add> <!-- E_PREMATURE_STOP -->
<add>0xa0250009</add> <!-- ID_SAVI_SCAN_ERROR -->
</whiteList>

Using whitelists in conjunction with blacklists

Insert both the whitelist and blacklist sections between the 'ee' tags. For example:

<inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration">
<!-- Custom settings for alerting (optional) -->
<alerting>
<!-- Enterprise Console alerts (optional) -->
<ee>
<!-- Black list of message IDs (optional) -->
<blackList>
<add>0xE03D0036</add>
</blackList>
<!-- White list of console alerts (optional) -->
<whiteList>
<add>0xa028000f</add> <!-- E_PREMATURE_STOP -->
<add>0xa0250009</add> <!-- ID_SAVI_SCAN_ERROR -->
</whiteList>
</ee>
</alerting>
</inst:install>

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments