Question: What log files are used to troubleshooting vulnerability scan and repair jobs?
Answer: Vulnerability scan and repair jobs are handled by vulscan.exe. Every time vulscan.exe is ran it will create a vulscan.log file in
C:\ProgramData\landesk\log ( Windows 7/8.1/Server 2008/Server 2012 )
C:\Documents and Settings\All Users\Application Data\landesk\log (Windows XP/Server 2003)
While the scan is running a log file is created and named after that process identifier (PID). For example if the PID of the instance of vulscan that is running a scan on the computer is 640 then a Vulscan.PID_640.log file is created. This log file would contain all of the information that is being logged as vulscan.exe is running. Once vulscan.exe is done running the Vulscan.PID###.log file is renamed to vulscan.log. If a vulscan.log file already exist it will rename the current vulscan.log file to vulscan.1.log. If vulscan.1.log already exist then it would rename the current vulscan.1.log to vulscan.2.log. This process is repeated up to vulscan.5.log. at which point the oldest log file is deleted.
These log files contain the status information that vulscan has generated. They roll after reaching 10 logs deep.
Question:Why are there multiple versions of vulscan.exe running in Taskmanager?
Answer:There will always be 2 instances of vulscan.exe running when ever a vulnerability scan is running that is configured to show a user interface. There may also be a instance of vulscan.exe running if vulscan is being launched from a local scheduler task. To see what each version of vulscan is doing you can refer to the Vulscan.PID_###.log file for each Process ID.
Useful Troubleshooting Info
- Pressing Alt + L when the vulnerability scan window is displayed will show you the current results for that scan.
- Typing "vulscan e" from a command line will open up the directory where the vulscan data files and settings are stored. (C:\ProgramData\vulScan)
- In LDMS 9.6 and above typing "Vulscan log" will open the logs directory where most of the client logs are stored. (C:\ProgramData\landesk\log)
Additional Log Files
The Statusdlg.log and Runstatus.log file are located in the same directory as the vulscan log files.
Statusdlg.log file
- Will exist if there are 2 versions of vulscan.exe runing at the same time.
- Shows information related to the current status of each job.
- Will keep up to 10 log files.
Runstatus.log
- Will be created anytime there is a "Do Now" task that is ran.
- Will keep up to 5 log files.
For further information about Vulscan log files and how to read them see the following article: