We’ve been doing some experiments with “Force Site Evaluation” and have found it to be useful in certain situations and appears to be a better alternative then to using a right-click -> Send Refresh.
Based on the clients log this appears to only force the sites Fixlets to be Evaluated which is very useful.
What are the pitfalls of this action?
Also this doesn’t appear to have any effect on retrieved properties, or at least the logs don’t indicate as much.
Is there a way to trick or force a retrieved property to be evaluated as soon as possible vs. waitingfor the next scheduled report period? Would prefer direct that evaluation request to specific nodes and not everything, like I caught one of my admins doing by just reactivating an analysis to make clients think that it changed.
Also in a future release it would be nice if it would take a parameter so I could have one task that would allow me to specify which site I wanted to force the evaluations on.
I am a bit confused what you are trying to accomplish… The “Send Refresh” will only work if the agent receives the UDP message, which triggers the refresh and it will send up all its data (including Fixlets, actions, properties).
What is your heartbeat? Do you need this data faster than the heartbeat?
We have like many a fairly narrow maintenance window to perform patching and other system changes. All of our security patches are released internally a single site so a force site evaluation makes the client evaluate that specific site’s fixlets.
A change from one flxlet can and often causes other fixlets to become relevent, service packs are the most nortorious for that but other patches or software installs do as well. The issue is these will not show up as reelvent until the maintenance window has lapsed and leaves everyone frustrated that we didn’t get the patching all done and now we must wait until the next window to finish up to request an unscheduled window to complete the activity.
A Send Refresh doesn’t help, and usually causes the client to take even longer to evaluate for the new relevent fixlets to show up.
Our refresh is set at the default values, but we see closer to about 2 hours + some fixlets to finally show up in the console.
Question is what is the downsides of a force site evaluation?
Similar to the way the force site evaluation is helping us for fixlets we would like a similar feature for properties (property by property) we could have most properties evaluate less frequently, and trigger them to be evaluated by an action when we know that these have changed. Unless of course there is already a way to do this that we are unaware of.
It sounds like your agents are not functioning optimally… The agent should be able to evaluate a Fixlet site fairly quickly (like within a few minutes). Things that might be slowing that down would be very large baselines, lots of custom properties, Fixlets with long-running relevance… You might want to engage our services team with an “Optimization Checkup” (http://support.bigfix.com/services/#StandardServices) because it sounds like you are dealing with the symptoms of the issue rather than the root cause with your “site force evaluation”.