Endpoint Analysis Tool
In this section:
Ivanti Environment Manager Endpoint Analysis Tool is introduced in release 2021.3. It enables analysis of policy configurations on endpoints using endpoint logging data. The tool detects and highlights configuration issues that may exist so that administrators can quickly investigate, diagnose causes and make changes required accordingly.
In addition to its value in troubleshooting or debugging configuration issues, the tool enables risk assessment of planned upgrade or system changes.
Note; Endpoint Analysis does not display personalization performance information.
1.Endpoint Analysis must be enabled on the endpoints.
2.When enabled, the agent produces an Event Tracing Log (.etl file).
3.In the Endpoint Analysis Tool, administrators must first open the policy configuration file required (a specific .aemp file).
4.When the configuration file is loaded administrators can open (load) the .etl file(s) associated with that configuration. Multiple logs can be loaded into the tool from different endpoints running the same configuration. The resulting view displays aggregated data.
The Endpoint Analysis Tool displays a warning if the logs do not match the configuration - alerting that you have loaded either the incorrect configuration or incorrect log files.
5. Viewing logged data within the Endpoint Analysis Tool enables you to quickly identify potential issues such as errors and performance bottlenecks. You can then make changes to the configuration accordingly.
When Endpoint Analysis is enabled .etl files are produced. They are similar in format to the debug logging files (also .etl files) used by the Environment Manager Monitor feature (EMMon). However, Endpoint Analysis .etl files are much smaller as they contain no debug log lines or events that are not used by the Endpoint Analysis Tool.
Because of the small file size, and the ability to limit and manage log file storage, setting Endpoint Analysis to run continuously should only have only a small impact on the endpoint performance.
The Endpoint Analysis Tool is included with the Environment Manager console. Although it is a separate executable, it is heavily dependent on console libraries. In the initial release (2021.3), Endpoint Analysis will run only from the console folder so cannot be copied and run from an alternative location.
The tool can be started using the menu button within the console, or directly from Windows Explorer:
•From the Environment Manager console, select Tools & Wizards, then select the Endpoint Analysis button:
•Run the tool directly: “C:\Program Files\AppSense\Environment Manager\Console\EmEndpointAnalysisTool.exe”.
The Endpoint Analysis Tool landing page comprises a number of panels (refer to User Interface help topic). From this page Windows administrators can load the configuration file required and associated log files.
It is essential that the log files (.etl files) opened within the tool exactly match the configuration (.aemp) file the endpoint is using. To ensure the files match, each .aemp file has a unique identity. The identity is generated when the file is created and is changed whenever that it is edited. The unique identity is sent to the .etl file. The tool will not load a .etl file that does not match the selected configuration.
The agent saves a copy of the current configuration whenever it saves a log file. Both the configuration and log file are saved to the same sub folder within the storage location.
Note: If the EndpointAnalysis.etl file is deleted, logging will stop and can only be restarted by rebooting the endpoint.
The following limitations apply to Endpoint Analysis in Environment Manager 2021.3:
•Endpoint Analysis cannot be performed on endpoint-merged configurations.
Merging on the endpoint regenerates internal identifiers for the configuration, and as a result, the .etl files will not match the merged configuration. Configuration layering performed by the console does work correctly.
•The Endpoint Analysis Tool does not display individual conditions in an If Expression. It cannot analyze which individual conditions executed.
•Although the tool correctly shows execution counts for reusable nodes and reusable conditions, it currently cannot classify counts by each reusable reference.
•The Endpoint Analysis Tool can only be run from a console installation - there is currently no standalone installer or executable.
Actions which have revert behavior will not be shown in the Endpoint Analysis Tool when the Run undo actions after user actions on logoff or disconnect setting is disabled.
To access this setting from the Manage ribbon select: Advanced Settings > Configuration Settings tab. The setting is under Undo Action Sequencing. It is recommended that this setting is enabled to facilitate the correct execution order of actions on logoff.