This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Last Seen value not updating.

ChrisParr
Engaged Sweeper II

‎09-26-2018 02:22 PM

How is the Last Seen value determined?

We have devices which are still live, but which are showing up in the "Device: Not seen in the last 90 days" report. This makes me very reluctant to turn on any of the auto-cleanup options.

If I check the scan errors tab on one of these devices I'm told that SNMP didn't complete, but as the MAC and IP addresses hasn't changed, it still responds to HTTPS etc. I'd have still expected the Last Seen value to update.
Labels:
0 Kudos
10 REPLIES 10
Esben_D
Lansweeper Employee
Lansweeper Employee

‎02-15-2019 09:20 AM

Well last tried is simply when the asset was last scan was attempted. But this value isn't always displayed on an asset summary page (only when a scan failed).

It all really depends on your definition of not seen. For Lansweeper not seen means no connectivity whatsoever, if asset even responds to a ping, that means it's still active somewhere.
0 Kudos
JacobH
Champion Sweeper III

‎02-12-2019 02:36 PM

Yeah, it's confusing, but Last Tried is just as important for my reporting as Last Seen... *especially with Active Scanning.

Active Scanning attempts to scan anything that authenticates to a domain controller - regardless of if it is a windows machine or not. Example, if you have ESX hosts that are joined to AD, it will scan those with active scanning too...

So for me, I have a lot of VDI machines that can't get scanned due to a few reasons, however, LS attempts to scan them because they authenticated to a domain controller. The result is a blank 'WIndows' asset in red, OS is 'Not Scanned', etc... but the Last Tried value keeps increasing daily.

It's a great way for me to tell 'hey this box used to scan properly, but now it's not' or 'hey is this asset *really* inactive?

but yeah, confusing.

0 Kudos
ChrisParr
Engaged Sweeper II

‎09-28-2018 10:28 AM

So "Last Tried" only updates if Lansweeper gets at least a partial response to a scan attempt, "Last Seen" only updates on a successful scan attempt, and clean up only happens if "Last Tried" is older than the cut off you configure?

That's very confusing given the pre-built "Device: Not seen in the last X days" reports only show the "Last Seen" column by default, and the KB article https://www.lansweeper.com/knowledgebase/performing-automated-database-cleanups/ and automated cleanup settings both refer to "Last seen" rather than "Last tried".

It also doesn't match the behaviour we see with Windows PCs where the "Last Tried" value updates even if ping and RPC connections fail.
Todd
Engaged Sweeper III
In response to ChrisParr

‎02-12-2019 02:10 PM

I agree this is very confusing.
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎09-27-2018 01:13 PM

If the device only respond to pings and SNMP is turned off, Lansweeper will keep updating the Last Tried value, since the asset will still be considered active, Lansweeper's cleanup options will not touch it.

If it gets manually deleted, a new asset page with a general Network Device asset type will be created with whatever information was available via HTTP or HTTPS (or other protocols which are open)
0 Kudos
ChrisParr
Engaged Sweeper II

‎09-27-2018 10:56 AM

So if a device was scanned using SNMP, but later a config change means that the device still responds to pings but no longer responds fully to SNMP, then even though it's still on the network it's Last seen value won't change and it could potentially be aged out?

What would happen when it ages out and is re-detected with just ping in a subsequent scan?
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎09-26-2018 03:06 PM

Last seen values will only update when a successful scan has completed. If an asset is attempted to be scanned, but the scan was unsuccessful, the Last Tried value will update instead of Last seen.
0 Kudos
JoeJoeJoe
Engaged Sweeper II
In response to Esben_D

2 weeks ago

I have an issue where the device is pingable from the scan server but it is stuck in Non-Active state even though I have rescanned it multiple times.

It is reporting SSH and SNMP Scan issue, however it is having issues because we disabled SSH and SNMP. However the device is still on the network and it is active.

What is the definition of Active? is it pingable or scannable

0 Kudos
Jacob_H
Lansweeper Employee
Lansweeper Employee
In response to JoeJoeJoe

2 weeks ago

Hey JJJ:  The device needs to be successfully scanned, because the current scanner doesn't port scan nor fingerprint devices -  so, it can't guarantee that the device is the same device.  SNMP is generally required for monitoring systems such as Solarwinds Orion, PRTG, and ITAM apps such as Lansweeper, so what I usually do is restrict SNMP to respond only to approved IP addresses such as the monitoring server and Lansweeper server... and use SNMPv3 if possible.

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
li.common.scroll-to.top