M100859: Large numbers of *.plc files accumulate in the PolicyComplianceLogs folder on the administration server or distribution servers

Summary

This article describes a configuration of ManageSoft Deployment Manager managed devices which can result in large numbers of files with an extension of ".plc" accumulating in the PolicyComplianceLogs folders of the administration server and distribution servers. These files are generated and uploaded by managed devices if a particular configuration setting is turned on, but there is not currently any functionality built in to ManageSoft Deployment Manager to use or do anything with these files.

Symptoms

A large number of files with the extension ".plc" accumulate in the ManageSoft\Incoming\PolicyComplianceLogs folder on the administration server and/or distribution servers. Once these files appear in the PolicyComplianceLogs folder, they never disappear. Over time, the disk space used by these files can become significant.

Cause

The ".plc" files (known as &quotpolicy compliance logs&quot) are generated on managed devices when policy is applied if the ReportCompliance installation agent preference is set to True. Typically this setting is configured in the following registry entry:

HKLM\SOFTWARE\ManageSoft Corp\ManageSoft\Launcher\CurrentVersion\ReportCompliance

This registry entry will be set to True if the following option is selected (checked) in a managed device settings package that is targeted to a device:

Security Management Agent Report Compliance
or
PolicyAgent &ampgt Merging Report Compliance

The preference may also be configured in the HKCU area of the registry, and/or on the command line of the installation agent when it is invoked to apply policy. However those configurations are very unlikely to occur in practice.

Policy compliance log files contain information about whether packages have been applied successfully to the device as specified by policy. While the capability to generate these files is built in to managed devices, there is no functionality in other parts of the Deployment Manager system that uses or relies on these files. Hence the ReportCompliance installation agent preference should typically left unchanged from its default value of False, unless you have a customization in place that will make use of the policy compliance logs.

Resolution

To stop policy compliance log files from being generated and uploaded from managed devices, ensure that ReportCompliance installation agent preference is set to False. A common approach that may have been taken that results in this preference being set to True is to turn on the Security Management Agent Report Compliance or PolicyAgent Merging  Report Compliance setting within a managed device settings package.

Unless you have a need or use for any policy compliance log files that have accumulated within a PolicyComplianceLogs directory, you can safely delete these files at any time. The ManageSoft system itself will not use these files.

It is likely that the Security Management Agent Report Compliance setting will be removed or changed for improved clarity in future releases of Deployment Manager.

Comments

Powered by Zendesk