Why is the agent status listed as Frozen or Idle or Disconnected?

In EventSentry 3.3 series and newer, there are multiple ways to check the agent status, and they are performed in this order:

1. Read collector connections
2. Read database activity
3. Request agent status via RPC

Starting in EventSentry 4.2.3.132 and onwards, if the collector is enabled, these are the checks for the agent status and the order in which they are performed:

1. Read collector connections
2. Read database activity

The first two options are extremely fast and require no additional settings or permissions to configure. The last option can be slow depending on network speed and the operating system load on the remote agent, and it also requires the [correct permissions to be configured] in order to succeed. In EventSentry 4.2.3.132 and onwards, if the collector is enabled the RPC check is not performed because if the agent hasn't been able to reach the collector or the database it is having a serious connection problem that should be investigated.

For the agent status to be listed as Frozen or Idle, the agent has not communicated with the collector or the database for several minutes, and the current agent status could not be verified over RPC either. The agent may have stopped working, and should be investigated.

The following collector or database activity thresholds are used for the agent status:

• Activity in the past 0 to 6 minutes: Active Agent (Agent Status = OK)
• Activity in the past 6.1 to 11 minutes : Idle Agent
• No activity for 11.1 minutes or more: Frozen Agent
• Idle or Frozen Agent, with permission error during RPC check or skipped RPC check: Disconnected Agent

Sometimes an agent will change between OK, Idle, Frozen, and then back to OK again somewhat regularly. This can occur if the agent does not have data to transmit very often to meet the Active Agent criteria, and the agent status also was not verified over RPC. You can either force the agent to use the collector or database every 5 minutes and meet the Active Agent criteria, or if you are not using the collector you can [fix the RPC-based permissions] so that the agent status can always be verified regardless of activity levels.

To force the agent to use the collector or database every 5 minutes:

1. Go into the EventSentry console and select Packages > System Health on the left.
2. Select your Inventory or General Monitoring package, and select the Software/Hardware Inventory object in the package.
3. Ensure that the "Record in Database" setting is enabled, and that the correct database action is selected.
4. Ensure that the "Refresh Uptime" setting is to refresh every 5 minutes. Starting with EventSentry 3.4 series, the uptime will automatically refresh every 5 minutes when the inventory is enabled and you don't have to configure the uptime refresh settings. This does not cause the database to grow since the original value is overwritten.
5. Ensure that the Inventory or General Monitoring package is assigned to the affected hosts
6. Save and then push the new settings to the affected hosts. It may take 10 minutes for the status to stabilize.