Windows Logs Windows Events Error
I'm having two different problems trying to connect new Event Log files through the Manage Windows Log option in enVision.
The first one is from "Office Communications Server", hosted in a Windows 2003 server. I add the file name as it's seen in the "System32\Config" folder (without the .evt) and looks like the Agentless Windows Log Service likes it, because there's no error from the wintool application:
12:58:02> show entry ip xxx.xxx.xxx.xxx( 0) POLLING xxx.xxx.xxx.xxx Office Communications Server ( 900 ~ ) None (Ok)
Everything looks fine but there are no messages. After generating some events, something goes wrong:
13:03:40> show entry ip xxx.xxx.xxx.xxx( 0) DISABLED xxx.xxx.xxx.xxx Office Communications Server Microsoft Windows Server 2003 R2 (84600 ~ ) Fri Sep 17 12:28:13 2010 (Unabled to load strings for 'Microsoft Windows Server 2003 R2' Thu Sep 16 12:58:13 2010 0 events (0.000 eps) 0 bytes (0.000 Bps) 1.397 seconds 0.000 real eps (stable) Unabled to load strings for 'Microsoft Windows Server 2003 R2'
The other problem I have occurs when I want to add the Hyper-V event logs from a Windows Server 2008 R2.
I couldn't find any .evt file on "System32\Config". Looks like in the new systems the .evt files have disappeared from this folder, and those files are now located at the "System32\winevt\Logs" folder, with the .evtx extension.
Even so, looks like enVision still has access to the regular logs, as I can still get the Application/Security/System logs. But when I try to add some of the files where the Hyper-V components store their logs, enVision doesnt seem to find them. The name specified in the "Manage Windows Logs" section of the GUI is the same as the event file name, without the .evtx extension: "Microsoft-Windows-Hyper-V-VMMS-Admin".
This is the output from wintool.exe
( 0) DISABLED xxx.xxx.xxx.xxx Microsoft-Windows-Hyper-V-VMMS-Admin Windows 7 (84600 ~ ) Fri Sep 17 12:27:47 2010 (Log file does not exist on device.) Thu Sep 16 12:57:47 2010 0 events (0.000 eps) 0 bytes (0.000 Bps) 0.025 seconds 0.000 real eps (stable) Log file does not exist on device.
I don't think it's a privilege issue on none of both problems, as we use an administrator user and we can retrieve the regular "System/Security/Application" Event Logs without problems.
Some help would be much appreciated.
Ok, I've found a solution to the 2008 / Hyper-V problem so I'll reply myself in case it can help others: the solution is in the new Windows Eventing collector service.
Still confused about the OCS / Windows 2003 problem though.