Hernan Perez

Windows Logs Windows Events Error

Discussion created by Hernan Perez on Sep 16, 2010
Latest reply on Sep 23, 2010 by Hernan Perez

Hi,

 

I'm having two different problems trying to connect new Event Log files through the Manage Windows Log option in enVision.

 

First problem:

 

The first one is from "Office Communications Server", hosted in a Windows 2003 server. I add the file name as it's seen in the "System32\Config" folder (without the .evt) and looks like the Agentless Windows Log Service likes it, because there's no error from the wintool application:

 

 

12:58:02> show entry ip xxx.xxx.xxx.xxx(    0)       POLLING   xxx.xxx.xxx.xxx Office Communications Server                              (  900 ~ )                 None (Ok)

 

Everything looks fine but there are no messages. After generating some events, something goes wrong:

 

 

 

13:03:40> show entry ip xxx.xxx.xxx.xxx(    0)      DISABLED   xxx.xxx.xxx.xxx Office Communications Server Microsoft Windows Server 2003 R2 (84600 ~ ) Fri Sep 17 12:28:13 2010 (Unabled to load strings for 'Microsoft Windows Server 2003 R2'        Thu Sep 16 12:58:13 2010 0 events (0.000 eps) 0 bytes (0.000 Bps) 1.397 seconds 0.000 real eps (stable) Unabled to load strings for 'Microsoft Windows Server 2003 R2'

 

Second problem:

 

The other problem I have occurs when I want to add the Hyper-V event logs from a Windows Server 2008 R2.

I couldn't find any .evt file on "System32\Config". Looks like in the new systems the .evt files have disappeared from this folder, and those files are now located at the "System32\winevt\Logs" folder, with the .evtx extension.

Even so, looks like enVision still has access to the regular logs, as I can still get the Application/Security/System logs. But when I try to add some of the files where the Hyper-V components store their logs, enVision doesnt seem to find them. The name specified in the "Manage Windows Logs" section of the GUI is the same as the event file name, without the .evtx extension: "Microsoft-Windows-Hyper-V-VMMS-Admin".

 

This is the output from wintool.exe

 

 

(    0)      DISABLED    xxx.xxx.xxx.xxx Microsoft-Windows-Hyper-V-VMMS-Admin                    Windows 7 (84600 ~ ) Fri Sep 17 12:27:47 2010 (Log file does not exist on device.)        Thu Sep 16 12:57:47 2010 0 events (0.000 eps) 0 bytes (0.000 Bps) 0.025 seconds 0.000 real eps (stable) Log file does not exist on device.

 

I don't think it's a privilege issue on none of both problems, as we use an administrator user and we can retrieve the regular "System/Security/Application" Event Logs without problems.

 

Some help would be much appreciated.

 

 

Thanks.

 

Outcomes