Windows Event Forward Plugin failed to read events

Hi I had integrated one MS Windows Server 2008 machine via winrm method.

Now what the issue I had noticed with this machine is that it's giving an error and the loging of this machine gets stopped after some certain minutes.

The error I had seen on the Log Collector is:

[WINTRDABFVBC.172_20_29_29] [processing] [WorkUnit] [processing] Unable to pull events from Windows event source 172.20.1.3: Fault Code : s:Receiver Subcode : w:InternalError Reason : The array bounds are invalid.  Fault Detail : Windows Event Forward Plugin failed to read events.

Then I found one solution to fix this. Below is the solution which I applied. The solution helped me and then the logs started coming from the same machine.

But after 1 week the problem re-exists and again I'm getting the same error message for the MS Windows machine.

Step 1

To check the current limit , Log on to the machine configured with WinRM  and get the cmd line result of :  wevtutil gl Security

Here we are looking for the "maxSize"

Step 2

In the Group Policy Management Editor, expand Computer Configuration > Policies >

Administrative Templates > Windows Component.

Edit Maximum log Size :  Enabled , and increase the size to 40480 , Apply

Step 3

On the powershell of the machine, Apply a GPO force update

gpupdate /force

Step 4

Repeat step 1  to see if this took effect

Try and  readd the Collection and Monitor to see if this workaround works.

Does any know how to resolve this and permanently fix this issue.

Many thanks.

Regards,

Deepanshu Sood.