rajbir singh

Time delay in Window's log collection using Winrm

Discussion created by rajbir singh on Aug 24, 2020
Latest reply on Aug 24, 2020 by rajbir singh

Hello All, 

 

We have window's server integrated on VLC using winrm and we are facing some issue in log collection time. 

 

we have checked raw event log and found there is huge gap in event generation time and even collection time. 

 

For few server we found event generation time is around 6-7 hours and for few server time gap is in days. 

 

In windows log collection we have selected read all event and render event option. 

 

we have tried to uncheck read all event but still facing the same issue. 

 

Also, we checked time zone on netwitness stack and found it is configured as UTC +000. also tried to set time zone local which is IST but still issue is same. 

 

we have just recently upgraded our NW stack from 11.1 to 11.3.2. 

 

Any idea what is the reason of this behavior?

 

We checked all the logs and found only windows collection is behaving like this rest all collection like syslog, ODBC are working as expected. 

 

Please suggest any troubleshooting steps. 

 

Thanks in advance. 

Outcomes