RSA Admin

Undefined MSSQL messages messages on 2008 servers

Discussion created by RSA Admin Employee on Nov 9, 2011
Latest reply on Nov 10, 2011 by RSA Admin

We're running enVision 4.0 SP4 Patch 3.   For Windows collection, we are on content 2.0.  The most recent Windows ESU we have installed is from April 2011.


We collect MSSQL server logs from both Windows 2003 and Windows 2008 servers.  The MSSQL logs collected from the Windows 2008 servers are all undefined and don't parse. 


The message header is %NICWIN-4-Application_18453_MSSQLSERVER


I mean, like, half of the messages coming from these servers are Windows Application logs, but they're undefined.  For one server, in the last hour it generated 130,000 messages, and 65,000 of them are undefined, and have the header above in them.


  • Does anyone know if by now, November 2011, these Windows 2008 MSSQL server messages are defined and parse?