NT Event Log

[mmacinto]

Hi, I'm having a problem using Hostmon to search an NY event log for messages. Host mon always comes back that it is OK even though I know the event message I'm searching for is in the log.... Any help would be appreciated!!

[KS-Soft]

Could you please provide more information?
- HostMonitor version?
- Windows version?
- Service Pack?
- are you checking local or remote system?
- HostMonitor started as application or service?
- what account do you use to start HostMonitor?
- test properties: could you export test item into text file and publish it here? Or send HML file with tests to support@ks-soft.net

Regards
Alex

[mmacinto]

- HostMonitor Version 4.74
- Windows 2000
- Service Pack 4
- Checking the event logs on a remote system
- HostMonitor running as a service
- Using a domain administrator account with Administrator access on the local and remote servers
- Test Properties:

;-----------------------------------------------------------------------------
;- HostMonitor`s export/import file -
;- Generated by HostMonitor at 11/12/2004 10:32:17 PM -
;- Source file: C:\Program Files\HostMonitor4\HostMon.hml -
;- Generation mode: Selected_Tests -
;-----------------------------------------------------------------------------


; ------- Test #01 -------


Method = NTLog
;--- Common properties ---
;DestFolder = Test\
Title = Check for VBRuntime Errors
Comment = Check for VBRuntime Errors
RelatedURL =
ScheduleMode= Regular
Schedule =
Interval = 600
Alerts = E-mail On Call
ReverseAlert= No
UnknownIsBad= Yes
UseCommonLog= Yes
PrivateLog = C:\Program Files\HostMonitor4\Logs\SrvLog-%yy%-%mm%-%dd%.Log
PrivLogMode = Full
CommLogMode = Brief
;--- Test specific properties ---
Computer = \\RemoteSrv
Log = Application
Source = VBRuntime
CheckComp = Any
CheckType = Any
CheckID = Any
CheckDescr = Any
CompList =
TypeList = Error
IDList =
DescrList =
ReportMode = AllEvents

;-----------------------------------------------------------------------------
; Exported 1 tests



Thanks!!

[KS-Soft]

Everything looks fine to me....
H'm, could you post event information as well?

Did you clear event log recently?
What about system time on both systems (local and remote)? Clocks are synchronized?

Regards
Alex

[mmacinto]

The event log hasn't been cleared in quite some time. How does Hostmon determine where in the eventlog it should start searching or does it search the whole event log each time?

The time on both systems are in sync.

The eventlog entry looks like this:

Type Date Time Source Category Event User Computer
Error 11/11/2004 10:25:32 AM VBRuntime None 1 N/A RemoteSRV



Thanks!

[KS-Soft]

[mmacinto]

OK...but it did not go "bad" when it was a new event. ie - it was running all day on 11/11/04 but did not detect the error.

The error occured in the event log at 10:25:32 am but the log reported it as OK:


[11/11/2004 10:24:20 AM] Check for VBRuntime Errors Ok 0 ms check NT Event Log
[11/11/2004 10:34:21 AM] Check for VBRuntime Errors Ok 0 ms check NT Event Log


Also I've tried setting it to report on any events in any log and then force a new event and it still didn't catch it. Is there any way to force it to scan to whole log or put it in debug mode to see what it's doing?

Thanks!!

[KS-Soft]

Very strange.... Don't see any explanation.
Could you try to setup HostMonitor to check local event log (on local system)? How it works?

Regards
Alex