Getting HostMon and the extended logs on Windows 2012r2

david.matthewson · Post by **david.matthewson** » Wed Jan 18, 2017 11:24 am

I use HostMon to 'read' NT type Sys & App logs on servers and this works fine.

I'd like to get it read the 'extended' logs that Windows servers have, but can't see how.

Alex - is this even possible? If not can it go on the wish list for 11.x?

KS-Soft · Post by **KS-Soft** » Wed Jan 18, 2017 11:33 am

NT Event Log test method?
I think you just need to switch from Windows NT to Windows Vista mode when setup test (Compatibility option in Test Properties dialog)

Regards
Alex

david.matthewson · Post by **david.matthewson** » Wed Jan 18, 2017 11:51 am

KS-Soft wrote:NT Event Log test method?
I think you just need to switch from Windows NT to Windows Vista mode when setup test (Compatibility option in Test Properties dialog)

Regards
Alex

Perhaps - I'm using the classic NT mode as I've never been able to get Vista mode to work...

[/url]

First pic is the detailed logs I'd like to get HM to read..

2nd pic is reading logs from a remote W2012r2 box using classic NT mode... but only shows basic logs..

3rd pic is what I get if I try to use Vista mode and point HM at a W2012r2 box as the target..

I'm obviously being a clutz.. what am I missing pls?

Thanks

D

KS-Soft Europe · Post by **KS-Soft Europe** » Wed Jan 18, 2017 1:53 pm

Windows API, used by "NT mode" does not support "extended" logs.
If HostMonitor is started on Windows 2003 or Windows XP - it will not be able to use newer NT Log API (Windows Vista mode).
What Windows OS do you have installed on HostMonitor system?

david.matthewson · Post by **david.matthewson** » Wed Jan 18, 2017 2:05 pm

In this case HM is running as a service on a Win2012R2 box but I've seen the same problem (probably me!) when it's run on a Win 2008 x64 box.

Thanks!

KS-Soft Europe · Post by **KS-Soft Europe** » Thu Jan 19, 2017 3:24 pm

Could you try using FQDN or IP instead of NetBIOS name?

This issue can be cause by Firewall.
If you are using Windows Firewall, you may allow the following rules (e.g. using GPO):
COM+ Network Access (DCOM-In)
Remote Event Log Management (NP-In)
Remote Event Log Management (RPC)
Remote Event Log Management (RPC-EPMAP)
Windows Management Instrumentation (ASync-In)
Windows Management Instrumentation (DCOM-In)
Windows Management Instrumentation (WMI-In)

Some related links:
http://www.computerperformance.co.uk/po ... t_Remoting
https://www.netwrix.com/kb/1291

david.matthewson · Post by **david.matthewson** » Thu Jan 19, 2017 5:12 pm

Thanks - will try that & revert.

david.matthewson · Post by **david.matthewson** » Tue Jan 24, 2017 8:54 am

david.matthewson wrote:Thanks - will try that & revert.

Still investigating this - anomalous result so will dig deeper.

More soon ;}

Thanks

D