How do I monitor a non-default NT EventLog container?

[ixtab]

a TSGateway on Windows log the events into a custom container (not the default System/Application/Security). To be more specific the EventLog events are logged into this container (hierarchy):

If you expand (walk) the EventLog containers:
Event Viewer --> Applications and Services Logs --> Microsoft --> Windows --> TerminalServices-Gateway - Operational

Any idea how to plug this into the NTLog monitor?

Thanks!

[KS-Soft]

If it creates event log on Windows NT/2000/XP/2003, you may type name of the log and HostMonitor should be able to work with this log just fine.
If it uses new Event Logs technology implemented on Windows Vista/Windows Server 2008, then its a problem for HostMonitor. It does not support Vista Event Logs technology yet.

Regards
Alex

[ixtab]

Thank you Alex for the quick response. Most of our servers are 2008 based, any idea when will AHM support the 2008 EventLog monitoring? It is a great product but we are missing a lot of information due to this incompatibility. Thanks!

[KS-Soft]

Should be done in version 8 but I am not sure it will be version 8.00 or 8.10..8.20

Regards
Alex

[ixtab]

Thanks, when is 8.xx estimated release? 2009 Q1/2/3 or 4?

[KS-Soft]

I hope version 8.00 Beta will be available in March and release will be available for download in April

Regards
Alex

[ixtab]

Thanks. I'd love to beta test v8 once it becomes available (if possible), is there a beta testers group/list I can join?

[KS-Soft]

Beta version will be available for everyone.
However we noticed interesting tendency - most of people (99%?) that test Beta version never provide any feedback. So sometimes we release "stable" version with bugs and only then people start sending bug reports

Regards
Alex

[ixtab]

True. Since most of our servers are 2008 based I am sure we'll have feedback once such a version becomes available.

[Wolfgang Bach]

Hello we're running HM 8.14 and i tried to monitor our W2K8 Hyper-V Servers with an Eventlog Test on the Container:

Event Viewer --> Applications and Services Logs --> Microsoft --> Windows --> Hyper-V-xxxxxxx

Is it possible now? If i edit the Eventlog Source in the Hostmon Test to fit exactly to the description in Windows-Protocols it wont run.

Thx and regards.

[KS-Soft]

Sorry for delay. I think you should use name like "Hyper-V-VMMS" for "Source" field.

If i edit the Eventlog Source in the Hostmon Test to fit exactly to the description in Windows-Protocols it wont run.

Could you please explain what exactly means "wont run"? What is the status of the test? Ok? Unknown? Any error message in Reply field of the test?

Regards
Alex

[Wolfgang Bach]

The Status is "Ok" and it replies Warnings and Errors, but not for Elements in the "Hyper-V-VMMS"-Container. It returns the entries from the Application Windows Protocol.

Thx and regards.

[KS-Soft]

This means HostMonitor is able to retrieve records from event log, just does not "see" such event.
However I was wrong about source name. According to the following article
http://technet.microsoft.com/en-us/libr ... S.10).aspx
event source should be "Microsoft-Windows-Hyper-V-VMMS"

Regards
Alex

[Wolfgang Bach]

I did so, but it replies with entries from the Windows-Apllication-Eventlog.

[KS-Soft]

We will install Microsoft Virtual Machine and try to get some events..
Actually you may try this trick as well: setup NT Event Log test using empty "Event source" field. In this case HostMonitor will react on events from any source. Then use some action (e.g. Send e-mail or Execute external program) with %NTEventSource% macro variable to check what source is retrieved by HostMonitor.

Regards
Alex