NT Event Log
NT Event Log
Hi, I'm having a problem using Hostmon to search an NY event log for messages. Host mon always comes back that it is OK even though I know the event message I'm searching for is in the log.... Any help would be appreciated!!
Could you please provide more information?
- HostMonitor version?
- Windows version?
- Service Pack?
- are you checking local or remote system?
- HostMonitor started as application or service?
- what account do you use to start HostMonitor?
- test properties: could you export test item into text file and publish it here? Or send HML file with tests to support@ks-soft.net
Regards
Alex
- HostMonitor version?
- Windows version?
- Service Pack?
- are you checking local or remote system?
- HostMonitor started as application or service?
- what account do you use to start HostMonitor?
- test properties: could you export test item into text file and publish it here? Or send HML file with tests to support@ks-soft.net
Regards
Alex
- HostMonitor Version 4.74
- Windows 2000
- Service Pack 4
- Checking the event logs on a remote system
- HostMonitor running as a service
- Using a domain administrator account with Administrator access on the local and remote servers
- Test Properties:
;-----------------------------------------------------------------------------
;- HostMonitor`s export/import file -
;- Generated by HostMonitor at 11/12/2004 10:32:17 PM -
;- Source file: C:\Program Files\HostMonitor4\HostMon.hml -
;- Generation mode: Selected_Tests -
;-----------------------------------------------------------------------------
; ------- Test #01 -------
Method = NTLog
;--- Common properties ---
;DestFolder = Test\
Title = Check for VBRuntime Errors
Comment = Check for VBRuntime Errors
RelatedURL =
ScheduleMode= Regular
Schedule =
Interval = 600
Alerts = E-mail On Call
ReverseAlert= No
UnknownIsBad= Yes
UseCommonLog= Yes
PrivateLog = C:\Program Files\HostMonitor4\Logs\SrvLog-%yy%-%mm%-%dd%.Log
PrivLogMode = Full
CommLogMode = Brief
;--- Test specific properties ---
Computer = \\RemoteSrv
Log = Application
Source = VBRuntime
CheckComp = Any
CheckType = Any
CheckID = Any
CheckDescr = Any
CompList =
TypeList = Error
IDList =
DescrList =
ReportMode = AllEvents
;-----------------------------------------------------------------------------
; Exported 1 tests
Thanks!!
- Windows 2000
- Service Pack 4
- Checking the event logs on a remote system
- HostMonitor running as a service
- Using a domain administrator account with Administrator access on the local and remote servers
- Test Properties:
;-----------------------------------------------------------------------------
;- HostMonitor`s export/import file -
;- Generated by HostMonitor at 11/12/2004 10:32:17 PM -
;- Source file: C:\Program Files\HostMonitor4\HostMon.hml -
;- Generation mode: Selected_Tests -
;-----------------------------------------------------------------------------
; ------- Test #01 -------
Method = NTLog
;--- Common properties ---
;DestFolder = Test\
Title = Check for VBRuntime Errors
Comment = Check for VBRuntime Errors
RelatedURL =
ScheduleMode= Regular
Schedule =
Interval = 600
Alerts = E-mail On Call
ReverseAlert= No
UnknownIsBad= Yes
UseCommonLog= Yes
PrivateLog = C:\Program Files\HostMonitor4\Logs\SrvLog-%yy%-%mm%-%dd%.Log
PrivLogMode = Full
CommLogMode = Brief
;--- Test specific properties ---
Computer = \\RemoteSrv
Log = Application
Source = VBRuntime
CheckComp = Any
CheckType = Any
CheckID = Any
CheckDescr = Any
CompList =
TypeList = Error
IDList =
DescrList =
ReportMode = AllEvents
;-----------------------------------------------------------------------------
; Exported 1 tests
Thanks!!
The event log hasn't been cleared in quite some time. How does Hostmon determine where in the eventlog it should start searching or does it search the whole event log each time?
The time on both systems are in sync.
The eventlog entry looks like this:
Type Date Time Source Category Event User Computer
Error 11/11/2004 10:25:32 AM VBRuntime None 1 N/A RemoteSRV
Thanks!
The time on both systems are in sync.
The eventlog entry looks like this:
Type Date Time Source Category Event User Computer
Error 11/11/2004 10:25:32 AM VBRuntime None 1 N/A RemoteSRV
Thanks!
11/11/2004 - that's why HostMonitor displays "Ok" status.Error 11/11/2004 10:25:32 AM VBRuntime None 1 N/A RemoteSRV
NT Event Log test method does not check old records. It reacts on NEW events.
When you just started HostMonitor, it looks in the event log and "remembers" parameters of the last event (time and record number). Next time test is performed, HostMonitor scans NEW records - records that were added after previous check!
HostMonitor uses time and record number parameters, so it works even if system clocks are not synchronized.
Regards
Alex
OK...but it did not go "bad" when it was a new event. ie - it was running all day on 11/11/04 but did not detect the error.
The error occured in the event log at 10:25:32 am but the log reported it as OK:
[11/11/2004 10:24:20 AM] Check for VBRuntime Errors Ok 0 ms check NT Event Log
[11/11/2004 10:34:21 AM] Check for VBRuntime Errors Ok 0 ms check NT Event Log
Also I've tried setting it to report on any events in any log and then force a new event and it still didn't catch it. Is there any way to force it to scan to whole log or put it in debug mode to see what it's doing?
Thanks!!
The error occured in the event log at 10:25:32 am but the log reported it as OK:
[11/11/2004 10:24:20 AM] Check for VBRuntime Errors Ok 0 ms check NT Event Log
[11/11/2004 10:34:21 AM] Check for VBRuntime Errors Ok 0 ms check NT Event Log
Also I've tried setting it to report on any events in any log and then force a new event and it still didn't catch it. Is there any way to force it to scan to whole log or put it in debug mode to see what it's doing?
Thanks!!