MonitorWare Knowledge Base

I have the following setup:

1 kiwi syslog daemon
1 monilog

1 eventreporter 5.2

1 eventreporter 4.x

the events coming from 4.x come through, but the ones of the new 5.2 dont. Looking at the logfile, I have the impression that eventreporter generates part of the event twice (see below). Can I turn this off?

An example of the log file is:
for 4.x
03-02-2004 07:19:51 Local0.Warning aneth EvntSLog:15592: [WRN] Tue Mar 02 07:19:16 2004: N\A/DNS Server/ANETH/DNS (9999) - "The DNS server has encountered numerous run-time events... "

WHICH IS OK

for 5.2
03-02-2004 07:37:50 Local0.Notice elecpc52 Mar 2 07:37:05 ELECPC52 EvntSLog: [AUS] Tue Mar 02 07:37:05 2004: ELECPC52/Security (576) - "Special privileges assigned to new logon: User Name: .... "

WHICH DOES NOT COME THROUGH

Hi,

both EventReporter 4.x and 5.2 are rather old.
5.2 also has a few bugs that have been fixed till Version 5.4.

So I highly recommend that you use EventReporter 5.4 for further testing instead of the older 5.2 one.

You can download 5.4 from this location:
http://www.eventreporter.com/en/Download/

Oeps, I mistyped the version number. It is eventreporter 6.2 instead of 5.2 that does not produce the monilog output.

The old 4 version does the job well.

Oh ok that changes the whole thing a little bit.

Please note that EventReporter 6.x has a complete rewritten engine which is much more complex then the older 4.x or 5.x one.

The default configuration just forwards Eventlog messages to a local syslog server. If you want to have the same format of the messages as in 4.x, you can enable "Use legacy format" in your "EventLog Monitor".

However I am not sure If I got your problem right. Could explain further what exactly does not work correctly?

Yves,

I suggest you check your settings if they match the required ones outlined in this FAQ:

http://www.monilog.com/Common/en/FAQ/Lo ... onilog.asp

The product evolves and customer-requested features are brought in - unfortunately this also means we need to fiddle a little more to keep the format in a consistent state. The FAQ was specifically created as a shortcut so that you have all important settings in one place.

I hope this helps,
Rainer

when I try to generate a report with monilog, the events that were forwarded by the older version of eventreporter appear just fine.

The ones that are sent to the syslog server (kiwi) by the latest eventreporter do not appear. Legacy mode is enabled.

Looking at the log files above, one can see that part of the information appears twice in the events forwarded by the new eventreporter, and I do not understand why this happens

the error encountered in the monilog logfile is

Log time parsing error: Day 'EvntSLog:' out of range 1..31 at MoniLog.ctrl line 729

I hope that this makes it more clear. Sorry for the sloppy explanation.

Hello,

Have you checked that the settings as shown in the following FAQ are correct in your case?

http://www.monilog.com/Common/en/FAQ/Lo ... onilog.asp

Best Regards
Wajih
Adiscon