Back to your phpLogCon instanceI've just downloaded and installed WinSysLog and EventReporter on my Primary Domain Controller NT40sr6. I'm following the 'How to setup Windows NT centralize Monitoring' step by step. At the very end of Major Step 2 it reads 'After Ste 2 is completed, the WinSyslog machine should have a log file in its C:\temp directory. This log will contain events forwarded from the EventReporter agents. Please verify if there is such a file. If it isn't check the setup you made.'
Afer setup I do not have any files in my C:\temp directory.
Thanks
Jeffrey Hunt
MonitorWare Knowledge Base
Your first source for knowledge
New Install - No Event Log Created
Moderator: alorbach
7 posts • Page 1 of 1
by alorbach on Fri Mar 07, 2003 9:29 am
In this case, please take a look into the Application Eventlog, and look for error's from WinSyslog or EventReporter Service.
I assume that the folder C:\temp exists.
Another thing you can try to trigger the whole thing is, to lower the LastRecord value on the Application tab in EventReporter Client. The EventReporter will send old events again to teh WinSyslog Server.
I assume that the folder C:\temp exists.
Another thing you can try to trigger the whole thing is, to lower the LastRecord value on the Application tab in EventReporter Client. The EventReporter will send old events again to teh WinSyslog Server.
-
alorbach - Site Admin
- Posts: 871
- Joined: Thu Feb 13, 2003 11:55 am
New Install - No Event Log Created
by Jeffrey Hunt on Fri Mar 07, 2003 3:18 pm
Yes, in the Application eventlog there were errors 'Could not connect to Syslog Server over TCP'. There were not any errors at first, but they are there now. I lowered the LastRecord value as well.
On both programs I've change the default protocol to TCP and have specified the TCP/IP address of the machine. For right now I have both EventReporter and WinSyslog installed on the same server.
Thanks for your help.
On both programs I've change the default protocol to TCP and have specified the TCP/IP address of the machine. For right now I have both EventReporter and WinSyslog installed on the same server.
Thanks for your help.
- Jeffrey Hunt
by rgerhards on Fri Mar 07, 2003 3:28 pm
Jeffrey,
can you please verify that the WinSyslog syslog service configuration does specify TCP as the protocol to use AND that it listens to the same port that EventReporter is sending data to (514).
Rainer Gerhards
Adiscon
can you please verify that the WinSyslog syslog service configuration does specify TCP as the protocol to use AND that it listens to the same port that EventReporter is sending data to (514).
Rainer Gerhards
Adiscon
-
rgerhards - Site Admin
- Posts: 1491
- Joined: Thu Feb 13, 2003 11:57 am
by rgerhards on Fri Mar 07, 2003 6:09 pm
...let me add that "normally" means Cisco PIX 
- just to avoid confusion. EventReporter sends to port 514, unless another value is explicitely specified in the services database (typically at \winnt\system32\drivers\etc\services.).
Rainer Gerhards
Adiscon
- just to avoid confusion. EventReporter sends to port 514, unless another value is explicitely specified in the services database (typically at \winnt\system32\drivers\etc\services.).
Rainer Gerhards
Adiscon
-
rgerhards - Site Admin
- Posts: 1491
- Joined: Thu Feb 13, 2003 11:57 am
Google Ads
7 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
