Event ID Description Not Found?

Support, Questions and Discussions on EventReporter

Moderator: alorbach

Google Ads


Event ID Description Not Found?

Postby jeffclark » Thu Feb 26, 2009 5:04 pm

Hi there,

Have just download the trial version of EventReporter and installed it on a Windows 2008 Server Standard with SP1. So far so good. If I can get some advice on the following it may swing the decision to register for a full copy...

I have everything set up and forwarding events to a syslog server (Solarwinds Orion). Great! However I am trying to filter this to just forward certain Windows Auditing events which I think I have done. However, when I check the syslog server and view the forwarded events I see messages like the one below that state the Event ID description could not be found?

Message details - server name and username changed for security reasons.
<servername.domain> EvntSLog: RealSource:"<servername.domain>" 4658 Microsoft-Windows-Security-Auditing 12800 The description for Event ID ( 4658 ) in Source ( Microsoft-Windows-Security-Auditing ) could not be found. It contains the following insertion string(s): S-1-5-21-679025019-1726819077-794372410-26736 ewimp WOXFORD 0x1073648 Security 0x16dc 0x4

Now I can check the server event log for the exact details but I'd rather not have to do that. Is there something in the config I am missing? Is it a windows 2008 thing? Or is it just because the event/s do not have descriptions and so cannot be reported?

Any clues, ideas or help appreciated!

Thanks
Jeff
jeffclark
New
 
Posts: 2
Joined: Thu Feb 26, 2009 4:39 pm

Re: Event ID Description Not Found?

Postby rgerhards » Thu Feb 26, 2009 6:05 pm

Hi Jeff,

you need to run the event log monitor V2. Under Windows 2008, the "old style" monitor is no longer permitted to read security event log information (it's not an EventReporter issue but rather a MS API change).

Please let me know if that solves the issue.

Rainer
rgerhards
Site Admin
 
Posts: 3806
Joined: Thu Feb 13, 2003 11:57 am

Re: Event ID Description Not Found?

Postby jeffclark » Fri Feb 27, 2009 10:35 am

That did the trick! Thanks for the advice.

Now to fine tune the settings so our Syslog server doesn't get swamped with unnecessary messages!

Thanks again
Jeff
jeffclark
New
 
Posts: 2
Joined: Thu Feb 26, 2009 4:39 pm

Google Ads



Return to EventReporter

Who is online

Users browsing this forum: No registered users and 0 guests

cron