Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

My Monilog report is empty

Support, Questions and Discussions on MoniLog

Moderator: alorbach

Google Ads


My Monilog report is empty

Postby carteran » Mon Apr 28, 2003 6:13 am

Greetings,

My Monilog reports do not return any data even though the logs being analysed have relevant events. The foot of the report states:
"The logs for the selected time interval exist and contain events but none of them match the selected criteria"

This indicates that Monilog can access the log file and that it's contents are meaningful. I have checked the hints which follow this message but my configuration appears OK with the possible exception of the hint "the EventReporter settings are not configured properly for MoniLog so expected fields are missing".
My configuration details are as follows:

EventReporter V5.4.163
---------------------------
EventReporter runs on each of out windows 2000 hosts and send logs to our syslog server (Solaris). This configuration works fine and aggregated Windows logs appear at a single location on the UNIX box. The

EventReporter clients are configured to "Use Monilog" and the "Use legacy format" and "Add FacilityString" check boxes are checked in the General tab of each client.

Monilog v2.0.137
------------------
Monilog runs on a Windows host with access to the syslog log files which hold the aggregated windows events.
I have set up a monilog profile with "Servers to analyse' = "*' and the report options set to report on all event types for the last 24 hours. There are **definitely** log entries in the log file being analysed which satisfy this criteria. an example entry follows (hostname = "evalce"):

<snip>
Apr 28 09:34:54 evalce EvntSLog:787553: [WRN] Sun Apr 28 03:34:22 2003: N\A/System/EVALCE/NETLOGON (5773) - "The DNS server for this DC does not support dynamic DNS. Add the DNS records from the file 'SystemRoot\System32\Config\netlogon.dns' to the DNS server serving the domain referenced in that file."
<snip>

Help !!
--------
Can anyone verify that the log entry above is in the correct format.
Can anyone supply me with the working configuration for the General tab in Monilog for my setup (Windows EventReporter/Solaris syslog).
Can anyone suggest more specific reasons why my config is failing to populate the Monilog report.

Thanks in advance

Tony
carteran
 

Postby alorbach » Mon Apr 28, 2003 10:17 am

Hi,

Monilog depends on the correct logging format, even a single different will make it not working correctly.

Currently a logfile entry looks like this at your end.
Code: Select all
Apr 28 09:34:54 evalce EvntSLog:787553: [WRN] Sun Apr 28 03:34:22 2003: N\A/System/EVALCE/NETLOGON (5773) - "The DNS server for this DC does not support dynamic DNS. Add the DNS records from the file 'SystemRoot\System32\Config\netlogon.dns' to the DNS server serving the domain referenced in that file.


The first thing I see is, that the "Add Username" option in Eventreporter should be unchecked, but anything else from the Eventreporter format is correct.

But the whole logfile format is not correct. If you are using "WinSyslog" as Syslog Server Type, it should like the following line:

Code: Select all
2002-04-08,09:34:54,EVALCE,16,5,EvntSLog:787553: [WRN] Sun Apr 28 03:34:22 2003: System/EVALCE/NETLOGON (5773) - "The DNS server for this DC does not support dynamic DNS. Add the DNS records from the file 'SystemRoot\System32\Config\netlogon.dns' to the DNS server serving the domain referenced in that file.


You can try the "BSD Syslog Server" option in Syslog Server type as well.
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: My Monilog report is empty

Postby agrigorof » Mon Apr 28, 2003 2:56 pm

Tony,

Can you email a small log sample as an attachment to support@adiscon.com? The reason for this is that when you copy/paste the log entries, some of the delimiters may be replaced by blank spaces so it is hard for us to identify the exact log format. Please keep the same file name - this way we can emulate the your settings and identify the problem.

carteran wrote:Greetings,

My Monilog reports do not return any data even though the logs being analysed have relevant events. The foot of the report states:
"The logs for the selected time interval exist and contain events but none of them match the selected criteria"
[...]
Can anyone suggest more specific reasons why my config is failing to populate the Monilog report.

Thanks in advance

Tony
agrigorof
 

Google Ads



Return to MoniLog

Who is online

Users browsing this forum: No registered users and 0 guests

cron