monilog logging all Windows 2000 events under "non wind

Support, Questions and Discussions on MoniLog

Moderator: alorbach

Google Ads


monilog logging all Windows 2000 events under "non wind

Postby TimCooper » Sun Nov 30, 2003 3:46 pm

I have just downloaded Monilog to evaluate its use in our environment. We already have licenses for WinSysLog and Eventreports and are using those already to consolidate about 7 windows 2000 servers onto one syslog server. If I use Winsyslogs interactive event viewer things seem to be fine, however if I do a report on the new monilog reports it shows all of the events as "non windows" and therefore does not group them properly?

All events are logged via winsyslog to an SQL server on the same box. If I look into the database table that its logging to I can see that there are two fields that are null for all records :-

EventLogType
GenericFileName

All other fields have information in.

Out of interest the priortity field which I believe holds the relevant event log type shows a numeric value and not a text value?

Any help appreciated
TimCooper
New
 
Posts: 7
Joined: Sun Nov 30, 2003 3:41 pm

Postby agrigorof » Sun Nov 30, 2003 5:02 pm

Can you provide an example of the what the "Message" field contains? The only fields used by Monilog are "ReceivedAt" and "Message". To qualify as a "Windows" event the messages have to contain the "EvntSLog" tag - that's how Monilog differentiate them from "non-Windows". If possible, email us (support@monilog.com) a sample of you database so we can look at it - we may send you the a beta version of MoniLog2x - an improved version of the current MoniLog 2.0
agrigorof
 

Postby TimCooper » Sun Nov 30, 2003 5:16 pm

Hi,

Okay here is the database setup :-

Column Name DataType Length
ID Bigint 8
ReceivedAt DateTime 8
DeviceReportedTime DateTime 8
Facility BigInt 8
Priority BigInt 8
FromHost Char 60
Message Char 1000
Importance BigInt 8
NTSeverity BigInt 8
InfoUnitID BigInt 8
SyslogTag Char 60
EventLogType Char 60
GenericFileName Char 60

And a sample of data is as follows. Field per line from top down (as above)

536553
30/11/2003 14:59:01
30/11/2003 15:01:56
16
5
10.42.5.162
"EvntSLog: RealSource:""GBVWFSMKS00028"" [INF] Sun Nov 30 15:01:56 2003: GBVWFSMKS00028/Adiscon EvntSLog (105) - ""The service was started.""
5
4
1
<NULL>
<NULL>
TimCooper
New
 
Posts: 7
Joined: Sun Nov 30, 2003 3:41 pm

Postby TimCooper » Sun Nov 30, 2003 5:37 pm

Ahh things start to get more complicated :)

If I turn off the "Add syslog Source when forwarding to the other syslog servers" option I then get the relevant EventLog Type. However I then see no entries on the monilog report. It shows 3 hits for information, however does not show them?
TimCooper
New
 
Posts: 7
Joined: Sun Nov 30, 2003 3:41 pm

Postby TimCooper » Sun Nov 30, 2003 6:00 pm

Problem solved, if I turn off the option from my last post on both the winsyslog server and the eventreporter it works fine.

Perhaps its worth putting a note somewhere about this. If either of these options are ticked then Monilog does not understand that its a windows event log being reported on and as such does not group properly?

Hope this helps someone else!
TimCooper
New
 
Posts: 7
Joined: Sun Nov 30, 2003 3:41 pm

Postby agrigorof » Sun Nov 30, 2003 6:01 pm

Yes, adding the syslog source creates problems for Monilog. So after you removed that how does the Message field look like? Post also the ReceiveAt fied. Monilog creates a "debug.log" file in the location configured for the reports. Can you email or post the content of debug.log?
agrigorof
 

Google Ads



Return to MoniLog

Who is online

Users browsing this forum: No registered users and 0 guests

cron