1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EVENTMONITOR

Discussion in 'Support' started by cgunhouse, Nov 25, 2010.

  1. cgunhouse

    Joined:
    Dec 2, 2008
    Messages:
    209
    Likes Received:
    2
    I have now moved onto EVENTMONTOR and I am having some problems

    For example to monitor the Application event log I used

    eventmonitor BC0124XX8920794 Application FOREVER D:\TC\ProcessEvent.btm

    where ProcesEvent.btm is:

    Code:
    echo Computer: %_eventcomputer
    echo Description: %_eventdesc
    echo Log: %_eventlog
    echo Source: %_eventsource
    echo Type: %_eventtype
    echo Count: %_eventcount
    
    The problem is most of the time nothing happens when an event is logged, but maybe every one and ten times I get almost what I expect. I would get everything defined in ProcessEvent except for the description, the description always comes back blank.

    Any thoughts on why this happens?

    Craig
     
  2. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    10,040
    Likes Received:
    84
    Not reproducible here.

    Note that both the TCC process running EVENTMONITOR and whatever you use to generate an event (EVENTLOG?) have to have administrator rights. (And the event generator has to have *full* administrator rights; i.e., through "run as administrator".)

    You're also not entering the UNC name of the server, though Windows can usually figure that one out.

    Did you verify (through the Windows Event Viewer) that the event is actually written to the application event log?
     
  3. cgunhouse

    Joined:
    Dec 2, 2008
    Messages:
    209
    Likes Received:
    2
    Sorry, I changed the original text because it seems that EVENTMONITOR runs but it is hit and miss, where it seems to be more miss than hit.

    I do run as an administrator, I use a fully qualified domain name for the server and I verified it against the event viewer.

    Craig
     
  4. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    10,040
    Likes Received:
    84
    It would be useful if you had a reproducible failcase.

    There's not a lot that can go wrong with EVENTMONITOR. It creates a background thread that wakes up every 5 seconds and looks at the event log. If there are new records (i.e., if there are more records than the last time the thread looked), it reads the event log looking for a match with the requested description / type / source.

    We have a number of large corporate customers who use EVENTMONITOR extensively, so I'm fairly sure there aren't any major bugs here.
     
  5. cgunhouse

    Joined:
    Dec 2, 2008
    Messages:
    209
    Likes Received:
    2
    I tried the following

    Typed at the command line:

    eventmonitor AC0103XX8020111.activedirectory.Corp.prov.ca Application /S"console" FOREVER D:\tc\ProcessEvent.btm

    eventmonitor gives:
    Application /S"console" (0/FOREVER) D:\tc\ProcessEvent.btm

    Typed at the command line:
    eventlog /Sconsole /i Test message from the console

    Result to TCC based on the contents of ProcessEvent.btm given in previous message:

    Computer: AC0103XX8020111
    Description:
    Log: Application
    Source: console
    Type: 4
    Count: 1

    Typed at command line a second time:
    eventlog /Sconsole /i Test message from the console

    Result to TCC:

    Nothing!

    Third, fourth and fifth times nothing as well.


    AC0103XX8020111 is my desktop and not another computer. It seems to be hit and miss, could it be some to do with the network or active directory?

    But one thing that is consistent is that _eventdesc is not being displayed.

    I also assumed that if /S, /D and /T were left of the command line it meant use all sources, all descriptions and all types.

    Actually after further testing only the first EVENTLOG statment seems to work.

    After yet further testing, after an hour or more I sent another eventlog event and it worked and moved the count to 2, but all the other eventlog enters never go reported on. It I sent more eventlog events after the second processed event they are ignored again.

    I tried it out on my home computer, and everything seems to work, so maybe it is something to do with Active Directory or something to do with a more secure network with all it's security policies. However, _eventdesc still is empty.

    Craig
     

Share This Page