-
Windows module_logevent – ReadEventLog error 997
I have the following module in my Window agent (v3 RC1) conf file:
# Log events
module_begin
module_name Logevents
module_type generic_data_string
module_logevent
module_source Application
module_description Log Events
module_endThis works on a Windows 2003 x86 installation.
However on a Windows 2003 x64 installation I get the following error in the pandora_agent.log file:
ReadEventLog error 997
Any ideas?
-
11 Replies
-
Hi Dez,
Do you get that error everytime the module runs?
I haven’t found much about ReadEventLog and error 997, but the logevent module does use the EVENTLOG_SEEK_READ flag, it could have something to do with this:
http://www.codeproject.com/KB/system/sysevent.aspx?msg=488187#xx488187xx
I have the following module in my Window agent (v3 RC1) conf file:
# Log events
module_begin
module_name Logevents
module_type generic_data_string
module_logevent
module_source Application
module_description Log Events
module_endThis works on a Windows 2003 x86 installation.
However on a Windows 2003 x64 installation I get the following error in the pandora_agent.log file:
ReadEventLog error 997
Any ideas?
-
try with this vbs
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” _
& “{impersonationLevel=impersonate, (Security)}!\” & _
strComputer & “rootcimv2”)
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
(“Select * from __instancecreationevent where ” _
& “TargetInstance isa ‘Win32_NTLogEvent’ “)
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
strAlertToSend = objLatestEvent.TargetInstance.User _
& ” attempted to access DatabaseServer.”
Wscript.Echo “—”‘Wscript.Echo strAlertToSend
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Category: ” & objLatestEvent.TargetInstance.Category
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Computer Name: ” & objLatestEvent.TargetInstance.ComputerName
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Event Code: ” & objLatestEvent.TargetInstance.EventCode
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Message: ” & objLatestEvent.TargetInstance.Message
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Record Number: ” & objLatestEvent.TargetInstance.RecordNumber
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Source Name: ” & objLatestEvent.TargetInstance.SourceName
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Time Written: ” & objLatestEvent.TargetInstance.TimeWritten
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “Event Type: ” & objLatestEvent.TargetInstance.Type
Wscript.Echo objLatestEvent.TargetInstance.LogFile & ” :: ” & “User: ” & objLatestEvent.TargetInstance.User
Wscript.Echo “-:-”
Loopcreate something like this:
—
System :: Category: 0
System :: Computer Name: 99901-EIF-1204
System :: Event Code: 7036
System :: Message: El servicio Pandora FMS agent entró en estado Activo.System :: Record Number: 118
System :: Source Name: Service Control Manager
System :: Time Written: 20091216131347.000000+060
System :: Event Type: Información
System :: User:
-:-so now, you can parse with System, Application or security to get all new evetns from that.
-
I’ve just added a new entry in our FAQ about this problem:
-
-
Damm this problem is quite annoying 🙁
This happen you on all your windows servers or only in specific version of windows ?
What version / SP have you in that server ?
Could you use the logevent module in other app/source (for example security) to check if happen only in application source, for example ?
-
-
-
I have the same problem.
Fresh install of FMS 3.0 Final on Ubuntu 9.10 Server.
Agent without any configuration in the client side.
The tentacle server is running.I make the test in a XP pro sp3 32bits in the domain and ina W2K3 SP2 server 32bits.
I get this error in the log when start o restart the agent service:
2010-03-17 11:58:30 Pandora agent stopped 2010-03-17 11:58:32 Pandora agent started 2010-03-17 11:58:33 ReadEventLog error 997 2010-03-17 11:58:33 ReadEventLog error 997
-
I have the same problem.
Fresh install of FMS 3.0 Final on Ubuntu 9.10 Server.
Agent without any configuration in the client side.
The tentacle server is running.I make the test in a XP pro sp3 32bits in the domain and ina W2K3 SP2 server 32bits.
I get this error in the log when start o restart the agent service:
2010-03-17 11:58:30 Pandora agent stopped 2010-03-17 11:58:32 Pandora agent started 2010-03-17 11:58:33 ReadEventLog error 997 2010-03-17 11:58:33 ReadEventLog error 997
An update:
in my case the WMI Server is set to 0, when i put to 1 and restart server works OK.
But the error continues appearing:
2010-03-17 11:58:30 Pandora agent stopped 2010-03-17 11:58:32 Pandora agent started 2010-03-17 11:58:33 ReadEventLog error 997 2010-03-17 11:58:33 ReadEventLog error 997 2010-03-17 12:14:28 Pandora agent stopped 2010-03-17 12:14:28 Pandora agent started 2010-03-17 12:14:29 ReadEventLog error 997 2010-03-17 12:14:29 ReadEventLog error 997
-
Hi,
You can see the event viewer using the WMI module as follows
module_begin module_name Event Viewer Errors module_type generic_data_string module_wmiquery select Message from Win32_NTLogEvent WHERE type="error" module_wmicolumn Message module_description Event Viewer module_end
I hope to be able to help them
Bye
-
Have you tried the latest Windows Agent 3.1RC1 published in sourceforge ?
An update:
in my case the WMI Server is set to 0, when i put to 1 and restart server works OK.
But the error continues appearing:
2010-03-17 11:58:30 Pandora agent stopped 2010-03-17 11:58:32 Pandora agent started 2010-03-17 11:58:33 ReadEventLog error 997 2010-03-17 11:58:33 ReadEventLog error 997 2010-03-17 12:14:28 Pandora agent stopped 2010-03-17 12:14:28 Pandora agent started 2010-03-17 12:14:29 ReadEventLog error 997 2010-03-17 12:14:29 ReadEventLog error 997
