NetXMS Support Forum

Hi,

it looks perfectly fine. I re-run tests on my system, and agent picks up everything as expected. Let's try to upgrade this system to 2.0-M4 (just to make sure I'm checking latest codebase) , and if it will not help I'll create special build with additional debug.

Best regards,
Victor

Ok, I will try V2.0-M4 first. When will it be available?

It's just made available for download.

Best regards,
Victor

I have updated to V2.0-M4, but I see the same issue as before.

I tested like this:

parser xml:
<parser name="SystemLog">
  <file>*System</file>
  <rules>
    <rule>
      <match>(.*)</match>
      <level>1</level>
      <event params="1">100845</event>
    </rule>
  </rules>
</parser>

I turned off hardly a Win7-x64 virtual machine and started again. But I don't get an event '100845' in NetXMS for the windows error 6008 (last shutdown was unexpected) in the system eventlog.

Other windows events while the node is normal working are parsed ok and generate NetXMS events.

Can you please set debug level to at least 2, reset system again, and check agent's log for message like

LogWatch: reading old events between ... and ...

and possibly also like this:

LogWatch: EvtQuery failed (...)

and post those lines and timestamp of "unexpected shutdown" event.

Best regards,
Victor

Hi Victor

Here the agent log with debuglevel=2. There was no "LogWatch: EvtQuery failed (...)".
There were these events for example before the NetXMS agent started:
Event-ID 41, Source=Kernel-Power, severity=critical, 04.05.2015 18:19:34
Event-ID 6008, Source=EventLog, severity=error, 04.05.2015 18:19:36

thanks
Dani

Hi Victor

Have you found anything about this?

thanks
Dani

Have you found anything in the debug log file?

Hello Victor,

is it possible to add the user name of the Windows event log entry to the event parameters?
I monitor a terminal server farm for application crashes which works really nice, but I like to know in the event which user session is affected.

Greetings
Ben

Are there any news about the offline processing feature? In V2.0-RC2 it's still not working for us.

It works on all my (very limited) set of Windows systems (test it on Win XP, Win 7, and Win 10). Do you have it working on at least one system?

Best regards,
Victor

Hi Victor

Very strange. I have tested with a Win7, a Win8.1 and a Win2012R2 node. All with the same negative result.
How did you tested?

My test was like this:

Logwatch section of the agent config:
[logwatch]
ProcessOfflineEvents = yes
Parser = ${ProgramFiles}\NetXMS\var\eventlog-system-parser.xml
Parser = ${ProgramFiles}\NetXMS\var\eventlog-application-parser.xml

Parser (file: eventlog-system-parser.xml):
<parser name="SystemLog">
  <file>*System</file>
  <rules>
    <rule>
      <match>(.*)</match>
      <level>1</level>
      <event params="1">100845</event>
    </rule>
  </rules>
</parser>

Than I hard-switched of the node. After that I checked the NetXMS events of this node. But I can't find any event for the expected Windows Event (Eventlog: System, Event-ID: 6008, Source: Eventlog, Text: Last shutdown was unexpected).
While normal operation I get a NetXMS event for every error in Windows Eventlog. I only have problems with offline events.

thanks
Dani