NetXMS Support Forum

Hi,

i have problems when using the log parser.
I try to catch Error 251 from the windows Application Log and forward to NetXMS.

When i just change the EventID to 404 or 406 it is working and i see an entry in the Monitor from Server.
I cant figure out why it is not working with "Error" "EventID 251".
I never see a entry in the Debuglog from client with EventID 251.
I tried with Filter of Source "LSA_MONITOR" or without, doesnt change anything.
Logwatch is enabled in Client Agent.

Thank you!

Sorry i forgot: client and Server are 6.1.1

Hi,

What are these events from, some RAID software?
Pls double-click on the event in Windows Event viewer and show XML View from Details tab.

Hi,

yes it is from the LSA Software from Broadcom which is writing to eventlog.
Here is the XML from EventID 251 and 404/406.

Thank you!

In the original log parser policy editor screenshot you have Level set to 1, but in XMLs you have values 2 and 3.

Hi, thank you for your answer - sorry i was on holidays.

Now i tested it again:

406 is creating a warning - this is working
251 should trigger a Critical warning - i have triggers for: 251 without level, 251 with Level 1 and 2 and 3

But nothing with 251 is working. 406 is triggering fine everytime.

I don't see anything wrong in the configuration (the only thing to check if RAIDCONTROLLER_LSA_CRITICAL had "write to log" checkbox).

You can try right-clicking on the template and performing "Force deployment of agent policies".

Next step is to check that policy file is really present on this machine - they should be in C:\Windows\System32\ config\systemprofile\AppData\Local\nxagentd\logparser_ap (that's home folder of System user).

And next is to enable debug in agent config:
DebugTags = logwatch.*:7
agent log should have detailed information about logparser operations