Hi,
i have configured netxms agent for monitoring the Window Event Log and it works well; i have only one problems:
when i check the event log, i see not the entiry log message present in the Window Event Log, but only a part. For Example:
Window Event Log:
Privilegi speciali assegnati a nuovo accesso.
Soggetto:
ID sicurezza: **************
Nome account: **************
Dominio account: **************
ID accesso: 0x26a1ca8ff
Privilegi: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
While in Netxms i got this Message:
22.07.2013 18:17:55 3SUN-FAB-PC027 Window_Log_id_4672 Normal ID 4672: Privilegi speciali assegnati a nuovo accesso.
Soggetto:
ID sicurezza: S-1-5-21-3970589341-2958000165-2541400463-500
Nome account: Administrator
Dominio account: **************
ID accesso: 0x28c2b43cc
Privilegi: SeSecurityPrivilege
SeT
The Parser file is configured for save the entire message log ( I insert the line <match>(.*)</match>); In the Event Configuration, i set as Message "ID Number: %1".
if the log's message is short, there is no problem and all the lines of the messages are saved, but if the message is big, i get only a part.
In this way, in some case i can lose very important info!!!
Is there a way to increase the dimension of the log's message stored by Netxms?
Thank you!
Hi!
Currently there is a limit of 255 characters on event's message size. I'll see how to extend it. I've added this to issue tracker: https://www.radensolutions.com/chiliproject/issues/303 (https://www.radensolutions.com/chiliproject/issues/303).
Best regards,
Victor
Ok!
It's a limit of the entire message or a limit of the characters transported by a parameter?
I mean...if I use two parameters instead one, i get 255*2 characters?
In this case, i write a regular expression that put first 255 characters in the first parameter, the second 255 characters in the second parameter and so on.
Thank you for the reply :)
Hi!
It's limit for entire message. Actually, there are no limits on event's parameter length, so text is cut only when you form a message. You still can use %1 in email body for example and get full text.
Best regards,
Victor
Hi!
Just got to issue 303. It turns out that limit for events and alarms messages was already raised to 2000. I do tests with similar security log events. Text is there, but looks like list control has some limitations as well - text is truncated when you look at events or alarms in tabular form. However, if you open alarm detail or copy appropriate record to clipboard and paste into text editor you'll see full message text.
Best regards,
Victor
Hi!
Okay, thank you!