NetXMS Support Forum

Hi,

i have configured netxms agent for monitoring the Window Event Log and it works well; i have only one problems:

when i check the event log, i see not the entiry log message present in the Window Event Log, but only a part. For Example:

Window Event Log:
Privilegi speciali assegnati a nuovo accesso.

Soggetto:
   ID sicurezza:      **************
   Nome account:      **************
   Dominio account:   **************
   ID accesso:      0x26a1ca8ff

Privilegi:      SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege


While in Netxms i got this Message:

22.07.2013 18:17:55   3SUN-FAB-PC027   Window_Log_id_4672   Normal   ID 4672: Privilegi speciali assegnati a nuovo accesso.
Soggetto:
   ID sicurezza:      S-1-5-21-3970589341-2958000165-2541400463-500
   Nome account:      Administrator
   Dominio account:   **************
   ID accesso:      0x28c2b43cc

Privilegi:      SeSecurityPrivilege
         SeT

The Parser file is configured for save the entire message log ( I insert the line <match>(.*)</match>); In the Event Configuration, i set as Message "ID Number: %1".

if the log's message is short, there is no problem and all the lines of the messages are saved, but if the message is big, i get only a part.

In this way, in some case i can lose very important info!!!
Is there a way to increase the dimension of the log's message stored by Netxms?

Thank you!

Hi!

Currently there is a limit of 255 characters on event's message size. I'll see how to extend it. I've added this to issue tracker: https://www.radensolutions.com/chiliproject/issues/303.

Best regards,
Victor

Ok!
It's a limit of the entire message or a limit of the characters transported by a parameter?
I mean...if I use two parameters instead one, i get 255*2 characters?
In this case, i write a regular expression that put first 255 characters in the first parameter, the second 255 characters in the second parameter and so on.

Thank you for the reply

Hi!

It's limit for entire message. Actually, there are no limits on event's parameter length, so text is cut only when you form a message. You still can use %1 in email body for example and get full text.

Best regards,
Victor

Hi!

Just got to issue 303. It turns out that limit for events and alarms messages was already raised to 2000. I do tests with similar security log events. Text is there, but looks like list control has some limitations as well - text is truncated when you look at events or alarms in tabular form. However, if you open alarm detail or copy appropriate record to clipboard and paste into text editor you'll see full message text.

Best regards,
Victor

Hi!
Okay, thank you!