NetXMS Support Forum

I try to monitor some events in the Microsoft-Windows-TaskScheduler%4Operational.evtx log
to get notified when scheduled tasks failed.

My parser config is:



I try to monitor some events in the Microsoft-Windows-TaskScheduler%4Operational.evtx log
to get notified when scheduled tasks failed.

My parser config is:


[color=#cccccc][size=2][font=Consolas, Courier New, monospace][color=#808080]<[/color][color=#569cd6]parser[/color][color=#808080]>[/color]
[color=#cccccc]    [/color][color=#808080]<[/color][color=#569cd6]file[/color][color=#808080]>[/color][color=#cccccc]*Application[/color][color=#808080]</[/color][color=#569cd6]file[/color][color=#808080]>[/color]
[color=#cccccc]    [/color][color=#808080]<[/color][color=#569cd6]file[/color][color=#808080]>[/color][color=#cccccc]*System[/color][color=#808080]</[/color][color=#569cd6]file[/color][color=#808080]>[/color]
[color=#cccccc]    [/color][color=#808080]<[/color][color=#569cd6]file[/color][color=#808080]>[/color]
[color=#cccccc]        *Microsoft-Windows-TaskScheduler%4Operational[/color][color=#808080]</[/color][color=#569cd6]file[/color][color=#808080]>[/color]
[color=#cccccc]    [/color][color=#808080]<[/color][color=#569cd6]rules[/color][color=#808080]>[/color]
[color=#cccccc]        [/color][color=#808080]<[/color][color=#569cd6]rule[/color][color=#808080]>[/color]
[color=#cccccc]            [/color][color=#808080]<[/color][color=#569cd6]id[/color][color=#808080]>[/color][color=#cccccc]101-104[/color][color=#808080]</[/color][color=#569cd6]id[/color][color=#808080]>[/color]
[color=#cccccc]            [/color][color=#808080]<[/color][color=#569cd6]match[/color][color=#808080]>[/color][color=#cccccc].*[/color][color=#808080]</[/color][color=#569cd6]match[/color][color=#808080]>[/color]
[color=#cccccc]            [/color][color=#808080]<[/color][color=#569cd6]event[/color] [color=#9cdcfe]params[/color][color=#cccccc]=[/color][color=#ce9178]"1"[/color][color=#808080]>[/color][color=#cccccc]100086[/color][color=#808080]</[/color][color=#569cd6]event[/color][color=#808080]>[/color]
[color=#cccccc]        [/color][color=#808080]</[/color][color=#569cd6]rule[/color][color=#808080]>[/color]
[color=#cccccc]        [/color][color=#808080]<[/color][color=#569cd6]rule[/color][color=#808080]>[/color]
[color=#cccccc]            [/color][color=#808080]<[/color][color=#569cd6]id[/color][color=#808080]>[/color][color=#cccccc]202[/color][color=#808080]</[/color][color=#569cd6]id[/color][color=#808080]>[/color]
[color=#cccccc]            [/color][color=#808080]<[/color][color=#569cd6]match[/color][color=#808080]>[/color][color=#cccccc] .*[/color][color=#808080]</[/color][color=#569cd6]match[/color][color=#808080]>[/color]
[color=#cccccc]            [/color][color=#808080]<[/color][color=#569cd6]event[/color] [color=#9cdcfe]params[/color][color=#cccccc]=[/color][color=#ce9178]"1"[/color][color=#808080]>[/color][color=#cccccc]100086[/color][color=#808080]</[/color][color=#569cd6]event[/color][color=#808080]>[/color]
[color=#cccccc]        [/color][color=#808080]</[/color][color=#569cd6]rule[/color][color=#808080]>[/color]
[color=#cccccc]    [/color][color=#808080]</[/color][color=#569cd6]rules[/color][color=#808080]>[/color]
[color=#808080]</[/color][color=#569cd6]parser[/color][color=#808080]>[/color][/font][/size][/color]


In the Agent debug log (Level 7) I find the following entry which looks like it's the reason taht I don't get an event in NetXMS. Especially the last line where it says "The specified channel could not be found."

[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] Registered parser for file "*Application" (GUID = 00000000-0000-0000-0000-000000000000)[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] Process RSS after parser creation is 20897792 bytes[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] Registered parser for file "*System" (GUID = 00000000-0000-0000-0000-000000000000)[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] Process RSS after parser creation is 20897792 bytes[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] Registered parser for file "*Microsoft-Windows-TaskScheduler%4Operational" (GUID = 00000000-0000-0000-0000-000000000000)[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] Process RSS after parser creation is 20897792 bytes[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] AddLogwatchPolicyFiles(): Log parser policy directory: C:\WINDOWS\system32\config\systemprofile\AppData\Local\nxagentd\logparser_ap\[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:44.860 *D* [logwatch          ] Start watching event log "Application"[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:45.080 *D* [logwatch          ] Start watching event log "System"[/font][/size][/color]
[color=#808080][size=2][font=Consolas, Courier New, monospace]2025.08.29 10:36:45.287 *D* [logwatch          ] Unable to open event log "Microsoft-Windows-TaskScheduler%4Operational" with EvtSubscribe(): The specified channel could not be found.[/font][/size][/color]



Any idea what the reason could be?

Log should be specified as:

*Microsoft-Windows-TaskScheduler/Operational

(if you open Properties for that log in Windows Event Viewer, the correct name is in the Full Name field)

That worked. Thank You!