I am using hm 9.02 and and an active rma 4.41 both on w2k8r2 .
When using the vista+ api you can filter by the additional "critical" label. When using NT mode you cannot.
So if you are using NT mode on 2k8 (that only has error warning info) will you be alerted to critical as well when you select error? I would rather use vista mode but...
When I use vista mode and set the channel to system, I get weird behavior. Ok then bad then ok then bad over and over. The same log every time and will not stop. When I check the target system for the event there was no such log event or it was a past event. Rechecked rma target settings also to be sure it was the right rma. Works fine in NT mode. Stumped.
Using
set ok when no new bad
report about last bad/good
Regards
question about 2008 event logs and vista+ api
HostMonitor allows you to setup different "event level" / "event type" filters depending on selected API mode.When using the vista+ api you can filter by the additional "critical" label. When using NT mode you cannot.
So if you are using NT mode on 2k8 (that only has error warning info) will you be alerted to critical as well when you select error? I would rather use vista mode but...
E.g. for Windows NT you may select Error, Warning, Success audit event types; for Windows Vista you may select Audit, Critical, Error event levels...
Does this happen when you switch API mode for already existing test?Ok then bad then ok then bad over and over
When you create new test?
In both cases?
Regards
Alex
So I guess this means no. In order to filter only critical you have to use vista api?HostMonitor allows you to setup different "event level" / "event type" filters depending on selected API mode.
E.g. for Windows NT you may select Error, Warning, Success audit event types; for Windows Vista you may select Audit, Critical, Error event levels...
Both cases. I was trying to find a pattern on the target system as to why the test is choosing a particular event to be displayed as bad but I cannot. The event displayed does not exist in any of the log views as the most recent. All log filters were cleared in the event viewer so its not like it is being hidden somewhere from view.Does this happen when you switch API mode for already existing test?
When you create new test?
In both cases?
Currently the only view that has the specific event as the most recent is the "summary page event" view. But that makes no sense so I am not convinced this is the source.
Regards
YesIn order to filter only critical you have to use vista api?
We cannot reproduce the problemBoth cases. I was trying to find a pattern on the target system as to why the test is choosing a particular event to be displayed as bad but I cannot. The event displayed does not exist in any of the log views as the most recent.
Will check the code.Actually we know new Windows Event Log API has some bugs... may be it has more bugs than we though
Regards
Alex
Just wonderful.may be it has more bugs than we though
As an experiment I used the same test and changed the agent for seven different 2k8r2 servers. I know for certain that all seven servers have the same os and patch level (because I use hm to check this)
.I got three without and four with the issue. So now I am left to figure out what is different between these servers.
I have checked so far uac and agent configurations. All are active rma.
I am going to keep looking. Do you have any suggestions I may be unaware of that can have an affect on hm checking the event log?
Regards
Unfortunately there is no magic tool but we can start from this and get some information from agent. Please send connection parameters and test settings by e-mail (support@ks-soft.net)Would it help if I gave you access to the passive rma? Maybe you have magic tools for looking at the communication or something?
Regards
Alex