Could not retrieve event log information - Windows

Hello,

I am running Sitescope 11.24 and am currently trying to setup a Windows Event Log Monitor that will alert me when someone performs a logon.

When I set up the monitor and run it it fails and says "Could not retrieve event log information".

When looking at the logs of the Sitescope Server I see the below

12:18:41,265 [SERVER(1611325506/1) ] (NTEventLogMonitorWMICommander.java:175) ERROR - NTEventLog Monitor WMI error for machine \\SERVER, monitor id: 1, WMI error:  timeout

12:18:41,265 [SERVER(1611325506/1) ] (NTEventLogMonitor.java:873) ERROR - SERVER: error reading NT Event Log, exit status = 999

WMI is most certainly working as other monitors that require WMI access are working as expected and the timeout is set to 120 so am not sure where to go with this.

Any ideas ?

Parents Reply Children
  • Please see attached screenshot of one of our monitors

     

    We use EventSource in this one but should work same for ID

     

    We had to put our in regex format within /, so you might want to try it out

    Please give the monitor some time to run initially( -30 minutes depending how many of these events come in)

     

    Also in the threshold you set the match count = 4634, this is incorrect

    Match Count means the amount of times it finds the value you put in the Source and ID match,

    So if you would like an error you should set it accordingly e.g Match Count > 10

     

    Let me know if you don't come right

  • Please see attached screenshot of one of our monitors

     

    We use EventSource in this one but should work same for ID

     

    We had to put our in regex format within /, so you might want to try it out

    Please give the monitor some time to run initially( -30 minutes depending how many of these events come in)

     

    Also in the threshold you set the match count = 4634, this is incorrect

    Match Count means the amount of times it finds the value you put in the Source and ID match,

    So if you would like an error you should set it accordingly e.g Match Count > 10

     

    Let me know if you don't come right