Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
anoopambli Contributor.
Contributor.
568 views

Eventlog monitors error - Could not retrieve eventlog information

We are using SiteScope 10.14 v on windows 2003 server. There are win2K3 and windows 2008 servers which we are monitoring for different types of monitors which includes service, script, drive,resource and eventlog.

 

Many of the windows eventlog monitors are failing intermittently giving 'Could not retrieve event log information' error message. If i try to re run the monitor manually it works and goes into good condition.

 

Anyone seen this issue before?

Labels (1)
0 Likes
3 Replies
Alcides
New Member.

Re: Eventlog monitors error - Could not retrieve eventlog information

Hi Anoopambli,

 

I am a SiteScope senior engineer, we have seen this error  before, it is caused due different reasons. We will need to check your logs and review your environment to get you a proper solution. I strongly recommend you to open a support case on this matter, so one engineer can help you with this.

 

Regards,

0 Likes
Absent Member.. DavidMolina_1 Absent Member..
Absent Member..

Re: Eventlog monitors error - Could not retrieve eventlog information

Hi Annopambli,

 

do you have several NT monitors for the same host running at the same time? If so, this could be the problem, Windows cannot handle multiple connections some times and cause these kind of issues, also you should check how many monitors are running at the same freq. Maybe playing with that you can avoid the issue, for example if you have 10 NT viewer monitors, all of then running at the same freq, 5 minutes, you can change it for 5 monitors to run each 12 minutes, in that way you will reduce the amont of NT viewer monitors running at the same time.

 

David Molina
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
0 Likes
Established Member.. kenneth.gonzale
Established Member..

Re: Eventlog monitors error - Could not retrieve eventlog information

Hi Anoopambli,

 

As my coworker David says having many EventLog monitors against same host may cause performance issues. The following is best practices taken from our internal KB:

 

Topic

Sometimes there are SiteScope configurations with a lot of Windows Event Log monitors created with sporadic issues getting the data. For this type of environments, to merge the monitors is a good practice that can be implemented.

This will help to decrease the amount of data transferred from the target to the SiteScope host and it also will decrease the required license points.

 

 

Response

A lot of monitors configured in a similar way can be very inefficient:

 

Monitor 1

Server: xxx

Log name: Security

Source and ID match: Security:635

 

Monitor 2

Server: xxx

Log name: Security

Source and ID match: Security:636

 

Monitor 3

Server: xxx

Log name: Security

Source and ID match: Security:641

 

You can merge these monitors into one using a regular expression:

 

Monitor Converged

Server: xxx

Log name: Security

Source and ID match: /Security:(635|636|641)/

… 

Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.