The problem is (I think) the catergory and user. I would suggest to leave them blank. The N/A and None words that you see within the eventlog are just placeholders that the eventlog shows (instead of showing nothing).
Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 14, 2004 12:55 AM To: [EMAIL PROTECTED] Subject: [SA-list] Event Log COM Check help needed I'm having trouble getting the Event Log COM check to work and am hoping someone may have some ideas on where I'm going wrong. I'm using v1.0 Build 7 of the COM check and SA Ent Ed. 4.1.1607 running as a console app. and my test box is running Win2K SP4. I am logged on using an account that has Admin rights. For the purpose of the test I'm simply checking for the existence of the event log entry generated by the Win2K Telnet server starting on the same server that SA is running on. In the COM check I've defined the parameters as follows: Give a down when 'at least one' new event log entry matches the below query: Logfile: Application Source: Tlntsvr Category: None Event ID: 1000 User: N/A (have also tried leaving this blank) Type: Information Return: All matching entries (have also tried 'first matching entry') Use Authentication: not checked (have also tried defining a userid/password but this generated an error 'User credentials cannot be used for local connections') Description should contain: <left blank> Here is the SA log with my comment to indicate steps I took: Friday, 14 May 2004 8:20:43 AM Servers Alive version 4.1.1607.3 Friday, 14 May 2004 8:20:43 AM Running on Microsoft Windows 2000 Server (2195) Service Pack 4 Friday, 14 May 2004 8:20:43 AM Oracle Core40.dll/core35.dll/oracore8.dll/oracore9.dll library not available Friday, 14 May 2004 8:20:44 AM SQL 7.0/2000 libs available Friday, 14 May 2004 8:20:44 AM SQL libs found, by default using v7 Friday, 14 May 2004 8:20:44 AM Netware library's not available Friday, 14 May 2004 8:20:44 AM DUN installed and available for SA > Manually trigger host check Friday, 14 May 2004 8:21:35 AM External COM check started (W00000012,0) Friday, 14 May 2004 8:21:40 AM External COM check (W00000012,0):Initial check: setting values > Manually trigger host check Friday, 14 May 2004 8:23:56 AM External COM check started (W00000012,0) Friday, 14 May 2004 8:23:58 AM External COM check (W00000012,0): 0 matching entries > Stopped and restarted the Telnet service generating an Event ID 1000 in the Application Event Log > Manually trigger host check Friday, 14 May 2004 8:25:41 AM External COM check started (W00000012,0) Friday, 14 May 2004 8:25:42 AM External COM check (W00000012,0): 0 matching entries A point of interest is that everytime the COM check runs I get the following entry in the Security Event Log twice (some bits removed in brackets for security purposes): Event Type: Failure Audit Event Source: Security Event Category: Privilege Use Event ID: 578 Date: 14/05/2004 Time: 8:25:41 AM User: <my userid> Computer: NTTAT2VMW1 Description: Privileged object operation: Object Server: Eventlog Object Handle: 0 Process ID: 232 Primary User Name: NTTAT2VMW1$ Primary Domain: <domain> Primary Logon ID: (0x0,0x3E7) Client User Name: <userid> Client Domain: <domain> Client Logon ID: (0x0,0x13504) Privileges: SeSecurityPrivilege I then changed the check to point to my WinXP SP1 PC so I could try defining authentication details in case this was the cause of the COM check problem but I got exactly the same results without the Failure Audit in the Security Event Log. Anyone got any suggestions on either what I might be doing wrong or what I might try next? Cheers, Anthony The information contained in this email message and any attachment is for intended recipients only. It may contain confidential, privileged or copyright material. If you receive this email in error please delete it and any attachments and notify the sender immediately by reply email. Any use, reading, copying, distributing or disclosure of the information in this email is strictly prohibited if you are not the intended recipient. Any views expressed in this email are not necessarily those of TNT. TNT does not warrant that this email is free from viruses or other defects. TNT is not liable for loss, damage or other consequences that may arise from opening or using this email or any attachments. "TNT" means TNT Australia Pty Limited, its related companies and subsidiaries and includes McPhee Transport Pty Ltd, Riteway Transport Pty Limited, TNT Materials Handling Pty Ltd and TNT Logistics (Australia) Pty Limited.NfAw~?z % N ry b??j)fz?h+- 'z{?m? Z0x"^n?razg?{.n+?X --- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
