Windows additional log problems | Log collection solutions

#1 MatthGyver 7 years ago

Hi,

I'd like to collect windows additional logs to check error of synchronisation on users computer.
So, I activated "Synclog" with this command : "wevtutil.exe sl Microsoft-Windows-OfflineFiles/SyncLog /e:true /l:3"
I added this query in my nxlog configuration file : <Select Path="Microsoft-Windows-OfflineFiles/SyncLog">*</Select>
NXLog failed to start with this error :
ERROR failed to subscribe to msvistalog events,the Query is invalid: [error code: 50]
However my query seems valid, I've build it from XML query in custom view builder on the windows event manager.
If I delete this line in my configuration file I've no problem so my problem is here.
Have you an idea please ?

Thank you

Permalink

#2 b0ti Nxlog ✓ 7 years ago

#1 MatthGyver

Hi, I'd like to collect windows additional logs to check error of synchronisation on users computer. So, I activated "Synclog" with this command : "wevtutil.exe sl Microsoft-Windows-OfflineFiles/SyncLog /e:true /l:3" I added this query in my nxlog configuration file : <Select Path="Microsoft-Windows-OfflineFiles/SyncLog">*</Select> NXLog failed to start with this error : ERROR failed to subscribe to msvistalog events,the Query is invalid: [error code: 50] However my query seems valid, I've build it from XML query in custom view builder on the windows event manager. If I delete this line in my configuration file I've no problem so my problem is here. Have you an idea please ? Thank you

Error code 50 is ERROR_NOT_SUPPORTED.

The Windows EventLog API does not support Analytic and Debug channels to be monitored. If Microsoft-Windows-OfflineFiles/SyncLog is such that should be the reason.