Windows additional log problems

3
responses

MatthGyver

Hi,

I'd like to collect windows additional logs to check error of synchronisation on users computer.
So, I activated "Synclog" with this command : "wevtutil.exe sl Microsoft-Windows-OfflineFiles/SyncLog /e:true /l:3"
I added this query in my nxlog configuration file : <Select Path="Microsoft-Windows-OfflineFiles/SyncLog">*</Select>
NXLog failed to start with this error :
ERROR failed to subscribe to msvistalog events,the Query is invalid: [error code: 50]
However my query seems valid, I've build it from XML query in custom view builder on the windows event manager.
If I delete this line in my configuration file I've no problem so my problem is here.
Have you an idea please ?

Thank you

AskedSeptember 15, 2016 - 9:11am

Answer (1)

b0ti

Error code 50 is ERROR_NOT_SUPPORTED.

The Windows EventLog API does not support Analytic and Debug channels to be monitored. If Microsoft-Windows-OfflineFiles/SyncLog is such that should be the reason.

AnsweredSeptember 15, 2016 - 10:16am

Leave a comment

Comments (2)

MatthGyver
Leave a comment
Thank you, I think it's Analytic log (in event viewer, the icon are the same)

Is there a solution to redirect windows event to another chanel ?

September 15, 2016 - 2:40pm

b0ti (NXLog)
Leave a comment
Analytic and Debug channels are in a different format emitted by ETW (Event Tracing for Windows). While Event Viewer is able to capture these events you cannot forward them for the same reason.

We have a new input module in the works for the NXLog Enterprise Edition (currently being beta tested) that is able to collect ETW data.

September 15, 2016 - 3:55pm

You are here

Windows additional log problems

Answer (1)

Comments (2)