Windows additional log problems

Post a different question
3
responses

Hi,

I'd like to collect windows additional logs to check error of synchronisation on users computer.
So, I activated  "Synclog" with this command : "wevtutil.exe sl Microsoft-Windows-OfflineFiles/SyncLog /e:true /l:3"
I added this query in my nxlog configuration file : <Select Path="Microsoft-Windows-OfflineFiles/SyncLog">*</Select>
NXLog failed to start with this error :
    ERROR failed to subscribe to msvistalog events,the Query is invalid:  [error code: 50]
However my query seems valid, I've build it from XML query in custom view builder on the windows event manager.
If I delete this line in my configuration file I've no problem so my problem is here.
Have you an idea please ?

Thank you

AskedSeptember 15, 2016 - 9:11am

Answer (1)

Error code 50 is ERROR_NOT_SUPPORTED.

The Windows EventLog API does not support Analytic and Debug channels to be monitored. If Microsoft-Windows-OfflineFiles/SyncLog is such that should be the reason.

AnsweredSeptember 15, 2016 - 10:16am

Comments (2)

  • b0ti's picture
    (NXLog)

    Analytic and Debug channels are in a different format emitted by ETW (Event Tracing for Windows). While Event Viewer is able to capture these events you cannot forward them for the same reason.

    We have a new input module in the works for the NXLog Enterprise Edition (currently being beta tested) that is able to collect ETW data.

    September 15, 2016 - 3:55pm