GFI
English Deutsch Français Italiano Espanol
Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

W3C Events don't appear to work in EventsManager 8.1.0 20080318

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Network Security] >> GFI EventsManager >> W3C Events don't appear to work in EventsManager 8.1.0 20080318 Page: [1]
Login
Message << Older Topic   Newer Topic >>
W3C Events don't appear to work in EventsManager 8.1.0 ... - 2.May2008 5:07:42 PM   
ScottH

 

Posts: 5
Score: 0
Joined: 2.May2008
Status: offline 		I set up a web server in the "Web Servers" default group, and set it to apply the default HTTP protocol rules (since they would log most get activities that I found in the W3C logs).  Although the Active Jobs showed it retrieve the events, and the Operational History verified that it had hundreds of events, no W3C events appear in the Global Event Count or in the W3C Events Browser. 

I then tried setting it to archive all events (instead of processing rules)... same story.  It can successfully get the events from the server, but doesn't do anything after that.  The documentation is underwhelming to say the least, so this has been quite irritating.

Here is an exerpt from the W3CelffCollectorPlugin.dll.csv default log (computer name has been removed for security):

8-5-2,20:22:24,139,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Processing data ...
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Processing start scan protocol ...
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Check for existing scanner ...
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Scanner found, reusing ...
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Scanning computer, job id is: B354F9BE ...
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Starting scan ...
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Attempting to create lp instance ...
8-5-2,20:22:24,248,e,de0,W3CelffCollectorPlugin.dll,CreateLogicProcessor,Unexpected exception: Unable to cast object of type 'System.UInt64' to type 'LogicProcessorDP.CreateLogicProcessorResults'.
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,CreateLogicProcessor,New logic processor id is: 00000000-0000-0000-0000-000000000000
8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Lp instance created...
8-5-2,20:22:24,295,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin processing folders
8-5-2,20:22:24,295,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Processing folder: C:\WINDOWS\system32\LogFiles\W3SVC1\*.*
8-5-2,20:22:24,373,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin processing files
8-5-2,20:22:27,983,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Processing file: \\**********\C$\WINDOWS\system32\LogFiles\W3SVC1\ex080501.log
8-5-2,20:22:27,998,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin file succeded !
8-5-2,20:22:28,14,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Skipping unchange file: \\**********\C$\WINDOWS\system32\LogFiles\W3SVC1\ex080501.log
8-5-2,20:22:28,30,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Processing file: \\**********\C$\WINDOWS\system32\LogFiles\W3SVC1\ex080502.log
8-5-2,20:22:28,45,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin file succeded !
8-5-2,20:22:28,139,i,de0,W3CelffCollectorPlugin.dll,FetchEntries,Attempting to process events, processor id is: 00000000-0000-0000-0000-000000000000
8-5-2,20:22:28,139,i,de0,W3CelffCollectorPlugin.dll,FetchEntries,Events processed ...
8-5-2,20:22:28,201,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Shuting down collector ...
8-5-2,20:22:28,201,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Ending scan ...
8-5-2,20:22:28,201,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Finished processing start scan ...
Post #: 1
RE: W3C Events don't appear to work in EventsManager 8.... - 6.May2008 10:41:30 AM   
LeoSanchez

 

Posts: 13
Score: 0
Joined: 28.Apr.2008
Status: offline 		Hello ScottH

Are you also collecting windows event logs? If so, are these being collected and archived?

_____________________________

Regards,

Leo - Technical Support Team Lead
GFI Software - www.gfi.com

(in reply to ScottH)
Post #: 2
RE: W3C Events don't appear to work in EventsManager 8.... - 6.May2008 1:24:03 PM   
ScottH

 

Posts: 5
Score: 0
Joined: 2.May2008
Status: offline 		Yes, it is collecting, processing, and archiving Windows Event Logs from the same server just fine.

(in reply to LeoSanchez)
Post #: 3
RE: W3C Events don't appear to work in EventsManager 8.... - 8.May2008 2:48:08 PM   
DrewE

 

Posts: 22
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline 		There is a patch for GFI EventsManager that was designed to correct syslog messages not being collected properly.  It corrected a small licensing issue that existed with the software.  Some users have found that installing the patch also corrects issues with GFI EventsManager not collecting W3C logs.  The patch, and its installation instructions, can be downloaded here:

ftp://ftp.gfi.com/patches/ESM8/ESM8_PATCH_20080411_01.zip

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to ScottH)
Post #: 4
Page:   [1]
All Forums >> [Network Security] >> GFI EventsManager >> W3C Events don't appear to work in EventsManager 8.1.0 20080318 Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software