W3C Events don't appear to work in EventsManager 8.1.0 20080318

W3C Events don't appear to work in EventsManager 8.1.0 20080318 (Full Version)

All Forums >> [Network Security] >> GFI EventsManager

Message

ScottH -> W3C Events don't appear to work in EventsManager 8.1.0 20080318 (2.May2008 5:07:42 PM)
I set up a web server in the "Web Servers" default group, and set it to apply the default HTTP protocol rules (since they would log most get activities that I found in the W3C logs). Although the Active Jobs showed it retrieve the events, and the Operational History verified that it had hundreds of events, no W3C events appear in the Global Event Count or in the W3C Events Browser. I then tried setting it to archive all events (instead of processing rules)... same story. It can successfully get the events from the server, but doesn't do anything after that. The documentation is underwhelming to say the least, so this has been quite irritating. Here is an exerpt from the W3CelffCollectorPlugin.dll.csv default log (computer name has been removed for security): 8-5-2,20:22:24,139,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Processing data ... 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Processing start scan protocol ... 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Check for existing scanner ... 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Scanner found, reusing ... 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Scanning computer, job id is: B354F9BE ... 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Starting scan ... 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Attempting to create lp instance ... 8-5-2,20:22:24,248,e,de0,W3CelffCollectorPlugin.dll,CreateLogicProcessor,Unexpected exception: Unable to cast object of type 'System.UInt64' to type 'LogicProcessorDP.CreateLogicProcessorResults'. 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,CreateLogicProcessor,New logic processor id is: 00000000-0000-0000-0000-000000000000 8-5-2,20:22:24,248,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Lp instance created... 8-5-2,20:22:24,295,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin processing folders 8-5-2,20:22:24,295,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Processing folder: C:\WINDOWS\system32\LogFiles\W3SVC1\. 8-5-2,20:22:24,373,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin processing files 8-5-2,20:22:27,983,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Processing file: \\********\C$\WINDOWS\system32\LogFiles\W3SVC1\ex080501.log 8-5-2,20:22:27,998,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin file succeded ! 8-5-2,20:22:28,14,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Skipping unchange file: \\******\C$\WINDOWS\system32\LogFiles\W3SVC1\ex080501.log 8-5-2,20:22:28,30,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Processing file: \\********\C$\WINDOWS\system32\LogFiles\W3SVC1\ex080502.log 8-5-2,20:22:28,45,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Begin file succeded ! 8-5-2,20:22:28,139,i,de0,W3CelffCollectorPlugin.dll,FetchEntries,Attempting to process events, processor id is: 00000000-0000-0000-0000-000000000000 8-5-2,20:22:28,139,i,de0,W3CelffCollectorPlugin.dll,FetchEntries,Events processed ... 8-5-2,20:22:28,201,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Shuting down collector ... 8-5-2,20:22:28,201,i,de0,W3CelffCollectorPlugin.dll,ScanComputer,Ending scan ... 8-5-2,20:22:28,201,i,de0,W3CelffCollectorPlugin.dll,ProcessData,Finished processing start scan ...

LeoSanchez -> RE: W3C Events don't appear to work in EventsManager 8.1.0 20080318 (6.May2008 10:41:30 AM)
Hello ScottH Are you also collecting windows event logs? If so, are these being collected and archived?

ScottH -> RE: W3C Events don't appear to work in EventsManager 8.1.0 20080318 (6.May2008 1:24:03 PM)
Yes, it is collecting, processing, and archiving Windows Event Logs from the same server just fine.

DrewE -> RE: W3C Events don't appear to work in EventsManager 8.1.0 20080318 (8.May2008 2:48:08 PM)
There is a patch for GFI EventsManager that was designed to correct syslog messages not being collected properly. It corrected a small licensing issue that existed with the software. Some users have found that installing the patch also corrects issues with GFI EventsManager not collecting W3C logs. The patch, and its installation instructions, can be downloaded here: ftp://ftp.gfi.com/patches/ESM8/ESM8_PATCH_20080411_01.zip

Page: [1]