We have had to make our event logs large because an attack can fill up the log with invalid login attempts.
However, I saved the log to file, reduced the size, then cleared it. The next attempt was *successful* - Initial check: setting values. So I guess there is a practical upper limit to the event log sizes, and if we need to save historical data, then we'll have to export and clear periodically. Richard On Tuesday, November 06, 2007 1:45 PM, Dirk Bulinckx <[EMAIL PROTECTED]> wrote: > 16M is size is HUGE. > The API that is used is very slow. If you look at the eventlog via the MS > tools > it's NOT loading all entries, only part of it. > > Dirk Bulinckx. > > -----Original Message----- > From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf > Of > Richard Sleegers > Sent: Tuesday, November 06, 2007 7:31 PM > To: Servers Alive Discussion List > Subject: Re: [SA-list] Eventlog COM check error > > No, it did not give the error before timing out. > > I don't know if the event log is unusually large, but each of the three > are > allocated 16M in size and we are on 3Mbit connection (in direction from > remote server to SAlive server). There are 72000 entries in the log I'm > reviewing. I tried running eventvwr.msc and connected to the remote > computer > to open the log and it took about a minute, but it did load the entire > log. > > Do you know if the EventLog COM check leave the connection open while > traversing? Is there possibly a different version of elog.ocx that I can > use? (Mine is version 1.0.0.17) Any other suggestions? > > On Tuesday, November 06, 2007 12:40 PM, Dirk Bulinckx <[EMAIL PROTECTED]> > wrote: > >> But it didn't not give that error? >> Could it be that OR the network is very slow OR the eventlog is very >> large/full? >> >> Dirk Bulinckx. >> >> -----Original Message----- >> From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On >> Behalf >> Of >> Richard Sleegers >> Sent: Tuesday, November 06, 2007 6:30 PM >> To: Servers Alive Discussion List >> Subject: Re: [SA-list] Eventlog COM check error >> >> When I run SAlive 6 on Windows XP as a standalone application, checking >> the >> same Windows 2003 Server (Web edition), the result is inconclusive. I >> gave >> it 600 seconds, and it timed out. During the check, both processors were >> pegged at 100% (half to serversalive, half to the comaw~1.exe >> application) >> and I could see a trickle of constant network activity. >> >> On Tuesday, November 06, 2007 11:45 AM, Dirk Bulinckx <[EMAIL PROTECTED]> >> wrote: >> >>> Does it do the same with the support v6 of Servers Alive? >>> >>> Dirk Bulinckx. >>> >>> -----Original Message----- >>> From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On >>> Behalf >>> Of >>> Richard Sleegers >>> Sent: Tuesday, November 06, 2007 5:31 PM >>> To: Servers Alive Discussion List >>> Subject: Re: [SA-list] Eventlog COM check error >>> >>> As I said, Windows 2000 Server SP4 checking event log on remote Windows >>> 2003 >>> Server, so SA is on the W2K system as a service. >>> >>> On Tuesday, November 06, 2007 11:25 AM, Dirk Bulinckx >>> <[EMAIL PROTECTED]> >>> wrote: >>> >>>> What OS is SA running on, and what OS is on the remote system? >>>> >>>> Dirk Bulinckx. >>>> >>>> -----Original Message----- >>>> From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On >>>> Behalf >>>> Of >>>> Richard Sleegers >>>> Sent: Tuesday, November 06, 2007 4:56 PM >>>> To: Servers Alive Discussion List >>>> Subject: Re: [SA-list] Eventlog COM check error >>>> >>>> Yes, this is repeatable. >>>> My other event log checks are local, I'm trying to expand to remote >>>> event >>>> log checks. I can successfully share a drive from the remote machine to >>>> my >>>> trusted IP so the file sharing ports appear to be working fine (which >>>> is >>>> what remote event viewer uses, I assume). I tried a second remote >>>> machine >>>> with the same results (same O/S combination). After about 310000 ms it >>>> fails >>>> with "Object variable or With block variable not set" - I gave it 600 >>>> seconds to see if it was just taking a long time, otherwise it was >>>> timing >>>> out. >>>> >>>> On Tuesday, November 06, 2007 1:35 AM, Dirk Bulinckx >>>> <[EMAIL PROTECTED]> >>>> wrote: >>>> >>>>> does it do this all the time with this entry? >>>>> do you have other checks defined for remote event log checks? >>>>> >>>>> Dirk Bulinckx. >>>>> >>>>> -----Original Message----- >>>>> From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On >>>>> Behalf >>>>> Of >>>>> Richard Sleegers >>>>> Sent: Monday, November 05, 2007 11:30 PM >>>>> To: Servers Alive Discussion List >>>>> Subject: [SA-list] Eventlog COM check error >>>>> >>>>> ERR: COM Check problem (W00000012,122, 350):Object variable or With >>>>> block >>>>> variable not set >>>>> >>>>> I have checked this thread: >>>>> http://www.mail-archive.com/[email protected]/msg10077.html but >>>>> could >>>>> not >>>>> see any resolutions there. My specs: >>>>> >>>>> Servers Alive 5.1.1967 running as service, no terminal services. >>>>> Windows 2000 Server SP4 checking event log on remote Windows 2003 >>>>> Server >>>>> Web >>>>> Edition >>>>> >>>>> External COM's Eventlog Check setup (version 2.0 build 59): >>>>> Give down when 'at least one' ... >>>>> Hostname: [remote server's IP address] >>>>> Logfile: System >>>>> Source: EventLog >>>>> Category: >>>>> Event ID: 6008 >>>>> User: >>>>> Use Authentication: checked, and username has server\username and >>>>> password >>>>> fields >>>>> Type: Error is checked >>>>> Return: All matching entries >>>>> >>>>> Eventlog COM checks on the local network work fine. I have opened all >>>>> ports >>>>> 137-139 TCP/UDP for access by the SAlive server >>>>> If I put an incorrect username or password, the error changes to: >>>>> External COM check (W00000012,122):ERR: Unable to connect to host.( 7) >>>>> so I believe the connection information is correct - I can even see >>>>> increased network activity on the remote server. >>>>> >>>>> Any other ideas? >>>>> >>>>> --------------------------------------------------- >>>>> Richard >>>>> To unsubscribe send a message with UNSUBSCRIBE as subject to [email protected] If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
