We have Windows Event Collection working with few issues as below. wondering if any one can help us, what could we do for this?
1) When i looked at the collector events are recorded not exactly the same and some are replaced with the code number. Then when i go back to client client has the full information
Events on Collector
10/11/2013 08:13:03 AM
AppLocker/EXE and DLL
Message=%11 was prevented from running.
Event on Client (Server)
Log Name: Microsoft-Windows-
AppLocker/EXE and DLLSource: AppLocker
Event ID: 8004
Logged: 11/10/2013 8:13:03 AM
Task Category: None
Message: %SYSTEM32%\CMD.EXE was prevented from running.
2) On Collector server event are not displaying correctly
E.g.The description for Event ID 16397 from source NfsClnt cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Thank you and hopefully some one can help us.
Event Collector service can receive events from event sources in remote Windows computers and publish these events into a local event log.
Please make sure you have enough disk space for storage and no corrupted files or virus infection on the collector server.
- Proposed as answer by Susie LongModerator Monday, December 16, 2013 2:39 AM
Sorry for the delay reply
we do not have a issue with disk space or virus or corrupt.
I Do not know why First Scenario is occurring
I do roughly know why second scenario but do not know exactly hence I am here asking question.
i.e. missing DLL to read events from particular application as application has not being installed in collector.
- Edited by akg1 Wednesday, January 01, 2014 10:05 PM