Announcement

Collapse
No announcement yet.

Unable to view detail of event logs Events/ForwardedEvents

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to view detail of event logs Events/ForwardedEvents

    Hyena v9.0 'D'

    I have a Windows 2008 R2 server that is running Microsoft Event Collection Service. It populates log Events/ForwardedEvents.

    Issue #1. Since each event in this log comes from many servers, we need to see a "Server" column in Hyena (right pane) to know which server the event occured on.

    Issue #2. When double-clicking on an event in ForwardedEvents log, this error messag appears:
    "Error getting next event log 'System' entry on 'servername'. No more data is available".

    Thank you.

  • #2
    Server should be one of the default fields for Events. Go to Tools->Settings->Display, change the Display Mode to Events and make sure Server is at the top.

    I'll have to do some testing on the other issue.

    Comment


    • #3
      Hi,
      I verified that too. Tools / Settings / Display tab / Display Mode : Events

      Under Current Columns: Server, Time, Source, etc...

      Under Available Columns: empty.

      Eventhough Server column is selected, it is not displaying in the right pane.

      Comment


      • #4
        Right-click on a server or selection of servers and choose Events->Filter Events. Choose the log you want and click OK. Do you see it there? If you are expanding a computer, expanding Events then double-clicking on one of the logs there, you won't see the Server column since you are only viewing events from that one computer.

        Comment


        • #5
          Events / Filter does NOT show me the "ForwardedEvents" log. Other logs are there (System, Application, etc..). That's odd.

          Comment


          • #6
            We were able to duplicate the error you are getting and are looking to see if we can fix it. To add the computer these events are forwarding from you can add the Computer column (along with any others) to the display by going to Tools->Settings->Display and changing the Display Mode to EVTX Events. The instructions I gave above are for pre-EVTX event views.

            Comment


            • #7
              OK, I see. Under Tools / Settings / Display / Display Mode:EVTX Events, I added the 'Computer' & 'Description' columns and voila!

              Thank you for the help.

              Comment

              Working...
              X