Re: Open Log File...

No, you are using the function correctly. The event log format is a special binary format that is only created by applications that work with event logs.

What version of Hyena (Help->About) are you using ?

Re: Open Log File...

That's what I figured.

Hyena v6.3

Edit: I cleared the log and saved it to a file through Hyena, would that make a difference as opposed to doing the "Backup Event Log..."?

[This message has been edited by baerj (edited 09-08-2005).]

Re: Open Log File...

Walk me through step-by-step from the moment you run Hyena to how you get to the server, etc. on opening this log file.

also, when you open the log file, the Filter Events dialog should show that its reading the events from a file. Verify that this is what you see. You can select filter options, but you can't specify the event log type (ie system, application, etc.) as that does not apply.

It does not matter how you create the log file, as you can create a backup, or you can create one before clearing the log. If you clear the log, it would presumably be nearly empty.

Re: Open Log File...

Alright. Earlier cleared Events saving as 090805sec.evt on D:\EventLogs

1. Open Hyena on my PC (Win XP).
2. Browse to + Domain Controllers on domain.
3. Click + on PDC
4. Right click on Events choosing Open Log File...
5. I have D$ mapped as Y. Browse to Eventlogs on PDC and open 090805sec.evt
6. View Selected Events: Event Log(s) <Saved Log> (Start with first event --> End with Last Event)
7. What is then shown is not the security logs.

<Saved Log> PDC 9/7/2005 7:15:31 AM LPR Print Monitor 2004 n/a PDC Warning
<Saved Log> PDC 9/1/2005 11:07:45 PM LPR Print Monitor 2004 n/a PDC Warning
<Saved Log> PDC 9/1/2005 10:31:11 AM LPR Print Monitor 2004 n/a PDC Warning

I can open this in Event Viewer, but unlike Hyena I cannot copy and paste the events as easily, as I also need the descriptions and when exporting to a .csv from Event Viewer it gives everything but the description.

[This message has been edited by baerj (edited 09-08-2005).]

Re: Open Log File...

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by baerj:
<span style="font-weight: bold">I can open this in Event Viewer, but unlike Hyena I cannot copy and paste the events as easily, as I also need the descriptions and when exporting to a .csv from Event Viewer it gives everything but the description.</span></div></div>

Log Parser helped me out for now. Would be nice to find out why Hyena is pulling from the system log instead of the opened security log.

Re: Open Log File...

Sorry for the delay, but we had to release Hyena v6.5 yesterday, and I was working to see what I could fix in the final release without causing more problems.

As it turned out, you found a bug, and in the process of looking at this further, we found yet another problem with viewing saved logs.

I was never able to duplicate your exact problem, but did find that a new feature added in the last release is what caused this problem. In Hyena v6.3, we added the capability to view multiple log files, which created this bug. This was easy to fix and the fix has been applied to Hyena v6.5, which is available now. To run v6.5, your maintenance expiration date must be after July 1, 2005. We will also be updating v6.3 with this patch next week.

There were two other problems that we ran into with viewing saved logs.

1. There is a Microsoft documentation bug of sorts with viewing a saved log. Since its just a file, there isn't any reason that it can't be viewed locally. In our testing, to view a saved file, you had to go to your local computer and select the log file to view there. If you went to a remote computer, and tried to view its logs, it would return nothing. This seemed to be a bug in Windows, but the better approach is to just force all viewing of saved log files to be read by the local system. After all, these log files could be stored anywhere.

2. The other problem, which probably affects you directly, is what seems like a design flaw in Hyena whereby viewing a saved log will not show the event description, which I think is what you want. In using Windows Event Viewer, I noticed that it asks what event log (application, system, etc.) the saved log is for. At first, I could not understand why it would care. But when I discovered that Hyena would not show the event description, and checked into why, it was obvious : you need to know the source of the events to get the description information. And since Hyena never asks for this when opening a remote log, it cannot display the description.

This I will work on fixing, but it creates other problems as the translation for Hyena v6.5 has been completed. But in fixing this, I will probably have to create another dialog to prompt for the event log name for the backup, and since Hyena can view events from multiple logs, its possible for us to enable loading multiple saved log files as well. This might be useful for users who have, for example, a backup log for each week and you want to check a consolidated log.

Let me know if you want to test any changes that we make.

Thank you reporting this problem, and if you want a free T-Shirt, send your postal mailing address to [email protected]

(no, only the original poster can get the free T-Shirt.)

Re: Open Log File...

Awesome. Sure I'll test, let me know where/how.

[This message has been edited by baerj (edited 09-09-2005).]

Re: Open Log File...

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by baerj:
<span style="font-weight: bold">Alright. Earlier cleared Events saving as 090805sec.evt on D:\EventLogs

1. Open Hyena on my PC (Win XP).
2. Browse to + Domain Controllers on domain.
3. Click + on PDC
4. Right click on Events choosing Open Log File...
5. I have D$ mapped as Y. Browse to Eventlogs on PDC and open 090805sec.evt
6. View Selected Events: Event Log(s) <Saved Log> (Start with first event --> End with Last Event)
7. What is then shown is not the security logs. </span></div></div>

Hello, it seems now when I try to open a log file I get no info what so ever. Even if I have all Event Type selections checked.

It had been working, just noticed this in the last couple new versions of Hyena. Running 6.7 'D' at the moment. Or maybe I'm just doing something wrong.

Re: Open Log File...

Looks like you found another bug. This is caused by a workaround that we had to implement a few releases back due to how Windows handles event log files that don't exist. When a log file is read that does not actually exist, Windows will simply return the entries in the System log. This can cause a lot of confusion. To fix this, we now check to see if a remote log file exists before attempting to open it. But a saved file is not really a event log file, so this new workaround is causing a problem with reading saved files.

I posted a patch to:
http://www.systemtools.com/download/hyena67e.zip

Let me know if this addresses this issue.

Thanks

Re: Open Log File...

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by kstanush:
<span style="font-weight: bold">I posted a patch to:
http://www.systemtools.com/download/hyena67e.zip

Let me know if this addresses this issue.

Thanks</span></div></div>

This looks like it works. Was able to open various saved event log files without any problems.