Sentinel Log Mgr 1.2.1(appliance) IP: 10.33.0.238
WECS box IP: 10.33.0.237
MS AD & Windows Collector version: 2011.1r3
WMI Connector version: 2011.1r2
WMI Connector is listening on port: 1026
Event Source(DC2) OS: Windows 2008 R2

we are not recieving any events from the event source(DC2) .. when I
open raw data tap, I can't see any event there. In the WECS server log
file(swecs.log) I can only see the following messages
>
> 2013-07-10 14:29:03,661|1|INFO|OSVersion: Microsoft Windows NT 6.1.7601
> Service Pack 1
> 2013-07-10 14:29:03,739|1|INFO|WMI Query Pool Performance Counter
> 'SmartThreadPool/Sentinel WECS' will be used
> 2013-07-10 14:29:03,802|1|INFO|General Pool has max 500 workers, 1000 io
> threads : min 2 workers, 2 io threads
> 2013-07-10 14:29:03,864|1|INFO|Adjusting WMI Event Query Pool to max 125
> workers, min 2 workers
> 2013-07-10 14:29:03,864|1|INFO|ZipStreamLimit = 3758096384
> 2013-07-10 14:29:03,880|1|INFO|Created protocol :
> connection : SWECS
> history interval : 4.00:00:00
> history query interval : 00:15:00
> real time interval : 00:00:05
>
> 2013-07-10 14:29:03,895|17|INFO|Starting service v. 2011.1.2.1
> 2013-07-10 14:29:03,895|17|INFO|General Pool has max 500 workers, 1000
> io threads : min 2 workers, 2 io threads
> 2013-07-10 14:29:03,895|17|INFO|Adjusting WMI Event Query Pool to max
> 125 workers, min 2 workers
> 2013-07-10 14:29:03,911|17|INFO|Service started
> 2013-07-10 14:29:03,911|18|INFO|Connecting with pluggin :
> tcp://10.33.0.238:1026/
> 2013-07-10 14:29:03,911|STP SmartThreadPool Thread #8|INFO|WMI Query
> Pool Active
> 2013-07-10 14:29:03,926|18|INFO|SSL no client certificate chosen
> 2013-07-10 14:29:04,176|18|INFO|Starting event protocol
> 2013-07-10 14:29:09,574|3|INFO|Registered query worker for
> SM/893CF530-BB9B-1030-A2D5-001EC947B1FE@10.33.0.12/Security
> 2013-07-10 14:29:09,574|3|INFO|Registered query worker for
> SM/893CF530-BB9B-1030-A2D5-001EC947B1FE@10.33.0.12/System
> 2013-07-10 14:29:09,589|3|INFO|Starting query worker for
> SM/893CF530-BB9B-1030-A2D5-001EC947B1FE@10.33.0.12/Security
> 2013-07-10 14:29:09,589|3|INFO|Starting query worker for
> SM/893CF530-BB9B-1030-A2D5-001EC947B1FE@10.33.0.12/System
> 2013-07-10 14:29:09,636|STP SmartThreadPool Thread #8|INFO|Opening
> connection 893CF530-BB9B-1030-A2D5-001EC947B1FE to
> \\10.33.0.12\root\cimv2 (encrypted: True)
> 2013-07-10 14:29:09,636|STP SmartThreadPool Thread #2|INFO|Opening
> connection 893CF530-BB9B-1030-A2D5-001EC947B1FE to
> \\10.33.0.12\root\cimv2 (encrypted: True)
>


But when I click on Test Connection(ESM Live View > Right Click on
DC2(event source) > Edit > Test Connection), only then I can see the
following errors in log file(swecs.log):
>
> 2013-07-10 14:31:12,268|19|WARN|Notify client error :
> 2##893CF530-BB9B-1030-A2D5-001EC947B1FE##10.33.0.238##WECS error :
> TaskMan (tcp://10.33.0.238:1026/) : Task for EventSource
> 893CF530-BB9B-1030-A2D5-001EC947B1FE already exists.
> 2013-07-10 14:31:12,377|19|ERROR|Management Request failed :
> tcp://10.33.0.238:1026/|TaskMan (tcp://10.33.0.238:1026/) : Task for
> EventSource 893CF530-BB9B-1030-A2D5-001EC947B1FE already exists.| at
> Novell.Sentinel.Windows.EventManagement.Services.E ventTaskManager.RegisterTasks(EventSource
> eventSource, IList`1 logs)
> at
> Novell.Sentinel.Windows.EventManagement.Services.E ventProtocol.ProcessRequest(EventRequest
> request)
> at
> Novell.Sentinel.Windows.EventManagement.Services.E ventProtocol.OnManagementMessage(String
> args)
> at
> Novell.Sentinel.Windows.EventManagement.Channels.P luggin.OnReceive(IAsyncResult
> result)
> 2013-07-10 14:31:12,377|19|WARN|Notify client error :
> 2##SWMS##10.33.0.238##WECS failed to process management request TaskMan
> (tcp://10.33.0.238:1026/) : Task for EventSource
> 893CF530-BB9B-1030-A2D5-001EC947B1FE already exists.
> 2013-07-10 14:31:12,970|19|INFO|Removed query workers for
> 893CF530-BB9B-1030-A2D5-001EC947B1FE
> 2013-07-10 14:31:12,970|19|INFO|Disposing query worker for
> SM/893CF530-BB9B-1030-A2D5-001EC947B1FE@10.33.0.12/Security
> 2013-07-10 14:31:12,970|19|INFO|Removing connection scope
> \\10.33.0.12\root\cimv2
> 2013-07-10 14:31:12,985|19|INFO|Disposing query worker for
> SM/893CF530-BB9B-1030-A2D5-001EC947B1FE@10.33.0.12/System
> 2013-07-10 14:31:12,985|19|INFO|Removing connection scope
> \\10.33.0.12\root\cimv2
>

i.e the above messages(which shows some errors) only logs/appears in
swecs.log file when I click on 'Test Connection' option on event
source(DC2) in ESM Live View.


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=48159