Event ID:
Source:
EventSentry
Category:
TestCategory
Message:
Congratulations! You have just installed and setup up EventSentry (on host TEST3-W2K), which we believe to be the most efficient and economic event log and system monitoring application on the market.
Please visit http://www.eventsentry.com or http://www.netikus.net/ for more information on EventSentry.
Thank you for using EventSentry.



Event ID:
Source:
EventSentry
Message:
The event description will show any message received through the syslog protocol


Event ID:
Source:
EventSentry
Message:
The status for service HTTPFilter (HTTP SSL) changed from Stopped to Running.


Event ID:
Source:
EventSentry
Message:
EventSentry was unable to query the local audit policy settings. A call to open the LSA policy failed with error Access is denied.. Please see the EventSentry documentation for troubleshooting advice on this problem.


Event ID:
Source:
EventSentry
Message:
Unable to connect to SMTP host email.company.com due to error 'Unable to establish TCP connection (10065). If you are running McAfee Anti-Virus then make sure that outgoing SMTP traffic is not blocked from this machine (e.g. "Access Protection") and that no firewall is blocking traffic between this host and the mail server.


Event ID:
Source:
EventSentry
Message:
The process notification (target) "My Process" successfully executed the process "c:\batch\backup.cmd".


Event ID:
Source:
EventSentry
Message:
The process notification (target) "MyProcess" was unable to execute the process "c:\batch\mybatchfile.cmd" due to error 5.


Event ID:
Source:
EventSentry
Message:
User DOMAIN\User has successfully connected to host REMOTE from host LOCAL with the EventSentry management application.


Event ID:
Source:
EventSentry
Message:
When monitoring the Application event log, the EventSentry agent missed events between number 980 to 984. EventSentry will attempt to read those events at a later time to make sure that all events from the Application log are being processed.


Event ID:
Source:
EventSentry
Message:
The EventSentry agent has successfully adjusted the permissions of the configuration registry key HKLM\Software\netikus.net\EventSentry. 3 ACE entries (one of the following: Users, Power Users, Everyone) were removed to increase security.


Event ID:
Source:
EventSentry
Message:
The EventSentry service could not start because of a configuration error. Please make sure that you have at least one filter and target or the syslog daemon configured.


Event ID:
Source:
EventSentry
Message:
Error during SMTP communication with SMTP host %1. After sending "%2" the following error occurred: %3.


Event ID:
Source:
EventSentry
Message:
Unable to connect to SMTP host %1 due to error %2. Will try backup smtp host %3 now.


Event ID:
Source:
EventSentry
Message:
Unable to open parallel port LPTx. Please make sure that no application is currently using this printer port, also make sure that no printer is using port LPTx. You might have to restart the service after the resource conflict is solved.


Event ID:
Source:
EventSentry
Message:
Unable to start service because no valid license was found.


Event ID:
Source:
EventSentry
Message:
The configuration for the agent (service) was successfully re-read from the registry.


Event ID:
Source:
EventSentry
Message:
The custom event log MyCustomLog is not configured on this system. You will not be able to monitor this event log on this system. The service (agent) will continue to run without interruption.


Event ID:
Source:
EventSentry
Message:
The temporary file %1 has been found but no filter referencing this target (%2) is configured for a summary notification. The file has been deleted.


Event ID:
Source:
EventSentry
Message:
The following service was added: UtilMan (Utility Manager). Current service state is Stopped, service is using binary file C:\WINNT\System32\UtilMan.exe.


Event ID:
Source:
EventSentry
Message:
The following x service(s) are configured to AUTOSTART but are currently not running:
Cdaudio
Changer
CD-Burning Filter Driver
lbrtfdc
mrtRate
PCIDump
Sfloppy
Security Center


Event ID:
Source:
EventSentry
Message:
Application UserFaultCheck (%systemroot%\system32\dumprep 0 -u) was removed from the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and will no longer be run when a user logs into the system.



Event ID:
Source:
EventSentry
Message:
The status for service WmiApSrv (WMI Performance Adapter) changed from Running to Stopped.


Event ID:
Source:
EventSentry
Message:
The service mouhid (Mouse HID Driver) is now being monitored. Current service status is Running.


Event ID:
Source:
EventSentry
Message:
The following service was added: APC UPS Service (APC UPS Service). Current service state is Running, service is using binary file C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe.


Event ID:
Source:
EventSentry
Message:
The following service was removed: APC UPS Service (APC UPS Service). Last service state was Running.


Event ID:
Source:
EventSentry
Message:
The service Abiosdsk (Abiosdsk) will not be monitored anymore. Last service status was Stopped.


Event ID:
Source:
EventSentry
Message:
"c:\batch\db_upd.cmd" was run for 381 seconds with the result shown below. Return Code was 0.
Downloading file ...
Dropping existing tables ...
Decompressing download file ...
Importing SQL data ...
Done.


Event ID:
Source:
EventSentry
Message:
The process "c:\batch\update.cmd" could not be created due to the following error:
The system cannot find the path specified.


Event ID:
Source:
EventSentry
Message:
The process superdel.exe exceeded the maximum allowed time interval of 15 minute(s). EventSentry was unable to terminate the process due to the following error: Acess Denied.


Event ID:
Source:
EventSentry
Message:
The process C:\temp\vnc-4_1_1-x86_win32.exe exceeded the maximum allowed time interval of 1 minute(s). The process was terminated. Please increase the timeout interval for this process in the management application (System Health -> Application Scheduler).


Event ID:
Source:
EventSentry
Message:
The Application event log was successfully cleared.


Event ID:
Source:
EventSentry
Message:
The shortcut PerformanceEnhancer.lnk (using file C:\Windows\evilvirus.exe) registered itself in the directory C:\Documents and Settings\All Users\Start Menu\Programs\Startup and will be automatically run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
The Application event log was successfully backed up to file C:\EVENTLOG BACKUP\APPLICATION_ 2005_08_18.EVT.



Event ID:
Source:
EventSentry
Message:
The Security event log was successfully cleared and backed up to file V:\CENTRAL EVENT LOG BACKUP\WHALE_SECURITY_08022006_1400.EVT.


Event ID:
Source:
EventSentry
Message:
The Security event log could not be cleared due to the following error: Access is Denied.


Event ID:
Source:
EventSentry
Message:
The Application event log could not be backed up to file C:\BACKUP\ESLOG\BULL_09022006.EVT due to the following error:
Cannot create a file when that file already exists.


Event ID:
Source:
EventSentry
Message:
The System event log could not be cleared and backed up due to the following error: Access is Denied.


Event ID:
Source:
EventSentry
Message:
Full event logs cannot be detected on this machine, this feature is not supported on this platform (only Windows 2000 or higher).


Event ID:
Source:
EventSentry
Message:
The process explorer.exe (PID 828) seems to be leaking "Working Set" memory. If you keep seeing this message in the event log then it is recommended that you monitor the memory consumption of this process closely with performance monitor if you have not already done so.
The process is currently using 5738496 bytes of "Working Set" memory, system memory load is 87%.
If you are certain that this process is not leaking memory then you can exclude this process from being monitored or change the monitoring parameters (contact support@netikus.net for more information) in the registry. If this process is leaking memory then contact the manufacturer of the application for support.



Event ID:
Source:
EventSentry
Message:
The process eventsentry_gui.exe is not active.


Event ID:
Source:
EventSentry
Message:
Free disk space for drive V:\ is below the configured limit of 4 percent. 3.31 percent of disk space (985 Mb) are currently available on drive V:\.


Event ID:
Source:
EventSentry
Message:
Free disk space for drive C:\ is below the configured limit of 500 Mb. 152 Mb of disk space are currently available on drive C:\.


Event ID:
Source:
EventSentry
Message:
Application NTToolkit was installed.
Additional Information:
Publisher: NETIKUS.NET ltd
Installation Directory: C:\Program Files\NTToolkit
Version: 1.91


Event ID:
Source:
EventSentry
Message:
Application NToolkit (NTToolkit) was uninstalled.


Event ID:
Source:
EventSentry
Message:
Application QuickTime Task ("C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime) registered itself in the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and will be automatically run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
The registry value AppInit_DLLs in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows changed from "" to "wbsys.dll". All files specified in this value will be automatically run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
Application UserFaultCheck (%systemroot%\system32\dumprep 0 -u) was removed from the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and will no longer be run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
The application eraseallfiles.exe registered itself in the directory c:\Documents and Settings\All Users\Start Menu\Programs\Startup and will be automatically run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
The shortcut PerformanceEnhancer.lnk (using file C:\windows\evilvirus.exe) was removed from directory C:\Documents and Settings\All Users\Start Menu\Programs\Startup and will no longer run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
Application YourPersonalAdware.exe was added to the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup and will be automatically run when the system boots.


Event ID:
Source:
EventSentry
Message:
Application YourPersonalAdware.exe was removed from the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup and will no longer be run the system boots.


Event ID:
Source:
EventSentry
Message:
The application >26923b43-4d38-484f-9b9e-de460746276c registered file %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE in registry key SOFTWARE\Microsoft\Active Setup\Installed Components and might be automatically run when a user logs into the system. Please see the help file (search for ACTIVE SETUP) for more information.



Event ID:
Source:
EventSentry
Message:
Application >60B49E34-C7CC-11D0-8953-00A0C90347FF (using file ) was removed from the registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and will no longer be run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
There was an error (999) monitoring registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components. Please restart the EventSentry agent or notify NETIKUS.NET support if this problem persists. Autorun monitoring will NOT continue.


Event ID:
Source:
EventSentry
Message:
The explorer extension DLL SecretMalwareDLL (using file ieatfiles.dll) was removed from the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify and will no longer be loaded into explorer.exe.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "Memory\Available MBytes" fell below the threshold of 10, the current average is 9.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "%1" (instance "%2") fell below the threshold of %3, the current average is %4.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "%1" equals the threshold of %2.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "Process(*)\Thread Count" (instance "myapp") equals the threshold of 20.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "%1" exceeded the threshold of %2, the current average is %3.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter %1 (instance %2) exceeded the threshold of %3, the current average is %4.


Event ID:
Source:
EventSentry
Message:
The group alert "Performance Warning" was triggered because all performance counters of this group reported an alert the last time they were checked. Please see below for a list of all performance counters and the data last reported:
Low Memory: 120 (17 seconds ago)
High Paging Activity: 250 (0 seconds ago)


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
One or more required function entry points could not be found in the dynamic link library PDH.DLL. Please make sure that the latest version of PDH.DLL is installed on this machine, for example you may copy the DLL from another machine running a later Operating System. Performance monitoring cannot continue.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter %1 is back above the threshold of %2, the current average is %3.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "%1" (instance "%2") is back above the threshold of %3, the current average is %4.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "%1" is back below the threshold of %2, the current average is %3.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "Process(*)\% Processor Time" (instance "mysqld-nt") is back below the threshold of 50, the current average is 48.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "Process(*)\% Processor Time" (instance "SWEEPSRV.SYS") which previously exceeded the configured threshold, is not available anymore and will not be monitored.


Event ID:
Source:
EventSentry
Category:
TestCategory
Message:
Congratulations! You have just installed and setup up EventSentry (on host BLACKMAMBA), which we believe to be the most efficient and economic event log and system monitoring application on the market.
Please visit http://www.eventsentry.com or http://www.netikus.net/ for more information on EventSentry.
Thank you for using EventSentry.


Event ID:
Source:
EventSentry
Message:
Unable to connect to SMTP host %1 due to error "%2". If you are running McAfee Anti-Virus then make sure that outgoing SMTP traffic is not blocked from this machine (e.g. "Access Protection") and that no firewall is blocking traffic between this host and the mail server.



Event ID:
Source:
EventSentry
Message:
Error during SMTP communication with SMTP host %1. After sending "%2" the following error occurred: %3



Event ID:
Source:
EventSentry
Message:
Unable to connect to SMTP host %1 due to error %2. Will try backup smtp host %3 now.



Event ID:
Source:
EventSentry
Message:
The process notification (target) %1 successfully executed the process "%2".


Event ID:
Source:
EventSentry
Message:
The process notification (target) Laser Printer was unable to execute the process ""cscript.exe" c:\temp\dosprint\eventprint.vbs "Security" "Audit Success" "Security" "Detailed Tracking" 592 "NETIKUSNET\sang.kim" "BULL" "2/22/2006 1:03:33 PM" " " due to error 2.


Event ID:
Source:
EventSentry
Message:
EventSentry was unable to connect to the ODBC target "Test ODBC" due to error "OdbcExpandError: [28000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'eventsentry_svc'. (18456)". EventSentry will queue events and continue to attempt the delivery of events.


Event ID:
Source:
EventSentry
Message:
The following error occurred while trying to read the "%1" event log: "%2". In most cases the only way to resolve this problem is to save (if possible) and clear the %1 event log. EventSentry will not be able to monitor the %1 event log until this problem is resolved.



Event ID:
Source:
EventSentry
Message:
Unable to start service because the End User License Agreement was not accepted


Event ID:
Source:
EventSentry
Message:
The EventSentry agent has successfully changed the buffer size from %1 bytes to %2 bytes after the Operating System returned the following error: "The data area passed to a system call is too small".



Event ID:
Source:
EventSentry
Message:
The state of service %1 was Stopped, requested state is Running. EventSentry successfully changed the service status to Running.


Event ID:
Source:
EventSentry
Message:
The state of service Spooler is Stopped, requested state is Running. EventSentry was not able to change the service status due to the following error: An instance of the service is already running.


Event ID:
Source:
EventSentry
Message:
The process calc.exe is active.


Event ID:
Source:
EventSentry
Message:
Trend analysis has determined unusual high disk usage on drive %1. The average recorded trend on drive %1 was %2 kb, the current trend was %3 kb, an increase of %4%%.

If this trend change is expected (for example, caused by a daily backup routine) then you will see this message two more times before the pattern is recognized. With the recorded trend, disk space will be exhausted in %5 days, with the current trend in %6 days.


Event ID:
Source:
EventSentry
Message:
Event log filter Test exceeded the configured threshold (3 entries / 300 second(s)). 3 events (out of a total of 8) were dropped by this filter. You can review the dropped events in the event log (if the size of the event log is big enough).


Event ID:
Source:
EventSentry
Message:
Event log filter Test has reached the configured threshold (3 entries / 60 second(s)).



Event ID:
Source:
EventSentry
Message:
Event log filter Test has reached the configured threshold (3 entries / 300 second(s)). Events matching this filter will now be processed.



Event ID:
Source:
EventSentry
Message:
Event log filter Threshold has reached or exceeded the configured threshold (1 entries / 60 second(s)). 5 events were processed during the interval.


Event ID:
Source:
EventSentry
Message:
No event matching filter Backup OK has occurred in the event log in the configured time period. According to the schedule, at least one event matching filter Backup OK should have been logged during the last 420 minutes.



Event ID:
Source:
EventSentry
Message:
EventSentry was unable to query the local audit policy settings. A call to query the current audit policy failed with error %1. Please see the EventSentry documentation for troubleshooting advice on this problem.



Event ID:
Source:
EventSentry
Message:
EventSentry has determined that the currently active Audit Policy does not audit "Process Tracking" and EventSentry is NOT configured to activate "Process Tracking". You will either need to activate Process tracking manually by launching "Start -> Programs -> Administrative Tools -> Local Security Settings -> Local Policies -> Audit Policy -> Audit %3 = Audit Success", activate %2 tracking in Active Directory or configure EventSentry to activate "Process Tracking" for you.


Event ID:
Source:
EventSentry
Message:
EventSentry determined that "Process Tracking" is currently not enabled and was unable to activate it. A call to change the current audit policy failed with error %1. Please see the EventSentry documentation for troubleshooting advice on this problem.


Event ID:
Source:
EventSentry
Message:
EventSentry determined that "Process Tracking" is enabled and data will be now be collected.


Event ID:
Source:
EventSentry
Message:
EventSentry has successfully changed the Audit Policy and has enabled "Process Tracking". Process data will be now be collected.


Event ID:
Source:
EventSentry
Message:
EventSentry determined that "Process Tracking" is currently enabled and was unable to deactivate it. A call to change the current audit policy failed with error %1. Please see the EventSentry documentation for troubleshooting advice on this problem.


Event ID:
Source:
EventSentry
Message:
Process Tracking has been enabled but the "Log Size" properties of the Security event log are not configured properly. In order for Process Tracking to work reliably it is recommended that you reconfigure the security event log (with "Event Viewer") to "Overwrite events as needed".


Event ID:
Source:
EventSentry
Message:
EventSentry has successfully changed the Audit Policy and has disabled "Process Tracking". Process data will no longer be collected.


Event ID:
Source:
EventSentry
Message:
The configured temperature limit of %1 degrees (%3) has been exceeded, the current temperature is %2 degrees (%3).



Event ID:
Source:
EventSentry
Message:
The configured humidity limit of 60% has been exceeded, the current humidity level is 90%.


Event ID:
Source:
EventSentry
Message:
EventSentry was unable to find a temperature and/or humidity sensor on serial port %1. Please make sure the device is connected properly.



Event ID:
Source:
EventSentry
Message:
The database write interval for environment monitoring is set too small. The interval was automatically adjusted to %1 seconds.



Event ID:
Source:
EventSentry
Message:
Unable to open serial port %1 due to error "%2". Environment monitoring will not continue.



Event ID:
Source:
EventSentry
Message:
The temperature has fallen below the configured limit of %1 degrees (%3). The current temperature is %2 degrees (%3).



Event ID:
Source:
EventSentry
Message:
The humidity level has fallen below the configured limit of %1%. The current humidity level is %2%%.



Event ID:
Source:
EventSentry
Message:
The current temperature has fallen outside the configured range (%1%4 to %2%4). The current temperature is %3 degrees (%4).



Event ID:
Source:
EventSentry
Message:
The current humidity level has fallen outside the configured range (%1%% to %2%%). The current humidity level is %3%%.



Event ID:
Source:
EventSentry
Message:
The temperature (78.96 degrees F) is back in the configured range (60F to 78F)


Event ID:
Source:
EventSentry
Message:
The current humidity level is back in the configured range (10% to 70%). The current humidity level is 15%.


Event ID:
Source:
EventSentry
Message:
The following 2 service(s) are configured to AUTOSTART but are currently not running:Performance Logs and AlertsVirtual Machine Additions Shared Folder Service


Event ID:
Source:
EventSentry
Message:
The following service was removed: CryptSvc4951 (CryptSvc4951). Last service state was Stopped.



Event ID:
Source:
EventSentry
Category:
Heartbeat Monitoring
Message:
The AGENT status of host <HOSTNAME> (<GROUP>) remains at ERROR due to error "Access is denied.
".


Event ID:
Source:
EventSentry
Category:
Software Monitoring
Message:
Application 86C01576-F161-3624-9462-D87DE3243DC4 (using file ) was removed from the registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and will no longer be run when a user logs into the system.



Event ID:
Source:
EventSentry
Category:
Software Monitoring
Message:
Application 3087B10A-0736-6446-6DF0-F69FB0A3D2DA (using file ) was removed from the registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and will no longer be run when a user logs into the system.


Event ID:
Source:
EventSentry
Message:
Free disk space for drive T:\ (ISBORA8_T) is below the configured limit of 2 percent. 2.00 percent of disk space (10239 Mb) are currently available on drive T:\.


Event ID:
Source:
EventSentry
Message:
Free disk space for drive C:\ () is back above the configured limit of 500 Mb. 2389 Mb of disk space are currently available on drive C:\.


Event ID:
Source:
EventSentry
Message:
Host ACLXIDS (Servers) changed its PING status from ERROR to OK. The reason for the status change was: 'Ping Successful (Rate:100%, Avg:0ms, Max:0ms, Min:0ms)'.


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "PhysicalDisk(*)\Avg. Disk Queue Length" could not be monitored due to error "0xC0000BB8". Please make sure that the performance counter exists. If you are running a non-english version of Windows then performance counters are named in the language of the Operating System.


Event ID:
Source:
EventSentry
Message:
The Windows PowerShell event log could not be cleared and backed up to file \\FS1\DEPARTMENTS\TECHNOLOGY\PRIVATE\EVENTLOGBACKUPS\VMUTIL WINDOWS POWERSHELL 04 11 2008 12 07.EVT due to the following error:

Access is denied.
.



Event ID:
Source:
EventSentry
Message:
Action "Desktop" was unable to create a mailslot for host "." due to error: The system cannot find the file specified.


Event ID:
Source:
EventSentry
Message:
Host SCISTONETBOTZ (EMEA Netbotz) changed its PING status from OK to ERROR. The reason for the status change was: "100% packets lost".



Event ID:
Source:
EventSentry
Category:
None
Message:
Action "MSSQL Database", invoked by feature, "Performance Monitoring" was unable to connect to the database due to error "[HYT00] [Microsoft][ODBC SQL Server Driver]Timeout expired (0)". EventSentry will queue events and continue to attempt the delivery of events.


Event ID:
Source:
Report Server Windows Service (EVENTSENTRY)
Category:
Startup/Shutdown
Message:
The report server database is an invalid version.


Event ID:
Source:
EventSentry
Category:
Service Monitoring
Message:
The status for driver Netaapl (Apple Mobile Device Ethernet Service) changed from Running to Stopped.


Event ID:
Source:
EventSentry
Category:
Boot
Message:
The backup file for action "DBMYSQL" has events queued, but the "DBMYSQL" action is currently disabled. The backup file for this action has been backed up to file "C:\Windows\TEMP\eventsentry_backup_f98ff348-8384-4ae8-ae76-6818e4e13765.tmp.backup" and the original file has been deleted.



Event ID:
Source:
EventSentry
Message:
The number of events cached for action "MSSQL Database", which has been unreachable, exceeded 8192 events. If this action is no longer in use then you should disable or delete the action so that events are no longer cached. EventSentry will continue to cache events until the maximum size of the temporary backup file "C:\WINDOWS\TEMP\eventsentry_backup_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
..tmp" (32 Mb) is reached. 133952 events are currently cached, the backup
file size is 32 Mb.


Event ID:
Source:
EventSentry
Category:
Service Monitoring
Message:
The status for driver pssdk41 (PsSdk41) changed from Stopped to Running.

Additional Service Information:

Startup type: Manual
Executable: \??\C:\WINDOWS\system32\Drivers\pssdk41.sys



Event ID:
Source:
EventSentry
Category:
Heartbeat Monitoring
Message:
The PING status of host <HOSTNAME> remains at ERROR due to error "gethostbyname: The requested name is valid, but no data of the requested type was found. ".


Event ID:
Source:
EventSentry
Message:
Unable to connect to SMTP host smtp.gmail.com due to error "Timeout.". If you are running McAfee Anti-Virus then make sure that outgoing SMTP traffic is not blocked from this machine (e.g. "Access Protection") and that no firewall is blocking traffic between this host and the mail server.

Unable to connect to SMTP host %1 due to error "%2". If you are running McAfee Anti-Virus then make sure that outgoing SMTP traffic is not blocked from this machine (e.g. "Access Protection") and that no firewall is blocking traffic between this host and the mail server.



Event ID:
Source:
EventSentry
Message:
Error during SMTP communication with SMTP host "192.168.1.48". After sending "." the following error occurred: "[10057] Socket is not connected".

Error during SMTP communication with SMTP host "%1". After sending "%2" the following error occurred: "%3".


Event ID:
Source:
EventSentry
Message:
Unable to connect to SMTP host 192.168.1.48 due to error [10060] Connection timed out. Will try backup smtp host smtp.gmail.com now.

Unable to connect to SMTP host %1 due to error %2. Will try backup smtp host %3 now.


Event ID:
Source:
EventSentry
Message:
Action "Event log to text file" was unable to create/open file "C:\EventSentry\eventsentry_events.txt" due to error: Access is Denied.

Action "%1" was unable to create/open file "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
EventSentry determined that the recommended management suite ("OpenManage") from the hardware manufacturer (Dell) is either not installed or not currently running on this server. Without this software, EventSentry will not be able to alert you of critical hardware warnings and/or errors, such as a hard drive failure in a RAID. Please visit the manufacturer's web site to obtain more information and install the recommended management suite.


Additional Information:

Manufacturer: Dell
Model: PowerEdge 1900
Bios Version: 2.2.6


Event ID:
Source:
EventSentry
Message:
Action "MSSQL Database", invoked by feature, "Software
Monitoring" was unable to connect to the database due to error "[01000] [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]ConnectionOpen (Connect()). (11004)". EventSentry will queue events and continue to attempt the delivery of events.



Event ID:
Source:
EventSentry
Category:
Service Monitoring
Message:
A driver was added:

Name: mraid35x (Mraid35x)
Status: Stopped
Startup type: Automatic
Executable: \SystemRoot\system32\drivers\mraid35x.sys






Event ID:
Source:
EventSentry
Message:
The ODBC driver for action "24hour" in the EventSentry Agent has been automatically adjusted to use "SQL Server Native Client 10.0", which is the latest version installed on this system. Dynamically added connection options: MARS_Connection=yes.



Event ID:
Source:
EventSentry Network Services
Category:
Snmp Trap
Message:
A SNMP trap was received:

Version: 1
Community: public
Trap Sender: vmware1.domain.local (192.168.12.55)
Trap ID: vmware.vmwProductSpecific.vmwESX.vmkLoaded (1.3.6.1.4.1.6876.4.1.6.1)

Trap Bindings:
1: vmware.vmwTraps.vmwVmID (1.3.6.1.4.1.6876.50.101) = 1
2: vmware.vmwTraps.vmwVmConfigFilePath (1.3.6.1.4.1.6876.50.102) = /vmfs/volumes/474c55f6-89ccc558-5555-001143ebb975/TestServerF/TestServerF.vmx
3: vmware.vmwVirtMachines.vmwVmTable.vmwVmEntry.vmwVmDisplayName.1 (1.3.6.1.4.1.6876.2.1.1.2.1) = TEST07-W2K3-DE


Event ID:
Source:
EventSentry Network Services
Category:
Snmp Trap
Message:
A SNMP trap was received:

Version: 3
Username: public
Trap Sender: ups41.domain.local (192.168.16.117)
Trap ID: apc (1.3.6.1.4.1.318.0.10)
Engine ID: 0x800000000300C0B74DD7A6
Security Level: Authentication and Privacy

Trap Bindings:
1: apc.apcmgmt.mtrapargs.mtrapargsString (1.3.6.1.4.1.318.2.3.3.0) = UPS: Passed a self-test.



Event ID:
Source:
EventSentry Network Services
Category:
Syslog
Message:
syslog@vmserver5.domain.local[daemon.warning]: Server Administrator: Storage Service EventID: 2264 A device is missing.: Battery 0 Controller 0


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The EventSentry agent is experiencing an unusually high handle count (5001 handles) and/or high memory usage (48324564 bytes), which is most likely due to a known issue in Windows Server 2003 SP2 (http://support.microsoft.com/kb/938135). It is highly recommended that you navigate to http://support.microsoft.com/kb/938135 to download and install the hotfix to resolve this issue. It is not recommended that you continue to run the agent for an extended time period without installing the Microsoft hotfix.

Failure to install the hotfix may eventually result in system instability or a system crash. Installation of the hotfix will require a reboot.


Event ID:
Source:
EventSentry
Message:
The configuration for the agent (service) could not be re-read because the "Log File Monitoring" feature/function is busy and preventing an on-line configuration update. You can try to save the configuration again at a later time, or restart the EventSentry service to force a configuration update.


Event ID:
Source:
EventSentry
Message:
EventSentry is caching more than 1024 files in the monitored directory C:\Web. To keep the resource consumption of the EventSentry agent low it is recommended that you move old files to a sub directory or another directory.


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to create a TCP connection with host "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to create a UDP socket to connect to host "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
EventSentry was unable to connect to the ODBC target %1 due to error "%2". EventSentry will cache data and forward it to the ODBC target once the database has become available again.


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to send a message to host "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" triggered process "%2", which ran for %3 seconds with the result shown below. Return code was %4.
%5


Event ID:
Source:
EventSentry
Message:
The process action "%1" was unable to execute process "%2" due to error "%3".


Event ID:
Source:
EventSentry
Message:
Process %1 (triggered by action "%2") exceeded the maximum allowed time interval of %3 minute(s) and EventSentry was unable to terminate the process due to the following error:

%4


Event ID:
Source:
EventSentry
Message:
Process %1 (triggered by action "%2") exceeded the maximum allowed time interval of %3 minute(s) and the process was terminated. Please increase the timeout interval for this process in the management application (System Health -> Application Scheduler).


Event ID:
Source:
EventSentry
Message:
Action "%1" triggered process "%2" successfully.


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to send trap to SNMP host "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to connect to SNPP host "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to send a message to pager ID "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to send the message due to error: %2


Event ID:
Source:
EventSentry
Message:
Unable to connect to the SCM (service control manager) due to error %1 (%2). The action "%3" failed to execute.


Event ID:
Source:
EventSentry
Message:
Unable to open the requested service (%1) due to error %2 (%3). The action "%4" failed to execute.


Event ID:
Source:
EventSentry
Message:
Unable to send the requested control to service %1, most likely due to error %2 (%3). The action "%4" failed to execute.


Event ID:
Source:
EventSentry
Message:
The checksum for executable file "%1" changed from the original checksum "%2". Only the EventSentry agent should have access to this file. This change indicates a potential security breach, and the process will not be launched. The contents of the file should be verified; restarting the EventSentry will re-create the file.


Event ID:
Source:
EventSentry
Message:
The service %1 could not be restarted because the it could not be stopped in the first place. The notification "%2" failed to execute.


Event ID:
Source:
EventSentry
Message:
The requested service control was successfully sent to service %1, however the current service status is still %2. Please monitor the status of the %1 service to ensure it is in the desired state.


Event ID:
Source:
EventSentry
Message:
The process "%1" was terminated successfully.

Instances Terminated: %2.
Affected Process Identifiers (PIDs): %3


Event ID:
Source:
EventSentry
Message:
The process "%1" could not be terminated due to error "%2".


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to initiate a system shutdown/reboot due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to connect to Jabber host "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to send a message to chat room "%2" due to error: %3


Event ID:
Source:
EventSentry
Message:
Action "%1" was unable to submit an event to "%2" due to error "%3".


Event ID:
Source:
EventSentry
Message:
Action "%1" was successfully submitted event with number %3 to "%2".


Event ID:
Source:
EventSentry
Message:
The EventSentry agent is ready.

Version: %1
Codepage: %2

The following packages are assigned:

Event Log Packages:
-------------------
%3
Log File Packages:
-------------------
%4
System Health Packages:
-----------------------
%5
Compliance Tracking Packages:
-----------------------------
%6



Event ID:
Source:
EventSentry
Message:
The EventSentry agent is stopping


Event ID:
Source:
EventSentry
Message:
EventSentry has successfully re-opened a handle to the "%1" event log after it has become invalid due to error "%2".


Event ID:
Source:
EventSentry
Message:
Unable to allocate memory (for %1) in routine %2


Event ID:
Source:
EventSentry
Message:
The agent was unable to find the local hostname (%1, %2) in the configuration, mostly due to a license problem. Make sure that only as many full hosts are configured in the EventSentry groups as licenses are installed. Note that Heartbeat-Only hosts which have the "Monitor Agent" option set count towards full host licenses.


Event ID:
Source:
EventSentry
Category:
Service Monitoring
Message:
The status for the service trustedinstaller(Windows Modules Installer) changed from Running to Stopped.
Addtional Information:

Startup Type: manual
Executable: C:\Windows\servicing
TrustedInstaller.exe
Service account: LocalSystem


Event ID:
Source:
EventSentry
Category:
Performance Monitoring
Message:
The performance counter "Performance System\Average Disk Queue Length" (PhysicalDisk(*)\Avg. Disk Queue Length) could not be monitored. Please make sure that the performance counter exists. If you are running a non-english version then you might have to adapt the name of the performance counter so it matches the language of the Operating System.


Event ID:
Source:
EventSentry
Message:
Der Dienststatus von Dienst eventsentryheartbeatmonitor (EventSentry Heartbeat Monitor) ist weiterhin Stopped.

Zusätzliche Dienstinformationen:

Starttyp: Automatic
EXE-Datei: C:\WINDOWS\SYSWOW64\EVENTSENTRY\EVENTSENTRY_HB_SVC.EXE
Benutzerkonto: LocalSystem


Event ID:
Source:
EventSentry
Category:
NTP Synchronization
Message:
EventSentry was unable to retrieve the current time from host ntp.mydomain.local due to the following error: Server time not synchronised.


Event ID:
Source:
EventSentry
Category:
Heartbeat Monitoring
Message:
Starting with EventSentry build 3.2.1.28, the heartbeat agent can query the EventSentry database to determine a remote agent status, instead of querying the remote agent status using the Windows API. This can drastically improve the monitoring speed and is recommended for networks consisting of 50 or more Windows hosts.

To enable this functionality, the following SQL query will need to be executed on the EventSentry database:

--Built-In Database (PostgreSQL)
REVOKE ALL ON TABLE eventsentry.essysinfo FROM eventsentry_svc;
GRANT SELECT, UPDATE, INSERT, DELETE ON TABLE eventsentry.essysinfo TO eventsentry_svc;

-- SQL Server
GRANT SELECT ON ESSysinfo (UptimeTimestamp) TO eventsentry_svc

-- MySQL
GRANT SELECT (computer, Uptime, UptimeMax, UptimeTimestamp), INSERT, UPDATE, UPDATE (UptimeTimestamp, lastserverinventoryupdate), DELETE ON essysinfo TO eventsentry_svc

It is also recommended to set the "Refresh uptime every" interval in the "Inventory" System Health package to 5 minutes.


Event ID:
Source:
EventSentry
Category:
Heartbeat Monitoring
Message:
SNMP or agent monitoring of host SOMESERVER has failed 17% of the time over the last 3600 seconds and is now disabled. To re-enable SNMP and/or agent monitoring of host SOMESERVER, restore full connectivity to the remote host, locate the host in the management console and click the "Retry" button in the summary view.


Event ID:
Source:
EventSentry
Category:
Heartbeat Monitoring
Message:
EventSentry was unable to retrieve SNMP data from host somedevice.company.com and cannot monitor this host using SNMP. This event is being logged because this host was successfully monitored via SNMP in the past. To retry, open the management console, select the host and click the retry button on the top right.


Event ID:
Source:
EventSentry
Category:
Service Monitoring
Message:
The status for service mapsbroker (Downloaded Maps Manager) remains Stopped.

Additional Service Information:

Startup type: Automatic
Executable: C:\Windows\System32\svchost.exe -k NetworkService
Service account: NT AUTHORITY\NetworkService



Event ID:
Source:
EventSentry
Category:
Collector Client
Message:
The EventSentry agent successfully established a secure connection with the collector (collector.yourdomain.com at port 5001).

Negotiated SSL parameters: Protocol: TLS1.2 Cipher: AES Cipher strength: 128 Hash: SHA256 Hash strength: 256 Key exchange: RSA Key exchange strength: 2048


Event ID:
Source:
EventSentry
Message:
The filter chain for event log package Filter Chain ABC is complete.

Duration: 34 second(s)
Insertion Strings (if any):


Event ID:
Source:
EventSentry
Category:
Service Monitoring
Message:
The status for driver wdboot (Windows Defender Boot Driver) remains Stopped.

Additional Driver Information:

Startup type: Automatic
Executable: \SystemRoot\system32\drivers\wd\WdBoot.sys


Found 181 records