[THIN] Re: System Logs...
- From: "Doug Rooney" <doug@xxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 23 Feb 2006 07:59:15 -0800
Thank you all for the input.
-Doug Rooney
Sonoma TileMakers
IT Systems Administrator
7750 Bell Rd.
Windsor Ca, 95492
(707) 837-8177 X11
(707) 837-9472 FAX
it@xxxxxxxxxxxxxxxxxxxx
The information contained in this e-mail may be confidential and is intended
solely for the use of the named addressee.
Access, copying or re-use of the e-mail or any information contained therein
by any other person is not authorized.
If you are not the intended recipient please notify us immediately by
returning the e-mail to the originator.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Rick Mack
Sent: Thursday, February 23, 2006 4:45 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: System Logs...
Hi,
Masking event log events is generally an all or none activity with the
exception of spooler events and application errors.
Basically, all the event logs and event types are defined under
HKLM\System\CurrentControlset\Services\Eventlog.
On a normal (non DC etc) server you'll see 3 keys under the eventlog key,
applications, security and system. These correspond to the 3 event logs.
Under each of these subkeys you'll see keys corresponding to event sources,
for example under system, we see mrxsmb:
EventMessageFile REG_EXPAND_SZ
%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x00000007 (7)
EventMessageFile defines the source program or DLL for the events. If the
DLL is absent, or is missing the appropriate MESSAGE_TABLE resources all
you'll see in the event log is an error like "Couldn't enumerate
resources..."
I've given mrxsmb as an example because for mrxsmb you can define an extra
value, REG_DWORD, MailslotDatagramThreshold that defines the maximum number
of mailslot requests that can be missed per hour without generating an
event. So if you create this value and give it a value between 0 and
0xffffffff you can also generate mailslot missed requests.
TypesSupported looks interesting because it defines the event types or
severity level that the source can generate. The default binary mask value
is 0x00000007 which is the sum of Error = 0x00000001, Warning = 0x00000002
and Information = 0x00000004. Unfortunately changing this value doen't
change what's reported so it's a dud as far as you're concerned.
So back to my all or none comment. If you delete the appropriate key (for
example StiSvc) then that event source will no longer be logged. However
that means no informational messages, no warnings or errors, which might not
be a terribly smart thing to do.
My advice is leave things as they are, extend the size of your event logs,
ALWAYS set them to overwrite as needed and restrict access. Use a filter to
view the events of interest and the informational messages won't matter.
If you want some more detail, there's a really good article about the event
log at http://www.oreilly.com/catalog/winlog/chapter/ch02.html
regards,
Rick
Ulrich Mack
Volante Systems
_____
From: thin-bounce@xxxxxxxxxxxxx on behalf of Andrew Wood
Sent: Thu 23/02/2006 19:59
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: System Logs...
unless its 'printing' you can set the print spooler not to log information
events.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Michel Roth
Sent: 23 February 2006 08:05
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: System Logs...
Doug,
You can only filter informational events out. I do not know of a way to
prevent them being logged all together.
Regards,
Michel Roth
www.thincomputing.net
On 2/23/06, Doug Rooney <doug@xxxxxxxxxxxxxxxxxxxx> wrote:
I have 3 Windows 2000 Server boxes running as terminal servers, two of them
run just fine.
The third one fill up the system log file about every 5 days, all of the
file size limits are the same,
but on the one, we get many 'information' logs, I was told I could have
those not logged, but I can
not figure out how, if I go to properties and de-select it, they go way
then, but are back the next time
I open it. Could someone please enlighten me on the way to permanently get
rid of the informationals.
Thank You
-Doug Rooney
Sonoma TileMakers
IT Systems Administrator
The information contained in this e-mail may be confidential and is intended
solely for the use of the named addressee.
Access, copying or re-use of the e-mail or any information contained therein
by any other person is not authorized.
If you are not the intended recipient please notify us immediately by
returning the e-mail to the originator.
_____
############################################################################
#########
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this e-mail has
been sent to you in error. If you are not the intended recipient any use,
disclosure or copying of this e-mail is prohibited. If you have received it
in error please notify the sender immediately by reply e-mail and destroy
all copies of this e-mail and any attachments. All liability for direct and
indirect loss arising from this e-mail and any attachments is hereby
disclaimed to the extent permitted by law.
############################################################################
#########
############################################################################
#########
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this e-mail has
been sent to you in error. If you are not the intended recipient any use,
disclosure or copying of this e-mail is prohibited. If you have received it
in error please notify the sender immediately by reply e-mail and destroy
all copies of this e-mail and any attachments. All liability for direct and
indirect loss arising from this e-mail and any attachments is hereby
disclaimed to the extent permitted by law.
############################################################################
#########
Other related posts:
