Analysing event logs can be a cumbersome task, especially when you want to review logs over several machines for a particular event in a particular time window.
One of several tools that can help with this is the SysInternals tool PSLogList available from :
One really good thing to note is that unlike things like EventLogXP you don’t need the event log message DLL for the remote application in order to view the proper text of the event log. So you should get entries pulled out with PSLogList that look like this :
Event Type: Warning
Event Source: Enterprise Vault
Event Category: (106)
Event ID: 41204
Time: 3:00:01 PM
The description for Event ID ( 41204 ) in Source ( Enterprise Vault ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The SQL database transaction log for Vault Store Group ‘EVVSGvsg1_1_1’ has not been backed up for 2 days. The information in this database is at risk until the database has been backed up.
Review your SQL database backup procedures and make any changes needed to ensure that backups happen in a timely fashion.
You can use the System Status feature in the Administration Console to help you resolve this issue..
They should always look like this :
C:>psloglist -i 41204 -d 1 \192.168.1.2 -u ev.localadministrator "symantec enterprise vault"
PsLoglist v2.71 – local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals – www.sysinternals.com
symantec enterprise vault log on \192.168.1.2:
 Enterprise Vault
Time: 15/09/2010 09:00:01 ID: 41204
Message text not available. Insertion strings:
The SQL database transaction log for Vault Store Group ‘EVVSGvsg1_1_1’ has not been backed up for 2 days. The informa…. etc