PSLogList

Posted on by Rob Wilcox

Analysing event logs can be a cumbersome task, especially when you want to review logs over several machines for a particular event in a particular time window.

One of several tools that can help with this is the SysInternals tool PSLogList available from :

http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx

One really good thing to note is that unlike things like EventLogXP you don’t need the event log message DLL for the remote application in order to view the proper text of the event log.  So you should get entries pulled out with PSLogList that look like this :

Event Type:    Warning
Event Source:    Enterprise Vault
Event Category:    (106)
Event ID:    41204
Date:        9/15/2010
Time:        3:00:01 PM
User:        N/A
Computer:    EVAULT1
Description:
The description for Event ID ( 41204 ) in Source ( Enterprise Vault  ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The SQL database transaction log for Vault Store Group ‘EVVSGvsg1_1_1’ has not been backed up for 2 days. The information in this database is at risk until the database has been backed up.

Review your SQL database backup procedures and make any changes needed to ensure that backups happen in a timely fashion.

You can use the System Status feature in the Administration Console to help you resolve this issue..

They should always look like this :

C:>psloglist -i 41204 -d 1 \192.168.1.2 -u ev.localadministrator "symantec enterprise vault"

PsLoglist v2.71 – local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals – www.sysinternals.com

Password:
symantec enterprise vault log on \192.168.1.2:
[21848] Enterprise Vault
   Type:     WARNING
   Computer: EVAULT1
   Time:     15/09/2010 09:00:01   ID:       41204
Message text not available.  Insertion strings:
        The SQL database transaction log for Vault Store Group ‘EVVSGvsg1_1_1’ has not been backed up for 2 days. The informa…. etc

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.