Hi everyone!

Since last Sunday PA Monitor can not monitor Event log on every single servers. I tried suggestions what I have read here, but none of them worked. For rxample: inbound rules on Firewall settings, rebuild and/or reorg indexes in database And my ideas: restart service, restart server, checking technincal user that runs PA service to able to login remote servers, checking its permissions, etc.

Strange experience: I have deleted Event log monitor, and tried to create new Event log monitor, but I cannot. The Pa monitor consolse has frozen.

Any idea? thanks a lot

asked 05 Nov, 03:47

hajose's gravatar image

hajose
1113
accept rate: 0%


There are two Event Log APIs in Windows - the "Evt" API and the legacy API. The Evt API is supposed to work on all servers that are 2008 or newer, and it is the only one that can access all of the Event Logs (the legacy API can only get to Application, System and Security).

Since the Evt API is available on Windows Server 2008 and newer we switched to forcing that API to be used in 9.5.

You can enable the older API to be used again by setting this registry value:

HKLMsoftwarePAServerMonitor

Evt_ForceEvt2 = 0

Restart the PA Server Monitor service after making this change.

link

answered 05 Nov, 10:39

Doug's gravatar image

Doug ♦♦
10.2k122138
accept rate: 21%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×10
×2

Asked: 05 Nov, 03:47

Seen: 117 times

Last updated: 05 Nov, 10:39