Re: Event log/viewer
- From: Larry Waibel <lwaibel@xxxxxxxxxxxxxxx>
- Date: Mon, 04 Apr 2005 16:59:38 PDT
Thanks, I'd figured I'd need to somehow? stop the Event Log service to be able to copy the
files but keep in mind this is a headless/closed system that we can normally only contact
across the LAN. How would I stop and start the Event Log service from a remote system?
In article <u2Fso8WOFHA.3076@xxxxxxxxxxxxxxxxxxxx>, Km wrote:
> From: "KM" <konstmor@xxxxxxxxxxxxxxxx>
> Subject: Re: Event log/viewer
> Date: Mon, 4 Apr 2005 16:36:41 -0700
> Newsgroups: microsoft.public.windowsxp.embedded
>
> Larry,
>
> Although the 'dumpel' worked for you, I'd like to clarify the first approach.
>
> the Evt files are locked by Event Log service.
> You have to copy the Evt files *offline*. This mean you will have to shutdown the image
(or reboot to another OS if you have dual
> boot setup) and copy the files to wherever location you can get access to from an XP Pro
machine. Under XP Pro you can open the
> files with Event Viewer.
>
> Or, you can stop the Event Log service on the running XPe image and copy the files (you
may need to disable the service and reboot,
> I am not 100% sure about this) online. Where 'online' mean - under working XPe image.
>
> Connecting to Event Viewer from another machine is more complicated (this mean will
require more components in your image, including
> heavy COM+ services) so I am not sure if you even need to or will be able to fix this
keeping the small footprint of your image.
>
> --
> Regards,
> KM, BSquare Corp.
>
> > Even with the full Administration Support Tools I can't connect with the Event Viewer;
and
> > locally (on the target) if I double-click on an event in the log I don't see its
details.
> > I am able to map a drive to the system and tried opening the log on the target but it's
> > "busy" so I can't do that. And if I copy it and then try to open it, it's "corrupted".
> > The only way is if I use the viewer on the target to 'save' it and then I can view the
> > saved copy but to do that I have to have the extra 100MB. So it doesn't look like any
of
> > that is useful.
> >
> > I downloaded 'dumpel' and that can see the target logs while they're still being used
and
> > displays the detail contents. And it works when only the Event Log component is
installed
> > without the Admin Support Tools. So I guess that's the best I can do. Thanks once
again
> > for your help!
> >
> > In article <#NBV#vVOFHA.4028@xxxxxxxxxxxxxxxxxxxx>, Km wrote:
> > > From: "KM" <konstmor@xxxxxxxxxxxxxxxx>
> > > Subject: Re: Event log/viewer
> > > Date: Mon, 4 Apr 2005 14:19:30 -0700
> > > Newsgroups: microsoft.public.windowsxp.embedded
> > >
> > > Larry,
> > >
> > > You basically answered your questions yourself.
> > >
> > > The "Event Log" component you added is to support the logging but not to view the
logs.
> > (just the EventLog service)
> > > You will need the "Administration Support Tools" and all its dependencies to add the
> > Event Viewer properly. If you don't want to add
> > > all bunch of components you will have to analyze the dependencies and resolve only
those
> > that are really needed to support the Event
> > > Viewer (may appear to be a laborious work just to get the Event Viewer working).
> > >
> > > Personally I prefer copying the Event Log files (*.evt) offline to XP Pro machine and
> > review them there with Event Viewer.
> > > The paths to log files you will find under
> > [HKLM\System\CurrentControlSet\Services\EventLog\Application] key and by default they
are
> > > set to %SystemRoot%\system32\config\*.Evt (e.g, AppEvent.Evt, SysEvent.Evt,
SecEvent.Evt,
> > etc.). (just following the instructions
> > > from here : http://support.microsoft.com/default.aspx?scid=kb;en-us;315417&sd=tech)
> > >
> > > Another alternative would be using a 3rd party Event log viewing software that does
not
> > depend on so many things as Microsoft on
> > > does. I'd think that Resource Kit probably has such simple tool but I never searched
> > there for it. You may want to search for
> > > dumpel.exe.
> > > Also, in the Server Kit there are some command line tools to query, create and trigger
> > events in the logs. I don't think this is a
> > > good solution for you as it would required heavy script engines at least but you may
> > still want to take a look at it:
> > >
> >
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/68672494-
> > 7700-4cbf-8392-4b6ef87b8749.mspx
> > >
> > > Connecting to Event Viewer log from another computer is another story. I think this
going
> > to work only if you include the entire
> > > Administration Support Tools but I am not positive.
> > >
> > > --
> > > Regards,
> > > KM, BSquare Corp.
> > >
> > > > I want to just add Event log support to my target system. I added the Event
> > > > Log component but wasn't able to view the log locally and couldn't connect
> > > > remotely to view it. I tried copying the eventvwr.exe but that needed the
> > > > eventvwr.msc but that needed MSC support. I filtered the components and the
> > > > only one I found eventvwr.exe in is the Administration Support Tools. But
> > > > added that blows my image size up from 62MB to 160MB! Isn't there a
> > > > component for just Event Log support? If not, any ideas what minimal things
> > > > I need to support MSC so that I can run the viewer? And am I correct that
> > > > the reason I can't remotely connect to view the log is because there's no
> > > > viewer support on the target or could there be some other reason? If I can
> > > > connect remotely without it, I don't really need the local viewer support.
> > >
> >
> >
>
.
- Follow-Ups:
- Re: Event log/viewer
- From: KM
- Re: Event log/viewer
- References:
- Event log/viewer
- From: Larry Waibel
- Re: Event log/viewer
- From: KM
- Re: Event log/viewer
- From: Larry Waibel
- Re: Event log/viewer
- From: KM
- Event log/viewer
- Prev by Date: Re: Event log/viewer
- Next by Date: Re: What is requiered for a valid DHCP client?
- Previous by thread: Re: Event log/viewer
- Next by thread: Re: Event log/viewer
- Index(es):
Relevant Pages
|
|
