Discuss:Enterprise Vault event log, how could we improve them?
Hi,
I would like to use this topic to discuss the information that Enterprise Vault writes in the event log. In particular, I would like to hear from you about events that are just very common and annoying (and perhaps you feel are pointless) (so lets see if we can remove them/fix the issue) or are confusing(so lets see if we can get you an explanation or improve the text in the event , or ones which you investigate but really much more information needs to be added to the event to help give you context for it so you can better troubleshoot it.
I don't want this topic to turn into a 'hey i just got this event today can you explain it' as I think we'll loose the plot otherwise. Instead lets at least talk about ones you see fairly often.
Looking forward to the discussion.
Cheers,
Mike
Comments
Mike Rosetta should be extend
Mike
Rosetta should be extend to allow comments on the events, as well as more info there, like links to TechNotes and things.
Rosetta is useless most of the time, because there is only the event listed, nothing more.
The infrastructure is in place, just use it! :)
(I think the link in the ev events now even just point to the general knowledge base...very sad :( :( )
www.quadrotech-it.com - All your EV Tools | www.techfreak.ch
It would be nice to surpress these:
Event Type: Warning
Event Source: Enterprise Vault
Event Category: Storage Online
Event ID: 6941
Date:
Time:
User: N/A
Computer:
Description:
Client request refused due to insufficient privileges, user attempted to access the Archive Folder:
Archive name:
Archive folder path:
Vault Id: but does not have permission(s) (Read).
A frequent cause of this Warning is a user attempting an operation on a forwarded, moved, or copied shortcut to a Vault for which they do not have the required permission(s).
For more information, see Help and Support Center at http://evevent.symantec.com/rosetta/showevent.asp
Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec Platinum Partner | www.trace3.com
not ideal but what about a registry key
Hi,
As a bit of a workaround, how about a registry key in which you specify event id's you don't want to see. Also
get the admin service to log the contents of this registry key on startt up just to ensure people are aware they are set.
In terms of rosetta being updateable. It is designed for that but unfortunately due to symantec security polciies, the public version of the system cannot be updated. I guess they are worried it could be hacked into.
Mike Bilsborough
Director,Enterprise Vault Engineering Support
manual "run now..." job is finished.
Logging the completion of a manual archiving job would be easier than running a vaultsize report and comparing the no. of items with the mailbox items (beforehand) to make sure it's really done. Logging the number of items processed (like on the report) would help too.
This way, I wouldn't have to monitor the queues to wait for them to die down. I could target a specific event to monitor.
It's not too bad now, but you asked.
Thanks.
I second this.
How about not logging stuff
How about not logging stuff like unable to convert to txt but suceeded converting to HTML.
Most people dont care which format it converts to as long as it converts and is searchable
Only log the errors like unable to convert
Liam Finn
http://www.plymouthrocklodge47.com
FailedConversionEvents
Liam,
Have you tried this registry key?
FailedConversionEvents
Location
HKEY_LOCAL_MACHINE
\SOFTWARE
\KVS
\Enterprise Vault
\Storage
Content
DWORD
0 — Errors are not logged
1 — Errors are logged
Description
Controls whether an Application Log entry is made when there is an error converting an item to HTML
Tony Sterling
Oops
I meant this reg key:
FallbackConversionEvents
Location
HKEY_LOCAL_MACHINE
\SOFTWARE
\KVS
\Enterprise Vault
\Storage
Content
DWORD
0 — Errors are not logged
1 — Errors are logged
Description
Controls whether an Application Log entry is made when an item failed conversion to HTML conversion and, as a fallback, the item was converted to text.
Tony Sterling
Tony,I know about the
Tony,
I know about the reg settings but I suppose my point is why are we even being notified about these. Was the item converted into a format that can be searched in the index.....yes. So whats the point of the message in the first place.
EV does produce pointless messages. Just like the once that tells you what products you are licensed for...Again whats the point in the application creating these messages.
I have some years of IT experience behind me (i wont say hom many as it will make me look old) but for someone who is experienced making reg settings is fine but there are alot of fresh IT who should never know what regedit is and what it can do. These people should never be allowed in there because it is people like you and me that has to fix the screw ups when they enter or delete the wrong key
Liam Finn
http://www.plymouthrocklodge47.com
Sorry Liam, but I disagree.
Sorry Liam, but I disagree. Applications can not be coded to be idiot proof, if you have un-quailified people working for you given today's economy that is a HR problem.
You don't like all the messages created yet other people are complaining they don't get notified enough about what EV is doing. I think the registry keys to give the user an option on what they see is a valid solution for now. maybe these options could be moved to inside the VAC via some sorta of policy, but personally I would rather see Dev spend time on new features and functionality then that.
regards,
Tony Sterling
Mike, How about a regkey to
Mike,
How about a regkey to suppress certain event-ids, like ChrisH and I suggested years ago *winks* :)
--wayne
www.quadrotech-it.com - All your EV Tools
how about updating the vault management pack for SCOM 2007?
no mean to throw this conversation sideways but event log scraping is cool and all but what about updating your managment pack for scom 2007? i actually haven't checked as of late but the one we imported is just a converted mom 2005 one.
Excellent idea
Excellent idea
Liam Finn
http://www.plymouthrocklodge47.com
Indeed
Indeed
Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec Platinum Partner | www.trace3.com
Looks like they have gone!
I was going to complain about the constant event log messages regarding permissions at the top level of a users mailbox but these appear to have disappeared since the upgrade to SP5!
Hi there Do you need any more
Hi there
Do you need any more assistance on this subject?
If not, could you please mark the solution to your Problem with the "Mark As Solution" Button?
Thanks & Cheers
Michel
www.quadrotech-it.com - All your EV Tools | www.techfreak.ch
Remove trailing space from name of log "Enterprise Vault "
How about removing the trailing space from the name of the log itself? I'll bet a lot of people are unable to dump events via cmdline tools such as sysinternals psloglist because they do not realize the name contains a trailing space. When using psloglist, specifying the logfile to dump as "Enterprise Vault " (space at the end of the name) works but "Enterprise Vault" does not. A cmdline tool is very handy to quickly search for specific events on a lot of servers.
Tony
TonyD - Fix number 1 for you
TonyD - Fix number 1 for you :)
We changed the event log’s trailing space in EV 8 so you won’t have the problem there. It’s a historical issue – not a bug – that we changed for various reasons, among them the ability to use logparser against our event logs.
EV Backline Technical Support Engineer APJ Region
That's great but now what
That's great but now what will I have to complain about? :)
CAB extraction
I'd like to see some more detail around the failed to extract cab messages. It notes the dvs file but i want to see details of the archived file it's trying to extract so I can trace who is trying to pull which file out of the system. Helps when partitions get full and I can trace if a process or a copy job is running.
Would you like to reply?
Login or Register to post your comment.