Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Unable to integrate 2k8 R2 with SSIM.

Created: 03 Feb 2013 | 6 comments

Dear All,

I want to integrate 2k8 R2 with SSIM.

I have configured all the setings on target server.

But while applied below command i got eror that interface is unknown.

wevtutil sl system /ca:O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-20)

Please find attached screen-shot for the same. and suggest on priority basis.

Comments 6 CommentsJump to latest comment

Laurent_c's picture

What output of command if you run :

wevtutil gl security ?

Milan_T's picture

Hi Laurent,

I have tryied to run below mentioned command:

wevtutil gl security

It shows interface is unknown

olaf's picture

What does the following command return:

wevtutil el

This should return all known log interfaces.

Milan_T's picture

Dear Olaf,

output of given command was as below.

C:\Users\Administrator>wevtutil el
Application
HardwareEvents
Internet Explorer
Key Management Service
Security
System
EndpointMapper
ForwardedEvents
Microsoft-Windows-ADSI/Debug
Microsoft-Windows-Bits-Client/Analytic
Microsoft-Windows-Bits-Client/Operational
Microsoft-Windows-CAPI2/Operational
Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
Microsoft-Windows-CodeIntegrity/Operational
Microsoft-Windows-CodeIntegrity/Verbose
Microsoft-Windows-COM/Analytic
Microsoft-Windows-CorruptedFileRecovery-Client/Operational
Microsoft-Windows-CorruptedFileRecovery-Server/Operational
Microsoft-Windows-CredUI/Diagnostic
Microsoft-Windows-DateTimeControlPanel/Analytic
Microsoft-Windows-DateTimeControlPanel/Debug
Microsoft-Windows-DateTimeControlPanel/Operational
Microsoft-Windows-DCLocator/Debug
Microsoft-Windows-Diagnosis-DPS/Analytic
Microsoft-Windows-Diagnosis-DPS/Debug
Microsoft-Windows-Diagnosis-DPS/Operational
Microsoft-Windows-Diagnosis-MSDT/Debug
Microsoft-Windows-Diagnosis-MSDT/Operational
Microsoft-Windows-Diagnosis-PLA/Debug
Microsoft-Windows-Diagnosis-PLA/Operational
Microsoft-Windows-Diagnosis-WDI/Debug
Microsoft-Windows-Diagnostics-Networking/Debug
Microsoft-Windows-Diagnostics-Networking/Operational
Microsoft-Windows-DriverFrameworks-UserMode/Operational
Microsoft-Windows-DxgKrnl/Diagnostic
Microsoft-Windows-EFS/Debug
Microsoft-Windows-EventCollector/Debug
Microsoft-Windows-EventCollector/Operational
Microsoft-Windows-Eventlog-ForwardPlugin/Debug
Microsoft-Windows-EventLog-WMIProvider/Debug
Microsoft-Windows-EventLog/Analytic
Microsoft-Windows-EventLog/Debug
Microsoft-Windows-FileInfoMinifilter/Operational
Microsoft-Windows-Firewall-CPL/Diagnostic
Microsoft-Windows-Forwarding/Operational
Microsoft-Windows-FunctionDiscoveryHost/Tracing
Microsoft-Windows-GroupPolicy/Operational
Microsoft-Windows-Help/Operational
Microsoft-Windows-HttpService/Trace
Microsoft-Windows-International/Operational
Microsoft-Windows-IPSEC-SRV/Diagnostic
Microsoft-Windows-Kernel-Acpi/Diagnostic
Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
Microsoft-Windows-Kernel-PnP/Diagnostic
Microsoft-Windows-Kernel-Power/Diagnostic
Microsoft-Windows-Kernel-Prefetch/Diagnostic
Microsoft-Windows-Kernel-Process/Analytic
Microsoft-Windows-Kernel-Processor-Power/Diagnostic
Microsoft-Windows-Kernel-Registry/Analytic
Microsoft-Windows-Kernel-WDI/Analytic
Microsoft-Windows-Kernel-WDI/Debug
Microsoft-Windows-Kernel-WDI/Operational
Microsoft-Windows-Kernel-WHEA
Microsoft-Windows-LanguagePackSetup/Analytic
Microsoft-Windows-LanguagePackSetup/Debug
Microsoft-Windows-LanguagePackSetup/Operational
Microsoft-Windows-LDAP-Client/Debug
Microsoft-Windows-MemoryDiagnostics-Results/Debug
Microsoft-Windows-MPS-CLNT/Diagnostic
Microsoft-Windows-MPS-DRV/Diagnostic
Microsoft-Windows-MPS-SRV/Diagnostic
Microsoft-Windows-MUI/Operational
Microsoft-Windows-NetworkAccessProtection/Operational
Microsoft-Windows-OfflineFiles/Analytic
Microsoft-Windows-OfflineFiles/Debug
Microsoft-Windows-OfflineFiles/Operational
Microsoft-Windows-OfflineFiles/SyncLog
Microsoft-Windows-OLEACC/Debug
Microsoft-Windows-OLEACC/Diagnostic
Microsoft-Windows-PowerCfg/Diagnostic
Microsoft-Windows-PowerCpl/Diagnostic
Microsoft-Windows-PrintSpooler/Aux-Analytic
Microsoft-Windows-PrintSpooler/Core-Analytic
Microsoft-Windows-PrintSpooler/Core-Debug
Microsoft-Windows-PrintSpooler/ISV-Analytic
Microsoft-Windows-Program-Compatibility-Assistant/Operational
Microsoft-Windows-QoS-Pacer/Debug
Microsoft-Windows-ReliabilityAnalysisComponent/Metrics
Microsoft-Windows-ReliabilityAnalysisComponent/Operational
Microsoft-Windows-Resource-Exhaustion-Detector/Operational
Microsoft-Windows-ResourcePublication/Tracing
Microsoft-Windows-RestartManager/Operational
Microsoft-Windows-RPC/Debug
Microsoft-Windows-RPC/EEInfo
Microsoft-Windows-Security-Configuration-Wizard/Diagnostic
Microsoft-Windows-Security-Configuration-Wizard/Operational
Microsoft-Windows-Security-Licensing-SLC/Perf
Microsoft-Windows-Sens/Debug
Microsoft-Windows-ServerManager/Analytic
Microsoft-Windows-ServerManager/Operational
Microsoft-Windows-ServiceReportingApi/Debug
Microsoft-Windows-Services-Svchost/Diagnostic
Microsoft-Windows-Services/Diagnostic
Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
Microsoft-Windows-Shell-AuthUI-PasswordProvider/BootAnim
Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic
Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
Microsoft-Windows-Shell-Shwebsvc
Microsoft-Windows-Shell-ZipFolder/Diagnostic
Microsoft-Windows-stobject/Diagnostic
Microsoft-Windows-Subsys-Csr/Operational
Microsoft-Windows-Subsys-SMSS/Operational
Microsoft-Windows-TaskScheduler/Debug
Microsoft-Windows-TaskScheduler/Diagnostic
Microsoft-Windows-TaskScheduler/Operational
Microsoft-Windows-TerminalServices-PnPDevices/Admin
Microsoft-Windows-TerminalServices-PnPDevices/Analytic
Microsoft-Windows-TerminalServices-PnPDevices/Debug
Microsoft-Windows-TerminalServices-PnPDevices/Operational
Microsoft-Windows-TerminalServices-RDPClient/Analytic
Microsoft-Windows-TerminalServices-RDPClient/Debug
Microsoft-Windows-TerminalServices-RDPClient/Operational
Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
Microsoft-Windows-UAC-FileVirtualization/Operational
Microsoft-Windows-UAC/Operational
Microsoft-Windows-UIAutomationCore/Debug
Microsoft-Windows-UIAutomationCore/Diagnostic
Microsoft-Windows-UIAutomationCore/Perf
Microsoft-Windows-User-Loader/Analytic
Microsoft-Windows-VolumeSnapshot-Driver/Operational
Microsoft-Windows-WindowsUpdateClient/Operational
Microsoft-Windows-WinINet/Analytic
Microsoft-Windows-Wininit/Diagnostic
Microsoft-Windows-Winlogon/Diagnostic
Microsoft-Windows-Winlogon/Operational
Microsoft-Windows-WinRM/Analytic
Microsoft-Windows-WinRM/Debug
Microsoft-Windows-Winsock-AFD/Operational
Microsoft-Windows-Winsock-WS2HELP/Operational
Microsoft-Windows-Winsrv/Analytic
Microsoft-Windows-Wired-AutoConfig/Operational
Microsoft-Windows-WMI-Activity/Trace
Microsoft-Windows-WUSA/Debug
Setup

C:\Users\Administrator>

olaf's picture

Your command shows that the Security log should be there.

I have never seen the commend failing with this error.

There seems to be something wrong with your OS when the command "wevtutil gl security" already fails.

This command should just list the configuration setting of the security log.

Can you run this command for any of the other logs (for example System or Application)?

wevtutil gl system

I would recommend to talk to Microsoft support in this case.

Milan_T's picture

Thanx olaf,

We will open a case with Microsoft tech support.

This was issue from OS and that's why we could not integrate with SSIM.