• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 22 subscribers
  • Views 2830 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Microsoft Windows Failover Clustering Logs

marcus38

Hi All. I have searched for a relevant issue in the THAWCK Forum and found this thread. Microsoft Failover Clustering

However it did not work for the log i am trying to receive.

What I am trying to achieve is to receive E-mail Alerts from LEM whenever there are VM in a Hyper-V Failover Cluster failovers to another Hyper-V server node.

Firstly, I am having trouble with receiving Microsoft Failover Clustering logs from a Servers Node via SolarWinds Agent.

The screen show below is the event log from Event Viewer that I needed.

Event 1641.png

I am fine receiving logs such as Application, Security and System from the nodes

I have enabled the Connector for Failover Clustering Connector.

However it did not seems to have worked.

Failover Connector.png

I have tried searching the log using the condition below. But I have only located the Connector Tool turn on/off events.

nDepth.png

Once I am able to receive logs i will create a rule to trigger upon AnyAlert with Provider SID 1641 to fire E-mail alert.

But I am here struggling with receiving Failover Clustering Log.

Am I using the right connector or am I searching the log wrong?

Any advise will be much appreciated.

My:

LEM Version: 6.6

Agent Version: 6.6

  • 0

    There are some additional steps required in order to monitor logs within 'Applications and Services'. You can view the steps required for a similar connector here: Success Center

    On the Log Properties you will need to check for any spaces in the log path and remove, although I don't believe there are spaces in the path. As for the registry key, you'll need to add the key 'Microsoft-Windows-FailoverClustering/Operational'

    Let me know if you have any questions!

  • 0 in reply to jhynds

    Hi jhynds, thank you for your time to reply my question.

    I have done the additional steps required as advised. But logs are still not coming in to LEM

    Log Properties.PNG

    Reg Key.PNG

    The Connector i am using is: Microsoft Windows Failover Clustering (HyperV Cluster) logs

    Failover Connector.png

    I have realized that the Connector for 'Microsoft-Windows-FailoverClustering/Operational' log has a different log path.

    Instead of the similar log path in the properties '%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-FailoverClustering%4Operational.evtx'

    it's pointed to System instead. Which is the same as the Connector for Windows System. And this is not editable.

    Connector Option.PNG

    For example, in the link Success Centerv ​ uses AppLocker as an example.

    After removing the spaces in the log properties with a new registry key created

    The connector AppLocker has the similar log path as in the log properties.

    AppLocker Connector.PNG

    Would you advise that the log path for Microsoft-Windows-FailoverClustering/Operational should be changed to the Window's System Log Path?

    which is %SystemRoot%\System32\Winevt\Logs\System.evtx

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.