4 Replies Latest reply on Dec 2, 2014 10:25 AM by nplummer@compassrosebenefits.com

    Printer logs

    g.porritt

      Good Afternoon

       

      Is there anyway that I can get LEM to track who is printing what, to which printer, when?

       

      Cheers

      Gary

        • Re: Printer logs
          curtisi

          There are some connectors in the LEM that look like they should do this:

           

          2014-12-02 07_48_19-SolarWinds Log and Event Manager Console.png

           

          However, I'm running Windows 8.1, and my testing didn't see the LEM capturing the events.  I'm not sure if this is an issue with the connectors or Windows changing log formats or something else.  I do see events that would include what you want in the Windows logs, though:

          2014-12-02 07_50_12-Event Viewer.png

           

          Update: One of the Support guys figured out why it wasn't working, and posted the answer internally.  This involves editing the registry, so first the usual warning:

           

          Never, ever, EVER edit the registry in Windows.  You can break Windows.

           

          If you must edit the registry:

          • Always make a backup before making changes
          • Always edit the registry carefully

           

          1. Open regedit and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
          2. Create a new Key at this location using the path of the log in Event Viewer under Applications and Services Logs. This path is also found (and should match) the 'Log File' field in the connector's settings; e.g. Microsoft-Windows-TaskScheduler/Operational
          3. Create a new connector or restart the current connector if already created.

           

          On my machine, this resulted in these keys:

           

          2014-12-02 08_35_38-Registry Editor.png

           

          Data looks like this in the LEM:

           

          Event NameEventInfoDetectionIPDetectionTimeToolAlias
          InternalWarning-1:Start location > oldest record + number of records, delta -9, record info: 1 - 9 (101 - 109) @ 1. Resetting to oldest.10.220.6.66Tue Dec 2 08:08:55 GMT-0700 2014PrintServiceAdmin
          InternalToolOnlineStarted FAST reader: PrintServiceAdmin for connector ID: WindowsPrintServiceAdmin10.220.6.66Tue Dec 2 08:08:55 GMT-0700 2014PrintServiceAdmin
          InternalWarning-1:Start location > oldest record + number of records, delta -16, record info: 1 - 16 (101 - 116) @ 1. Resetting to oldest.10.220.6.66Tue Dec 2 08:08:53 GMT-0700 2014PrintServiceOperational
          InternalToolOnlineStarted FAST reader: PrintServiceOperational for connector ID: WindowsPrintServiceOperational10.220.6.66Tue Dec 2 08:08:53 GMT-0700 2014PrintServiceOperational
          InternalToolOfflineStopped FAST reader: PrintServiceOperational for connector ID: WindowsPrintServiceOperational10.220.6.66Tue Dec 2 08:07:30 GMT-0700 2014PrintServiceOperational
          InternalToolOfflineStopped FAST reader: PrintServiceAdmin for connector ID: WindowsPrintServiceAdmin10.220.6.66Tue Dec 2 08:07:28 GMT-0700 2014PrintServiceAdmin
          ServiceInfoDeleting job 5CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:46:42 GMT-0700 2014PrintServiceOperational
          ServiceWarningThe print job 5 was sent through the print processor MS_XPS_PROC on printer DELLMFP-LEHI, driver PS Driver for Dell 2355dn Laser MFP XPS, in the isolation mode loaded in the spooler.CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:46:42 GMT-0700 2014PrintServiceOperational
          ServiceInfoDocument 5, Print Document owned by curtis.ingram on \\CINGRAM-LT was printed on DELLMFP-LEHI through port WSD-67ebd46b-2169-44f1-b7c6-46898395c26e.0032. Size in bytes: 112008. Pages printed: 1. No user action is required.CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:46:42 GMT-0700 2014PrintServiceOperational
          ServiceInfoJobId:5; GdiJobSize:112008; ICMMethod:0; Color:1; XResolution:600; YResolution:600; Quality:600; Copies:1; TTOption:0CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:46:42 GMT-0700 2014PrintServiceOperational
          ServiceInfoPrint request success for JobId: 5CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:46:41 GMT-0700 2014PrintServiceOperational
          ServiceInfoPrint request received for JobId: 5CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:46:40 GMT-0700 2014PrintServiceOperational
          ServiceWarningThe print job 4 was sent through the print processor MS_XPS_PROC on printer Canon iR-ADV C5235/5240 Class Driver, driver PS Driver for Canon iR-ADV C5235/5240 Class Driver, in the isolation mode loaded in the spooler.CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:45:21 GMT-0700 2014PrintServiceOperational
          ServiceInfoJobId:4; GdiJobSize:197637; ICMMethod:0; Color:2; XResolution:300; YResolution:300; Quality:300; Copies:1; TTOption:0CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:45:21 GMT-0700 2014PrintServiceOperational
          ServiceInfoDocument 4, Print Document owned by curtis.ingram on \\CINGRAM-LT was printed on Canon iR-ADV C5235/5240 Class Driver through port 10.220.6.105. Size in bytes: 197637. Pages printed: 1. No user action is required.CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:45:21 GMT-0700 2014PrintServiceOperational
          ServiceInfoPrint request received for JobId: 4CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:44:51 GMT-0700 2014PrintServiceOperational
          ServiceInfoPrint request success for JobId: 4CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:44:51 GMT-0700 2014PrintServiceOperational
          ServiceInfoSettings for printer "Canon iR-ADV C5235/5240 Class Driver" were modified.CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:44:49 GMT-0700 2014PrintServiceOperational
          ServiceInfoThe default printer was changed to "DELLMFP-LEHI,winspool,Ne02:"CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:44:18 GMT-0700 2014PrintServiceAdmin
          ServiceInfoThe default printer was changed to "Canon iR-ADV C5235/5240 Class Driver,winspool,Ne03:"CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:44:14 GMT-0700 2014PrintServiceAdmin
          ServiceInfoDocument 3, Print Document owned by curtis.ingram on \\CINGRAM-LT was printed on Canon iR-ADV C5235/5240 Class Driver through port 10.220.6.105. Size in bytes: 197637. Pages printed: 1. No user action is required.CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:43:25 GMT-0700 2014PrintServiceOperational
          ServiceWarningThe print job 3 was sent through the print processor MS_XPS_PROC on printer Canon iR-ADV C5235/5240 Class Driver, driver PS Driver for Canon iR-ADV C5235/5240 Class Driver, in the isolation mode loaded in the spooler.CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:43:25 GMT-0700 2014PrintServiceOperational
          ServiceInfoJobId:3; GdiJobSize:197637; ICMMethod:0; Color:2; XResolution:300; YResolution:300; Quality:300; Copies:1; TTOption:0CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:43:25 GMT-0700 2014PrintServiceOperational
          ServiceInfoThe default printer was changed to "DELLMFP-LEHI"CINGRAM-LT.tul.solarwinds.netTue Dec 2 07:42:20 GMT-0700 2014PrintServiceAdmin
          InternalToolOnlineStarted FAST reader: PrintServiceOperational for connector ID: WindowsPrintServiceOperational10.220.6.66Tue Dec 2 07:37:49 GMT-0700 2014PrintServiceOperational
          InternalToolOnlineStarted FAST reader: PrintServiceAdmin for connector ID: WindowsPrintServiceAdmin10.220.6.66Tue Dec 2 07:37:29 GMT-0700 2014PrintServiceAdmin

           

          Credit Update: Thanks to jdee for posting this internally so I could share it.