Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

 

 

 

Home > Success Center > Troubleshooting Tools > Orion SAM Troubleshooting Guide - Troubleshooting SAM Monitors (Components) > Message data missing in Windows Event Log monitor

Message data missing in Windows Event Log monitor

Updated August 8, 2016

Overview

When looking at the details page for the Windows Event Log Monitor, the Event Log Message Details Web resource provides the events found, however the Message column is blank. Also, Alert Actions that utilize the ${N=SwisEntity;M=ComponentAlert.WindowsEventMessages} macro only provide the following values from the event log entry and do not provide the actual message data:

  • Log Name:
  • Source: 
  • Logged: 
  • Event ID: 
  • Level: 
  • User:
  • Computer: 

 

Environment

All SAM versions

Cause 

When the account assigned to the node or the Windows Event Log Monitor is performing the following WMI query, all entries have a Message value of <NULL>:

select * from Win32_NTLogEvent where LogFile = '{LogName}' and EventCode = '{EventID}'

Resolution

  1. Log in to the system as an administrator.
  2. Go to Start > Run.
  3. Type dcomcnfg
  4.  Go to Components Services > Computers > My Computer.
  5. Right-click My Computer and select Properties.
  6. On the COM Security tab, click Edit Limits under Launch and Activation Permissions.
  7. Under Security Limits, click Add and add the user account assigned to the Node/Component.
  8. Click OK.
  9. Go back to Start > Run.
  10. Type wmimgmt.msc
  11. On the Security tab, expand and go to CIMV2.
  12. Click Security and add the user account assigned to the Node/Component.
  13. Set Allow for all permissions provided.
  14. Click OK.
  15. If the WMI query is tested again, the Message value should be provided.
 

 

Last modified
20:55, 7 Aug 2016

Tags

Classifications

Public