Announcement

Collapse
No announcement yet.

Syslog...feels sparse?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Syslog...feels sparse?

    So I managed to get the solarwinds event log forwarder working and ultralog3 is picking up the messages. But it just feels like i'm missing a LOT of info. The end goal is to catch when blueiris.exe has an "AppCrash" event and I want to restart the service. The Event log example below:

    Log Name: Application
    Source: Windows Error Reporting
    EventID: 1001
    Level: Information
    User: N/A
    OpCode:
    Logged: 9/29/2022 12:44:01 PM
    Task Category: None
    Keywords: Classic
    Computer: Computer

    Fault bucket , type 0
    Event Name: APPCRASH
    Response: Not available
    Cab Id: 0

    Problem signature:
    P1: BlueIris.exe
    P2: 5.5.7.11
    P3: 629fadc1
    P4: BlueIris.exe
    P5: 5.5.7.11
    P6: 629fadc1
    P7: c0000005
    P8: 00000000000a9c3d
    P9:
    P10:

    Attached files:
    \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7888.tmp.WE RInternalMetadata.xml

    These files may be available here:
    \\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCras h_BlueIris.exe_e5b6be27a9e41a86d52be3ce26bb8f2fc57511aa_f5ab c81a_27af6e1d-49f8-4d51-b3d4-aa2e7bdcc701

    Analysis symbol:
    Rechecking for solution: 0
    Report Id: 6b30bde8-76bd-432a-ada1-57672d9c96a9
    Report Status: 524390
    Hashed bucket:
    Cab Guid: 0

    However, all I see stored in Ultralog is below:

    MSWinEventLog 6 Application 8 Thu Sep 29 12:44:08 2022 1001 Windows Error Reporting N/A Information Computer 0 Fault bucket , type 0


    Seems I'm missing most of the details on this event... The event name, all those P tags, etc... What gives?
Working...
X