Windows Server 2003
cancel
Showing results for 
Search instead for 
Did you mean: 

Event Log for Application, Security and System show the same thing

 
Adisuria Wangsadinata_1
Honored Contributor

Event Log for Application, Security and System show the same thing

Hi All,

I have one BizTalk server, the application on this server generates a lot of event logs. Now the problem is every time I see from Event Viewer for Application , Security and System, all show the same thing,and looks like contain the log from application, system & security.

Anyone knows to solve this?

Regards,

Iwan Tamimi
now working, next not working ... that's unix
8 REPLIES 8
Ivan Ferreira
Honored Contributor

Re: Event Log for Application, Security and System show the same thing

Check the properties for each event log to identify the file to which one is linked:

C:\WINDOWS\system32\config\AppEvent.Evt
C:\WINDOWS\System32\config\SecEvent.Evt
C:\WINDOWS\system32\config\SysEvent.Evt
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Adisuria Wangsadinata_1
Honored Contributor

Re: Event Log for Application, Security and System show the same thing

Ivan,

Thanks for the reply, but I just check for the properties of the Event Logs link to the correct files those you mentioned. So it looks like all the event logs write to all the event logs file but I am not sure about this.

But if I see the *.evt files the are all differn sizes:


C:\WINDOWS\system32\config>dir *.evt
Volume in drive C has no label.
Volume Serial Number is 5C64-A5CB

Directory of C:\WINDOWS\system32\config

11/13/2007 08:25 AM 2,228,224 AppEvent.Evt
11/13/2006 10:39 AM 65,536 Internet Explorer.evt
10/25/2007 10:37 AM 16,777,216 SecEvent.Evt
10/25/2007 10:37 AM 4,718,592 SysEvent.Evt
4 File(s) 23,789,568 bytes
0 Dir(s) 39,499,799,552 bytes free

C:\WINDOWS\system32\config>

Looks like you maybe right, but where it goes wrong the properties I already checked so many time?


Thank you,

Iwan Tamimi
now working, next not working ... that's unix
Ivan Ferreira
Honored Contributor

Re: Event Log for Application, Security and System show the same thing

Interesting, what if you clear all the logs (saving it first). Do you get exactly the same information again in all of them? The file size remains different? Check if you have some filter enabled.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Adisuria Wangsadinata_1
Honored Contributor

Re: Event Log for Application, Security and System show the same thing

Hi Ivan,

I am sorry I haven't replied it for long. Actually we have already cleared the event log so many times, actually I have logged to HP-Microsoft support, first they didn't believe me after they did the remote login, they also quite confused and still under investigation.

I am still suspect the event logs was flooded by messages (from BizTalk application) then it went haywire but I still don't know why.

BTW I also see the services.exe always around 25% CPU usage event though we stop almost all the other application services (like biztalk, sql server, anti virus, snmp etc), the services.exe is still high and always follow by System Idle Process around 75% (I think this one is the IO process for the services.exe) I read that the services.exe is also handling the the EventLog.

Any idea?

Thank you,

Iwan Tamimi
now working, next not working ... that's unix
Sylvain Emery
Occasional Visitor

Re: Event Log for Application, Security and System show the same thing

Hi,

I've exactly the same problem on one of my servers. Did you find a solution ?

Thanks,

Sylvain
Andy Infante
Occasional Visitor

Re: Event Log for Application, Security and System show the same thing

I have EXACTLY the same problem too. Has anyone resolved their issue??
Jennifer Fairchild
Occasional Visitor

Re: Event Log for Application, Security and System show the same thing

I have the exact same problem. Has anyone found a resolution? Thanks
Brian Chand
Occasional Visitor

Re: Event Log for Application, Security and System show the same thing

I have the same problem on one of my servers as well. I've also noticed that the registry key HKLM\system\currentcontrolset\services\eventlog\system\sources and ..\application\sources have the same value entered repeatedly whenever the event log service is enabled. If I remove the duplicate entries and restart the event log, it adds them right back.