O
OASH
I have a strange issue with evntwin.exe on windows 2012R2 that some traps are not being generated as follows from the contents of exported events.cnf:
#pragma add "Application" "Microsoft-Windows-WMI" 5617 1 0 <== generated
#pragma add "System" "Srv" 1073748860 1 0 <== not generated
#pragma add "System" "W32Time" 35 1 0 <== not generated
#pragma add "System" "W32Time" 139 1 0 <== not generated
#pragma add "System" "W32Time" 143 1 0 <== not generated
Only the first one generates a trap from SNMP service when restarting WMI service. I am unable to identify why restarting w3time service generates no traps although from the above a trap should be generated. What I noticed is that anything from system events can't have evntwin generating a trap for it, why? I do hope that there are no more hidden surprises while one is digging deeper.
Continue reading...
#pragma add "Application" "Microsoft-Windows-WMI" 5617 1 0 <== generated
#pragma add "System" "Srv" 1073748860 1 0 <== not generated
#pragma add "System" "W32Time" 35 1 0 <== not generated
#pragma add "System" "W32Time" 139 1 0 <== not generated
#pragma add "System" "W32Time" 143 1 0 <== not generated
Only the first one generates a trap from SNMP service when restarting WMI service. I am unable to identify why restarting w3time service generates no traps although from the above a trap should be generated. What I noticed is that anything from system events can't have evntwin generating a trap for it, why? I do hope that there are no more hidden surprises while one is digging deeper.
Continue reading...