jonhcw

ntevl select_events

Discussion created by jonhcw on Feb 13, 2013
Latest reply on Apr 25, 2013 by jonhcw

Hi,

 

I'm trying to use select_events of ntevl probe to find some old events relating to McAfee. I'm just installing the robot on these servers and would like to get information on events that do not necessarily reoccur periodically.

 

the select_events callback seems to work somewhat inconsistently across different servers. If I only insert the required parameters (log) it only lists events that have timestamps well under 1300000000 on some servers, meaning they are not the most recent events in the log. I've checked from the status tab. On some servers it lists the most recent events.

 

If I define the fromtime (and totime in some cases), on some servers it displays no events at all, when in fact they do exist. On some servers it works fine.

 

If I define an event_id it may or may not find events filtered by that ID, and it might display only one in a selected time span, when in fact there are several. I suspect the "number" parameter might affect this (though I really think it tells how many results to return in total), but that doesn't seem to help.

 

The behaviour doesn't seem to depend on the OS level (2003/2008 and their minor versions) and I use the latest ntevl version. I also tried a couple older versions.

 

I can't find any documentation on ntevls callbacks, so I guess it might just be a case of me not knowing how to use it properly. If anyone has any experience with this, would be a great help!

 

-jon

Outcomes