Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 17563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reporting Log Writer - No log entries generated

paulus tamba

Hi, 

I've just installed Sophos Reporting Log Writer and use the default configuration files. However, no log files are being generated. is there a way to debug this? 

 

<?xml version="1.0" encoding="utf-8" ?>

<SophosDatafeed xmlns="www.sophos.com/.../LogWriterConfig.xsd">

<connection>

<!--<connectionString>Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=SOPHOS[SECVersion];Data Source=[SERVER]\[INSTANCE]</connectionString>-->

</connection>

<noOfDays>7</noOfDays>

<lagTime>1</lagTime>

<datafeeds>

<datafeed>

<tick>300</tick>

<logFile logType="LogFile">

<noOfBackupFiles>5</noOfBackupFiles>

<fileSize>1MB</fileSize>

<outputLocation>.\Log Files</outputLocation>

<outputFilename>DefaultCommonEvents.log</outputFilename>

</logFile>      

<logFile logType="WindowsLog">

<logName>DefaultCommonEvents</logName>

</logFile>

<call callID="DefaultCommonEvents">

<dataSource>EventsCommonData</dataSource>

<dataConfigurationLocation>.\Configuration Files</dataConfigurationLocation>

<dataConfigurationFile>EventsCommon.config</dataConfigurationFile>

</call>

</datafeed>

<datafeed>

<tick>300</tick>

<logFile logType="LogFile">

<noOfBackupFiles>5</noOfBackupFiles>

<fileSize>1MB</fileSize>

<outputLocation>.\Log Files</outputLocation>

<outputFilename>DefaultThreats.log</outputFilename>

</logFile>

<call callID="DefaultThreats">

<dataSource>ThreatEventData</dataSource>

<dataConfigurationLocation>.\Configuration Files</dataConfigurationLocation>

<dataConfigurationFile>Threats.config</dataConfigurationFile>

</call>

</datafeed>

</datafeeds>

</SophosDatafeed>



This thread was automatically locked due to age.
Parents
  • 0

    Hello paulus tamba,

    you've installed the Log Writer on the management server (which SEC version?) and the database is local? You are using the default Local System account, the service is started and running but no output is produced?

    Christian

  • 0 in reply to QC

    just been informed that the database server is actually on a different server. I'll see what changes to make and post the result

  • 0 in reply to paulus tamba

    so i found that the db was in a different server, and i get the username and password. how do i pass that to the <connectionstring> ? Here's my connection string. The service is started but no log files are being generated : 

    <connection>
    <connectionString>Provider=SQLOLEDB;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=SOPHOS550;Data Source=<server_name>;User ID=<domain\userid>;Password=<password></connectionString>

    </connection>

  • 0 in reply to paulus tamba

    Hello paulus tamba,

    apparently you have a central SQL server/service and usually there's one or more SQL experts who should be able to help you with a ConnectionString (so for example Integrated Security=SSPI precludes the specification of credentials).
    In principle the ConnetingString that SEC uses (HKLM\SOFTWARE\Wow6432Node\Sophos\EE\Management Tools\\DatabaseConnectionMS) should work provided your service runs as a user that has access to the database.

    Christian 

  • 0 in reply to QC

    I've feed the default ConnectionString that SEC uses as well as configuring the service to run as the database user which has access to the SEC database (it's the same user that has Log On As value for Sophos Management Host). 

    I can see that log files are being created but it's still empty.

    Is there a way to debug this program? The user guide says that service will not run if I provided empty or incorrect connection string so I assume the connection string is correct?  

  • 0 in reply to paulus tamba

    Hello paulus tamba,

    sorry, should have thought of it earlier - please check the Windows Application Event log, this is where the service writes it messages to.

    Christian

  • +1 in reply to QC

    finally able to make it write to a log file. Started the service as the user, then just commented out the whole <connectionString> due to the following notes in the doc : 

    In the default configuration file the <connectionString> element is commented out (surrounded by "<!--" and "-->" tags). If this element is commented out or not present in the configuration file then the service will attempt to find the appropriate settings by scanning the registry for a SEC management service connection string.

    Just by setting the service to log on as the db user is sufficient apparently. 

    Thanks for helping out. 

Reply
  • +1 in reply to QC

    finally able to make it write to a log file. Started the service as the user, then just commented out the whole <connectionString> due to the following notes in the doc : 

    In the default configuration file the <connectionString> element is commented out (surrounded by "<!--" and "-->" tags). If this element is commented out or not present in the configuration file then the service will attempt to find the appropriate settings by scanning the registry for a SEC management service connection string.

    Just by setting the service to log on as the db user is sufficient apparently. 

    Thanks for helping out. 

Children
  • 0 in reply to paulus tamba

    I'm also having trouble after installation i've got everything configured as default but when i start the servive i get the following logs in the event viever. Can anyone help??

    Logs in reverse :-)

     

     

    Log Name: Application
    Source: Sophos Reporting Log Writer
    Description:
    System.UnauthorizedAccessException - Access to the path 'C:\Program Files (x86)\Sophos\Reporting Interface\DefaultCommonEvents_DefaultCommonEvents.last' is denied.. The DefaultCommonEvents call did not execute correctly.

    <EventData>
    <Data>System.UnauthorizedAccessException - Access to the path 'C:\Program Files (x86)\Sophos\Reporting Interface\DefaultCommonEvents_DefaultCommonEvents.last' is denied.. The DefaultCommonEvents call did not execute correctly.</Data>
    </EventData>
    </Event>

    Log Name: Application
    Source: Sophos Reporting Log Writer

    Description:
    System.UnauthorizedAccessException - Access to the path 'C:\Program Files (x86)\Sophos\Reporting Interface\DefaultCommonEvents_DefaultCommonEvents.log.last' is denied.. The DefaultCommonEvents call did not execute correctly.
    Event Xml:
    <EventData>
    <Data>System.UnauthorizedAccessException - Access to the path 'C:\Program Files (x86)\Sophos\Reporting Interface\DefaultCommonEvents_DefaultCommonEvents.log.last' is denied.. The DefaultCommonEvents call did not execute correctly.</Data>
    </EventData>
    </Event>

    Log Name: Application
    Source: Sophos Reporting Log Writer
    Description:
    System.UnauthorizedAccessException - Access to the path 'C:\Program Files (x86)\Sophos\Reporting Interface\DefaultThreats_DefaultThreats.log.last' is denied.. The DefaultThreats call did not execute correctly.
    Event Xml:
    <EventData>
    <Data>System.UnauthorizedAccessException - Access to the path 'C:\Program Files (x86)\Sophos\Reporting Interface\DefaultThreats_DefaultThreats.log.last' is denied.. The DefaultThreats call did not execute correctly.</Data>
    </EventData>
    </Event>

    Log Name: Application
    Source: Sophos Reporting Log Writer
    Description:
    Skipping DefaultCommonEvents.log datafeed.
    Event Xml:
    </EventData>
    </Event>

    Log Name: Application
    Source: Sophos Reporting Log Writer
    Description:
    Skipping DefaultThreats.log datafeed.
    <EventData>
    <Data>Skipping DefaultThreats.log datafeed.</Data>
    </EventData>
    </Event>

    Log Name: Application
    Source: Sophos Reporting Log Writer
    Description:
    There was an error when creating the DefaultThreats.log logger. System.Exception - FileOpenFailure - OpenFile(C:\Program Files (x86)\Sophos\Reporting Interface\Log Files\DefaultThreats.log,True) call failed.
    <EventData>
    <Data>There was an error when creating the DefaultThreats.log logger. System.Exception - FileOpenFailure - OpenFile(C:\Program Files (x86)\Sophos\Reporting Interface\Log Files\DefaultThreats.log,True) call failed.</Data>
    </EventData>
    </Event>

    Log Name: Application
    Source: Sophos Reporting Log Writer
    Description:
    There was an error when creating the DefaultCommonEvents.log logger. System.Exception - FileOpenFailure - OpenFile(C:\Program Files (x86)\Sophos\Reporting Interface\Log Files\DefaultCommonEvents.log,True) call failed.
    <EventData>
    <Data>There was an error when creating the DefaultCommonEvents.log logger. System.Exception - FileOpenFailure - OpenFile(C:\Program Files (x86)\Sophos\Reporting Interface\Log Files\DefaultCommonEvents.log,True) call failed.</Data>
    </EventData>
    </Event>

    Log Name: Application
    Source: Sophos Reporting Log Writer
    Description:
    Starting Scheduler
    <EventData>
    <Data>Starting Scheduler</Data>
    </EventData>
    </Event>

  • +1 in reply to ChrisBates

    As the log suggest, it appears that the user running the log writer service has no access to the folder Log Files. Check which user the service run as, then give the user permission to the Log files directory

  • 0 in reply to paulus tamba

    Brilliant I think that sorted it. I didn't even bother looking at permissions because i assumed it was more complicated than that!  The files grew in size imediatly then stopped but i'm assuming thats it filling wuith the 7 days of history.

Unfiltered HTML