SysmonLog Error

[Bob]

I am running Win2K Pro/SP4.

I keep getting the following Event Viewer application error every time
I reboot:

+++
SysmonLog

Unable to read the Log File Folder value of the System Overview log or
alert configuration. The default value will be used. The error code
returned is in the data.

[The error code is 2]
+++

What is this and why is is happening? What do I do to fix it?

Thanks

 

[Adrian Grigorof]

SysmonLog is the "Performance Logs and Alerts Service" and the "System
Overview" log is typically set as C:\PerfLogs\System_Overview.blg - did you
setup any Performance Monitor logging? Double-check the settings by opening
the "Performance Logs and Alerts", "Counter logs" applet from the "Computer
Management" GUI. By default the System Overview logging is stopped.

 

[Bob]

SysmonLog is the "Performance Logs and Alerts Service"

Does that have anything to do with Event Viewer?

the "System Overview" log is typically set as C:\PerfLogs\System_Overview.blg

I see that entry in Computer Management.

did you setup any Performance Monitor logging?

No that I am aware of.

Double-check the settings by opening
the "Performance Logs and Alerts", "Counter logs" applet from the "Computer
Management" GUI.

All I see are what are termed "sample logs".

By default the System Overview logging is stopped.

Yes. But when I tried to delete them, it fussed at me.

How do I fix this screwball problem?

 

[Adrian Grigorof]

Ok, I was able to replicate this as follows:
Opened HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
Queries\{<guid>} using registry editor (regedit). The GUID could be
different on your computer, on mine it was
0f108872-f28c-4555-9e63-b984036cd2bd. I renamed the following registry
value: "Log File Folder" to "old Log File Folder" and then I tried to start
the System Overview counter log and sure enough, event id 2006 showed up in
the event log. Renaming back "Log File Folder" fixed the problem. So, verify
if you have this string registry value configured on your system. On mine it
is set to "C:\PerfLogs".

 

[Bob]

SysmonLog is the "Performance Logs and Alerts Service" and the "System
Overview" log is typically set as C:\PerfLogs\System_Overview.blg - did you
setup any Performance Monitor logging? Double-check the settings by opening
the "Performance Logs and Alerts", "Counter logs" applet from the "Computer
Management" GUI. By default the System Overview logging is stopped.

I was able to stop the service and now the event viewer entry is gone.

I have another problem that perhaps you can comment on.

When I open Win2K Defrag, I get two entries for one disk drive.

System (C
System

They both have the same size but the GUID is different.

What is going on and how do I correct it?

Thanks.

 

[Bob]

Ok, I was able to replicate this as follows:
Opened HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
Queries\{<guid>} using registry editor (regedit). The GUID could be
different on your computer, on mine it was
0f108872-f28c-4555-9e63-b984036cd2bd. I renamed the following registry
value: "Log File Folder" to "old Log File Folder" and then I tried to start
the System Overview counter log and sure enough, event id 2006 showed up in
the event log. Renaming back "Log File Folder" fixed the problem. So, verify
if you have this string registry value configured on your system. On mine it
is set to "C:\PerfLogs".

Thanks for the heads up. I fixed the problem by stopping the service.