SysmonLog

B

Bob

What does this mean - from the Event Viewer Applications. It showed up
all of a sudden today.

+++
Source: SysmonLog

Unable to read the Log File Folder value of the System Overview log or
alert configuration. The default value will be used. The error code
returned is in the data.
+++


--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

If you can read this, thank a teacher.
If you are reading it in English, thank an American soldier.
 
D

Dave Patrick

Looks like you're working with Performance Monitor. Sounds like it is
missing (path), corrupt or possibly a permissions problem. We don't know
without the rest of the detail.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|
| What does this mean - from the Event Viewer Applications. It showed up
| all of a sudden today.
|
| +++
| Source: SysmonLog
|
| Unable to read the Log File Folder value of the System Overview log or
| alert configuration. The default value will be used. The error code
| returned is in the data.
| +++
|
|
| --
|
| Map of the Vast Right Wing Conspiracy
| http://home.houston.rr.com/rkba/vrwc.html
|
| If you can read this, thank a teacher.
| If you are reading it in English, thank an American soldier.
|
 
B

Bob

Looks like you're working with Performance Monitor.
Click to expand...

No. I have never worked with Performance Monitor.
Sounds like it is missing (path), corrupt or possibly a permissions problem.
Click to expand...

I do not know what I could have done to cause that.
We don't know without the rest of the detail.
Click to expand...

What details do you need?

--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

If you can read this, thank a teacher.
If you are reading it in English, thank an American soldier.
 
D

Dave Patrick

When you view the logged events in Event Viewer (double-click them in the
right-hand pane) in the upper right corner, third button down is a copy to
clipboard, then you can paste in the body of a reply message.

Please do so for each of the different System Log events (that are a Type:
'Error' or 'Warning') since last boot so we can see all of the event detail.

Tell us about anything that was just installed. Also check Device Manager
for error codes and or non-starting devices.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| >Looks like you're working with Performance Monitor.
|
| No. I have never worked with Performance Monitor.
|
| >Sounds like it is missing (path), corrupt or possibly a permissions
problem.
|
| I do not know what I could have done to cause that.
|
| >We don't know without the rest of the detail.
|
| What details do you need?
|
| --
|
| Map of the Vast Right Wing Conspiracy
| http://home.houston.rr.com/rkba/vrwc.html
|
| If you can read this, thank a teacher.
| If you are reading it in English, thank an American soldier.
|
 
B

Bob

When you view the logged events in Event Viewer (double-click them in the
right-hand pane) in the upper right corner, third button down is a copy to
clipboard, then you can paste in the body of a reply message.
Click to expand...

Event Type: Warning
Event Source: SysmonLog
Event Category: None
Event ID: 2006
Date: 5/28/2005
Time: 5:57:20 PM
User: N/A
Computer: RCK
Description:
Unable to read the Log File Folder value of the new log log or alert
configuration. The default value will be used. The error code returned
is in the data.
Data:
0000: 02 00 00 00 ....
....


Event Type: Warning
Event Source: SysmonLog
Event Category: None
Event ID: 2006
Date: 5/28/2005
Time: 5:57:21 PM
User: N/A
Computer: RCK
Description:
Unable to read the Log File Folder value of the System Overview log or
alert configuration. The default value will be used. The error code
returned is in the data.
Data:
0000: 02 00 00 00 ....
Please do so for each of the different System Log events (that are a Type:
'Error' or 'Warning') since last boot so we can see all of the event detail.
Click to expand...

There's only one kind, but it comes in pairs - as you can see above.
Tell us about anything that was just installed.
Click to expand...

I wish I could recall all the stuff that I have installed and
uninstalled. I believe Nero OEM was the last thing I installed,
including something called InCD and Nero Media Player. I have since
removed all that stuff but the Sysmon warning persists.

Subsequent to experiencing the problem I swabbed the Registry with 5
different cleaners in the hope of catching a rogue key, but with no
luck.
Also check Device Manager
for error codes and or non-starting devices.
Click to expand...

I have Device Manager open but I can't see where there would be any
error codes or non-starting devices, other than the some old drivers
that I have left over from previous use of this OS with other H/W.

If there is a specific place to look, please let me know.

Please keep in mind that I am running Win2K/SP4.
 
D

Dave Patrick

E:\>net helpmsg 2
returns with
The system cannot find the file specified.

The SysmonLog service is the 'Performance Logs and Alerts' service it can't
find or no longer has access to the "Log File Folder" and or the "Current
Log File Name" which are defined in the following key.
Possibly C:\PerfLogs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
Queries\{SID}

Registry cleaners generally do more damage than good.


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Event Type: Warning
| Event Source: SysmonLog
| Event Category: None
| Event ID: 2006
| Date: 5/28/2005
| Time: 5:57:20 PM
| User: N/A
| Computer: RCK
| Description:
| Unable to read the Log File Folder value of the new log log or alert
| configuration. The default value will be used. The error code returned
| is in the data.
| Data:
| 0000: 02 00 00 00 ....
| ....
|
|
| Event Type: Warning
| Event Source: SysmonLog
| Event Category: None
| Event ID: 2006
| Date: 5/28/2005
| Time: 5:57:21 PM
| User: N/A
| Computer: RCK
| Description:
| Unable to read the Log File Folder value of the System Overview log or
| alert configuration. The default value will be used. The error code
| returned is in the data.
| Data:
| 0000: 02 00 00 00 ....
|
| >Please do so for each of the different System Log events (that are a
Type:
| >'Error' or 'Warning') since last boot so we can see all of the event
detail.
|
| There's only one kind, but it comes in pairs - as you can see above.
|
| >Tell us about anything that was just installed.
|
| I wish I could recall all the stuff that I have installed and
| uninstalled. I believe Nero OEM was the last thing I installed,
| including something called InCD and Nero Media Player. I have since
| removed all that stuff but the Sysmon warning persists.
|
| Subsequent to experiencing the problem I swabbed the Registry with 5
| different cleaners in the hope of catching a rogue key, but with no
| luck.
|
| >Also check Device Manager
| >for error codes and or non-starting devices.
|
| I have Device Manager open but I can't see where there would be any
| error codes or non-starting devices, other than the some old drivers
| that I have left over from previous use of this OS with other H/W.
|
| If there is a specific place to look, please let me know.
|
| Please keep in mind that I am running Win2K/SP4.
|
 
B

Bob

E:\>net helpmsg 2
returns with
The system cannot find the file specified.
Click to expand...

What is this about?
The SysmonLog service is the 'Performance Logs and Alerts' service it can't
find or no longer has access to the "Log File Folder" and or the "Current
Log File Name" which are defined in the following key.
Click to expand...
Possibly C:\PerfLogs
Click to expand...

There is no C:\Perflogs on my system.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
Queries\{SID}
Click to expand...

What is {SID}?

Here's what I find when I look at the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
Queries\Default (Nothing set).

But under that key there are two more subkeys:

"New Log"

and

"System Overview"

Recall the warning message:

"Unable to read the Log File Folder value of the System Overview log
or alert configuration."

That appears to be pointing to the System Overview log, which is the
second subkey above.

When I look at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
Queries\System Overview

there appears to be several keys that are set. But I don't have any
idea what they all mean and which one is the offending party.
Registry cleaners generally do more damage than good.
Click to expand...

I have never had a problem using them before. Perhaps one of them got
too aggressive.

How do I fix this?
 
D

Dave Patrick

:
| >E:\>net helpmsg 2
| >returns with
| >The system cannot find the file specified.
|
| What is this about?
* Read the next paragraph.


| >The SysmonLog service is the 'Performance Logs and Alerts' service it
can't
| >find or no longer has access to the "Log File Folder" and or the "Current
| >Log File Name" which are defined in the following key.
|
| >Possibly C:\PerfLogs
|
| There is no C:\Perflogs on my system.
* This might be the problem. Read on.


| >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
| >Queries\{SID}
|
| What is {SID}?
|
| Here's what I find when I look at the registry:
|
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
| Queries\Default (Nothing set).
|
| But under that key there are two more subkeys:
|
| "New Log"
|
| and
|
| "System Overview"
* When you navigate to this key then in the right pane look for a Reg_Sz
type named "Log File Folder" Then check the path in the 'Data' column. Did
you delete this folder by chance? If so recreate it.


| Recall the warning message:
|
| "Unable to read the Log File Folder value of the System Overview log
| or alert configuration."
|
| That appears to be pointing to the System Overview log, which is the
| second subkey above.
|
| When I look at:
|
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
| Queries\System Overview
|
| there appears to be several keys that are set. But I don't have any
| idea what they all mean and which one is the offending party.
|
| >Registry cleaners generally do more damage than good.
|
| I have never had a problem using them before. Perhaps one of them got
| too aggressive.
|
| How do I fix this?
* You restore the registry from your recent backup.


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Removing old drivers easily 21
Why Won't Acronis True Image Unistall? 15
Start button entries 9
SysmonLog Error 5
Dual Monitors 4
Connecting Only Two Machines 5
DVD DMA Setting 4
Partition Utility 49

Top