Privacy Policy

Mithilesh Mishra
2013-07-12T07:44:58Z
Hi,

We have applied SL4NT 3.2 SP1 on Windows 2008 R2 server. The configuration done is to generate incremental log after 10MB file size reached. But after reaching 10241 bytes of writing the data is not getting written to next incremental file. When we delete the first log another log of similar size gets created at the same place with same name. This way we can find multiple logs with same name after dletion.

Event log is shwing following warning "The 10001 oldest entries have been purged from the LogToFile action type queue because the actual queue size exceeded the allowed size of 100000 entries." Please refer to attch image[img]null[/img]

According to observation data is written in memory but incremental file creation is not working.


Mithilesh
franzk
2013-07-12T16:54:25Z
Hi Mithilesh,

based on your description I tried to reproduce your problem but on my test system (WS2008 R2) SL4NT with action mode "Automatically open new log - maximum file size reached" works as expected: After sl1.log sl2.log gets created and so on.

In SL4NT Manager, export your configuration to file and then send this file to me by e-mail, addressed to franzk@netal.com.

You should try the following:

-Change the max file size to from 10MB to 1MB. Same behaviour?
-Change to a different file mode, e.g. "Automatically open new log - hourly". Does it work as expected?


-Franz
Mithilesh Mishra
2013-07-15T09:23:11Z
Hi,

According to your recommendation I tried out the both of the given option for Change in log size to 1024 and generation on hourly basis. But both of this did not work.
I have sent you the configuration file for the same.
franzk
2013-07-15T12:18:15Z
Hi Mithilesh,

>According to your recommendation I tried out the both of the given option for Change in log size to 1024 and generation on hourly basis. But both of this did not work.

I assume that the service runs under the default account (Local System).

-Check the NTFS permissions on the log directory
-Check if there's any kind of disk quota management active
-Try a different log directory (disk quotas disabled and FULL CONTROL for the Local System account).


-Franz
Mithilesh Mishra
2013-07-16T05:59:26Z
Hi Franz,

The service runs under Administrative accounts.

-There are no NTFS permission on log directory
-There is no disk quota management
-Tried on different location log directory

But in all of the above case no success till now.
franzk
2013-07-16T10:28:05Z
Hi Mithilesh,

>The service runs under Administrative accounts.

If you want to tell me that the service is not running under the default account (Local System) but some assigned user account with admin permission, then try the following:

1.) Assign Local System as service account, restart service and test.
2.) Use the assigned account but disable UAC, restart system and test.

>-There are no NTFS permission on log directory

How is this possible? If there are no assigned permissions, then no one has access!?


If the account changes don't help, then I can only offer you to take a look at your system by using some kind of remote access.

-Franz
Mithilesh Mishra
2013-07-16T10:54:41Z
Hi Franz,

I can not go ahead with recommended changes for user policy as this issue is on production site.

No NTFS permission means its default settings no special permission related configuration done on the system.

I am trying to simulate the similar behavior in my Lab, if it is reproduced than I can share it with you.


Mithilesh