Answer
PROBLEM
GFI EventsManager cannot collect events from Microsoft Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008, R2
ENVIRONMENT
- GFI EventsManager installed on Microsoft Windows 2003 or Windows XP
SOLUTION
Install GFI EventsManager on a computer running Microsoft Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008, R2
Note:
If you intend to only process Syslog / SMNP or W3C events from a computer running Microsoft Windows Server 2008, Windows Server 2008, R2, Windows Vista or Windows 7, but no Windows events, temporarily disable the network connection to the source when adding it to GFI EventsManager, otherwise GFI EventsManager will check the operating system the source is running and will not allow to add it.
Note:
If you intend to only process Syslog / SMNP or W3C events from a computer running Microsoft Windows Server 2008, Windows Server 2008, R2, Windows Vista or Windows 7, but no Windows events, temporarily disable the network connection to the source when adding it to GFI EventsManager, otherwise GFI EventsManager will check the operating system the source is running and will not allow to add it.
CAUSE
Microsoft Windows Vista, Windows Server 2008, and later Operating Systems introduced extensive structural changes in event logging and event log management. Due to these changes, GFI EventsManager must be installed on a platform (as noted in solution) to be able to interpret the new event log format.