IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this forum will no longer be available. More details available on our FAQ.
Topic
  • 2 replies
  • Latest Post - ‏2014-04-29T20:38:35Z by burgezz
burgezz
burgezz
5 Posts

Pinned topic Collecting Events generated pre-install of Wincollect agent

‏2014-04-29T19:05:43Z | wincollect

I have a need to collect existing events on a system with the Wincollect agent.  I installed the Wincollect agent and created the log source, but am only capturing events from the installation time --> forward.  Is there anyway I can force the Wincollect agent to gather logs that pre-date the install if those logs are still on the system?

 

 

  • JonathanPechtaIBM
    JonathanPechtaIBM
    302 Posts
    ACCEPTED ANSWER

    Re: Collecting Events generated pre-install of Wincollect agent

    ‏2014-04-29T19:55:39Z  

    burgezz,

     

    Unfortunately, there is no method in WinCollect to force the system to read the old events. 

     

    WinCollect (and the Adaptive Log Exporter) do not go back in time to collect events from old event records. When the software accesses the log for the first time, the last entry in the event log is read. The system notes the position to collect events from that point forward. Each time the agent polls the Microsoft Event Collection API (this applies to both local or remote collection), the log types are read and the system records the last event collected. This ensures that WinCollect (or the Adaptive Log Exporter) are not generating duplicate event records by rereading lines in an event log.

     

     

  • JonathanPechtaIBM
    JonathanPechtaIBM
    302 Posts

    Re: Collecting Events generated pre-install of Wincollect agent

    ‏2014-04-29T19:55:39Z  

    burgezz,

     

    Unfortunately, there is no method in WinCollect to force the system to read the old events. 

     

    WinCollect (and the Adaptive Log Exporter) do not go back in time to collect events from old event records. When the software accesses the log for the first time, the last entry in the event log is read. The system notes the position to collect events from that point forward. Each time the agent polls the Microsoft Event Collection API (this applies to both local or remote collection), the log types are read and the system records the last event collected. This ensures that WinCollect (or the Adaptive Log Exporter) are not generating duplicate event records by rereading lines in an event log.

     

     

  • burgezz
    burgezz
    5 Posts

    Re: Collecting Events generated pre-install of Wincollect agent

    ‏2014-04-29T20:38:35Z  

    burgezz,

     

    Unfortunately, there is no method in WinCollect to force the system to read the old events. 

     

    WinCollect (and the Adaptive Log Exporter) do not go back in time to collect events from old event records. When the software accesses the log for the first time, the last entry in the event log is read. The system notes the position to collect events from that point forward. Each time the agent polls the Microsoft Event Collection API (this applies to both local or remote collection), the log types are read and the system records the last event collected. This ensures that WinCollect (or the Adaptive Log Exporter) are not generating duplicate event records by rereading lines in an event log.

     

     

    Thanks!