Automation Point cannot interpret remote SolarWinds Orion Event Log
search cancel

Automation Point cannot interpret remote SolarWinds Orion Event Log

book

Article ID: 191807

calendar_today

Updated On:

Products

Automation Point

Issue/Introduction

Running SolarWinds Orion to monitor Open Systems environment, and using Automation Point (AP) to monitor the Orion server event log to integrate mainframe and Open Systems alerting.
After upgrade of Orion to get it to supported levels it seems to have introduced a change to the application event log records written, and although there is a small change in the "Provider Name" string, AP no longer can read the text and interpret it.
The old event messages from the "Alerting Engine" are still written which still work fine with AP, but the new ones from "SolarWinds.BusinessLayerHost Action" causes AP to throw up these types of error messages:

The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART RS=NMA-P-SWINDS-A1 V=9.5 G C=Disk-Data T=20200519-1756

The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found. It contains the following insertion string(s): HEART RS=NMA-P-SWINDS-A1 V=43.5 G C=Disk-Data T=20200519-1756

Resolution

To monitor any remote Windows server events created by an application, AP requires that the event messages dll for the application be registered locally on the AP server.
To enable successful event monitoring for the previous version of SolarWinds Orion these steps had been done:
  1. Copied the Orion EventLogMessages.dll from the Orion Server to the AP Server.

  2. On the AP server under registry key "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application" created a new sub-key with the name of the Source/Provider Name ("Alerting Engine") . Under the new sub-key added an Expandable String Value (REG_EXPAND_SZ) with name "EventMessageFile" assigned to the full path of the EventLogMessages.dll file.

The Orion upgrade added an additional component "SolarWinds.BusinessLayerHost Action" resulting in the AP server errors "The description for Event ID (3003) in Source (SolarWinds.BusinessLayerHost Action) could not be found ...".
To resolve the problem a new registry key similar to #2 above was created for the new component i.e.
Under "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application" create new sub-key with the name of the new Source/Provider Name "SolarWinds.BusinessLayerHost Action" and under that new sub-key add an Expandable String Value (REG_EXPAND_SZ) with name "EventMessageFile" assigned to the full path of the EventLogMessages.dll file.

Powered by Wolken Software