KBI 310137 Argent Data Consolidator and 64-bit Event Logs
Version
Argent Data Consolidator 8.0A-0810
Date
27 Dec 2008
Summary
The Argent Data Consolidator Scheduling Engine log will contain entries similar to the following:
12 Oct 2008 15:17:20.863 ARGENTMONITOR03 argent ALERT IS NOT FIRED for error Cannot Format Event Log Content (Formatting error of event log ‘SECURITY’ of server ‘SQLDB07’.
Failed to LoadLibraryEx \\SQLDB07\C$\WINDOWS\System32\MsAuditE.dll. (Error: %1 is not a valid Win32 application.)
Failed to LoadLibraryEx \\SQLDB07\C$\WINDOWS\System32\ws03res.dll. (Error: %1 is not a valid Win32 application.)
Failed to LoadLibraryEx \\SQLDB07\C$\WINDOWS\System32\xpsp2res.dll. (Error: %1 is not a valid Win32 application.)
)
The Argent Data Consolidator Transfer Engine log will contain entries similar to the following:
12 Oct 2008 15:30:03.520 ARGENT-ADC-TE1 argent Failed to LoadLibraryEx \\SQLDB07\C$\WINDOWS\System32\MsAuditE.dll. (Error: %1 is not a valid Win32 application.)
12 Oct 2008 15:30:03.520 ARGENT-ADC-TE1 argent Failed to LoadLibraryEx \\SQLDB07\C$\WINDOWS\System32\ws03res.dll. (Error: %1 is not a valid Win32 application.)
12 Oct 2008 15:30:03.520 ARGENT-ADC-TE1 argent Failed to LoadLibraryEx \\SQLDB07\C$\WINDOWS\System32\xpsp2res.dll. (Error: %1 is not a valid Win32 application.)
12 Oct 2008 15:30:03.551 ARGENT-ADC-TE1 argent Failed to LoadLibraryEx \\WLOGIC18\C$\WINDOWS\System32\MsAuditE.dll. (Error: %1 is not a valid Win32 application.)
12 Dec 2008 15:30:03.551 ARGENT-ADC-TE1 argent Failed to LoadLibraryEx \\WLOGIC18\C$\WINDOWS\System32\ws03res.dll. (Error: %1 is not a valid Win32 application.)
12 Oct 2008 15:30:03.551 ARGENT-ADC-TE1 argent Failed to LoadLibraryEx \\WLOGIC18\C$\WINDOWS\System32\xpsp2res.dll. (Error: %1 is not a valid Win32 application.)
Technical Background
32-bit programs (such as the Argent Data Consolidator) are unable to load the 64-bit .DLLs required to scan the event log from a system hosting an OS such as Windows Server 2003 x64 Edition.
Argent has provided its customers with a way to handle these situations. WMI is the mechanism used to handle the logs on x64 targets.
Resolution
Enable the WMI scanning feature for the Argent Data Consolidator.
Step 1
Open the Argent Data Consolidator, and select Administration. Click License Manager, and click Licensed Servers on the bottom-right tab.
Step 2
Double-click a licensed server to bring up its properties.
Note: the server you are selecting will be an x64 target, i.e. a 64-bit machine you wish to collect or scan logs from.
Step 3
In the example shown here, we are selecting the server “ARGENT-DEV”
Enable the setting Read W200x Event Log by WMI
Step 4
Click OK to accept the changes.
Your 64-bit target server should now be ready for event log analysis and consolidation.