David Haycox
asked on
How do I stop evntagnt.log getting huge?
We have an HP Proliant DL380 G4 running SBS2003 Premium. No problems with it apart from the fact that the file:
C:\hp\logs\evntagnt.log
gets larger by about 15Kb every few seconds - so after a while it gets pretty big (20GB last time I checked).
I've figured out how to remove it - stop the following services:
SNMP Service
HP Insight Foundation Agents
HP Insight Storage Agents
HP Insight Server Agents
HP Insight NIC Agents
... and then simply delete the file.
Question is, how can I stop it getting so big, or even stop it being created at all? I can't see it serving any purpose. Here's a sample of what's in it:
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for Internet Explorer - 4 - 00095190
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00095190
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for Microsoft-Windows-Forwardi ng/Operati onal - 5 - 00096BF0
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00096BF0
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for MSCRMExRouter - 6 - 00096E30
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00096E30
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for Security - 7 - 00096FA0
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00096FA0
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Waiting for event to occur
01/07/2010 15:54:16 SnmpEvLogProc: Normal event wait in progress
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 0 is 00000230
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 1 is 0000023C
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 2 is 00000240
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 3 is 00000244
Thanks in advance!
C:\hp\logs\evntagnt.log
gets larger by about 15Kb every few seconds - so after a while it gets pretty big (20GB last time I checked).
I've figured out how to remove it - stop the following services:
SNMP Service
HP Insight Foundation Agents
HP Insight Storage Agents
HP Insight Server Agents
HP Insight NIC Agents
... and then simply delete the file.
Question is, how can I stop it getting so big, or even stop it being created at all? I can't see it serving any purpose. Here's a sample of what's in it:
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for Internet Explorer - 4 - 00095190
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00095190
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for Microsoft-Windows-Forwardi
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00096BF0
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for MSCRMExRouter - 6 - 00096E30
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00096E30
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Event detected log record written for Security - 7 - 00096FA0
01/07/2010 15:54:16 SnmpEvLogProc: Log event buffer is at address 000CC990
01/07/2010 15:54:16 SnmpEvLogProc: Reading log event for handle 00096FA0
01/07/2010 15:54:16 SnmpEvLogProc: END OF FILE of event log is reached
01/07/2010 15:54:16 SnmpEvLogProc: Waiting for event to occur
01/07/2010 15:54:16 SnmpEvLogProc: Normal event wait in progress
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 0 is 00000230
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 1 is 0000023C
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 2 is 00000240
01/07/2010 15:54:16 SnmpEvLogProc: Event handle 3 is 00000244
Thanks in advance!
ASKER
Yes indeed, is this what you're looking for:
TraceFileName REG_SZ c:\hp\logs\evntagnt.log ?
Do I just delete it?
TraceFileName REG_SZ c:\hp\logs\evntagnt.log ?
Do I just delete it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great answer, pretty sure that's the second time you've helped me out!
In fact either solution (deleting the TraceFileName key or setting the TraceLevel to 32 (decimal) works a treat.
In fact either solution (deleting the TraceFileName key or setting the TraceLevel to 32 (decimal) works a treat.
EVENTS\EventLog\Parameters