How do I prevent old Alarms comgin in from NTEVL

Document ID : KB000096827
Last Modified Date : 25/05/2018
Show Technical Document Details
Question:
Some times when we have a windows server restart we will get old alarms being sent from NTEVL probe.
How to we correct this so it does not happen?

 
Environment:
UIM 9.0 and earlier
NTEVL 4.31 and earlier
Answer:
When the probe starts up each time it should have the last read position.
Some times on shutting down there will be an error and the counters will be reset
To correct for this enable the  the backup position feature:
From the documentation:
https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/ntevl-nt-event-log-monitoring/ntevl-im-configuration#ntevlIMConfiguration-(Optional)ConfigureGeneralProperties


Enable Position File Backup Interval: allows the probe to back up the position file.
Default: Not selected

Position File Backup Interval: defines the time interval when the probe backs up the position file.
Default: 10 Seconds

Note: The probe keeps the backup of the position file during unexpected system reboot or system crash. In such cases, reboot alarms occur, but it is possible to get duplicate alarms for the specified time interval.
the keys are:
enable_pos_backupfile = yes
pos_backup_interval = 10
Additional Information:
When the probe starts up each time it should have the last read position:
May 15 06:05:37:656 ntevl: ****************[ Starting ]****************
May 15 06:05:37:656 ntevl: * Windows NT event log watcher 3.70
May 15 06:05:37:656 ntevl: * Nimsoft Corporation
May 15 06:05:37:656 ntevl: port=48008 PID=3976
May 15 06:05:37:656 ntevl: Initial log file positions:
May 15 06:05:37:656 ntevl: Security = 7745270
May 15 06:05:37:656 ntevl: Application = 407526
May 15 06:05:37:656 ntevl: System = 282778

Some times on shutting down there will be an error and the counters will be reset
May 16 06:05:28:494 ntevl: ****************[ Starting ]****************
May 16 06:05:28:494 ntevl: * Windows NT event log watcher 3.70
May 16 06:05:28:494 ntevl: * Nimsoft Corporation
May 16 06:05:28:494 ntevl: port=48008 PID=3932
May 16 06:05:28:494 ntevl: Initial log file positions:
May 16 06:05:28:494 ntevl: Security = 7745834
May 16 06:05:28:494 ntevl: Application = 0
May 16 06:05:28:494 ntevl: System = 0

example error:
May 16 06:04:08:096 ntevl: (stop) from XXX.XXX.XXX.XXX/4649
May 16 06:04:09:112 ntevl: sockWrite Failed: 00000000009699B0 XXX.XXX.XXX.XXX/4649 10053 (rc = -1, sfd = 556, lenleft = 125)
May 16 06:05:26:650 ntevl: OS Major: 5, OS Minor: 2
May 16 06:05:26:665 ntevl: evlDefineCustom - security=7745834
May 16 06:05:26:665 ntevl: evlDefineCustom - application=0
May 16 06:05:26:665 ntevl: evlDefineCustom - system=0
May 16 06:05:26:681 ntevl: Setting description delimiter to 0