Part 1: Installing LOGbinder For SharePoint
Part 2: Configuring LOGbinder for SharePoint
Part 4: Appendix
When installing, configuring, and running LOGbinder for SharePoint,
the software writes diagnostic events to the Windows Application Event Log.
Most of these will be from the source "LOGbndSE" and the category
"LOGbinder." You may use the Windows Event Viewer to examine these
events.
During Installation and Configuration
During installation and configuration, you will find these entries:
- After installation, there may be an entry from
the source MsiInstaller: "Product: LOGbinder SP -- Installation completed
successfully."
- When the configuration of LOGbinder for
SharePoint changes, you will see one or more entries entitled "LOGbinder
settings changed." See Appendix C:
Diagnostic Events:
“553
– LOGbinder settings changed”
for information about these events.
- When the service starts, there may be an entry
from the source LOGbinder SP: "Service started successfully."
(Entries are also written when the service is stopped.)
You can monitor these events to ensure that LOGbinder for SharePoint
continues to be configured properly, and that unauthorized changes do not
occur.
After configuring LOGbinder for SharePoint and starting the service,
it automatically performs a check to ensure that LOGbinder's settings are valid
and that the account running the Windows service has sufficient authority. If
there is a problem, the LOGbinder for SharePoint (LOGbinder SP) service will
not start and a message will be presented to the user. In most cases, the
details of the problem are written to the Application log. Common problems
include:
- Input/output
not configured properly. See the previous section “Configuring LOGbinder
for SharePoint”
for more information.
- Insufficient
authority. If the service account does not have adequate authority, then
the service will not run. An entry is written to the Application log. See Appendix C: Diagnostic Events
“556
– LOGbinder insufficient authority”
for more details. Some of the common missing permissions include:
- Account does not have authority to log on as a
Windows service
- Account does not have necessary permissions in
SharePoint.
- The account does not have authority to write to
the Security event log. (If this output destination has not been selected, then
it is not necessary to grant this permission.)
- License
invalid. If the license is not valid or has expired, then the LOGbinder for
SharePoint (LOGbinder SP) service will not run. An entry may be written to the
Application log. See Appendix C: Diagnostic Events:
“557
– License for LOGbinder invalid”
for details.
- Other errors will be found in entries entitled
"LOGbinder error." See Appendix C:
Diagnostic Events:
“555
– LOGbinder error”
for more information.
If any of these errors are encountered, the LOGbinder for SharePoint
(LOGbinder SP) service will not run.
While LOGbinder for SharePoint is Running
While LOGbinder for SharePoint is running, you will see information
entries in the Application log as follows:
- Entries 'exported' from SharePoint. For each
site collection being monitored, this message indicates the number of audit
entries that LOGbinder for SharePoint has processed.
- Entries 'imported' into the Windows event log.
This indicates that the audit entries have been placed in the enabled output
formats. There will be one message event if multiple output formats have been
selected (i.e. you have selected both Windows Security Log and Windows Event
Log as output formats). The 'export'/'import' entries are complementary: there
should be a corresponding 'import' entry for each 'export.'
- If the Default Audit Policy is used for newly
created site collections, a number of “553 – LOGbinder settings
changed”
events (see Appendix C: Diagnostic Events)
will be generated when configuring a new site collection.
These log entries are informational in nature. Generally no
action is required. If more entries are being processed than what appear in the
event logs or in your log management solution, it could be that the log size is
too small and entries are being overwritten. See Appendix C: Diagnostic Events
“551
– LOGbinder agent successful”
for more information on these events.
There may also be some warning event entries:
- Could not
find information. As LOGbinder for SharePoint translates audit entries in
SharePoint, and it cannot find information, this event will be generated. See Appendix C: Diagnostic Events
“552
– LOGbinder warning”
for more information. (Note: When LOGbinder for SharePoint is first installed,
or if a site collection is being monitored for the first time, there is a
greater likelihood of these messages. Once LOGbinder for SharePoint translates
the backlog of SharePoint audit entries, the number of these warnings should
decrease.)
- LOGbinder
agent produced unexpected results. When LOGbinder for SharePoint cannot
translate an event properly, in addition to outputting the event to the
selected output streams, it also creates an entry in the Application log. See Appendix C: Diagnostic Events
“554 – LOGbinder
agent produced unexpected results”
for further details.
If LOGbinder for SharePoint has an error, an entry will be created
in the Application log. If permissions are removed, or if the license expires,
you may receive a "556
– LOGbinder insufficient authority"
or "557
– License for LOGbinder invalid"
error, which are explained above. Other errors will be entitled "555 – LOGbinder error."
If you cannot resolve the problem, please submit the issue to the LOGbinder support team.
On a scale of 1-5, please rate the helpfulness of this article
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!