As we all know Event Viewer is very reliable but is not very robust. Often after clicking on Event Viewer you must wait for the MMC snap-in to respond and populate the logs. With the increase usage of Windows Event Collection logs are filling faster and getting bigger. One of our larger customers noticed a troubling situation. Logs used as destination logs for WEC subscriptions were stalling. There was no alert, no error, no warning and no other notification. The only way to determine that the log was indeed stalled was to have a set of eyes looking at the log in Event Viewer and noticing that no new events were being received.
With the release of Supercharger 21.8.4 a new feature has been added, Stalled Event Log Watchdog.
This feature is turned on by default in Supercharger by the EventLogStalledCheckingEnabled override. There are two customizable override settings to configure it:
- EventLogStalledSecondsBeforeResetting (default 90)
- EventLogStalledSecondsBeforeRepeatingReset (default 3600)
An event log is considered stalled if it meets the following criteria:
- It is in use (i.e. it is part of at least one subscriptions)
- Its EPS is lower than expected compared to the average EPS and taking into consideration the standard deviation (i.e. current EPS < average EPS - (std deviation EPS2))
If the watchdog is enabled by EventLogStalledCheckingEnabled and the event log has been stalling for at least EventLogStalledSecondsBeforeResetting seconds, but has not been reset within EventLogStalledSecondsBeforeRepeatingReset seconds, a reset will be initiated on the event log and an Info message will be posted.
Event log reset can also be submitted manually through the UI under Event Log Status.
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!