Microsoft KB Archive/245022

= How to use WEventMon.exe and SNA Trace Maker =

Article ID: 245022

Article Last Modified on 4/27/2005

-

APPLIES TO


 * Microsoft SNA Server 4.0
 * Microsoft SNA Server 3.0 Service Pack 2
 * Microsoft SNA Server 3.0 Service Pack 3
 * Microsoft SNA Server 3.0 Service Pack 4
 * Microsoft SNA Server 4.0
 * Microsoft SNA Server 4.0 Service Pack 1
 * Microsoft SNA Server 4.0 Service Pack 2
 * Microsoft SNA Server 4.0 Service Pack 3

-



This article was previously published under Q245022



SUMMARY
In some cases, an SNA Support Professional may ask you to capture a problem in traces for troubleshooting purposes. When capturing a problem in SNA traces, it is important to turn off tracing immediately after the problem occurs, to prevent the traces from wrapping and overwriting pertinent data. WEventMon.exe and SNA Trace Maker are two utilities that can help you to capture a certain problem in SNA traces without you having to manually stop tracing. They can be obtained from SNA Server technical support.

SNA Trace Maker is used to select the items that you need to trace. It creates two files: Start.reg and Stop.reg. Start.reg is a registry file that contains the trace items that you select. Stop.reg can be used to clear these trace options when tracing is completed.

WEventMon.exe is a program that will monitor the Application, System, or Security event log for a particular event ID, source, or type of event. In addition, a program can be configured to execute when the event is logged. For example, WEventMon can be configured to monitor for Event ID 23 and to execute the Stop.reg file (created with SNA Trace Maker) when this event is logged.



MORE INFORMATION
To create Start.reg and Stop.reg using SNA Trace Maker, see the following steps:


 * 1) Install SNA Trace Maker on the SNA Server by running the Setup.exe program. A program group named SNA Trace Maker will be created in the Start menu.
 * 2) Start Trace Maker from the Start menu, and you will see a box listing all the SNA Server trace items. Select an item you want to trace, and click Properties to enable the appropriate options. Do this for each trace item that you want to enable.

NOTE: If a link service is one of the items that needs to be traced, click Add Link. Select the appropriate type of link service from the Link Service drop-down box. In the small drop-down box, select the number of the link service you want to trace. For example, if you need to trace the Snadlc1 link service, select DLC 802.2 Link Service and 1.
 * 1) The Clear All button can be used to clear the trace settings if you need to start over.
 * 2) When all the desired trace options are enabled, click Make .reg File. Two files, Start.reg and Stop.reg, will be created in the \\Program Files\SNA Trace Maker\reg directory.

To configure WEventMon.exe to monitor for an event and execute Stop.reg when the event is logged, see the following steps. In this scenario, WEventMon will be configured to monitor for an Event 23 in the Application Event Log.


 * 1) Copy WEventMon.exe to the SNA Server, and start the program.
 * 2) Click the Application Log radio button where it says "Log To Monitor"
 * 3) Under Properties to Search For, select Event ID, and type 23 in the box below.
 * 4) At the bottom of the screen, where it says "Execute This Program", type in the command to run the Stop.reg file that you created previously with SNA Trace Maker (that is, regedit "C:\Program Files\SNA Trace Maker\reg\stop.reg"). Please note that you must include the regedit command on this line, or the .reg file will not execute.
 * 5) When you are ready to enable monitoring, start the traces by double-clicking start.reg. Then, click Start Monitoring. Traces will continue to run until the Event ID 23 is logged. By default, traces are stored in \\sna\traces.

NOTE: When you run this program, if you receive a message stating "Cannot open filename," move the created stop.reg and start.reg to a folder in a path without long filenames. Edit the created batch file to reflect the new path, and then change the path in WEventmon.exe accordingly.

Keywords: kbhowto KB245022

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.