Article ID: 295870
Article Last Modified on 10/27/2006
APPLIES TO
- Microsoft Operations Manager 2000 Service Pack 1
This article was previously published under Q295870
SYMPTOMS
If Microsoft Operations Manager 2000 (MOM) has been monitoring IIS logs for several days and an IIS administrator changes the log format to W3C logs and then back to either NCSA or Microsoft IIS log formats, all the events that were generated originally for the NCSA and Microsoft IIS log formats may be generated again.
CAUSE
This problem can occur if MOM has lost the state information for the NCSA and Microsoft IIS log formats within the registry. This does not happen for the W3C logs because MOM does not overwrite those registry keys. The IIS Web Server provider keeps track of the files it is monitoring by creating registry entries that correspond to each file. When the log format is changed, the registry entries for the files that correspond to the old format are removed. The removal of keys is done for NCSA and Microsoft IIS log formats; the registry entries for W3C format are retained. The removal of these keys causes MOM to lose state information about these formats (NCSA and Microsoft IIS format). Because of this, when the IIS Administrator changes the log format back to NCSA or Microsoft IIS format, events are recreated from the existing log files.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Keywords: kbbug kbenv KB295870
