starred/tacticalrmm
1
0
Fork 0
mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 23:15:57 +03:00
Code Issues 919 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #284] Event viewer does not show messages if they're above a certain length (I think) #2130

New issue
Closed
opened 2026-03-14 02:41:00 +03:00 by kerem · 7 comments
kerem commented 2026-03-14 02:41:00 +03:00
Owner
Copy link

Originally created by @knk90 on GitHub (Feb 18, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/284

This issue affects both the event viewer and the event viewer / log checks.

This is running the community disk check script
image
However, if we look for this in the log we get this:
image
image

I have tested trying to run a check for this event and filter by message and it doesn't find anything either.

Thanks

Originally created by @knk90 on GitHub (Feb 18, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/284 This issue affects both the event viewer and the event viewer / log checks. This is running the community disk check script ![image](https://user-images.githubusercontent.com/60167430/108428799-3b903e80-7293-11eb-8aed-9c84f1df0391.png) However, if we look for this in the log we get this: ![image](https://user-images.githubusercontent.com/60167430/108428906-67132900-7293-11eb-89a6-27599d5cd963.png) ![image](https://user-images.githubusercontent.com/60167430/108428930-6ed2cd80-7293-11eb-8ccd-f146faac389d.png) I have tested trying to run a check for this event and filter by message and it doesn't find anything either. Thanks
kerem closed this issue 2026-03-14 02:41:06 +03:00
kerem commented 2026-03-14 02:41:11 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Feb 18, 2021):

Hello, I wrote this script, do you have a drive with the letter I:? If so it needs to be taken offline and scanned for defects.

Tactical doesn't always show the complete messages but you should be able to find it on event viewer, if you edit the script you will see where it is searching for the IDs and types and should be able to check that on the local machine. That's how I normally do it. Or you can check eventid.net and put in the ID and check the sources and it should fill in the blanks. http://www.eventid.net/display-eventid-98-source-Microsoft-Windows-Ntfs-eventno-11503-phase-1.htm

<!-- gh-comment-id:781689386 --> @dinger1986 commented on GitHub (Feb 18, 2021): Hello, I wrote this script, do you have a drive with the letter I:? If so it needs to be taken offline and scanned for defects. Tactical doesn't always show the complete messages but you should be able to find it on event viewer, if you edit the script you will see where it is searching for the IDs and types and should be able to check that on the local machine. That's how I normally do it. Or you can check eventid.net and put in the ID and check the sources and it should fill in the blanks. http://www.eventid.net/display-eventid-98-source-Microsoft-Windows-Ntfs-eventno-11503-phase-1.htm
kerem commented 2026-03-14 02:41:16 +03:00
Author
Owner
Copy link

@knk90 commented on GitHub (Feb 18, 2021):

Yeah this clients plugged in what I can only assume is a 10 year old external harddrive he's dropped on the ground 30 times.

There's nothing wrong with the script. I was using that as an example to show the message was present - sorry I should have been more specific.

What I wanted to do is put multiple event log checks in however on the NTFS ones filter out anything but C:\ using the event log string check.
image

Reasoning for this is that I don't really care if someone's flashdrive/external harddrive is showing issues only system disks. So I was going to have one check for each of the event providers / IDs as required to avoid generating unnecessary noise.

Probably a low priority issue I can work around with scripting in all honesty, just thought I'd put it in here so you guys were aware.

<!-- gh-comment-id:781700734 --> @knk90 commented on GitHub (Feb 18, 2021): Yeah this clients plugged in what I can only assume is a 10 year old external harddrive he's dropped on the ground 30 times. There's nothing wrong with the script. I was using that as an example to show the message was present - sorry I should have been more specific. What I wanted to do is put multiple event log checks in however on the NTFS ones filter out anything but C:\ using the event log string check. ![image](https://user-images.githubusercontent.com/60167430/108434692-32f03600-729c-11eb-8639-5c26b9dc357e.png) Reasoning for this is that I don't really care if someone's flashdrive/external harddrive is showing issues only system disks. So I was going to have one check for each of the event providers / IDs as required to avoid generating unnecessary noise. Probably a low priority issue I can work around with scripting in all honesty, just thought I'd put it in here so you guys were aware.
kerem commented 2026-03-14 02:41:22 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Feb 19, 2021):

Ok yes that makes sense now.

I'll see if we can filter out drives with it, if you want to see diy the script feel free. Do a pull request and share it or you can always discuss this further on the discord channel.

<!-- gh-comment-id:781896957 --> @dinger1986 commented on GitHub (Feb 19, 2021): Ok yes that makes sense now. I'll see if we can filter out drives with it, if you want to see diy the script feel free. Do a pull request and share it or you can always discuss this further on the discord channel.
kerem commented 2026-03-14 02:41:27 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Feb 21, 2021):

@knk90 do you want to change this to a feature request? Or shall we close it? I guess the only request from this could be to allow the full error to show is that what you want?

Community scripts aren't really directly to do with tactical but there's loads of us who can help you on discord with any scripts.

<!-- gh-comment-id:782919386 --> @dinger1986 commented on GitHub (Feb 21, 2021): @knk90 do you want to change this to a feature request? Or shall we close it? I guess the only request from this could be to allow the full error to show is that what you want? Community scripts aren't really directly to do with tactical but there's loads of us who can help you on discord with any scripts.
kerem commented 2026-03-14 02:41:32 +03:00
Author
Owner
Copy link

@knk90 commented on GitHub (Feb 21, 2021):

Yeah so I don't consider this a feature request, more of a low priority bug. I mustn't have explained myself properly

The script was only intended to highlight that the error differs in tactical vs the actual error, I can sort out the script side on my end to obtain the visibility I'm after, with a bit of googling :).

What I think is a large issue though, is that due to this the event log checks give a false sense of security. I'd be disabling message contains string functionality or at least putting a disclaimer that events in excess of X characters are not filterable.

So if I were filtering based on a string I know indicates problematic behavior, but the filter (message contains string) doesn't pick anything up because the "message" from the event log is blank. In this situation I think everything is working without issue, but in reality my backups / raid / service etc is failing.

image

<!-- gh-comment-id:782932190 --> @knk90 commented on GitHub (Feb 21, 2021): Yeah so I don't consider this a feature request, more of a low priority bug. I mustn't have explained myself properly The script was only intended to highlight that the error differs in tactical vs the actual error, I can sort out the script side on my end to obtain the visibility I'm after, with a bit of googling :). What I think is a large issue though, is that due to this the event log checks give a false sense of security. I'd be disabling message contains string functionality or at least putting a disclaimer that events in excess of X characters are not filterable. So if I were filtering based on a string I know indicates problematic behavior, but the filter (message contains string) doesn't pick anything up because the "message" from the event log is blank. In this situation I think everything is working without issue, but in reality my backups / raid / service etc is failing. ![image](https://user-images.githubusercontent.com/60167430/108639684-eb5ee980-74e9-11eb-8468-981230ce2324.png)
kerem commented 2026-03-14 02:41:37 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Apr 11, 2021):

I see what you mean here, I personally would use powershell for log querying as thats all done at the client side.

Also filtered the disk check to only show messages related to drives with a letter

<!-- gh-comment-id:817278389 --> @dinger1986 commented on GitHub (Apr 11, 2021): I see what you mean here, I personally would use powershell for log querying as thats all done at the client side. Also filtered the disk check to only show messages related to drives with a letter
kerem commented 2026-03-14 02:41:42 +03:00
Author
Owner
Copy link

@sadnub commented on GitHub (May 29, 2021):

Are you able to run the event checks through a powershell script instead? That would be the easiest way. We aren't adding or expanding current functionality with checks since a script check already does everything. I believe there might be event check examples in the community scripts

<!-- gh-comment-id:850769744 --> @sadnub commented on GitHub (May 29, 2021): Are you able to run the event checks through a powershell script instead? That would be the easiest way. We aren't adding or expanding current functionality with checks since a script check already does everything. I believe there might be event check examples in the community scripts
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
1.0.0
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.12
v0.15.11
v0.15.10
v0.15.9
v0.15.8
v0.15.7
v0.15.6
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.32
v0.4.31
v0.4.30
v0.4.29
v0.4.28
v0.4.27
v0.4.26
v0.4.25
v0.4.24
v0.4.23
v0.4.22
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
In Process

   
bug

   
bug

   
dev-triage

   
documentation

   
duplicate

   
enhancement

   
fixed

   
good first issue

   
help wanted

   
integration

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
requires agent update

   
security

   
ui tweak

   
wontfix
No labels
In Process
bug
bug
dev-triage
documentation
duplicate
enhancement
fixed
good first issue
help wanted
integration
invalid
pull-request
question
requires agent update
security
ui tweak
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tacticalrmm#2130
No description provided.