Michel Caissie wrote: >> I was trying to understand how this work without an agent >> on the device , but as far as i understand Wug will call >> the WMI and ask him to collect a specific event log >> and send a notification to WUG when it occurs >> ... correct ???
Yes, that's exactly correct. When you load a map that has Windows Log events applied to hosts, WINEVNT.EXE makes a connection to WMI on those hosts and asks for the appropriate log entries to be sent over. It holds the connection open waiting for them to arrive. >> So, on the device , there must be a place somewhere , >> maybe in the WMI registry , where the IP of the WUG >> is registered , so the WMI knows where to send the >> notification ....correct ??? No. WUG holds the connection to WMI on the remote host open, so WMI knows implicitly that the events go back to the host that opened the connection. If the connection is ever lost (like if the host reboots) WUG will automatically try to restore it, and it has several levels of checking to make sure it does this in a timely fashion. >> And 2 months later i decide i don't need to monitor >> this device anymore, so i delete it from the map. At the time that you do this, the WMI connection between WUG and the remote host is closed. That stops any flow of events. >> Will the device continue to send notifications to WUG ? >> Do i have to remove the Event monitoring before i >> delete the device ? No to both of those. It takes care of it for you in the way you would expect. You can try it out and see what is going on by using the Debug Log. Open up the debug log window with Logs | Debug Log... Then load a map with a device with events on it, and you will see messages similar to this: Syslog: Adding event 'Any' to host at '10.1.2.3' (0x34E69C2E) SNMP Trap: Adding event 'any' to host at 10.1.2.3 (0x34E69C2E) Windows Log: Adding event 'Any' to host at 10.1.2.3 (0x34E69C2E) D:\Program Files\WhatsUp8\Atlanta.wup D:\Program Files\WhatsUp8\Atlanta.wup loaded Windows Log: WMI connected successfully to host at 10.1.2.3 Notice how it added the event 'Any' to what it was tracking for the host (one of each type), but then later the Windows Log plugin reported when WMI successfully connected to the remote host. Similarly, if you select the host and hit DELETE in edit mode will see messages similar to this in your debug log: Syslog: Removing event 'Any' to host at '10.1.2.3' (0x34E69C2E) SNMP Trap: Removing event 'any' from host at 10.1.2.3 (0x34E69C2E) Windows Log: Removing event 'Any' from host at 10.1.2.3 (0x34E69C2E) Windows Log: Disconnecting from host 10.1.2.3 Again you see indications that the plugins are not tracking the events anymore, and then a second message from Windows Log about disconnecting its WMI channel to the remote host. --Tim Farley IPSWITCH Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
