Home → LOGbinder for EX KB → Getting Started Guide → Appendix C: Diagnostic Events
2.7. Appendix C: Diagnostic Events
551 – LOGbinder agent successful
This event occurs when LOGbinder for Exchange successfully translates log entries. Usually appearing in pairs, as one indicates that log entries have been 'exported' from their source (for example, Exchange), and the other that entries have been 'imported' to their destination (for example, the Windows event log). This event is informational in nature.
This event is written to the Windows Application log.
Example A
LOGbinder EX exported 3 entries from Exchange site http://MySite
Example B
LOGbinder EX imported 3 entries to Security event log
Example C
LOGbinder EX imported 3 entries to LOGbinder EX event log
552 – LOGbinder warning
This event occurs when LOGbinder for Exchange does not find information as expected. In most cases, it does not indicate a serious problem, but is provided so as to complete the audit trail. This event is written to Windows application log.
Example
This warning indicates that the results of the audit log search have not been returned by Exchange within two hours. If Exchange doesn’t respond to a request, LOGbinder will not retry that range. If the results or an error message is delivered, LOGbinder will handle it while it is in the transaction list (30 days). It will send the message below after 2 hours of not receiving it.
LOGbinder warning
No Response From Exchange – Audit Data Gap
Exchange has not responded to an audit data request in a reasonable time. If Exchange eventually responds with audit data for this request, LOGbinder will process it for up to 30 days. However, this warning indicates that there is currently a gap in audit data.
Request data:
2358359d-6da5-49b3-9132-e41d2d323dc5
Exchange Admin audit search Initiated: 7/7/2016 12:46:21 PM Start time: 7/7/2016 7:21:14 PM End time: 7/7/2016 7:26:20 PM
553 – LOGbinder settings changed
This event occurs when the LOGbinder settings are changed. This event is written to Windows Application log.
For LOGbinder for Exchange, this includes which Exchange servers are monitored, which audit event types are handled, and the date and time LOGbinder last translated log entries. In addition, the settings for output formats are included.
Example A
LOGbinder settings changed
Output to Security log enabled. Noise events included.
Example B
LOGbinder settings changed
Settings for lbex_svc@contoso.com adjusted: Settings ID: 48f7e2f2-4da3-4d59-9b41-507799bedf77
Example C
LOGbinder settings changed
Settings for http://ex1.contoso.com/powershell adjusted: Mailbox audit policy organizational units changed
554 – LOGbinder agent produced unexpected results
This event occurs when LOGbinder for Exchange encounters something unexpected when translating a log entry. At times it may be from a custom log entry.
This event is written to Windows Application log.
You can help us improve LOGbinder by reporting these events to the LOGbinder support team so that the LOGbinder product may be improved. Private data will not be shared.
Example
In this example, the developer used an existing event type, "Workflow," but included non-standard event data.
LOGbinder agent produced unexpected results
As the LOGbinder agent translated this entry, it encountered data is could not handle properly. It could have been caused by a custom or undocumented feature. So that LOGbinder can handle these entries in the future, it is suggested that you submit the entry to the LOGbinder support team.
<LogEntry siteName="http://shpnt" itemType="List Item" userName="Robert Solomon" locationType="Url" occurred="2009-06-29T21:49:11" eventType="Workflow"><RawData siteId="3b7fb82c-f30d-4604-99c0-df8325e9cff4" itemId="c04f5388-bf24-4007-b463-1dd1b3c19a02" itemType="ListItem" userId="1" documentLocation="Cache Profiles/1_.000" locationType="Url" occurred="633819089510000000" event="Workflow" eventSource="ObjectModel"><EventData>http://shpnt/docLib/CopiedFile.ext</EventData></RawData><Details /></LogEntry>
555 – LOGbinder error
This event occurs when the LOGbinder service encounters a problem that needs attention. This event is written to Windows Application log. In most cases this gives enough information for you to address the problem successfully. Otherwise, please contact LOGbinder support for assistance.
Example A
In this example, the error indicates that the LOGbinder for Exchange service cannot run because the Exchange web service has not been configured properly.
LOGbinder error
Cannot start LOGbinder EX service, Exchange web service not configured.
Example B
In this example, a program assembly used by LOGbinder for Exchange does not exist, indicating that the LOGbinder software is no longer installed properly.
LOGbinder error
Exporter assembly does not exist: C:\Program Files\LOGbndEX\MTG.LOGbinder.Exchange.dll
Example C
In this example, a certificate error is indicated. The Exchange URL set for the inputs should open in Internet Explorer without any certificate error. Certificate errors often occur when using a self-signed certificate.
Could not retrieve mail messages from Exchange mailbox. Details: The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; The remote certificate is invalid according to the validation procedure.
Action: Add the self-signed certificate to the trusted root store.
556 – LOGbinder insufficient authority
This event occurs when the LOGbinder for Exchange service cannot run because of invalid or inadequate permissions. The event will include the module lacking the permission, the name or description of the permission, as well as relevant details. Each example below also includes the action needed in order to correct it.
Example A: No permission to write to security log
LOGbinder insufficient authority
The LOGbinder agent cannot operate normally because it lacks sufficient authority.
Source: Security Log
Privilege: SeAuditPrivilege
Details: The LOGbinder agent does not have the necessary rights to configure the security log
Action: The service account needs the "Generate security audits" privilege (https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Generate-security-audits), or do not enable LOGbinder to output to the Windows Security log.
Example B: Attempt to write to security log from invalid location
One measure to protect the security log is to write security events only from authorized locations. When LOGbinder is configured, it registers its program location with the security log. If this error occurs, then LOGbinder had been reinstalled to a different location, and the previous location was not removed properly.
LOGbinder insufficient authority
The LOGbinder agent cannot operate normally because it lacks sufficient authority.
Source: Security Log
Privilege: Invalid Location
Details: Cannot write to because the program location does not match what has been previously configured
Action: Recommended to delete the registry key manually. First ensure that LOGbinder is not open. Then delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LOGbndES. Be careful not to delete other parts of the registry, as it can cause the server to be unstable. When you reopen the LOGbinder control panel, it will reconfigure its ability to write to the security log.
Example C: Internal error
LOGbinder insufficient authority
The LOGbinder agent cannot operate normally because it lacks sufficient authority.
Source: Security Log
Privilege: Internal Error
Details: The security account database contains an internal inconsistency
Action: One factor that can cause an internal error is if the LOGbinder program path is too long. By default, LOGbinder is installed to C:\Program Files\LOGbndEX. It is recommended that the default be used. If the software has been installed to a different location with a longer program path, to correct this error it will be necessary to reinstall LOGbinder.
Example D: Log on as service
LOGbinder insufficient authority
The LOGbinder agent cannot operate normally because it lacks sufficient authority.
Source: LOGbinder service
Privilege: Log on as service
Details: Account running LOGbinder agent does not have user right "Logon as a service"
Action: The service account needs to be assigned the "Logon as a service" user right. (https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Log-on-as-a-service)
Example E: Cannot start LOGbinder control panel
LOGbinder insufficient authority
The LOGbinder agent cannot operate normally because it lacks sufficient authority.
Source: LOGbinder Manager
Privilege: File Permissions
Details: Account running LOGbinder Control Panel needs to be a member of the local Administrators group
Action: Ensure that the user account used to run the LOGbinder for Exchange control panel has local administrator access.
557 – License for LOGbinder invalid
Occurs when the license for LOGbinder is not valid and an attempt is made to start the service. This event is written to the Application log.
If the license is not valid, the LOGbinder for Exchange control panel continues to operate as normal. However, the LOGbinder service will not start if the license is invalid. Follow the instructions in the control panel, in the menu File\License, in order to obtain a license to the software.
Example
License for LOGbinder invalid
Details: License is invalid. Open LOGbinder for Exchange Control Panel to remedy.