DOCUMENT:Q245022  13-JUN-2001  [sna]
TITLE   :How To Use WEventMon.exe and SNA Trace Maker
PRODUCT :Microsoft SNA Server
PROD/VER:WINDOWS:3.0 (all SP),4.0,4.0 SP1,4.0 SP2,4.0 SP3
OPER/SYS:
KEYWORDS:kbDSupport kbsna

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft SNA Server, versions 3.0 SP1, 3.0 SP2, 3.0 SP3, 3.0 SP4, 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3 
-------------------------------------------------------------------------------

SUMMARY
=======

In some cases, an SNA Support Professional may ask you to capture a problem in
traces for troubleshooting purposes. When capturing a problem in SNA traces, it
is important to turn off tracing immediately after the problem occurs, to
prevent the traces from wrapping and overwriting pertinent data. WEventMon.exe
and SNA Trace Maker are two utilities that can help you to capture a certain
problem in SNA traces without you having to manually stop tracing. They can be
obtained from SNA Server technical support.

SNA Trace Maker is used to select the items that you need to trace. It creates
two files: Start.reg and Stop.reg. Start.reg is a registry file that contains
the trace items that you select. Stop.reg can be used to clear these trace
options when tracing is completed.

WEventMon.exe is a program that will monitor the Application, System, or Security
event log for a particular event ID, source, or type of event. In addition, a
program can be configured to execute when the event is logged. For example,
WEventMon can be configured to monitor for Event ID 23 and to execute the
Stop.reg file (created with SNA Trace Maker) when this event is logged.

MORE INFORMATION
================

To create Start.reg and Stop.reg using SNA Trace Maker, see the following
steps:

1. Install SNA Trace Maker on the SNA Server by running the Setup.exe program. A
   program group named SNA Trace Maker will be created in the Start menu.

2. Start Trace Maker from the Start menu, and you will see a box listing all the
   SNA Server trace items. Select an item you want to trace, and click
   Properties to enable the appropriate options. Do this for each trace item
   that you want to enable.

   NOTE: If a link service is one of the items that needs to be traced, click Add
   Link. Select the appropriate type of link service from the Link Service
   drop-down box. In the small drop-down box, select the number of the link
   service you want to trace. For example, if you need to trace the Snadlc1 link
   service, select DLC 802.2 Link Service and 1.

3. The Clear All button can be used to clear the trace settings if you need to
   start over.

4. When all the desired trace options are enabled, click Make .reg File. Two
   files, Start.reg and Stop.reg, will be created in the \\Program Files\SNA
   Trace Maker\reg directory.

   To configure WEventMon.exe to monitor for an event and execute Stop.reg when
   the event is logged, see the following steps. In this scenario, WEventMon
   will be configured to monitor for an Event 23 in the Application Event Log.

   1. Copy WEventMon.exe to the SNA Server, and start the program.

   2. Click the Application Log radio button where it says "Log To Monitor"

   3. Under Properties to Search For, select Event ID, and type "23" (without
      the quotation marks) in the box below.

   4. At the bottom of the screen, where it says "Execute This Program", type in
      the command to run the Stop.reg file that you created previously with SNA
      Trace Maker (that is, regedit "C:\Program Files\SNA Trace
      Maker\reg\stop.reg"). Please note that you must include the regedit
      command on this line, or the .reg file will not execute.

   5. When you are ready to enable monitoring, start the traces by
      double-clicking start.reg. Then, click Start Monitoring. Traces will
      continue to run until the Event ID 23 is logged. By default, traces are
      stored in \\sna\traces.

NOTE: When you run this program, if you receive a message stating "Cannot open
filename," move the created stop.reg and start.reg to a folder in a path without
long filenames. Edit the created batch file to reflect the new path, and then
change the path in WEventmon.exe accordingly.

Additional query words:

======================================================================
Keywords          : kbDSupport kbsna 
Technology        : kbAudDeveloper kbSNAServSearch kbSNAServ400 kbSNAServ300SP3 kbSNAServ300SP1 kbSNAServ400SP1 kbSNAServ400SP2 kbSNAServ400SP3 kbSNAServ300SP2 kbSNAServ300SP4
Version           : WINDOWS:3.0 (all SP),4.0,4.0 SP1,4.0 SP2,4.0 SP3
Issue type        : kbhowto

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 2001.