I am running Win2K Pro/SP4.

I keep getting the following Event Viewer application error every time
I reboot:

+++
SysmonLog

Unable to read the Log File Folder value of the System Overview log or
alert configuration. The default value will be used. The error code
returned is in the data.

[The error code is 2]
+++

What is this and why is is happening? What do I do to fix it?

Thanks


--

"There is no distinctly native American criminal class save Congress."
--Mark Twain

SysmonLog is the "Performance Logs and Alerts Service" and the "System
Overview" log is typically set as C:\PerfLogs\System_Overview.blg - did you
setup any Performance Monitor logging? Double-check the settings by opening
the "Performance Logs and Alerts", "Counter logs" applet from the "Computer
Management" GUI. By default the System Overview logging is stopped.

--
Adrian Grigorof
www.eventid.net


"Bob" <spam@uce.gov> wrote in message
news:44f5f6bc.336593@news-server.houston.rr.com...
>I am running Win2K Pro/SP4.
>
> I keep getting the following Event Viewer application error every time
> I reboot:
>
> +++
> SysmonLog
>
> Unable to read the Log File Folder value of the System Overview log or
> alert configuration. The default value will be used. The error code
> returned is in the data.
>
> [The error code is 2]
> +++
>
> What is this and why is is happening? What do I do to fix it?
>
> Thanks
>
>
> --
>
> "There is no distinctly native American criminal class save Congress."
> --Mark Twain
>

On Thu, 31 Aug 2006 11:04:08 -0400, "Adrian Grigorof"
<agrigorof@hotmail.com> wrote:

>SysmonLog is the "Performance Logs and Alerts Service"

Does that have anything to do with Event Viewer?

>the "System Overview" log is typically set as C:\PerfLogs\System_Overview.blg

I see that entry in Computer Management.

>did you setup any Performance Monitor logging?

No that I am aware of.

>Double-check the settings by opening
>the "Performance Logs and Alerts", "Counter logs" applet from the "Computer
>Management" GUI.

All I see are what are termed "sample logs".

>By default the System Overview logging is stopped.

Yes. But when I tried to delete them, it fussed at me.

How do I fix this screwball problem?



--

"There is no distinctly native American criminal class save Congress."
--Mark Twain

Ok, I was able to replicate this as follows:
Opened HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
Queries\{<guid>} using registry editor (regedit). The GUID could be
different on your computer, on mine it was
0f108872-f28c-4555-9e63-b984036cd2bd. I renamed the following registry
value: "Log File Folder" to "old Log File Folder" and then I tried to start
the System Overview counter log and sure enough, event id 2006 showed up in
the event log. Renaming back "Log File Folder" fixed the problem. So, verify
if you have this string registry value configured on your system. On mine it
is set to "C:\PerfLogs".
--
Adrian Grigorof
www.eventid.net


"Bob" <spam@uce.gov> wrote in message
news:44f70dd9.15138156@news-server.houston.rr.com...
> On Thu, 31 Aug 2006 11:04:08 -0400, "Adrian Grigorof"
> <agrigorof@hotmail.com> wrote:
>
>>SysmonLog is the "Performance Logs and Alerts Service"
>
> Does that have anything to do with Event Viewer?
>
>>the "System Overview" log is typically set as
>>C:\PerfLogs\System_Overview.blg
>
> I see that entry in Computer Management.
>
>>did you setup any Performance Monitor logging?
>
> No that I am aware of.
>
>>Double-check the settings by opening
>>the "Performance Logs and Alerts", "Counter logs" applet from the
>>"Computer
>>Management" GUI.
>
> All I see are what are termed "sample logs".
>
>>By default the System Overview logging is stopped.
>
> Yes. But when I tried to delete them, it fussed at me.
>
> How do I fix this screwball problem?
>
>
>
> --
>
> "There is no distinctly native American criminal class save Congress."
> --Mark Twain
>

On Thu, 31 Aug 2006 11:04:08 -0400, "Adrian Grigorof"
<agrigorof@hotmail.com> wrote:

>SysmonLog is the "Performance Logs and Alerts Service" and the "System
>Overview" log is typically set as C:\PerfLogs\System_Overview.blg - did you
>setup any Performance Monitor logging? Double-check the settings by opening
>the "Performance Logs and Alerts", "Counter logs" applet from the "Computer
>Management" GUI. By default the System Overview logging is stopped.

I was able to stop the service and now the event viewer entry is gone.

I have another problem that perhaps you can comment on.

When I open Win2K Defrag, I get two entries for one disk drive.

System (C:)
System

They both have the same size but the GUID is different.

What is going on and how do I correct it?

Thanks.


--

"There is no distinctly native American criminal class save Congress."
--Mark Twain

On Thu, 31 Aug 2006 13:59:28 -0400, "Adrian Grigorof"
<agrigorof@hotmail.com> wrote:

>Ok, I was able to replicate this as follows:
>Opened HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log
>Queries\{<guid>} using registry editor (regedit). The GUID could be
>different on your computer, on mine it was
>0f108872-f28c-4555-9e63-b984036cd2bd. I renamed the following registry
>value: "Log File Folder" to "old Log File Folder" and then I tried to start
>the System Overview counter log and sure enough, event id 2006 showed up in
>the event log. Renaming back "Log File Folder" fixed the problem. So, verify
>if you have this string registry value configured on your system. On mine it
>is set to "C:\PerfLogs".

Thanks for the heads up. I fixed the problem by stopping the service.


--

"There is no distinctly native American criminal class save Congress."
--Mark Twain