• State Not Answered
  • Replies 4 replies
  • Subscribers 14 subscribers
  • Views 2490 views
  • Users 0 members are here
Options
Related

help with Database Events Data Sources

andrea giammaria
over 3 years ago

Hello,

I'm trying to setup a connector in InTrust to retrieve data from a SQL Server Table. I've read the steps outlined in there: support.quest.com/.../4

I'm observing a very strange behaviour: when i launch the Task I've created (with associated DataSource, Site and Gathering Policy) it goes fine the first time while other times, even if it's launched manually or via scheduled task, it fails and I receive always the same error (truncated at the source):

Failed to collect event log. ADC Error: Internal error: Errors encountered while preparing for data collection. (Internal error: cannot find the last gathered event position in the gathered database.[Microsoft][ODBC SQL Server Driver][SQL Server]Conversio

I don't really get why, since I didn't change anything in the config. The query works pretty fine for the first gathering but it fails any other subsequent times.

Can anyone give me some clue?

Thanks in advance,
Andrea

  • 0 over 3 years ago

    Normally, this particular error is not considered a failure.  Rather, what it is warning you about is that InTrust doesn't know whether the data that it is trying to gather is new or not.  And by "new" I mean "did the events occur after the last data gathering".  Do the events you are pulling from your SQL server table have a timestamp?  If they do, then InTrust is not able to evaluate it. I am surprised though that it doesn't just go ahead and pull ALL of the events from your table every time.  (Not very efficient but at least you would gather some data).  You are sure that you are not getting data imported into your audit database or Repository?

  • 0 over 3 years ago

    A further thought - have you looked at the InTrust Server's own InTrust event log to see if you can see the full message?  I would bet that it is telling you that it cannot convert the timestamps of the events you are gathering.

  • 0 over 3 years ago in reply to JohnnyQuest

    Well actually Intrust is supposed to knows about the events timestamp, since I've mapped both "Local Time" and "Last Gathered Events" to the columns that contains datetime in my table. 
    I'm also using the %LAST_GATHERED_EVENTS% variable in my query as suggested in the technical documentation.
    The first time I launch the task, all the events in the table are collected, the problem in my case are subsequent searches in the same table with no new data in it: and this is what is failing, so I'm just wondering if the error is just misleading.
    I cannot force by myself new events in the gathered table, so I'm forced to wait for them before launching a new gathering task.

  • 0 over 3 years ago in reply to JohnnyQuest

    nothing unfortunately. I've found just this: Job "XXX" from task "YYY" completed with error. Error code: 2.