WinSyslog Event ID troubleshooting procedures#
Use these procedures from the applicable Event ID page. Each procedure includes commands, expected results, failure branches, recovery verification, and evidence collection.
Collect an Event ID and neighboring product events — Preserve the complete event and the product events immediately before and after it.
Collect evidence for an escalation-only runtime event — Capture a bounded reproducible support package without unsafe generic repair.
Diagnose an action backlog or disk queue — Identify why queued work is not draining while preserving data.
Diagnose log rotation and retention — Verify trigger, names, handles, destination access, and retention.
Export configuration and collect a bounded debug log — Create a text configuration export and time-bounded debug capture, then disable debugging.
Interpret a Windows or Winsock error code — Translate a numeric code without losing its operation or subsystem context.
Resolve a destination and test its TCP port — Verify DNS, selected address, routing, and TCP establishment.
Test an ODBC connection in the product context — Verify ODBC provider, architecture, authentication, connectivity, and a minimal query.
Test an OLE DB connection in the product context — Verify OLE DB provider, architecture, authentication, connectivity, and a minimal query.
Validate configuration and reload it safely — Back up, inspect, correct, and test the exact invalid configuration object.
Verify a monitored remote service — Confirm resolution, transport, protocol, credentials, expected response, and timing.
Verify a program or Windows-service control action — Check target, arguments, working directory, account rights, and positive result.
Verify a UDP path without assuming delivery — Confirm receiver binding, firewall policy, and positive receipt for a paced sample.
Verify an SNMP trap sender and receiver path — Confirm transport, endpoint, SNMP version, security/community, OIDs, and receipt.
Verify Event Log channel access and bookmark state — Confirm channel existence, enablement, account access, and collection position.
Verify File Monitor source state and encoding — Check source path, sharing, encoding, line endings, and read position.
Verify file paths, permissions, and free space — Check expansion, existence, ACLs, service-account context, and storage.
Verify listener binding and Windows Firewall rules — Confirm effective address, port, transport, owning process, and inbound policy.
Verify Microsoft Message Queuing availability and access — Confirm feature, service, queue path, transaction mode, and send rights.
Verify product license and feature entitlement state — Confirm product, version, validity, edition, and required feature without exposing license data.
Verify sender, receiver, and queued-message recovery — Prove end-to-end recovery and backlog drainage.
Verify service state, dependencies, and service account — Confirm service state, start mode, dependencies, account, and SCM errors.
Verify SMTP connectivity and mail delivery — Separate DNS, TCP, TLS, authentication, relay, recipient, and downstream delivery.
Verify TLS certificates, private keys, and permitted peers — Check validity, trust chain, key pairing, protocol mode, and peer authorization.