Hi,
We ran into this kind of issue: Our Windows servers are giving out error
Event ID: 10016
Source: DistributedCOM
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Now, as per http://networkadminkb.com/KB/a351/how-to-fix-nap-agent-service-dcom-error.aspx this error can be pretty much ignored since we are not running NAP.
However, in check_mk logwatch, we can only see lines like
Jul 17 17:52:17 49152.10016 DCOM application-specific
As critical. As such, we really cannot match the specific message quoted above.
Is there any way for the Windows agent to send over the *entire* log message pertaining to DCOM events, so we could try matching those? I mean, lots of DCOM applications might be sending out log messages and we really would like to only ignore this one.
- Antti