Enterprise Vault event collection

So, there’s no management pack from Symantec Enterprise Vault for Opsmgr 2007. But our E-vault administrator likes to have the events from the E-vault eventlog called ‘Enterprise Vault’ as an Event View in his Opsmgr Console.

Easy peasy I thought, I just create a new Event Collection rule, pick ‘Enterprise Vault’ as my datasource, and target Windows 2003 Server for the rule, disable it by default and use an override to apply it to my evault computer group. But to my suprise I was getting alerts like this:

Alert description: The Windows Event Log Provider was unable to open the Enterprise Vault event log on computer 'xxxx' for reading.
The provider will retry opening the log every 30 seconds.
Most recent error details: The system cannot find the file specified.

Very strange and after a debug session with procmon (thank god for that tool), I found out that the name ‘Enterprise Vault’ had a space behind it in the registry … so it was actually ‘Enterprise Vault ‘, and the Event Log picker in Opsmgr didn’t care for that extra space at the end. Ofcourse E-vault is also to blame for adding that extra space (nice QA)

So we had to go into the registry editor (HKLM\System\CurrentControlSet\Services\EventLog) and remove that space. And all was well again in the universe .. for now.