The protocol parser can examine dump files generated by the EventSentry collector or the temp file generated by agent for troubleshooting purposes. Running the protocol parser utility should only be necessary under the following circumstances:
1.The collector logged event 142 or 143
2.The temporary file generated by the agent while a collector is offline and needs to be examined
The protocol parser utility (protocol_parser.exe) is located in the "resources" sub directory of the EventSentry installation directory.
Collector event 142 & 143
When the collector is unable to successfully parse a packet it will log event 142 and/or 143 and dump the packet contents to a file ending with the .dump extension in the %SYSTEMROOT\system32\eventsentry\temp\collector directory. Simply pass the file name as a parameter to the protocol parser utility.
Agent Collector Backup File
The agent will log all cached data the %SYSTEMROOT\SysWOW64\eventsentry\temp\eventsentry_collector.client_backup.tmp file when a collector is unavailable if the cached data cannot be stored in memory or if the agent is stopped. Simply pass the file name as a parameter to the protocol parser utility.