Is there anyone who uses the new caiLogA2 agent (Unicenter NSM) to monitor events in the Windows NT event log. I have tried to use "Build Event Log Pattern" and then added a Log watcher, but i can´t seem to get it to work.
Yes,
The build event log pattern will work - but you don't need to use it.
The "log File:" field should be - SYSTEM_LOG\application
(or system or security)
Then in the positive pattern put something like:
Type: [eE]
This will capture all NT event log messages of type "Error".
If you want to use the "*" wildcard you need to put a full stop before it.
EG: Source: WSH .* Message: bcp.*
This is from the 2.4 help file:
For watching the Event Logs on Windows NT or the Console Log on UNIX you have to use the following names:
SYSTEM_LOG System, application and security logs on Windows NT or console log on UNIX
SYSTEM_LOG\system System log on Windows NT
SYSTEM_LOG\security Security log on Windows NT
SYSTEM_LOG\application Application log on Windows NT
SYSTEM_LOG/console Console on UNIX
If you define a pattern for a log watcher to monitor the Windows NT Event Log please consider that the Log Agent processes a structured entry of the Event Log as one string. You can use the keywords of the Event Log entries (like Source, Type, Event-ID, User, Message) and regular expressions for the values assigned to these keywords to define the pattern. The Type keyword has a defined list of possible values which allow to filter out entries of particular types. The possible values are:
Error
Warning
Information
Success - Audit
Failure - Audit
For example you can define the following pattern:
\$<HOST=MYHOST>\$ Source: .* Type: [eEwW].* Event-ID: 1001 User: .* Message:
This pattern matches all Event Log entries on the computer MYHOST of the types Error and Warning and the Event-ID 1001.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.