Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to monitor NT Event Log with Log agent
- Thread starter Ehrnell
- Start date
Yes,
The build event log pattern will work - but you don't need to use it.
The "log File:" field should be - SYSTEM_LOG\application
(or system or security)
Then in the positive pattern put something like:
Type: [eE]
This will capture all NT event log messages of type "Error".
If you want to use the "*" wildcard you need to put a full stop before it.
EG: Source: WSH .* Message: bcp.*
This is from the 2.4 help file:
For watching the Event Logs on Windows NT or the Console Log on UNIX you have to use the following names:
SYSTEM_LOG System, application and security logs on Windows NT or console log on UNIX
SYSTEM_LOG\system System log on Windows NT
SYSTEM_LOG\security Security log on Windows NT
SYSTEM_LOG\application Application log on Windows NT
SYSTEM_LOG/console Console on UNIX
If you define a pattern for a log watcher to monitor the Windows NT Event Log please consider that the Log Agent processes a structured entry of the Event Log as one string. You can use the keywords of the Event Log entries (like Source, Type, Event-ID, User, Message) and regular expressions for the values assigned to these keywords to define the pattern. The Type keyword has a defined list of possible values which allow to filter out entries of particular types. The possible values are:
Error
Warning
Information
Success - Audit
Failure - Audit
For example you can define the following pattern:
\$<HOST=MYHOST>\$ Source: .* Type: [eEwW].* Event-ID: 1001 User: .* Message:
This pattern matches all Event Log entries on the computer MYHOST of the types Error and Warning and the Event-ID 1001.
The build event log pattern will work - but you don't need to use it.
The "log File:" field should be - SYSTEM_LOG\application
(or system or security)
Then in the positive pattern put something like:
Type: [eE]
This will capture all NT event log messages of type "Error".
If you want to use the "*" wildcard you need to put a full stop before it.
EG: Source: WSH .* Message: bcp.*
This is from the 2.4 help file:
For watching the Event Logs on Windows NT or the Console Log on UNIX you have to use the following names:
SYSTEM_LOG System, application and security logs on Windows NT or console log on UNIX
SYSTEM_LOG\system System log on Windows NT
SYSTEM_LOG\security Security log on Windows NT
SYSTEM_LOG\application Application log on Windows NT
SYSTEM_LOG/console Console on UNIX
If you define a pattern for a log watcher to monitor the Windows NT Event Log please consider that the Log Agent processes a structured entry of the Event Log as one string. You can use the keywords of the Event Log entries (like Source, Type, Event-ID, User, Message) and regular expressions for the values assigned to these keywords to define the pattern. The Type keyword has a defined list of possible values which allow to filter out entries of particular types. The possible values are:
Error
Warning
Information
Success - Audit
Failure - Audit
For example you can define the following pattern:
\$<HOST=MYHOST>\$ Source: .* Type: [eEwW].* Event-ID: 1001 User: .* Message:
This pattern matches all Event Log entries on the computer MYHOST of the types Error and Warning and the Event-ID 1001.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question