The Event Logs properties allow you to specify the Windows Event Logs and the type of records you want to monitor.
• |
Event Logs to Monitor: A list specifying the types of Windows Event Logs monitored by this agent. Each entry in the list includes the following column: |
• |
Event Log Name: The name of the Windows Event Log whose files you want to monitor with this agent. This value must be identical to the Full Name value, seen in the Log Properties dialog box. To find out an event log name, in the Event Viewer, right-click a Windows Log, choose Properties from the shortcut menu, and look for the Full Name property in the dialog box that appears. |
• |
Event Log Filters: A list specifying the types of Windows Event Log entries that you want to monitor with this agent. Using this list you can configure the agent to include and exclude specific entries from its collections using Include and Exclude commands, as required. By default, the agent does not collect any data unless configured to do so. For example, instructing the agent to exclude certain log types from its collections, without specifying which types of log items to include, prevents the agent from collecting any data from Windows Event Logs. |
NOTE: For log filters that signify “any” (that is, you do not want to filter on this property), the User, Source, Category, and Event Description properties should all have a value of “*”, and the EventID property should have a value of “0”. |
• |
Include/Exclude: Instructs the agent to include or exclude certain types of logs from its collections. |
• |
Type: The Windows severity level: *(All), Information, Warning, Error, Success Audit, or Failure Audit. For more information about these levels, see your Windows documentation. |
• |
User: The name of the user who initiated the Windows Event. |
• |
Source: The name of the Windows Event Log to which the event is published. |
• |
• |
EventID: The Windows Event ID. For more information about Windows Event IDs, see your Windows documentation. |
• |
Event Description: The description of the Windows event. |
• |
Tags: The tag associated with the record, as specified in the agent properties. |
• |
Event Throttle Count: When set, this ensures that one event in every count (the event log entry occurrence that the filter applies to) is submitted to the Management Server. If the count is one or less, then every event log entry occurrence is submitted and no throttling is done. The default is zero ‘0’. |
• |
Event Throttle Duration (seconds): This value represents the duration in seconds for the throttle count to be applied. When set, the throttle count is applied within a duration. After the duration expires, the throttling restarts from the beginning regardless of the current throttle state. If the count is one or less, then only one event log entry the filter matches is submitted within the specified duration. If the count is larger than one, then only one in every count (the event log entry occurrence that the filter matches) is submitted, and the agent starts counting pattern matches from zero after the duration. The default value is zero '0', which means the duration is not applied. |
NOTE: The Event Throttle Count and Event Throttle Duration (seconds) properties only apply to INCLUDE-type filters (and not EXCLUDE-type filters), since throttling is necessary only if a message is being included (and submitted). |
• |
Event Log Severity: A mapping that specifies how Windows Event Log severities relate to Foglight severity levels. A default agent installation includes a complete mapping. You can make changes to it when configuring Windows Event Log Monitor Agent instances, if required. |
The Record Transformations properties allow you to transform any log message before it is sent to the Management Server. This could be used to add extra information or to remove sensitive information from a log record.
• |
Record Transformations: A list of record transformations that the agents must use in conjunction with the match patterns to convert any log messages. When no transformation is specified, the log record is transmitted to the Management Server without changes. |
• |
RegEx Record Transformation Pattern: A regular expression that the agent uses to look for specific text in the collected log record. |
• |
Record Transformation: The replacement text that the agent uses in the log record to be transmitted to the Management Server. |
The Datacenter Collection Scheduler agent properties specify the data frequency settings the agent uses to read monitored log files.
• |
Collector Config: A list containing the data collectors the agent uses. Each entry in the list includes the following columns: |
• |
Collector Name: The name of the collector the agent uses to gather data. |
• |
Default Collection Interval: The number of milliseconds, seconds, minutes, hours, or days during which the agent collects data. |
• |
Time Unit: The time unit associated with the Default Collection Interval. |
• |
Fast-Mode Collection Interval: The number of milliseconds, seconds, minutes, hours, or days during which the agent collects data when working in the fast collection mode. |
• |
Fast-Mode Time Unit: The time unit associated with the Fast-Mode Collection Interval. |
• |
Fast-Mode Max Count: The maximum number of the times the agent can stay in fast collection mode. |
This example provides the configuration settings for monitoring the “System” and “Application” Windows® event log files. Any records with a source value of Perflib are excluded from the monitoring, and only records that are of type Warning are included in the monitoring.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center