If during the polling interval the file is overwritten, removed, or recreated with more lines than the previous poll, only the number of lines greater than the previous line count is read. For example, the file has one line. After the poll interval elapses, the file is overwritten with two lines. Only the second line is read on the next polling.

NumEventsToCatchUp

Specifies which event in the Windows NT event logs that the adapter starts with. This option provides some flexibility if the source being monitored is new or the adapter has been stopped for an extended period of time. Valid values are as follows:

0Start with the next event in the logs.

–1Start with the oldest event in the logs.

nn represents any number other than zero (0) or –1. Start with the nth event from the most current event in the logs; that is, start n events back from the most current event in the logs. If n is greater than the number of events that are available, all the events that are available are processed.

PollInterval Specifies the frequency, in seconds, to poll each log file listed in the LogSources keyword for new messages. The default value is 120 seconds.

Polling begins at 5 seconds. If a new event is detected, the next polling frequency begins at 5 seconds again. If no event is detected from a poll, the polling interval is doubled, until the upper limit is reached. After the upper limit is reached, the polling frequency remains at that interval until a new event is detected; then, it is reset to 5 seconds.

Note: If there are queued events, but no incoming events, the time still doubles until the set polling interval time. To avoid this, set the polling interval to a lower number. The polling interval setting is in the registry in

HKEY_LOCAL_MACHINE\SYSTEM\

CurrentControlSet\Services\ TECNTAdapter\.

PreFilter Specifies how events in a Windows NT event log are filtered before adapter processing. PreFilter statements are used by PreFilterMode when determining which events are sent from an event log to the adapter. An event matches a PreFilter statement when each attribute=value specification in the PreFilter statement matches an event in the event log. A PreFilter statement must contain at least the log specification and can contain up to three additional specifications, which are all optional: event ID, event type, and event source. The order of the attributes in the statement does not matter.

The basic format of the PreFilter statement is as follows:

PreFilter:Log=log_name;EventId=value;EventType=value;Source=value;

You can specify multiple values for each attribute by separating each with a comma.

Each PreFilter statement must be on a single line.

Chapter 11. Windows NT Event Log Adapter 129

Page 140 Page 142
Page 141
Image 141
IBM Enterprise Console manual Hkeylocalmachine\System, CurrentControlSet\Services\ TECNTAdapter
Page 140 Page 142

Enterprise Console specifications

IBM Enterprise Console is a robust solution designed to centralize and streamline IT operational monitoring and management. As organizations increasingly rely on complex IT infrastructures, including cloud services, on-premise systems, and hybrid environments, the need for an effective monitoring tool has become paramount. IBM Enterprise Console addresses these needs by providing a comprehensive view of IT operations, enabling organizations to respond to incidents with agility and precision.

One of the key features of IBM Enterprise Console is real-time monitoring. The solution offers a single pane of glass through which IT teams can observe the performance of various systems and applications. This capability allows organizations to detect and respond to incidents promptly, minimizing downtime and ensuring that services remain available for end users. The console integrates seamlessly with multiple data sources, allowing for the aggregation of alerts, events, and logs from diverse IT environments.

Another significant aspect of IBM Enterprise Console is its automation capabilities. The platform supports automated workflows and incident management processes, helping to reduce the workload on IT teams. Automation not only enhances efficiency but also ensures consistency in incident response. By leveraging predefined rules and actions, organizations can standardize their operational protocols, leading to faster resolution times and improved service quality.

The IBM Enterprise Console utilizes advanced analytics and artificial intelligence to enhance operational insights. Machine learning algorithms can help identify patterns and anomalies in system performance, allowing organizations to anticipate potential issues before they escalate into critical incidents. This proactive approach to IT monitoring not only improves reliability but also fosters a culture of continuous improvement across the organization.

Security features are also integrated into the IBM Enterprise Console, allowing for the monitoring of security incidents alongside IT operations. This unified approach helps organizations to respond more effectively to security threats, enabling them to correlate operational and security data for a comprehensive view of their infrastructure.

In conclusion, IBM Enterprise Console stands out as a powerful tool for IT operations management. Its real-time monitoring, automation capabilities, advanced analytics, and integrated security features make it an ideal solution for organizations looking to enhance operational efficiency and responsiveness. By leveraging this technology, businesses can ensure that their IT environments remain stable, secure, and aligned with their strategic goals.
Top Page Image Contents