Manuals / IBM / Computer Equipment / Network Router

IBM Enterprise Console manual NumEventsToCatchUp

Models: Enterprise Console

1 194
Download 194 pages 8.78 Kb
Page 125
Image 125

If a file truncates while the adapter is active, the adapter automatically resets its internal pointer to the beginning of the file. If during the polling interval the file is overwritten, removed, or recreated with more lines than the previous poll, only the number of lines greater than the previous line count is read. For example, the file has one line. After the poll interval elapses, the file is overwritten with two lines. Only the second line is read on the next polling.

NumEventsToCatchUp

Specifies which event in the Windows event logs that the adapter starts with. This option provides some flexibility if the source being monitored is new or the adapter has been stopped for an extended period of time. Valid values are as follows:

0Start with the next event in the logs.

–1Start with the oldest event in the logs.

nn represents any number other than zero (0) or –1. Start with the nth event from the most current event in the logs; that is, start n events back from the most current event in the logs. If n is greater than the number of events that are available, all the events that are available are processed.

PollInterval Specifies the frequency, in seconds, to poll each log file listed in the LogSources keyword for new messages. The default value is 120 seconds.

PreFilter Specifies how events in a Windows event log are filtered before adapter processing. PreFilter statements are used by PreFilterMode when determining which events are sent from an event log to the adapter. An event matches a PreFilter statement when each attribute=value specification in the PreFilter statement matches an event in the event log. A PreFilter statement must contain at least the log specification and can contain up to three additional specifications, which are all optional: event ID, event type, and event source. The order of the attributes in the statement does not matter.

The basic format of the PreFilter statement is as follows:

PreFilter:Log=log_name;EventId=value; EventType=value;Source=value;

You can specify multiple values for each attribute by separating each with a comma.

Each PreFilter statement must be on a single line.

You can also use Tcl regular expressions in a PreFilter statement. The format of a regular expression is re:’value_fragment’.

Note: The IBM Tivoli Enterprise Console product uses one exception to the Tcl regular expression syntax. The backslash character (\) in the IBM Tivoli Enterprise Console product means the literal character that follows is the character to filter for, not some special character such as a tab. For example, \t means the tab character in Tcl but means t in the IBM Tivoli Enterprise Console product.

Chapter 10. Windows Event Log Adapter 113

Page 124 Page 126
Page 125
Image 125
IBM Enterprise Console manual NumEventsToCatchUp, PreFilterLog=lognameEventId=value EventType=valueSource=value
Page 124 Page 126