Manuals / IBM / Computer Equipment / Network Router

IBM Enterprise Console manual Format File, Source, EventType

Models: Enterprise Console

1 194
Download 194 pages 8.78 Kb
Page 128
Image 128

Source

The source that logged the event to the Windows event log. You can specify up to sixteen sources. Multiple sources must be separated by commas.

EventType

The classification of the event assigned by Windows. Valid values are as follows:

vError

vWarning

vInformation

vAuditSuccess

vAuditFailure

vUnknown

The following examples show prefiltering statements. The first statement is on multiple lines due to space restrictions.

PreFilter:Log=Application;Source=MyApp;EventId=1000,2000, \ 3000;EventType=Warning,Information;

PreFilter:Log=Security;

PreFilter:Log=Application;Source=TECWinAdapter;

Format File

The format file contains message format descriptions and their mappings to BAROC events. The message fields of a Windows event are matched against the format descriptions in this file and when a match succeeds, the corresponding IBM Tivoli Enterprise Console event is generated by the adapter. The format file contains predefined mappings for some common Windows events and can be customized to add any new messages.

A Windows event is written to an ASCII message in the following sequence:

vThe date expressed as month, day, time, and year.

vThe event category, expressed as an integer.

vThe event type (Error, Warning, Information, AuditSuccess, AuditFailure, Unknown).

vThe Windows security ID; any spaces in this field are replaced by an underscore if the proper registry variable is set.

vThe Windows source; any spaces in this field are replaced by an underscore if the proper registry variable is set.

vThe Windows event identifier.

vThe message text.

The subfields, except the message text field, are derived from the event header in the Windows event object. The output message after formatting is bound against a format description. A formatted error message from the Windows service control manager can look like the following example:

Jan 15 15:06:19 1998 0 Error N/A Service_Control_Manager 7024 \

The UPS service terminated with service-specific error 2481.

For details about format files, see “Format File” on page 17 and Appendix B, “Format File Reference” on page 145.

116IBM Tivoli Enterprise Console: Adapters Guide
Page 127 Page 129
Page 128
Image 128
IBM Enterprise Console Format File, EventType, PreFilterLog=Security PreFilterLog=ApplicationSource=TECWinAdapter
Page 127 Page 129