The PreFilter keyword is optional. All Windows NT log events are sent to the adapter if prefilters are not specified and PreFilterMode=OUT.

For additional information about prefiltering Windows NT log events, see “Prefiltering Windows NT Log Events” on page 130.

PreFilterMode

Specifies whether Windows NT log events that match a PreFilter statement are sent (PreFilterMode=IN) or ignored (PreFilterMode=OUT). Valid values are IN, in, OUT, or out. The default is OUT.

The PreFilterMode keyword is optional; if PreFilterMode is not specified, only events that do not match any PreFilter statements are sent to the adapter.

Note: If you set PreFilterMode=IN, make sure you have one or more PreFilter statements defined as well.

For additional information about prefiltering Windows NT event log events, see “Prefiltering Windows NT Log Events” on page 130.

SpaceReplacement

When SpaceReplacement is FALSE, any spaces in the security ID and subsource fields of the event log messages are left unchanged. When SpaceReplacement is TRUE, any spaces in the security ID and subsource fields of the event log messages are replaced with underscores. Set SpaceReplacement to TRUE if the format file expects the security ID and subsource fields to be a single word (that is, uses a %s format specification for them). The default setting is TRUE.

UnmatchLog Specifies a file to log discarded events that cannot be parsed into an IBM Tivoli Enterprise Console event class by the adapter. The discarded events can then be analyzed to determine if modifications are needed to the adapter format file.

Prefiltering Windows NT Log Events

You can improve Windows NT event log adapter performance by filtering events in the Windows NT event logs so only those events that are of importance to administrators are processed by the adapter. This type of filtering is called prefiltering because it specifies selection criteria based on the raw Windows NT event record rather than the formatted IBM Tivoli Enterprise Console event. The prefiltering is performed before the event is formatted into an IBM Tivoli Enterprise Console event and subjected to any filtering specified with the Filter or FilterCache configuration file keywords.

Like other adapter filtering, prefiltering is specified in the adapter configuration file using a similar syntax. The prefiltering statements, PreFilter and PreFilterMode, are described in “Configuration File” on page 128.

As with any modification to an adapter configuration file, you must stop and restart the adapter for the changes to take effect.

There are four attributes of the Windows NT event logs that you can use in defining prefilter statements. They are described in the following list:

130IBM Tivoli Enterprise Console: Adapters Guide

Page 141 Page 143
Page 142
Image 142
IBM Enterprise Console manual Prefiltering Windows NT Log Events, PreFilterMode
Page 141 Page 143

Enterprise Console specifications

IBM Enterprise Console is a robust solution designed to centralize and streamline IT operational monitoring and management. As organizations increasingly rely on complex IT infrastructures, including cloud services, on-premise systems, and hybrid environments, the need for an effective monitoring tool has become paramount. IBM Enterprise Console addresses these needs by providing a comprehensive view of IT operations, enabling organizations to respond to incidents with agility and precision.

One of the key features of IBM Enterprise Console is real-time monitoring. The solution offers a single pane of glass through which IT teams can observe the performance of various systems and applications. This capability allows organizations to detect and respond to incidents promptly, minimizing downtime and ensuring that services remain available for end users. The console integrates seamlessly with multiple data sources, allowing for the aggregation of alerts, events, and logs from diverse IT environments.

Another significant aspect of IBM Enterprise Console is its automation capabilities. The platform supports automated workflows and incident management processes, helping to reduce the workload on IT teams. Automation not only enhances efficiency but also ensures consistency in incident response. By leveraging predefined rules and actions, organizations can standardize their operational protocols, leading to faster resolution times and improved service quality.

The IBM Enterprise Console utilizes advanced analytics and artificial intelligence to enhance operational insights. Machine learning algorithms can help identify patterns and anomalies in system performance, allowing organizations to anticipate potential issues before they escalate into critical incidents. This proactive approach to IT monitoring not only improves reliability but also fosters a culture of continuous improvement across the organization.

Security features are also integrated into the IBM Enterprise Console, allowing for the monitoring of security incidents alongside IT operations. This unified approach helps organizations to respond more effectively to security threats, enabling them to correlate operational and security data for a comprehensive view of their infrastructure.

In conclusion, IBM Enterprise Console stands out as a powerful tool for IT operations management. Its real-time monitoring, automation capabilities, advanced analytics, and integrated security features make it an ideal solution for organizations looking to enhance operational efficiency and responsiveness. By leveraging this technology, businesses can ensure that their IT environments remain stable, secure, and aligned with their strategic goals.
Top Page Image Contents