Manuals / IBM / Computer Equipment / Network Router

IBM Enterprise Console manual Starting the Adapter, Stopping the Adapter, Events Listing, hostname

Models: Enterprise Console

1 194

Download 194 pages 8.78 Kb

Page 147

source NT

Starting the Adapter

By default, the adapter is always started when Windows NT is started. If you are using the Windows NT service version of the Windows NT event log adapter, you can use the Windows NT tools to operate the adapter. For example, you can start and stop the adapter using Windows NT Control Panel Services. You can also manually start the adapter from the command line with the following command:

net start TECNTAdapter

Note: The endpoint adapter is automatically started as a step in the adapter installation process when the adapter configuration profile (ACP) is distributed using the Adapter Configuration Facility (ACF).

Stopping the Adapter

You can manually stop the adapter from the command line with the following command:

net stop TECNTAdapter

Note: The endpoint adapter can be automatically stopped by distributing an ACP that has the adapter start command removed from the after-file-distribution actions. See the IBM Tivoli Enterprise Console User’s Guide for additional information.

Events Listing

The following table shows the class names and severities of all events defined for the Windows NT event log adapter. You can use it to get a sense of how Windows NT events are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the BAROC file.

See the IBM Tivoli Enterprise Console Rule Builder’s Guide for more information about customizing the BAROC file.

Event Class Structure

Event classes are defined hierarchically, with child classes inheriting attribute value defaults from the parent. The Windows NT event classes follow a simple hierarchy.

The adapter fills in the following attribute default values. The attributes are used in event group filters.

source NT

sub_source

NT

hostname

hostname where the event originated

The following events are defined in BAROC file:

Event Class

NT_Base

NT_Base_Event

NT_Diskfull

Default Severity

WARNING

Chapter 11. Windows NT Event Log Adapter 135

Image 147

IBM Enterprise Console manual Starting the Adapter, Stopping the Adapter, Events Listing, Event Class Structure, hostname

Contents

GC32-0668-01 Adapters GuideIBM Tivoli Enterprise Console VersionPage GC32-0668-01 Adapters GuideIBM Tivoli Enterprise Console VersionFirst Edition September Chapter 1. Understanding Adapters ContentsPreface Chapter 2. AS/400 Alert Adapteriv IBM Tivoli Enterprise Console Adapters Guide Appendix C. Class Definition vi IBM Tivoli Enterprise Console Adapters Guide Preface Who Should Read This GuideWhat This Guide Contains Related Publications PublicationsIBM Tivoli Enterprise Console Library Prerequisite PublicationsConventions Used in this Guide Accessing Publications OnlineProviding Feedback about Publications Contacting Customer SupportMonospace Operating System-dependent Variables and Pathsbold ItalicsHow Events Get to the Event Server From an Endpoint Chapter 1. Understanding AdaptersAdapter Overview How Events Get Sent to the Event ServerThe TME adapters currently supported for an endpoint are the following Internationalization Support for Events How Events Get to the Event Server From a Managed NodeHow Events Get to the Event Server From a Non-TME Adapter Event Attributes Event InformationAttribute Name serverpath listofstrings Stores information describing the rule engines that an event hasv datereception v eventhandle v serverhandle Adapter FilesCache File Example Configuration FileFile Location File FormatBufEvtPath AdapterErrorFile=pathAdapterCdsFile=path BufEvtMaxSizeFilterMode FilterCachegetporttotaltimeoutusec getporttimeoutsecondsgetporttimeoutusec getporttotaltimeoutsecondsServerPort ServerLocationEvent Filtering TestMode1. Set FilterMode to IN 1. Set FilterMode to IN Event Buffer FilteringBAROC File Example2. Set BufferEvents to YES Example Rule FileFormat File ExampleExample Class Definition Statement FileUTILS Error Filemodulename errorlevel outputfile ERRORFETCH Initial FilesKERNEL SELECTManaged Node Adapters Troubleshooting AdaptersAdapter Startup Errors All Adapters22 IBM Tivoli Enterprise Console Adapters Guide Non-TME AdaptersQSYS.LIB/QUSRSYS.LIB/CFGALERT.FILE/ALRCDS.MBR The CDS file Chapter 2. AS/400 Alert AdapterAdapter Files QSYS.LIB/QUSRSYS.LIB/CFGALERT.FILE/ALRCFG.MBRBufEvtPath Configuration FileENDTECADP AdapterCdsFileKeywords SELECT Statement ExampleFETCH Statement Example Class Definition Statement File$ALERTCDPT Configuring the AS/400 Alert Filters Default Alert FilterPERMANENT, TEMPORARY, or IMPENDING PROBLEM $HOSTNAME $ADAPTERHOSTSNANODEIntegrating with an Existing Alert Filter Starting the AdapterCRTDTAQ DTAQlibrary/name TYPE*STD MAXLEN592 FORCE*NO SEQ*FIFO DESCRIPTION AuthorizationSTRTECADP SYNOPSISStopping the Adapter Authorization ENDTECADPContext CommentsExamples ENDTECADP EVTADPMYCFG OPTION*CNTRLD DELAY60ENDTECADP EVTADPALERTADP Event Class Events ListingEvent Class Structure Default EventDefault Event Event ClassSeverity Troubleshooting the AS/400 Adapter Default SeverityAlert Type Adding an Autostart Job to QSYSWRK Logging Events in Test ModeTCP/IP Considerations Starting an AS/400 Adapter after an IPLChanging the AS/400 Startup Program Multiple AS/400 Alert AdaptersQSECOFR To create the configuration file, perform the following steps Configuration File38 IBM Tivoli Enterprise Console Adapters Guide POSTEMSGContext ExamplesQSYS.LIB/QUSRSYS.LIB/CFGMSG.FILE/MSGCDS.MBR The CDS file Chapter 3. AS/400 Message AdapterAdapter Files QSYS.LIB/QUSRSYS.LIB/CFGMSG.FILE/MSGCFG.MBR40 IBM Tivoli Enterprise Console Adapters Guide Configuration FileAdapterCdsFile JobDescriptionFETCH Statement Example MAP Statement ExampleClass Definition Statement File SELECT Statement ExampleIMMED $ADAPTERHOST$ALERTOPTION DEFER$MSGSEVERITY $MSGFILENAME$MSGFILELIBRARY $MSGLIBRARYUSED$SUBORIGIN $SENDPROGRAMNAME$SENDTIME $SENDUSERPROFILEStarting the Adapter Comments FlagsAuthorization STRTECADPChapter 3. AS/400 Message Adapter Stopping the AdapterENDTECADP AuthorizationENDTECADP EVTADPname *ALL OPTION*CNTRLD *IMMED DELAYseconds DELAYsecondsENDTECADP EVTADPMYAPP OPTION*CNTRLD DELAY60 ExamplesENDTECADP EVTADPSYSOPR hostname Events ListingEvent Class Structure subsourceWRKJOB JOBname Troubleshooting the AS/400 AdapterLogging Events in Test Mode TCP/IP ConsiderationsStarting an AS/400 Adapter after an IPL Adding an Autostart Job to QSYSWRKChanging the AS/400 Startup Program DONE RETURN CHGVAR VAR&CPYR VALUE&CPYR ENDPGM Using FTP to Execute AS/400 CommandsMultiple AS/400 Message Queues Configuration File54 IBM Tivoli Enterprise Console Adapters Guide Adapter Files Chapter 4. NetWare Log File AdapterNetWare Log File Adapter Reference Information Error FileEventId Prefiltering NetWare EventsConfiguration File SourcePreFilterMode Format FilePollInterval PreFilternwmsgid Events ListingEvent Class Structure nwmsgversionalertclass alertlocus60 IBM Tivoli Enterprise Console Adapters Guide The following NetWare events are defined in the BAROC fileTECADNW4.NLM Examples tecadnw4.nlmFlags DescriptionTroubleshooting the NetWare Log File Adapter 64 IBM Tivoli Enterprise Console Adapters Guide Determining the OpenView NNM Version Chapter 5. OpenView AdapterOpenView Driver Reception of OpenView Messagesagent-addr Incoming Messages FormatEvent Correlation With NNM enterpriseChapter 5. OpenView Adapter Determining the OVsnmpEventOpen Filter ValueTesting Event Correlation With NNM Testing ToolsThis trace file is located in $OVLOG/ecs/ecs-instance#/ecsin.evt# Event Correlation ExampleAdapter Files WellBehavedDaemon OpenView Event ExampleClass Definition Statement File HPOVFilter=filter$ENTERPRISE Object Identifier FileKeywords $COMMUNITYname object identifier LRF FileStarting and Stopping the Adapter Error Filesubsource Events ListingEvent Class Structure sourceEvent Class Default SeverityNode Marginal OpenView Traps SNMP TrapsOpenView Traps 50462720 Warnings50790403 Troubleshooting the OpenView Adapter50790402 Segment Marginal78 IBM Tivoli Enterprise Console Adapters Guide The adapter installation assist executable file Chapter 6. OS/2 AdapterConfiguration File install.exeFormat File Starting the AdapterUnmatchLog source OS2 subsource OS2 Stopping the AdapterEvents Listing Event Class StructureTroubleshooting the OS/2 Adapter Reception of SNMP Messages Server ConfigurationChapter 7. SNMP Adapter SNMP DriverKeywords SNMP Event ExampleConfiguration File Class Definition Statement File$AGENTADDR Error FileObject Identifier File Starting and Stopping the AdapterEvents Listing Cold StartWarm Start Stopping the AdapterProxy agent that forwarded the event to the adapter adapterhostHost on which the adapter runs forwardingagentRules Listing SNMP Traps Generic TrapsEnterprise-specific Traps Creating a New SNMP Trap Event BAROC File Changesv tecadsnmp.baroc v tecadsnmp.cds v tecadsnmp.oid Agent-independent Data SYNTAX INTEGER 0..4294967295 ACCESS not-accessible90 IBM Tivoli Enterprise Console Adapters Guide Page Class Definition Statement File Changes Object Identifier File Changes Troubleshooting the SNMP Adapter94 IBM Tivoli Enterprise Console Adapters Guide c configurationfileChapter 8. IBM Tivoli Enterprise Console Gateways Controlling Event Traffic at the GatewayExample 3. Calculate the value for the EventSendThreshold keyword Microsoft Windows Worksheets and CalculationsConfiguration File UNIX$TIVOLIHOME/tec/$ACTYPE.cache@ EventServer#region on endpoints tec/gatewaycache@EventServer#tmr-centralUNIX /etc/Tivoli/tec/cache@EventServer#region Windows $DBDIR/cache.dat@EventServer#region on managed nodesMaxGWCacheSizeMegs GatewayTMEAckEnabledGatewayQueueSize GatewaySendIntervalThe default value is @EventServer Event Server Configuration Chapter 9. UNIX Log File AdapterStarting the Adapter Running Multiple UNIX Log File Adapters Stopping the Adapterinit.tecadlogfile -s start stop AdapterID tecadlogfile.cfg Configuration Filelogdefault.rls Adapter FilesEvents Listing Error FileFormat File Class Definition Statement FileEvent Class Default SeverityDefault Severity Event Class106 IBM Tivoli Enterprise Console Adapters Guide Event Class Default SeverityPrinterPaperOut PrinterTonerLow PrinterOffline PrinterOutputFull Default RulesPrinterPaperOut PrinterTonerLow PrinterOffline PrinterOutputFull PrinterPaperJam PrinterDoorOpenTroubleshooting the UNIX Log File Adapter RepeatedLoginFailure RepeatedLoginFailureFrom RootLoginSuccessFromLogfileAmd LogfileCron LogfileOserv LogfileDateSet 110 IBM Tivoli Enterprise Console Adapters Guide tecadwins.exe Chapter 10. Windows Event Log AdapterAdapter Files tecinstlwin.cmdHostnameIsAdapterHost Configuration FileDEFAULT tecadwin.barocPreFilterLog=lognameEventId=value EventType=valueSource=value NumEventsToCatchUpPreFilterLog=ApplicationSource=re’TEC.*’ SpaceReplacementPreFilterMode WINEVENTLOGSEventId Prefiltering Windows Log EventsSource Jan 15 150619 1998 0 Error N/A ServiceControlManager 7024 \The UPS service terminated with service-specific error Format FileDirectoryEventsProcessed Registry VariablesApplicationEventsProcessed ApplicationEventsProcessedTimeStampFileReplicationEventsProcessed DirectoryEventsProcessedTimeStampDNSEventsProcessed DNSEventsProcessedTimeStampSystemEventsProcessed Low Memory Registry VariablesTECInstallPath SecurityEventsProcessedTimeStampStarting the Adapter Adapter Administrator Roles for Windows1. Select Create Administrators from the Administrators icon 3. Type in SYSTEM in the Set Login Names dialoghostname Event Class Structuresource NT subsourceNTPrinterWasSet tecadwin Command EXAMPLES tecadwinSYNOPSIS DESCRIPTIONTroubleshooting the Windows Event Log Adapter 126 IBM Tivoli Enterprise Console Adapters Guide Adapter Files Chapter 11. Windows NT Event Log Adaptertecadnt.err Configuration FileThe error file DEFAULTChapter 11. Windows NT Event Log Adapter HKEYLOCALMACHINE\SYSTEM\ CurrentControlSet\Services\ TECNTAdapter\NumEventsToCatchUp PreFilterLog=lognameEventId=valueEventType=valueSource=value130 IBM Tivoli Enterprise Console Adapters Guide Prefiltering Windows NT Log EventsSpaceReplacement PreFilterModeEventType Format FileEventId Source132 IBM Tivoli Enterprise Console Adapters Guide Non-English Format FilesRegistry Variables ApplicationEventsProcessedSecurityEventsProcessed TECInstallPathApplicationEventsProcessedTimeStamp PollingIntervalLow Memory Registry Variables Adapter Administrator Roles for Windows NT1. Select Create Administrators from the Administrators icon 3. Type in SYSTEM in the Set Login Names dialogEvent Class Structure Starting the AdapterStopping the Adapter Events ListingDefault Severity Event Class136 IBM Tivoli Enterprise Console Adapters Guide tecadnt Command c ConfigFile tecadnttecadnt.exe -d -c ConfigFile -L none EventLog Authorization none ArgumentsTroubleshooting the Windows NT Event Log Adapter 140 IBM Tivoli Enterprise Console Adapters Guide Appendix A. Files Shipped with Adapters 142 IBM Tivoli Enterprise Console Adapters Guide Appendix A. Files Shipped with Adapters 144 IBM Tivoli Enterprise Console Adapters Guide Format File Location Appendix B. Format File Referencev %lengths Format Specificationsv %t Log File Examplev %lengths v %lengths+su ’su su ’su succeeded for succeeded foron on Mappings Windows NT ExampleLABEL keyword DEFAULT keywordstring constant PRINTF statementAdditional Mapping Considerations The following list describes how values were assigned UNIX log file Activating Changes Made with a Format FileGenerating a New Class Definition Statement File for a TME Adapter NetWare log fileUNIX log file Windows event logWindows NT event log NetWare log fileAppendix C. Class Definition Statement File Reference File FormatOperators Class Definition Statement File Details SELECTFETCH Note AS/400 adapters do not support KEY parts in CDS files FETCH Statement 1 ATTR=,$TYPE,VALUE=,41$TYPE=4 nexpression MAPDEFAULT StatementMAP Statement Examplename objectidentifier Object Identifier to Name TranslationSELECT Class Definition Statement File Syntax Diagramskeydecl = KEY ’’ kop ’,’ vopval ’’ aop = ’=’ PREFIX SUFFIX EXISTS Page 164 IBM Tivoli Enterprise Console Adapters Guide Notices IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A Notices Trademarks168 IBM Tivoli Enterprise Console Adapters Guide Obsolete term for GlossaryPage 5, 6 Index Special characters10, 24 CDS file keywords continued Page files continued Page Page TCP/IP continued Page 180 IBM Tivoli Enterprise Console Adapters Guide Page GC32-0668-01 Program Number 5698-TEC Printed in U.S.A