1. Manuals
  2. Brands
  3. IBM Manuals
  4. Network Router
  5. Enterprise Console
  6. Manual

Prefiltering Windows Log Events - IBM Enterprise Console Manual

Ibm enterprise console adapters guide
Hide thumbs
Table of Contents

Advertisement

The WINEVENTLOGS statement is a comma-delimited list with
no spaces that can contain the following values: Application,
Directory (Directory service), DNS, FRS, Security, System, All,
and None.
In the following WINEVENTLOGS statement, the System,
Security, and File Replication service event logs are monitored and
all others are ignored:
In the following statement, all event logs are monitored:
If a statement contains one or more event logs as well as the All or
None option, the All or None option is used and the list of event
logs is ignored. In the following example, all event logs are
monitored even though specific event logs are also listed:
If a statement contains both the All and None options, the None
option overrides all other options. In the following example, no
event logs are monitored:
After changing the WINEVENTLOGS statement in the
tecad_win.conf file, you must restart the adapter for the changes to
take effect.

Prefiltering Windows Log Events

You can improve Windows event log adapter performance by filtering events in
the Windows event logs so only those events that are of importance to
administrators are processed by the adapter. This type of filtering is called
prefiltering because it specifies selection criteria based on the raw Windows event
record rather than the formatted IBM Tivoli Enterprise Console event. The
prefiltering is performed before the event is formatted into an IBM Tivoli
Enterprise Console event and subjected to any filtering specified with the Filter or
FilterCache configuration file keywords.
Like other adapter filtering, prefiltering is specified in the adapter configuration
file using a similar syntax. The prefiltering statements, PreFilter and
PreFilterMode, are described in "Configuration File" on page 112.
As with any modification to an adapter configuration file, you must stop and
restart the adapter for the changes to take effect.
There are four attributes of the Windows event logs that you can use in defining
prefilter statements. They are described in the following list:
Log
Specifies one or more of the Windows event logs to prefilter. Valid values
are System, Security, Application, DNS, FRS, Directory, or any
combination of these separated by commas. The default is all these event
logs.
EventId
Specifies the event number assigned by Windows. You can specify up to
sixteen event numbers. Multiple event numbers must be separated by
commas.
Chapter 10. Windows Event Log Adapter
115

Advertisement

Table of Contents
loading

Related Manuals for IBM Enterprise Console

Related Content for IBM Enterprise Console

Table of Contents